Multinational technology company Amazon announced that it is investigating claims made by a customer in India who received duplicate orders and fake products and suggested the company might be subject to a data breach, according to a report by Cyber Express.Â
The Amazon customer said they placed two orders in one day. These were paid via different methods (online and through Cash on Delivery), but the bills looked identical. One of the orders had a duplicate charge for the same item.
However, the other order contained the wrong item, delivering speakers instead of a tablet. The client thinks the received speakers are a counterfeit product.
For now, Amazon’s response is only that an inquiry into the matter is ongoing.
The data breach allegations are not very far-fetched, as a phishing campaign masqueraded as an Amazon email asking for security verification earlier this month, stealing users’ details via a malicious domain that requested sensitive personal data, including banking details. The attackers used Google Drawings and shortened links generated via WhatsApp to evade detection.
Hackers can also intercept one-time passwords (OTPs) that victims receive via text message, voice call, email, instant message, or mobile app push notifications via complex hacks with multiple stages, including phishing and OTP bots typically managed via a special browser-based panel or a Telegram bot.
Users should stay alert, as a recent exploit of Proofpoint’s email protection service allowed threat actors to send millions of spoofed phishing emails, perfectly impersonating Proofpoint customers. This company works with brands like Disney, IBM, Coca-Cola, Nike, Best Buy, and more.