A friend abroad is in a bit of trouble.
-
A friend abroad is in a bit of trouble. As assistance, she asked for Amazon gift cards.
"Easy enough," thought innocent, unsuspecting Martin.
The first thing I learned was that an Amazon.de gift card cannot be redeemed at an Amazon store abroad. So I tried logging into the local Amazon site instead.
That actually worked with my German account, after entering a code they emailed me. However, they immediately forced me to set a new password. Which I did.
I now have absolutely no idea whether this also changed the password for my German account.
Then I had to confirm the login using an authenticator token. Surprisingly, the token from my German account worked.
At this point, I was finally able to put the gift card into the shopping cart. But paying for it turned into its own separate side quest.
Amazon proudly displayed all the credit cards I have stored with them, but for the actual payment they insisted on using an (Amazon-branded) credit card I normally never use and which permanently lives locked away in a safe.
The system recognized the card, of course, but in order to proceed with the order it demanded the three-digit security code. So I retrieved the card from the safe and entered the code.
Getting to that safe has become a painful undertaking these days because I made the strategic error of bolting it to the floor and my knees are no longer enthusiastic supporters of that design decision.
But what won’t one do for friends.
The order was then confirmed. I even received the confirmation email. At this point I believed I had succeeded and leaned back in relief.
About five minutes later, this email arrived:
We believe that an unauthorized party may have accessed your Amazon account. As a security measure, we have taken the following action. We have taken the following actions to protect your account:
- Canceled any suspicious pending orders and removed them from "Your Orders" section in "Your Account"
- If you were using a password for your Amazon account, it has been disabled and you need to reset your password.
- Reversed any changes made by this unauthorized party.
- Removed suspicious devices from your account.
- Existing security features, such as Passkey or Two-Step Verification, might have been affected during this process because we couldn't verify if recent changes were made by you. After regaining access, visit the "Login & security" page in your "Account settings" to verify if these features are still enabled and add them back if needed.
The email then continues for several more pages.
So now I get to go through the entire circus again from the very beginning. Everything! Completely! Only this time I used SMS verification instead of email codes. I hope that way Amazon will believe, it is really me.
Once again I confirmed that yes, astonishingly enough, I was in fact myself.
And now I’m sitting here fully expecting another one of those emails to arrive at any moment.
This entire masterpiece of modern digital convenience has now taken well over 30 minutes.
On some days you can't eat as much as you want to throw up. Globalization is not intended for inferior peons like us but just for nobles like Bezos.
-
A friend abroad is in a bit of trouble. As assistance, she asked for Amazon gift cards.
"Easy enough," thought innocent, unsuspecting Martin.
The first thing I learned was that an Amazon.de gift card cannot be redeemed at an Amazon store abroad. So I tried logging into the local Amazon site instead.
That actually worked with my German account, after entering a code they emailed me. However, they immediately forced me to set a new password. Which I did.
I now have absolutely no idea whether this also changed the password for my German account.
Then I had to confirm the login using an authenticator token. Surprisingly, the token from my German account worked.
At this point, I was finally able to put the gift card into the shopping cart. But paying for it turned into its own separate side quest.
Amazon proudly displayed all the credit cards I have stored with them, but for the actual payment they insisted on using an (Amazon-branded) credit card I normally never use and which permanently lives locked away in a safe.
The system recognized the card, of course, but in order to proceed with the order it demanded the three-digit security code. So I retrieved the card from the safe and entered the code.
Getting to that safe has become a painful undertaking these days because I made the strategic error of bolting it to the floor and my knees are no longer enthusiastic supporters of that design decision.
But what won’t one do for friends.
The order was then confirmed. I even received the confirmation email. At this point I believed I had succeeded and leaned back in relief.
About five minutes later, this email arrived:
We believe that an unauthorized party may have accessed your Amazon account. As a security measure, we have taken the following action. We have taken the following actions to protect your account:
- Canceled any suspicious pending orders and removed them from "Your Orders" section in "Your Account"
- If you were using a password for your Amazon account, it has been disabled and you need to reset your password.
