I wish that when you got a computer,it came with some kind of instructions so that people who are not magically born as computer genius can read articles about scams ect. because you can bet the company isn't going to tell you about security problems they have and I know there will be people who say well if you don't know how to work a computer why did you buy one? I didn't my brother bought it for me so I could keep in touch with family and because certain of my credit cards,if you dont pay them on the computer,it cost $25 to get customer service(laugh) to put the payment in. And as far as mailing the payment in I was having to have to post office poststamp the date I mailed it and give me a copy to prove to the credit card company that I mailed it 22 days before it was due and they were charging me late charges because they said they didn't recieve it by the due date.Its like if you don't have a computer in this country,half the world passes you by ,and yes I could get rid of my credit cards but there are actually 2 stores in my neighborhood that will not accept cash due to robbery and just try using a check nowadays (big laugh) so to Lene Jensen instead of saying be real,maybe you could have taken a couple of minutes and just hit the high points of maybe just give them the link address ,most of us have learned how to type a link address in the search box line,I didn't even write Grumblers comment but when I read your reply,I wished that I knew the site address so I could have given it to him,as for me,I will just have to be careful and not buy to much online because I too do not know all these places to go for help and find out about all the scams and lack of security of places like Amazon.com which is supposed to be a safe place to shop
Sven for some reason your comment did not come up before I wrote my comment,thank you for taking the time to give the address to go look at the article,it was very cool that I had just remarked that I wish someone would at least put the site address so we can protect ourselves and there it was,Thank you so much,its people like you that make it so I can learn how to use my computer without getting in trouble and I am grateful you took the time.
Smart, huh? Smart people aren't typically reliant on second-hand interpretations, but rather prefer to educate themselves and make up their own minds. There are ways to find the article in question without using any posted links.
Sharon, gizmodo is a reputable site. The fact that Grumbler tried to make it seem disreputable means he is either not informed, and I don't believe that for a second, or he's too lazy to go to the site. The article is long, and it's better that people read it, to understand the problem. If I said "Amazon CSRs enable crackers access to your account", well, that is the gist, but that is also not completely true either. I could write an article about it, but why should I, when the original article does it so much better.
If you go to the OP, you SEE the link address. Good grief.
The article says that someone posing as an Amazon account holder was able to get a Customer Service Rep to disclose order numbers and then have "replacement orders" shipped out to an address that was not on the account. The Rep did not require use of a password or any other secure information. Amazon's Customer Service procedures nearly permitted a scam artist to get some pricey merchandise - though the alert customer (who wrote the Gizmodo article) was able to cancel those orders.
I am sort of on Grumbler's side, even though the way he said it was rude. I don't really like when people post just a link. If you want to post, at least give an idea of what it's about other than "huge security flaw." That is the type of thing you see in SPAM emails all the time - some attention grabbing headline, with just a link, if you want to know more.
If he had criticized the OP, sure, I would have been on his side. But then you look at the link, and it is not a high risk link, and then you get a snarky "I am better than everyone else, and won't follow the link as it can be dubious". We know he was just too lazy to read. But, it is polite to have a quick synopsis of the problem in OP, however, I've seen a lot worse here. This is at least explaining a legitimate concern that all of us should be aware of. Through no fault of our own, someone can use our accounts to obtain free stuff. We will eventually pay for it. All of us.
I never click on a link from a forum like this, though. As you probably know, sometimes the link description isn't really the same as the URL that you'll be sent to, if you click on it. A crafty person could make it LOOK like they're linking you to gizmodo, but really send you somewhere else. Of course, you could just go to gizmodo yourself and search for it, but I am always suspicious of messages that just encourage you to "click on this link for important information."
Still, it's a good heads-up. I will definitely pay attention, if I see any unexpected messages from Amazon customer service showing up in my e-mail.
It also points out why many of us prefer not to post here using "Real Name." I occasionally get comments about being a coward, not wanting to stand behind the things I say. Nope...that's not it. I prefer not to make it too easy for someone to steal my information.
Maybe you're right, Anastasia. Since Grumbler and Lene were calling it a link, I made the assumption that it was a link. I don't see it that way, myself, but I find that can vary depending upon what computer and/or browser I'm using. Still, my comment was kind of generic, that I don't click on links that people post on public fora.
I can't even use the "Reply to this post" link or the Yes/No buttons on the computer I'm using now, so I thought it possible that someone else might see that URL as a link, even though I didn't.
Just finished a masters degree in cybersecurity. If any personally identifiable information (PII) is accessed due to a security breach (hacking or otherwise), the vendor is required by law to disclose the breach to U.S. CERT who will notify the FBI, if criminal charges can be brought. This scam (with the CSR and order numbers) is no different from the thieves stealing packages delivered to your front porch before you get home from work. Since technology changes and new ways to pull off a scam are created all the time, there are never any guarantees that your data is safe. Period. Anyone who uses the Internet for any reason whatsoever, is exposed to risk of identity theft, credit card fraud, drive-by malware downloads from browser hijacking, etc. Likewise, you expose yourself to similar risk when you receive paper mail from the post office, it's just that the pool of potential perpetrators is smaller.
Well, this isn't a clickable link. So you see what it does. In this case, it goes to gizmodo, but imbed stuff from another reputable site. I had no problem going to it. I am sceptical to threads with less trustworthy links.