Breach of Security: My Amazon Fraud Nightmare

The nightmare began on Sunday, February 5, when I received a text alert on my cell phone notifying me that my Amazon account had been accessed by an unknown person. I immediately went to check the account on my personal computer and found that my Amazon account had indeed been accessed.  While several items were placed in the cart on my account, it didn’t appear that any purchases or orders had been made. Of at least equal concern, I also found that the default address to my account had been changed. 

After learning of the suspicious activity, I contacted Amazon customer service to confirm that no charges or orders had been made and to notify them of the changes made to my account.  I also went through the process of updating the password to my account, which the Amazon representative recommended. I even made a report with the local police department about the suspicious activity. Crisis averted (or so I thought). Boy, was I wrong!

The next morning, I woke up to two text messages from Amazon alerting me that my orders were “out for delivery.” “What orders?” I wondered. I went to my Amazon account and found that somehow, after changing my password the night before and reporting the suspicious activity to Amazon, two orders, totaling over $400 dollars, had been placed on my account, and the charges were made to my personal credit card. You got it! I was now a victim of fraud.

Surely, I could still do something to remedy the situation? After all, the orders had not been delivered. I immediately contacted Amazon customer service to cancel the fraudulent orders and delivery. I was then informed by the representative you could not cancel an order once it was out for delivery. Two hours later, I received an email notifying me that the order had been delivered (and even received a picture of the unknown door it was delivered to!). When I called Amazon back, I was told that they could not issue a refund as the items had been delivered and the matter was now being referred to a fraud investigator. Something to keep in mind for everyone who is a victim of fraud.

As I write this article, the fraud incident remains unresolved. At the suggestion of Amazon, I disputed the charges and filed a fraud claim with my credit card company. The investigation is expected to take 60-90 days to complete. In the meantime, I have had to reset my Amazon password several more times and my credit card account has been closed. I have invested many hours of my time updating accounts, providing information to the credit card company and Amazon for the fraud investigation, and handling the fallout from the fraud.  And it is still uncertain if the charges will be removed from my personal account.

Because of this situation, I have also learned some very valuable lessons involving fraud and security:

1. Create a long and unique password for your accounts. I am still uncertain how someone was able to gain access to my Amazon account. Prior to this incident, my Facebook account was hacked in December of 2022, so I suspect the two incidents are related. (Unlike Amazon, Meta had no customer support. As a result, I lost my Facebook account with over 1100 contacts, but fortunately did not have any credit or debit cards on the account). PC Magazine suggests changing your password as soon as you get notification of a security breach and the new password can be stored in a password manager. See, When Should You Change Your Password? Not as Often as You Think | PCMag. They also suggest changing the password for all accounts using the same email and password combination and generating unique passwords for every account. Because my Facebook and Amazon accounts used the same email and password combinations, I have now updated both accounts with different long and unique passwords. 
2. Log out of all your accounts and devices after you have updated your password. There may be a way to do this through your account and I did not find out about this option until after my initial call with the Amazon representative. In your Amazon account, there is an option that removes all devices that may be fraudulently attached to your account, requiring the new password to log in. If you are unable to find this option on your account, contact Amazon customer service at 888-280-4331 for further assistance.
3. Set up multi-factor notification if available. Some organizations will allow you to send a notification to a pre-selected phone number or email address after you log-in. The notification helps to verify your identity and provides an additional layer of security to the account.  It also helps to thwart fraudsters attempting to gain access to your account, as long as they do not have access to the other accounts being used for the notification.
4. Never click on suspicious links in text messages or emails, especially if they seek your username, password, or other personal information. I recently received a text message from a bank stating the phone number had been changed on my account and to click on the link to “reverse the action.”  However, I did not have an account with the bank.  After calling the bank directly, they confirmed the text message was a scam and recommended blocking the number and deleting the text.
5. If you suspect fraud, contact the organization directly as soon as you become aware of the breach to report the suspicious activity.  Though I was unable to prevent fraud from occurring, I still contacted Amazon and made a report to law enforcement. These actions should assist in the fraud investigation. It also provides the organization with notice of the activity and an opportunity to remedy it.

Following this incident, I received an email from Amazon discussing their efforts to prevent scams and protect customers. Last year, they “referred 100s of bad actors across the globe to law enforcement to help them ensure these scammers are held accountable.” However, the email did not reference the losses incurred by the victims of fraud, including the loss of time, resources, and financial security.

According to the Federal Trade Commission, in 2022, consumers reported losing more than $8.9 billion in fraud, identity theft, and other reports. Fraud and ID Theft Maps | Tableau Public The AARP Fraud Watch Network Helpline (877-908-3360) is a free service that provides support and guidance to victims of fraud and scams. There are resources to help those victimized by fraud. If your security is breached, you do not have to be alone in the nightmare of fraud.