- Reversed any changes made by this unauthorized party.
- Removed suspicious devices from your account.
- Existing security features, such as Passkey or Two-Step Verification, might have been affected during this process because we couldn't verify if recent changes were made by you. After regaining access, visit the "Login & security" page in your "Account settings" to verify if these features are still enabled and add them back if needed.
The email then continues for several more pages.
So now I get to go through the entire circus again from the very beginning. Everything! Completely! Only this time I used SMS verification instead of email codes. I hope that way Amazon will believe, it is really me.
Once again I confirmed that yes, astonishingly enough, I was in fact myself.
And now I’m sitting here fully expecting another one of those emails to arrive at any moment.
This entire masterpiece of modern digital convenience has now taken well over 30 minutes.
On some days you can't eat as much as you want to throw up. Globalization is not intended for inferior peons like us but just for nobles like Bezos.
@masek The message is clear: You should not help anyone in trouble, even if it is a good friend. Nowaday, scams are easier than legit transactions. 🤬
-
@masek The message is clear: You should not help anyone in trouble, even if it is a good friend. Nowaday, scams are easier than legit transactions. 🤬
@katzenjens I somehow suspect that may be an intended message indeed, but you know me: I'm not that good at listening
. -
A friend abroad is in a bit of trouble. As assistance, she asked for Amazon gift cards.
"Easy enough," thought innocent, unsuspecting Martin.
The first thing I learned was that an Amazon.de gift card cannot be redeemed at an Amazon store abroad. So I tried logging into the local Amazon site instead.
That actually worked with my German account, after entering a code they emailed me. However, they immediately forced me to set a new password. Which I did.
I now have absolutely no idea whether this also changed the password for my German account.
Then I had to confirm the login using an authenticator token. Surprisingly, the token from my German account worked.
At this point, I was finally able to put the gift card into the shopping cart. But paying for it turned into its own separate side quest.
Amazon proudly displayed all the credit cards I have stored with them, but for the actual payment they insisted on using an (Amazon-branded) credit card I normally never use and which permanently lives locked away in a safe.
The system recognized the card, of course, but in order to proceed with the order it demanded the three-digit security code. So I retrieved the card from the safe and entered the code.
Getting to that safe has become a painful undertaking these days because I made the strategic error of bolting it to the floor and my knees are no longer enthusiastic supporters of that design decision.
But what won’t one do for friends.
The order was then confirmed. I even received the confirmation email. At this point I believed I had succeeded and leaned back in relief.
About five minutes later, this email arrived:
We believe that an unauthorized party may have accessed your Amazon account. As a security measure, we have taken the following action. We have taken the following actions to protect your account:
- Canceled any suspicious pending orders and removed them from "Your Orders" section in "Your Account"
- If you were using a password for your Amazon account, it has been disabled and you need to reset your password.
- Reversed any changes made by this unauthorized party.
- Removed suspicious devices from your account.
- Existing security features, such as Passkey or Two-Step Verification, might have been affected during this process because we couldn't verify if recent changes were made by you. After regaining access, visit the "Login & security" page in your "Account settings" to verify if these features are still enabled and add them back if needed.
The email then continues for several more pages.
So now I get to go through the entire circus again from the very beginning. Everything! Completely! Only this time I used SMS verification instead of email codes. I hope that way Amazon will believe, it is really me.
Once again I confirmed that yes, astonishingly enough, I was in fact myself.
And now I’m sitting here fully expecting another one of those emails to arrive at any moment.
This entire masterpiece of modern digital convenience has now taken well over 30 minutes.
On some days you can't eat as much as you want to throw up. Globalization is not intended for inferior peons like us but just for nobles like Bezos.
@masek While reading this, my brain just kept on going "Oh no, it's a scam, oh no, why won't he stop!" until I realized it wasn't... But I can understand why this sets of automatic safety features, as it's exactly how scams would work...
-
R relay@relay.infosec.exchange shared this topic
