Amazon is not new to data breaches. In fact, many customers have previously reported phishing emails in the name of the company. In many instances, Amazon has been able to find out the point of a data breach, or the person involved. This time, scamsters have taken it a step ahead. Many users have reported that they have received calls stating that they have won a prize for ordering a product. The scary part is, the scamsters know the exact details of the order, including product, price, date and time of order, place of delivery, etc.
They lure the customer about big prizes on small orders. Some users have reported that they received calls for their Prime Membership account status. Other times, these scamsters seem to be placing fast-selling schemes in front of potential buyers. The phishing attacks are not new, but the fact that the scamsters know every little detail about an order is scary. Here, it is the ecommerce giant's responsibility to maintain data security which clearly is not the case.
A few members of the team at Cybermedia have also faced phishing attacks in the past few weeks. Boudhaditya from PC Quest states that he received a call for a lottery worth 50k order at Amazon. “The scamster told me that he could check the balance in my account and I was eligible for the lottery based on my last order. I cut the call and blocked and reported the number,” he said. I, on the other hand, received a confirmation call for an order once, stating that if I did not give my account details, they would cancel my order. In fact, I cut the call and reported it to Amazon customer care. In the past three weeks, I have received three different calls.
And this has been a testimonial for several users around the world.
Called using this no. +919433165139, anyone can call back, they say Welcome to Amazon! 😂
PLEASE TAKE A LOOK OR VERIFY THIS NO. @amazon
— Saurabh chauhan (@RamslamOO7) April 16, 2021
A person detailed how he got scammed while the scamster knew every detail of his account, and unfortunately, he fell for it.
Hello Guys..It's important...!!!!
Please do not shop from Amazon...I repeat "Do not shop from Amazon"..3 days Back I got a fraud call from a fraudster claiming from Amazon and that person was knowing my all personal details of Amazon account,my conatct number..
— Azfar (@koshurkuwat) April 4, 2021
And this has been a problem all over the world, and not just in India.
Scam text I've just received, claiming to be the Royal Mail, they wouldn't send anything like this with such bad grammar. They're after information including my phone number which they have as they sent me a text. Dont reply or give them any details whatsoever. pic.twitter.com/wlhfJ0qdz9
— Silvio Tattisconie ©💎 (@STattisconie) April 12, 2021
Now, users are receiving calls and text messages instead of emails from scamsters. Users have also pointed out the irony of offering lucrative rewards for small packages ordered on Amazon.
Oh no! I better click on this totally not shady link. I mean they know my phone is compromised so it must be true! 😬
*seriously please don’t fall for random texting scam offering free phones or PS5’s or Amazon packages* pic.twitter.com/UbFHoydqSc
— Fifty Shades of Sarcasm (@daniellecashat) April 16, 2021
Amazon scam call. Apparently this guy is hardcore and prepared to scam Satan’s cat.
— Joanne Penney (@penneywrites) April 16, 2021
Has there been a Data Breach at Amazon?
Every order that you place, come from a third party. Thus, the data leak can be possible on any of the checkpoints. However, recently, a B2B supply chain automation startup Bizongo reported a data leak of 2.5 Mn user files. The security team at Website Planet discovered that the data leak at Bizongo was in two formats - customer bills and shipping labels. The firm stated that there were a total of 2,532,610 exposed files due to a misconfiguration, a total of 643 GB of data. Bizongo has Amazon, Flipkart, Myntra, Swiggy, and Zomato among the clients using its B2B supply chain and vendor management solutions.
In January, Juspay acknowledged a data breach of over 100 million debit and credit card users on the dark web. Juspay processes payments for companies like Amazon, Swiggy, MakeMyTrip and several other companies.
Amazon has not responded to our queries
Alternatively, a source from Amazon has revealed that a lot of such cases are being reported with customer care service at Amazon daily for the past few weeks. And the phishing attacks are not only limited to India but over the world. He said that they have been receiving calls on orders complaining that they have lost money in a phishing attack. Further, the source also outlined that Amazon has been continuously trying to nab down where the data leak has happened. But the company has still not pinpointed the exact data breach point.
The company spokespersons have not responded to an email sent by CiOL.
What can Amazon do?
Amazon does have multiple cybersecurity systems in place to limit and control access to information. The company states that it has systems to identify and investigate suspicious behaviour, but none of this has worked in this particular scenario. However, the company could do more to mitigate the threat of data leaks and phishing attacks; majorly by starting about where it has shared the data of consumers.
What can you do?
The company has advised users to report fraud, scam, phishing and spoofing attempts. If you have lost any money, you can either report it to the company - Amazon, or the National Cyber Crime Reporting Portal.