Hackers find new and ingenious scams or loopholes to trick us every day. In my line of work, I hear and read about different scams all the time, but today, hackers put a new twist on an old scam that involved my wife.
This morning at about 7:30 am my wife received a call from someone at “Amazon” informing her that someone in Columbia was attempting to make a $1400.00 purchase on our Amazon account. My wife got off the phone and frantically called me with this news. I immediately changed our password to an extremely strong one (25 characters) and then checked our account – no such order. Next, I checked the Amazon Message Center for any messages regarding this purchase – nothing.
As I sat and thought more about the call, I thought it odd they did not ask for login credentials or account information. My wife told me they did not ask for any information at all. They told her they would take care of it and have a nice day. I could not figure out what they were trying to gain, but they did find out some useful information from the call; her phone number is valid, she will answer a call from an unknown number, and she does, in fact, have an Amazon account.
Then it happened. About 30 minutes later, my wife received a text from “Amazon” identical to texts that we have received before, asking to approve or deny a login from a new device or location. And that was the scam! Had my wife clicked the Approve button, her device would have been compromised or she would have been asked to log in to “Amazon” and provide her account information.
But here is something else to consider: my wife’s name and number are not listed on our Amazon account and never have been. So how did someone get her name and number? Hackers find or steal blocks of names and numbers on the web and use them to randomly contact victims. These hackers have no idea who you are. Your name and number are one of the thousands on their lists.
Should you respond to one of these calls, you will verify to the hacker that your phone number is active and that there is someone on the other end of the line willing to engage – this will automatically put you on their list for more phone scams. Personally, I do not answer calls from unknown numbers. If you are calling me from an unknown number, leave a voicemail and I will call you back!
If you believe that you are a victim of fraud or a scam, first, contact your bank and credit card companies immediately to help secure your accounts and reverse any transactions that might have been made.
Next, change your username and password details on ALL your accounts. When you do this, add two-factor authentication (2FA) to any accounts with 2FA is available. The added layer of protection from 2FA will help protect you from future attacks. By the way, we have 2FA set up for our Amazon account. Those approval requests come to me, not my wife. When I get one, I do not just click approve. I call my wife and verify that she is trying to log in to our Amazon account. THEN I click approve!
To find more information about Amazon scams and what to do should you be attacked, check out Amazon’s Customer Service Center.