Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Amazon security glitch
Old 10-15-2018, 01:45 PM   #1
Moderator Emeritus
braumeister's Avatar
 
Join Date: Feb 2010
Location: Flyover country
Posts: 13,244
Amazon security glitch

Received an odd email from Amazon:

Quote:
Sign-in Code
Your sign-in code is:
######
Amazon takes your account security very seriously. Amazon will never email you and ask you to disclose or verify your Amazon password, credit card, or banking account number. If you receive a suspicious email with a link to update your account information, do not click on the link—instead, report the email to Amazon for investigation.
We hope to see you again soon.
There have been no changes in my account, and I was able to sign in normally both before and after receiving this email.

Looked online in Amazon forums and apparently this is a known glitch in their system where they randomly send out irrelevant sign in codes for no reason. It's a bit disconcerting, but apparently harmless.

Anyone else get one of these?
__________________

__________________
I thought growing old would take longer.
braumeister is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 10-15-2018, 01:59 PM   #2
Moderator
Aerides's Avatar
 
Join Date: Nov 2015
Posts: 3,598
Do you have 2FA setup with amazon?

If not, and really, even if, it can still be phishing. The hackers are smart, and you may want to change your password anyway. I'm a seller on amazon and I use 2FA, but other sellers have reported getting similar weird emails as if they had requested the code but hadn't. (one just today in my group of sellers). General thought is perhaps someone tried to log in to your account.
__________________

Aerides is offline   Reply With Quote
Old 10-15-2018, 02:22 PM   #3
Full time employment: Posting here.
 
Join Date: Jun 2017
Location: Chicagoland
Posts: 775
Sounds like a phishing attempt to me.
CoolRich59 is offline   Reply With Quote
Old 10-15-2018, 02:24 PM   #4
Moderator Emeritus
braumeister's Avatar
 
Join Date: Feb 2010
Location: Flyover country
Posts: 13,244
I suppose you're right.

Just to be on the safe side, I changed my password and set up 2FA.
__________________
I thought growing old would take longer.
braumeister is offline   Reply With Quote
Old 10-15-2018, 03:21 PM   #5
Thinks s/he gets paid by the post
 
Join Date: Apr 2005
Location: Midwest
Posts: 2,073
Here's what happened to me just last week:

Got the same email with a security code. The Amazon address looked legit. I contacted them to see if it was real or a phishing attempt.

The upshot from the amazon security (or customer service) person was that:

1) It was indeed a real code / legitimate message sent from Amazon.

2) I should immediately change my email password AND amazon password because these types of hacks usually originate from someone having gotten into the email account rather than the Amazon account.

Well, you can take that with a grain of salt I suppose, but I changed my email and Amazon passwords

LATER THAT SAME DAY..... I get 2 emails from the APPLE STORE sent to the email account in question. Two invoices from 2 separate purchases for what look like video games (Bang-Bang-Moba...?) I got NO kick-back from any of my credit or debit cards or bank account. I checked them directly also. My credit/ID theft monitoring company shows nothing unusual. The APPLE STORE invoice says "Store card id: (my email address)"

I went to the Apple Store site and it asks right up front: Not Your Purchase?" or something like that. BUT I cannot tell them it is not mine because I do not have an account with the Apple Store so it's sort of a dead end.

I have no idea what comes next but it does not appear that I have been harmed just ticked-the-hell-off. Kind of like somebody breaking into my garage and stealing something I didn't want anyway or didn't even know I had...?

Keep an eyeball out for an Apple Store invoice or other receipt and keep this thread informed. I will do same.
razztazz is offline   Reply With Quote
Old 10-15-2018, 03:30 PM   #6
Moderator Emeritus
W2R's Avatar
 
Join Date: Jan 2007
Location: New Orleans
Posts: 42,546
I got the same e-mail a few days ago. I deleted it without clicking on anything in the email.

I don't know what it is, but you google "Amazon verification code spam", apparently many people got this email, and it may not be genuine. I don't know anything else about it.

