Unauthorised Payment through Amazon Account

LN1shant on 20/09/2021 - 14:41
Last edited 20/09/2021 - 14:54 by 1 other user

So there were some purchases made in my Amazon account which was not done by me. This is the 2nd time this has happened.

I have a 2 step verification which sends me a code to my phone when ever I log in. There is no other way of logging without the SMS code on the phone.

In the last 2 days exactly after 1am 3 purchases were made for computer parts from same 3rd party seller. After the purchase the orders were archived so I wouldn't get any notifications about it. The only way I found out about these purchases were once I check my bank statement.

The weird part about theses purchases were it was getting sent to my address.

I spoke to Amazon to cancel the orders. As this was 3rd party Amazon send a message to get the orders cancelled. Amazon assured orders will be cancelled as it was not dispatched. The seller ignored the message and charged me for the product and then dispatched it. When questioned he mentioned he never got the message. I can see the cancellation request in my amazon account so he was lying. Amazon mentioned once the order is reaches the delivery date only then I can get a refund which can take up to 2 months.

The 3rd party seller has been with Amazon for only 3 days which seem odd.

So the question is how can someone use my account if I never got an SMS request code for login? I only use my phone to make purchases for Amazon and checked my all my other devices (PC Laptop and Tablet) to make sure that I was not logged in on those.

Could the 3rd party seller be doing this?

Has anyone else had the same experience?

General Discussion

Related Stores

Amazon AU
Amazon AU
Marketplace

Comments

  • Lord Fart Bucket on 20/09/2021 - 14:51
    +1

    Have you logged in on any other devices in the past that may have a persistent login?
    Changed your password? Force logout of all devices?

    • N1shant on 20/09/2021 - 17:10

      No I haven't. I haved changed the password and forced logged out from all devices as well

  • deme on 20/09/2021 - 14:55
    +6

    https://haveibeenpwned.com/

    From your description the 3rd party seller is likely the fraudulent party.
    You should ask Amazon how they bypassed your SMS auths

    • JCrown9 on 20/09/2021 - 15:24

      unlikely.
      amazons verification process for sellers is extremely tough.
      you need to provide a ton of id and verification documents.

      if it is the seller, amazon will have every detail on them and be able to get the money back / remove the seller from their platform.

      speak to amazon about this and they will give you the answers on the seller.

      • deme on 20/09/2021 - 17:19
        +6

        Wait are you seriously suggesting that is it unlikely that Amazon has zero fraudulent 3rd party sellers?

        • JCrown9 on 20/09/2021 - 20:30
          -1

          pretty much.

          and if they did amazon would fid them very fast.

          there systems and procedures on sellers is extremely strict.

          (I am a seller so do know their process).

        • bbinc on 21/09/2021 - 09:42

          Fake Brother toner cartridge described as genuine Australian Brother stock.
          By the time I discovered it the seller was no longer on Amazon. Amazon however facilitated a full refund, but no-one ever admitted fake.

    • N1shant on 20/09/2021 - 17:22

      Got this result for my email login

      Oh no — pwned!

      Pwned in 9 data breaches and found 1 paste (subscribe to search sensitive breaches)

  • kerfuffle on 20/09/2021 - 15:02
    +4

    Someone in your family logging accessing your phone and logging onto your account to buy stuff?

    • djkelly69 on 20/09/2021 - 18:35

      Maybe OP's birthday is coming up and partner/parents/siblings are getting stuff through their Prime account once they go to sleep?

      • N1shant on 20/09/2021 - 18:41

        Lmao that would be awesome but I never buy PC items from Amazon. 1st thing was I checked all devices used by my family members. I have only logged into Amazon from my mobile and no other device

  • garetz on 20/09/2021 - 15:10

    The only way i can see this happening is using insider information, maybe a former amazon employee ? 2 factor authentication must be pretty hard to get around, maybe your phone number has been spoofed ?

  • thatonethere on 20/09/2021 - 15:11
    +1

    You can designate some devices as trusted which bypasses 2FA - https://www.amazon.com.au/gp/help/customer/display.html?node…

    Might be worth seeing if they have somehow managed to add some devices as trusted and not requiring 2FA.

    Otherwise remove your payment - or change the expiry so it is wrong.

  • burningrage on 20/09/2021 - 15:21
    +1

    I am bit interested with this.

    Amazon's login experience is in my view, a big pain the arse.

    First, I had to put in the credentials, then it took me to a page where I have to do a Google Catptcha look-a-like thingy and ENTERED the password again. The Google Captcha thingy is not always clear so if I get it wrong, I have to do it again.

    Then even if I get it right, it still sends 2FA Codes to my phone.

    It really is such a pain in the arse.

    So what I am very interested is this. Given this elaborate login, how can this sort of thing happened?

    • DoctorCalculon on 20/09/2021 - 19:29
      +1

      It really is such a pain in the arse.

      Don't you mean a burning sensation of rage? ;-)

  • PissLUR on 20/09/2021 - 15:24

    After the purchase the orders were archived so I wouldn't get any notifications about it. The only way I found out about these purchases were once I check my bank statement.

    you should still receive the email confirmation.

    I reckon this is shopping in your sleep.

