Amazon’s plastic response to phishing

So, i’m one of those obnoxious people who uses a unique email address on every single site and when i use a site where i put my credit card in, i use a string of odd letters and numbers at the end to make it less guessable. I’m very careful to not give out those email addresses outside of the company i’m dealing with and, because i use pine and a Mac, i’ve never worried about viruses. Plus, business emails go to a separate account that is removed from my primary email.

Over the holidays, i got a phishing message to my Amazon email address and i was quite upset. (I’m one of those people who has an Amazon credit card and gets the free shipping because i spend far too much money there – this is not an account i want to be fucked with.) Amazon has this whole thing about how phishing is important to them and thus they have a special reporting place. So, i write to them. What do i get back? It’s my fault, of course. In response, i get a link to learn more about how to protect myself from phishing with nothing addressing any of my specific concerns.

Fuck you very much, Amazon.

One of the things that i hate about the whole online vendors thing is that we’ve lost customer service completely. What happened to the customer is always right ethos? What happened to being really conscious of valued customers? ::sigh::

In the meantime, i’m really concerned about how the phishers got that email address and i have no idea how that might have happened. Did Amazon send the address to one of the used book people that i bought books from? How else might someone have gotten that address? Hrmfpt.

Print Friendly, PDF & Email

13 thoughts on “Amazon’s plastic response to phishing

  1. Phil Ringnalda

    Yes, they definately send your email to used book or whatever sellers: I’ve bought from a couple of overly-pushy ones who keep sending me “give us perfect feedback, or if you aren’t going to give us perfect feedback, tell us why first so we can persuade you to give us perfect feedback” mail. The current one of those is exactly one more message away from getting perfectly awful feedback.

    The other place that keeps surprising me with their casual attitude toward my email address is CDBaby: in many, many ways they show just how much they get it, but then when you buy a CD, they treat that as a silent invitation to give your email address to the musician, who might send a sweet personal thank-you, or might put you on their spamming list without offering any way off.

  2. Yaron

    Regarding CDBaby, they actually notify you that the address will be shared with the artists, and give you the option to refuse. True, it’s opt-out rather than opt-in, but they do tell you and allow you to refuse.

    As for Amazon, if they’re really sharing email address for new books (Did you buy used books from them, or only new?), that’s very bad behaviour. I don’t suppose the address you used is something likely to come up by some semi-random address generators?

    And yes, customer service tends to drift towards the worst. I didn’t have any issues with Amazon, but one time a new book ordered from B&N arrived with the pages unglued to the cover (paperback) and falling out. I sent them a message, expecting they’ll offer a replacement or compensation, but mostly just informing them to check their stock and let the publisher know, so it won’t happen to more people. I got back a message thanking me for my “kind comments”…

  3. Ellen Spertus

    I’ve also been disappointed with the inappropriate canned replies I get back from Amazon. I actually remember when they had good customer service, but that was nearly ten years ago.

  4. zephoria

    Huh… interesting.

    I highly doubt auto-generation would work. It’s a string of 3 random digits following a period following the company identifier. Not a pattern i know others have.

    I also buy both used and new. In rather large doses, actually.

    So, there’s something interesting here… Let’s say it is one of their used dealers. Imagine Amazon wrote to their user base (which they often do) to explicitly ask if they’ve gotten phishing messages and to report them. Now, with those reports, they could actually deduce patterns based on purchasing. (Hell, they may be able to do that already from the people who were wary because this phish was a really good one.) They could probably figure out which dealer is likely to be the one phishing (or selling addresses to phishers), no?

  5. Ben Chun

    Another possibility: one of the used book dealers ended up with your address in their MS Outlook, which was later compromised by a virus or worm designed to harvest email addresses to sell to spammers / phishers. It seems unlikely that anyone with a used book business big enough to get a significant number of addresses would also risk selling those addresses. But there are probably a lot of them who aren’t tech-savvy enough to look beyond Microsoft for good security. One other factor: your use of the string “amazon” in the email address might have made it easier for a phisher to decide which site to phish for at that address. Good thing that most people who use a custom email address for each site are also quite aware of these scams, and thus unlikely to be taken in.

  6. [NICK]

    crappy customer service from big companies has to be the most annoying thing cause they know there’s nothing you can do about it !!!!! :@

  7. Cheryl M

    danah, it is possible that your information came off of a wishlist as suggested by Ben. Just recently, there was this article on Applefritter ( that shows how the Amazon API can be used to mine wishlists. I’m not sure whether the email address shows as part of the mining and I’m still pondering the privacy implications of the article.

  8. gavan

    I get those phishing emails all the time and used to report the scams to the different companies and got bland auto generated emails back.

    What really pissed me off and why I enjoyed your article was they do it as a marketing gimmick they know about all the types of phishing emails so I waste my time sending them an email and they delete it ,talk about losing the plot with customer service.

  9. ian

    Try calling customer service. The phone number is impossible to find on their site, but easy via Google: (800) 201-7575. They’re pretty responsive there.

  10. mawado

    If you want service, cancel the card.
    Be polite, tell them why you are canceling the card. Mention the most recent deal from B&N/Powell’s/whatever. I bet you get contacted by a real person and not a form letter.
    Just a thought.

  11. B

    You give a link to an Amazon page in a recent post (PostSecret) and the text of the list includes “Zephoria”; isn’t there a way to find you account with e-mail from such a link?

Comments are closed.