The end of this post displays an e-mail I received while on the phone with Amazon trying to get a refund completed. As will become apparent, it is hard to see how I could have received this message ex an inside job by Amazon employees, since it contains a combination of information that would not be available otherwise, even by wiretapping. The phishing message was attempting to get me up upload government ID to an external site. Amazon’s customer service representative confirmed they never request government.
So this is a general warning never never never upload government ID in connection with a commercial transaction, and a further warning regarding Amazon refunds as Black Friday is on and the holiday season approaches.
Now to the details. I have to confess to dealing more with Amazon now that I am in Southeast Asia than when in the US. There are quite a few items that I cannot get here (particularly related to Macs, such as compatible USB keyboards; they are a comparative rarity due to price) and Amazon will ship from the US. However, there are also items I use that I find important that no one will send here. So on a recent trip to the US, I bought many things to carry back. Some I got on Amazon because other vendors would not give clear guidance on their shipping and typical delivery times to where I was.
I purchased two of the same item, from an Amazon vendor, to be sent my hotel. When I opened the exterior box, the inner boxes both had label on their outside saying they were the item ordered. Some reviews this product praised the inner packaging (the items were breakable) so I simply put these boxes in with the other checked luggage items.
When I opened them after my return, I found both contained different items from what I had ordered.
I made two calls to Amazon customer service. Both were via Vonage, as in VOIP, over a fiber optic line run in place of an old DSL line, with wired connections from phone to VOIP router, meaning a dedicated pipe. Each time I spoke to two reps, the first a general customer service agent who then had to send me over to a specialist.
The bottom line of the first call was that they would e-mail me a link to use to upload photos of the not-ordered items I had received. I got an e-mail after I did that saying it would take them about three days to review and make a determination.
When I had not heard back after 5 days, I called again. When I got through to the second rep, it seemed she had to go though some hoops to get the return authorized. She reported back that she had succeeded and that I should see the credit on my credit card in five to seven days.
Mind you, both times the only identifying information Amazon got on the phone from me was the order ID, which I provided in the hope to expedite matters, my name and they presumably saw the caller ID on my VOIP phone. They verified me by sending an authorization link by e-mail. Note the authorization link said something about my phone being a mobile phone (not true) in Washington state, and “generic” to boot.
I did not look at my e-mails while I was on the phone with the Amazon agent getting the refund approved. But after I got off, I saw the one with the text pasted below. Note is is from “no-reply@amazon.com”
Even though it has signs of bogosity, like “Hello,” “we noticed abnormal activity on your account,” and “Also, you will not be able to investigate this order issue further,” it had, in the very first line, the exact order number and that I had called Amazon for a refund [or replacement].
While it might be possible to have tapped the call to get the order number and the refund request, the only way to get that plus my e-mail address was via Amazon itself. And Lambert who knows Vonage concurs additionally that Vonage being hacked is very unlikely. So this looks to be an inside job.
I called Amazon to have a hissy. I said if this really was an Amazon request, no way, no how was I uploading government ID. They’d agreed to the refund and I would put in for a chargeback on my credit card. The agent reassured me that Amazon never asked for government ID and e-mailed me a link to send Amazon the fraudulent e-mail.
The idea that this is an Amazon inside job is not as remote as you think. I had a friend who had $25,000 removed from her Chase account via a series of >$200 counterfeit checks over a period of about a week. The thief had to have known Chase’s fraud triggers to pull this off, so a current or recent employee. The checks were honored despite individual check numbers being much larger than for any checks the customer had ordered. Many of the checks were for the same amount, cashed the same day. Yet 8+ checks a day over a series of days from a customer who did not use that many checks to begin with did not trigger an alert.
The customer did get all the money back, albeit having also to work around 10+ days of being locked out of the account.
So be warned! Needless to say, th copy below does not contain live links.
_______
From: no-reply@amazon.com
Subject: Your Amazon.com order
Date: November 28, 2024 at 9:42:42 PM GMT+7
To: XXXXXXXXX
Reply-To: no-reply@amazon.com
Hello,
Thank you for contacting us regarding your order XXX-XXXXXXX-XXXX.
Because we noticed abnormal activity on your account, we need to verify your identity before we can consider your request for a refund or replacement. We may also request additional information before granting your request.
How will you verify my identity?
In order for us to verify your identity, upload a valid government-issued identity document on the secure customer portal. Note that the following link will expire after 6 days:
https://account-status.amazon.com/identity-validation
All personal information that you provide will be handled in accordance with our Privacy Notice. To review our Privacy Notice, go to “Amazon and Your Personal Information”:
https://www.amazon.com/gp/help/customer/display.html?nodeId=G68RWEYX26H3ZXJT
What happens when I submit my ID document?
We will review your order and your account and verify your identity through one our third-party service providers. Once you have submitted your information through the secure customer portal, it will take us 3 business days to determine an outcome. At that point, you can contact us to learn the outcome of the investigation.
What happens if I do not submit my ID document?
You may continue shopping on Amazon, but you will no longer be eligible for a refund on the order 113-2146169-3764231. Also, you will not be able to investigate this order issue further.
Who can I contact if I need help with this issue?
You can contact us through your Amazon profile. To do so, go to “Amazon Customer Service”:
https://www.amazon.com/contact-us
Account Specialist
https://www.amazon.com
Imagine you are an Amazon employee, low pay, a lot of pressure to meet targets, little loyalty. And someone offers you a nice sum of money to share some data…
Interesting. The links in the email all appear to go back to the amazon.com web server. if it was a non-corporate activity, I would have expected that there would be a non amazon.com link buried under the html link description which would contain amazon.com stuff.
If these are true amazon.com web pages then obviously what you were told by the agent clearly does not line up with the amazon.com web site.
Given the typos, I would expect that underneath, they are not pointing to amazon.com web pages.
it could be Amazon allows third-party sellers to require IDs for certain transactions?
https://search.brave.com/search?q=amazon+id+upload
Please do not contradict information in the post. I know you mean well, but you are leading readers away from possible explanations. You need to stick with the facts presented.
Amazon controls the customer relationship and set the terms of engagement. Amazon confirmed that government IDs are NEVER NEVER requested and that an e-mail of the sort I received was fraudulent. You need to start from the fact that this was a fraud and not try to dream up a scenario where it could be legit.
if it is an option, perhaps Aliexpress, Temu, or Coupang offers similar products at similar total prices.
You generally can force their websites to display English for their non-US country specific sites.
Since it launched here in Oz last year, the popularity of Temu has skyrocketed and my wife uses it often, especially for stuff that you will never see on a shelf anywhere. So for Temu at least, displaying English is no problem and is automatic.
Use https://centralops.net/co/DomainDossier.aspx and check Whois for account-status.amazon.com
Domain Name: AMAZON.COM
Registry Domain ID: 281209_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Queried whois.markmonitor.com with “amazon.com”…
Domain Name: amazon.com
Registry Domain ID: 281209_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Registry Registrant ID:
Registrant Name: Hostmaster, Amazon Legal Dept.
Registrant Organization: Amazon Technologies, Inc
Using a web browser I don’t normally use, I visited the link https://account-status.amazon.com/identity-validation and it asked me to log in to Amazon. I closed that, went directly to amazon.com and logged in, then went back to the identity validation link. It is titled “Identity Verification” and reports that No identity verification requests are found.
This is clearly an Amazon-sponsored website feature, so it appears that the agent who reassured you that Amazon never asks for government ID was incorrect. That seems a simpler explanation that Amazon has rogue identity thieves who are capable of adding their own additions to the Amazon website.