This is a serious case of what I’ve come to suspect in the past few months as well. About 2 months ago I received a fairly sophisticated phishing email designed to steal my Amazon login details. I noticed it right away, but decided to use Incognito Mode to access the URL to snoop around a bit. I didn’t find anything revealing — but I decided to contact support to notify them that I had been targeted for phishing and to ensure that they would not reset my password (despite me having 2FA enabled) via chat or phone support. They outright refused to add a note to my account to refuse a password reset via phone or chat.
Needless to say I was absolutely blown away by the serious lack of security standards when a consumer is coming to them to ensure that their account doesn’t fall victim to social engineering attacks. It’s entirely pathetic.