I haven't had any unauthorized purchases on my credit card or other suspicious activities.
__________________
"A ship in the harbor is safe, but that's not what ships are built for."
- - - J. A. Shedd, 1928
W2R is offline   Reply With Quote
Old 10-15-2018, 03:44 PM   #7
Full time employment: Posting here.
 
Join Date: Jan 2018
Location: NE Ohio
Posts: 900
Quote:
Originally Posted by W2R View Post
I haven't had any unauthorized purchases on my credit card or other suspicious activities.
I haven't gotten this email, but I did have an unauthorized purchase on September 17th on one of my credit cards that is stored with Amazon (Fidelity VISA). The thief helped themselves to a monthly subscription to Amazon Prime. When I notified Amazon, they promptly removed my credit card from this person's account. I got a new card from Elan in 2 days.

This is the 3rd time that my Fidelity VISA has been compromised, but the first time a purchase was made with Amazon. First time it was still with FIA card services before being switched to Elan. It makes me wonder if there is some lax security with Amazon, as that is my go-to card most places, so it's always been on file with Amazon. I've got other credit cards that have never been compromised.
gwraigty is offline   Reply With Quote
Old 10-15-2018, 03:58 PM   #8
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 9,687
I got an email the other day supposedly from Paypal that almost had me fooled into clicking on a link. But my gut feeling said phishing attempt.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 10-15-2018, 03:59 PM   #9
Moderator Emeritus
braumeister's Avatar
 
Join Date: Feb 2010
Location: Flyover country
Posts: 13,244
It's all so tedious. I haven't noticed anything odd yet, apart from that one email, but just to be on the safe side I changed my Amazon password, set up 2FA there, and changed my email password as well. I'll be more vigilant than usual for a while.
__________________
I thought growing old would take longer.
braumeister is offline   Reply With Quote
Old 10-15-2018, 04:12 PM   #10
Thinks s/he gets paid by the post
SecondCor521's Avatar
 
Join Date: Jun 2006
Location: Boise
Posts: 3,618
A passing comment: A friend of mine who teaches cybersecurity classes at the university level pointed out that one really needs the strongest password on their email accounts because a lot of 2FA and password recovery processes will send a password reset code to your email address. So a bad actor could get access to your email account and then try to reset passwords on all of your other accounts using your email account and password reset codes sent there.

I suppose a similar idea applies to phone passwords, although people probably don't want to be using strong passwords on their phones due to inconvenience. I guess that's where FaceID or fingerprint technology comes into play.
__________________
"At times the world can seem an unfriendly and sinister place, but believe us when we say there is much more good in it than bad. All you have to do is look hard enough, and what might seem to be a series of unfortunate events, may in fact be the first steps of a journey." Violet Baudelaire.
SecondCor521 is offline   Reply With Quote
Old 10-15-2018, 04:18 PM   #11
Moderator Emeritus
braumeister's Avatar
 
Join Date: Feb 2010
Location: Flyover country
Posts: 13,244
I can see his point. I routinely change most of my passwords about twice a year anyway, and use very strong ones.

With a new iPhone, I have to admit I was skeptical about how convenient FaceID would be, but I love it.
__________________
I thought growing old would take longer.
braumeister is offline   Reply With Quote
Old 10-16-2018, 11:31 AM   #12
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 9,687
I just got that "Amazon" sign-in code email a short time ago.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 10-16-2018, 11:43 AM   #13
Full time employment: Posting here.
 
Join Date: Jun 2016
Posts: 838
You're not going to like this because Amazon goes out of their way to make it inconvenient, but remove your CC from your Amazon account.


Amazon makes it a real PITA to remove and then add again next time, but if the Amazon account does get cracked they can't spend your money if there is no card info in the account.
Spock is offline   Reply With Quote
Old 10-16-2018, 04:32 PM   #14
Thinks s/he gets paid by the post
SecondCor521's Avatar
 
Join Date: Jun 2006
Location: Boise
Posts: 3,618
Quote:
Originally Posted by Spock View Post
You're not going to like this because Amazon goes out of their way to make it inconvenient, but remove your CC from your Amazon account.


