Reply to post: Ah, phishie phishie...

Twitter says spear-phishing attack hooked its staff and led to celebrity account hijack

WolfFan Silver badge

Ah, phishie phishie...

I recently got an email allegedly from Amazon. It stated that I didn’t have certain items filled in on my account, notably ‘business hours’ and an associated ‘business phone’. I was supposed to click here to update the account. They needed the info to ‘ensure delivery’. I found this to be quite interesting. In the first place, while I do have a business account, the email went to my personal account. In the second place, I’ve had that account for over two decades, and have had delivery problems exactly once in that time; Amazon sent a package to a similar address two states away. If they had had ‘business hours’ and a ‘business phone’ they still would have messed that up. In the third place, my personal account has had the delivery address changed three times, the last over a decade ago, in the time I’ve had it, and I was never asked about providing a ‘business phone’ or ‘business hours’ before. And, in the fourth place, there’s that whole ‘click here’ bit.

I contacted Amazon, using the chat because it’s amazingly difficult to find a phone number for Customer Support. The guy on chat said that the email was legitimate, and that Amazon needed the info or they wouldn’t be responsible for missed deliveries. He had no idea what ‘phishing’ was. I insisted that there was a problem. He got someone to phone me. The girl on the phone had no idea what phishing was, either, insisting that the email was legitimate, but conceded that it was ‘optional’ for personal accounts.

They have not the least clue. I wonder how many others have received similar emails and just clicked here. And how many of those didn’t actually get the email from Amazon.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021