Got great feedback after my last skirmish with a phishing attempt so here is today’s attempt:
[Greg] Hello, how may I help you?
[digitized voice] This is Amazon security calling in regard to a recent $1499 purchase. Our system flagged this purchase because of suspicious elements and we need you to either confirm or contest this purchase.
To be fair, I buy a lot online. In deference to my lady’s ethical objections to Amazon’s business practices I have cut back my Amazon addiction, but back in 2016 I pretty much built our house via Amazon, Ebay and Aliexpress. So you bet I paid attention to the robot.
[digitized voice]Please press one to contest the transaction and be connected with our security team. Please press…BLEEP (me pressing one)
Seconds pass…During which I have checked my Amazon order page without finding a large new purchase.
[Indian accent with call center background noise] Hello sir, you have reached the Amazon customer service. My name is Alexander. How may I help you?
[Greg]Good morning Alexander. The automated call indicated that there was a suspicious $1499 purchase on my Amazon account.
[Alexander?]Yes sir. That transaction has been frozen and we need to resolve it. Speaking faster. We need to get you connected to our secure Amazon server. If you can open Google Chrome I will read you the address. Without pausing. If you are ready please type W, W, W, period.
[Greg] Um Alexander. If we can just slow down a second. Not that I am calling you a hacker, but how do I know that you actually work for Amazon?
[Alexander speaking quickly from the script with a heavy accent] We just need to connect to the Amazon secured server so that we can get your money refunded. So if you will just type this address. Starts reading address again. Here is where I screwed up the play along as I was scrambling for a pen to write down the address.
[Greg] Let me write this down and verify the IP against the Amazon.com domain.
Click – dead line
While amusing by itself, the whole incident reminded me of a recent breach remediation I supported. We are all under assault. Good data security practices are not always obvious, especially when you think someone already has hacked your account and is on a spending spree. The pandemic has many/most of us working from home and using remote tech support to troubleshoot pesky VPNs, Zoom hardware issues and other common connection issues. So don’t get phished. And if you do, stretch it out better than I did. Turn on your speaker and use Word online to record it for show and tell. Have fun with the poor crook stuck in the hacker call center.
Greg Buckles wants your feedback, questions or project inquiries at Greg@eDJGroupInc.com. Contact him directly for a free 15 minute ‘Good Karma’ call. He solves problems and creates eDiscovery solutions for enterprise and law firm clients.
Greg’s blog perspectives are personal opinions and should not be interpreted as a professional judgment or advice. Greg is no longer a journalist and all perspectives are based on best public information. Blog content is neither approved nor reviewed by any providers prior to being posted. Do you want to share your own perspective? Greg is looking for practical, professional informative perspectives free of marketing fluff, hidden agendas or personal/product bias. Outside blogs will clearly indicate the author, company and any relevant affiliations.
See Greg’s latest pic on Instagram.
[…] week on his eDiscovery Journal blog, Greg Buckles detailed an attempt he encountered involving a supposed hack of his Amazon account, where he received an […]