Amazon makes it a real PITA to remove and then add again next time, but if the Amazon account does get cracked they can't spend your money if there is no card info in the account.
True, but my understanding is that if a CC number gets hacked/stolen/whatever, I'm not on the hook for any fraudulent charges. So I'll stick with convenience and trust Amazon (and other merchants) to properly secure my CC info, or absorbe the fraud losses if they don't.
__________________
"At times the world can seem an unfriendly and sinister place, but believe us when we say there is much more good in it than bad. All you have to do is look hard enough, and what might seem to be a series of unfortunate events, may in fact be the first steps of a journey." Violet Baudelaire.
SecondCor521 is offline   Reply With Quote
Old 10-16-2018, 05:05 PM   #15
Moderator
Walt34's Avatar
 
Join Date: Dec 2007
Location: Eastern WV Panhandle
Posts: 19,887
Quote:
Originally Posted by SecondCor521 View Post
True, but my understanding is that if a CC number gets hacked/stolen/whatever, I'm not on the hook for any fraudulent charges. So I'll stick with convenience and trust Amazon (and other merchants) to properly secure my CC info, or absorbe the fraud losses if they don't.
+1

Now, a debit card is a whole other story. We won't even have a debit card because the consumer protections on the credit cards are so much better than a debit card.
__________________
I heard the call to do nothing. So I answered it.
Walt34 is offline   Reply With Quote
Old 10-16-2018, 05:12 PM   #16
Moderator Emeritus
W2R's Avatar
 
Join Date: Jan 2007
Location: New Orleans
Posts: 42,546
Quote:
Originally Posted by Walt34 View Post
+1

Now, a debit card is a whole other story. We won't even have a debit card because the consumer protections on the credit cards are so much better than a debit card.
Direct communication from Mastercard on this issue, with reference to Debit Mastercards (the only debit card issued by my bank, and almost every bank, or at least every bank I have patronized in the past 20+ years):

Quote:
Originally Posted by Mastercard
If your card is ever lost or stolen, it comes with Zero Liability Protection and Identity Theft Protection from Mastercard so you won't be responsible for unauthorized charges.
And in fact, when I had an unauthorized purchase on my Debit Mastercard back in 2000, I got every penny back in less than 24 hours, even though it took a month or so for the investigation to be completed.
__________________
"A ship in the harbor is safe, but that's not what ships are built for."
- - - J. A. Shedd, 1928
W2R is offline   Reply With Quote
Old 10-16-2018, 05:28 PM   #17
Moderator
Walt34's Avatar
 
Join Date: Dec 2007
Location: Eastern WV Panhandle
Posts: 19,887
Quote:
Originally Posted by W2R View Post
And in fact, when I had an unauthorized purchase on my Debit Mastercard back in 2000, I got every penny back in less than 24 hours, even though it took a month or so for the investigation to be completed.
While that is the policy of most banks, it is not federal law, as it is with the credit cards.

When I was working on fraud cases I saw many instances of people being put into a serious (for them) cash flow crunch with stolen/unauthorized use of debit cards when their bank dragged their feet on the investigation, holding on to the account holder's funds in the meantime.

I'll stick with credit cards, thank you.
__________________
I heard the call to do nothing. So I answered it.
Walt34 is offline   Reply With Quote
Old 10-16-2018, 05:41 PM   #18
Moderator Emeritus
W2R's Avatar
 
Join Date: Jan 2007
Location: New Orleans
Posts: 42,546
Quote:
Originally Posted by Walt34 View Post
While that is the policy of most banks, it is not federal law, as it is with the credit cards.
It is part of the contract verbiage by which they are bound, that you go over and sign when you sign up for the card. I'm not going to look for it in my files, but it's there in black and white that you will be reimbursed within 24 hours and I think the communication direct from Mastercard that I quoted gets that point across.

Quote:
Originally Posted by Walt34 View Post
When I was working on fraud cases I saw many instances of people being put into a serious (for them) cash flow crunch with stolen/unauthorized use of debit cards when their bank dragged their feet on the investigation, holding on to the account holder's funds in the meantime.