    • Quantumcat on 20/09/2021 - 15:35

      If it was shopping in their sleep they would have the SMS 2FA messages still on their phone.

      • PissLUR on 20/09/2021 - 15:36

        text messages can be deleted.

        • Quantumcat on 20/09/2021 - 16:58
          +1

          Sleep shopping and covering his tracks by deleting the messages? Seems a little far fetched

          • PissLUR on 20/09/2021 - 16:59

            @Quantumcat: the email confirmation from amazon has also disappeared.

    • N1shant on 20/09/2021 - 17:23

      Yeah all orders were made after 1am when I'm fast asleep

      • kusama on 20/09/2021 - 20:35
        +6

        Sleep talking to Alexa?

  • poohduck on 20/09/2021 - 15:59
    +1

    If all you say is correct, then amazon's system has failed; they're at fault. I imagine they would look after you quick smart before word of this got out.

  • parismeow on 20/09/2021 - 16:14
    +3

    I had the exact thing happen to me!

    They also archived the order but I only had one order.

    I thought that maybe they hacked my phone as well to get past the 2fa but I hadn't received any sms's.

    it took me MONTHS to get my money back! the banks referred me to amazon, and amazon service was terrible!! It didn't help that the item was being posted to my address etc.

    My belief is that the marketplace seller of the furniture is the scammer - they purchase the items while hacking in knowing they are never going to send the item to you.

    After this experience, I deleted my amazon account, created a new one and chose my 2FA to go through the authenticator app.

    • N1shant on 20/09/2021 - 17:30
      +1

      Yeah thanks for that advice. I will create a new account as well

  • Banana3 on 20/09/2021 - 16:15

    Did you ever Subscribe and Save to the product from this seller before? Almost similar thing happened to me, but it was actually my fault, I forgot to cancel my S&S.

    • kerfuffle on 20/09/2021 - 16:56

      Didn't know you could subscribe and save to computer parts

    • N1shant on 20/09/2021 - 17:28

      Yeah I checked that and no S&S for this seller

  • raptormesh on 20/09/2021 - 16:44

    Did you ever get the deliveries? Though you should reject them anyway.

    • N1shant on 20/09/2021 - 17:17

      Nah man. All orders were put under investigation meaning it will never get delivered regardless

  • ChipsChicky on 20/09/2021 - 16:59

    Where can i see archived orders ?

  • bongom on 20/09/2021 - 17:21
    +3

    This is why I have a debit card with a zero balance linked to e-commerce websites like Amazon and pay using gift cards.

    • N1shant on 20/09/2021 - 17:29

      Yeah I will do that from now on. Much safer

    • TilacVIP on 21/09/2021 - 09:13

      Credit card - not my money, the bank will get on its bike quick smart as soon as you report this type of activity

    • Zachary on 26/09/2021 - 10:07

      What do you do when your gift card balances at like $1 and the something you want to buy cost $1.01 or whenever you don't have enough? Can you use two gift cards to pay or only one allowed in which case you would have to drop the $1 since you can't get anything with it unless you can transfer the funds to your new card and then get it with that?

  • Peachout on 21/09/2021 - 09:28
    +1

    It might not be Amazon or the seller. SMS authentication is no longer that secure. See this article from last year (one of many): https://www.google.com/amp/s/www.okta.com/blog/2020/10/sms-a…

    • bbinc on 21/09/2021 - 09:49

      Authentication way to go now. Authy or Google or Microsoft

  • bbinc on 21/09/2021 - 09:43

    Sounds like a fat fingered seller?

  • N1shant on 21/09/2021 - 15:06
    +1

    So I have left the account active until the refund is done. Bank details are removed. I just got an email saying I have given all the products 5 star and explaining how good the product is even though the orders were cancelled by Amazon. Pretty convinced now this is the sellers doing.

    • Webber000 on 21/09/2021 - 18:30

      Look into that. When did you supposedly rate the items? After you had changed password and forced logout? If so either your device is hacked or amazon is (totally possible as unlikely as it seems, remember yahoo had a flaw enabling people to log in with no password and took them years to work out and fix).

      • Zachary on 25/09/2021 - 13:54
        -1

        remember yahoo had a flaw enabling people to log in with no password and took them years to work out and fix

        When was this and how did you login without password?

        • Webber000 on 26/09/2021 - 13:05

          There was an exploit with remember me where hackers worked out they could create cookies and get in without having to enter a password. Basically make a cookie with the username and then they could login to that account as it wasn't being verified. Google it - it was a massive breach that went on for years before Yahoo worked out how it was being done.

          • Zachary on 08/10/2021 - 17:28
            -1

            @Webber000: But the hackers would still need to figure out the username to use this hack, right?

            • Webber000 on 09/10/2021 - 14:48

              @Zachary: Yes, but your username is just your email address and they can either buy email address lists or just try every possible word/combination to try them all.

              • Zachary on 11/10/2021 - 17:24
                -1

                @Webber000: Hmm, so best to make a really obfuscated email address, like &goeQwy}vzn;fGH'@yahoo.com and then goodluck for the hackers trying to "guess" your username!

  • jonkvh on 21/09/2021 - 17:43

    Who is the seller?

Login or Join to leave a comment
Login Join