Yet, Another Scam You Need To Be Aware Of


Eric Springer, an Australian developer who had previously worked at Amazon as a software developer engineer, described himself as “a security conscious user who follows the best practices—using unique passwords, two-factor authentication, only using a secure computer, and being able to spot phishing attacks from a mile away.”

Which is more than most of us could probably say about ourselves.

Even so, Eric still became a victim of an ever-growing hacking method known as “Social Engineering.” Social Engineering is “a non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. It is one of the greatest threats that organizations today encounter.”

Eric’s story began when he received a seemingly harmless, yet what he believed to be misdirected, email from Amazon:

http://cdn.arstechnica.net/wp-content/uploads/2016/01/1-CNpX88cuvGqyNLhJvxYW8A-640x322.png


Being the security cautious user he is, Eric decided it was better to be safe than sorry and went on to contact Amazon to see what this email was all about. Amazon informed Eric that he had previously had a conversation with Amazon support. Luckily for Eric, this “conversation” was a text chat, and Amazon was able to email him the following transcript:

http://cdn.arstechnica.net/wp-content/uploads/2016/01/1-MmASv_H55KXTzO3u8ZVQnQ-640x385.png


Before going forward, a couple things to note:
  • The address given by “Eric Springer” is not his actual address. It was a fake address of a hotel located in the same zip code of where Eric actually lived. 
  • The REAL Eric Springer had previously registered some domains on whois.net (a website that allows you to look up who is registered to an individual domain name) where he used this fake hotel address in attempt to protect his identity.
  • The hacker was able to locate this information on whois.net and then provide it to the Amazon representative. 
  • The Amazon Customer Service Representative presumably only looked at the zip code and not the rest of the address.

http://cdn.arstechnica.net/wp-content/uploads/2016/01/1-Iux_MAbuCnbIM_6TdDFYtg-640x532.png

To sum it up, essentially from looking up his personal information on whois.net, the hacker was able to provide fake details from Eric Springer’s account and obtain his real address and phone number in exchange. Unfortunately, the attacker was also able to contact Eric’s bank to issue them a new copy of his credit card. Yikes.

Also, unfortunately for Eric, this was not the last encounter he would have like this. Although Eric had attempted to take further precautionary measures by requesting a note be put on his account that he was at “extremely high risk of social engineering and will always be capable of logging in,” Eric’s account and information was compromised two more times.

Eric’s advice for users?

“Continue to be extremely careful with information you share. Even big companies like Amazon can’t keep it safe.”

Citations:http://searchsecurity.techtarget.com/definition/social-engineering

http://arstechnica.com/security/2016/01/how-amazon-customer-service-was-the-weak-link-that-spilled-my-data/

 

Popular Posts