I'll stick with credit cards, thank you.
Perhaps there have been some changes since you were working on fraud cases?

I think that the last old fashioned debit card that I ever saw was in the early 1990's, although perhaps in your area they persisted longer. Indeed, those did not have much protection.

However in recent decades these have been replaced by Debit Mastercards at many (most? all?) banks, and the contract verbiage for these with respect to unauthorized purchases, is identical to that for Mastercards. It is most definitely against the law for your money to be taken for unauthorized purchases here.
__________________
"A ship in the harbor is safe, but that's not what ships are built for."
- - - J. A. Shedd, 1928
W2R is offline   Reply With Quote
Old 10-16-2018, 05:52 PM   #19
Full time employment: Posting here.
 
Join Date: Jun 2016
Posts: 838
Quote:
Originally Posted by W2R View Post
It is part of the contract verbiage by which they are bound, that you go over and sign when you sign up for the card. I'm not going to look for it in my files, but it's there in black and white that you will be reimbursed within 24 hours and I think the communication direct from Mastercard that I quoted gets that point across.


Perhaps there have been some changes since you were working on fraud cases.

I think that the last old fashioned debit card that I ever saw was in the early 1990's, although perhaps in your area they persisted longer. Indeed, those did not have much protection.

However in recent decades we have Debit Mastercards and the contract verbiage for these with respect to unauthorized purchases, is identical to that for Mastercards. It is most definitely against the law for your money to be taken for unauthorized Debit Mastercard purchases here, and not returned for more than 24 hours after notification.
The difference is company policy (debit card contract that can change with each individual issuer) vs. law (credit card fraud limits).


It becomes a no brainer when comparing the cash coming straight out of your checking account with a debit card that you have to fight to get back. Its only returned after they complete their fraud investigation ("guilty until proven innocent")
vs. the $ don't leave my checking account until I pay the credit card bill... the transaction is out of their pocket while the dispute investigation is completed ("innocent until proven guilty").
Spock is offline   Reply With Quote
Old 10-16-2018, 06:14 PM   #20
Moderator Emeritus
W2R's Avatar
 
Join Date: Jan 2007
Location: New Orleans
Posts: 42,546
Quote:
Originally Posted by W2R View Post
Direct communication from Mastercard on this issue, with reference to Debit Mastercards (the only debit card issued by my bank, and almost every bank, or at least every bank I have patronized in the past 20+ years):

Quote:
Originally Posted by Mastercard
If your card is ever lost or stolen, it comes with Zero Liability Protection and Identity Theft Protection from Mastercard so you won't be responsible for unauthorized charges.
And in fact, when I had an unauthorized purchase on my Debit Mastercard back in 2000, I got every penny back in less than 24 hours, even though it took a month or so for the investigation to be completed.
Quote:
Originally Posted by Spock View Post
The difference is company policy (debit card contract that can change with each individual issuer) vs. law (credit card fraud limits).
Right - - I remember hearing horror stories years ago about credit card owners having as much as $50 withheld from their reimbursement! Wow. That's pretty egregious, I agree. With the Debit Mastercard at my bank, they have to give every single penny back and they have to do that within 24 hours. It is most definitely against the law for your money to be taken from your bank account for unauthorized purchases here, once notification has been given.
__________________

__________________
"A ship in the harbor is safe, but that's not what ships are built for."
- - - J. A. Shedd, 1928
W2R is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PSA: Save $8.62 Today On Amazon (sold by Amazon only) RetiredGypsy Other topics 50 02-23-2017 06:01 AM
A glitch for some retirement plans Khan Life after FIRE 11 04-05-2008 07:55 PM
MS Money glitch? Leonidas FIRE and Money 3 08-25-2007 09:28 AM
Minor IE Glitch TromboneAl Other topics 7 03-07-2007 11:05 AM

» Quick Links

 
All times are GMT -6. The time now is 01:30 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2019, vBulletin Solutions, Inc.