[Patentpractice] IMPORTANT: Off-Topic: PSA Amazon Fraud Scheme - LOG OUT ALL DEVICES

Leigh T esthorne at gmail.com
Thu Oct 2 09:56:13 UTC 2025 

Hi, Suzannah,

I’m sorry this happened to you, and thanks for posting. Amazon should fix
those policies. In the past you could maybe also try complaining to the
Consumer Protection Bureau but I’m not sure it’s still active.

Something similar happened to us a couple of months ago with our Chase bank
credit card and then also a replacement card that was immediately hacked
again. The fake charges were all over the place and included pizza and
hotel stays at “Purpose Driven Stays” in Florida and Virginia, where we had
not been for a long time, so at least they were easy to dispute and Chase
has been really good about taking fake charges off.

 I pointed out when calling to get the second replacement card that it
seemed that the hacker was able to get our new card details immediately.
The Chase representative looked around and told us there was a Stripe
account (like Venmo) linked to our card that we didn’t even know about.
With that, the hacker was able to get our new card details immediately and make
more fake charges.  So the Chase representative deactivated all of the
automatic updates for the (second) new card to prevent the hacker from
automatically getting the new card info.

We had to re-link all the accounts where we had set up auto pay, but it did
stop that hacking. Also, we have since put freezes on both my and my
husband‘s credit and that seems to have helped cut down on phishing efforts
a bit.

Best regards,
Leigh


On Wed, Oct 1, 2025 at 10:30 AM Suzannah K. Sundby via Patentpractice <
patentpractice at oppedahl-lists.com> wrote:

> IMPORTANT FOLLOW-UP – MUST DO – BOT FARMS BUSY
>
>
>
> (See yellow highlight below for bullet point as to how to secure your
> Amazon account.)
>
>
>
> Serious bots are busy hacking into people’s Amazon accounts with their
> phone numbers.  A friend of mine who I warned said that just yesterday
> and today someone tried logging in with his phone number.  Since he was
> not online, he knew it couldn’t be himself who triggered the confirmation
> request.  He also saw an unauthorized charge, which doesn’t marry up to
> any of his purchases.
>
>
>
> Now for my continuing episode:
>
>
>
> I canceled my credit card yesterday and am getting a replacement.  Despite
> this, last night (after the credit card was canceled), there was another
> unauthorized Amazon charge.  Turns out the new charge resulted from the
> canceled card was still in my Amazon account as a payment method and the
> credit card company allows obvious recurring payments/charges to pass thru
> to the replacement card… So, I removed the canceled card.
>
>
>
> But the problem is that any new card I put as a payment method in my
> Amazon account will suffer the same unauthorized access.
>
>
>
> So, I called up Amazon this morning.  Dealt with multiple people at
> multiple levels of stupidity for 3 hours.
>
>
>
> They say there is nothing they can do to prevent others from setting up a
> sub-account under MY Amazon account using MY cellphone number.  WTF.  Also,
> because of Amazon privacy policies, Amazon can’t tell ME who is using MY
> cellphone number to set up sub-accounts under MY Amazon account.  WTF.  Basically,
> they told me there is nothing they can do and that each time this happens I have
> to dispute the charge with my credit card company.  BS.
>
>
>
> So, I was going to cancel my Amazon account and set up a new Amazon
> account.  Big problem there because my digital subscriptions… music,
> Kindle books, Audible books, etc.  I was in the process of dealing with
> that and getting refunded for the music titles I purchased way back when…
> My library of Kindle books (and likely Audible books) can be transferred.
>
>
>
> So, I figured I’d set up the new Amazon account so the Kindle/Audible
> libraries could be transferred.
>
>
>
> Turns out in order to set up an Amazon account, you must use a cell phone
> number… and I cannot myself set up another primary Amazon account with my
> own freaking cell phone number (yet others can continue to set up
> sub-accounts using MY cell number … someone make it make sense).
>
>
>
> Anyway, in the Amazon account settings there is the login/security options.
> After selecting that, there are options for signing out anyone and
> everyone.  It forces a password reset.  So, first one will want to have
> 2FA set up for logging into Amazon, and have a new email alias* set up to
> use.  Then after confirming both are set up, log out all devices.  I
> think this process will put an end to others being able to login and set up
> sub-accounts under one’s own Amazon account.
>
>
>
> You will then have to re-login any Alexa devices, Alexa phone app, etc.
>
>
>
> *New email alias: Years ago when my personal Microsoft email account was
> hacked, I discovered one can set up email aliases.  Email still goes to
> your primary account, but you can set it up so that one cannot login to
> your Microsoft email using the alias (e.g., use primary email address to
> login and don’t give the primary email address to anyone, instead use the
> email aliases… I have one for shopping, one for financial accounts like
> IRS, banks, etc., and now I have a specific email alias for Amazon only.)
>
> <https://www.google.com/maps/search/1050+30th+Street,+NW+%0D%0A+Washington,+DC+20007?entry=gmail&source=g>
>
>
>
> Suzannah K. Sundby <http://www.linkedin.com/in/ssundby/> *|* Partner
>
> *canady + lortz** LLP* <http://www.canadylortz.com/>
>
> 1050 30th Street, NW
> <https://www.google.com/maps/search/1050+30th+Street,+NW+%0D%0A+Washington,+DC+20007?entry=gmail&source=g>
>
> Washington, DC 20007
> <https://www.google.com/maps/search/1050+30th+Street,+NW+%0D%0A+Washington,+DC+20007?entry=gmail&source=g>
>
> T: 202.486.8020
>
> F: 202.540.8020
>
> suzannah at canadylortz.com
>
> www.canadylortz.com
>
> Confidentiality Notice:  This message is being sent by or on behalf of a
> lawyer.  It is intended exclusively for the individual or entity to which
> it is addressed.  This communication may contain information that is
> proprietary, privileged or confidential, or otherwise legally exempt from
> disclosure.  If you are not the named addressee, you may not read, print,
> retain, copy, or disseminate this message or any part.  If you have
> received this message in error, please notify the sender immediately by
> e-mail and delete all copies of the message.
>
>
>
> *From:* Suzannah K. Sundby
> *Sent:* Tuesday, September 30, 2025 2:54 PM
> *To:* patentpractice at oppedahl-lists.com
> *Subject:* Off-Topic: PSA Amazon Fraud Scheme - Setup 2FA
>
>
>
> I have my credit card setup so it sends me a notice when an online
> purchase/charge.
>
>
>
> I do a LOT of shopping on Amazon… and I do the Subscribe & Save, which my
> deliveries are at the end of the month.
>
>
>
> Last Friday, there was a $100 charge I thought was curious, but I didn’t
> have time to investigate… I assumed it was likely a charge for the
> Subscribe & Save stuff… though I thought it was curious that the amount was
> an even 100.
>
>
>
> Today, there was a $200 charge.
>
>
>
> So, I checked my Amazon orders and nothing marries up to these charges.
>
>
>
> I called Amazon.
>
>
>
> ESL guy saw the charges on my account… and he told me that there are other
> accounts “associated” with mine via my phone number.  WTF I said.  He
> asked me if I authorized these other people to use my Amazon account.  No
> effing way I said.
>
>
>
> Thus, he removed the accounts from my phone number and email and said that
> they will investigate.
>
>
>
> He told me that I had to call my credit card company and dispute the
> charges.  WTF.
>
>
>
> He wouldn’t tell me how/why someone can make charges to my account and
> whether they have access to my credit card via Amazon.
>
>
>
> I called my credit card company and had to dispute the charges, which then
> triggers the fraud-based card replacement process.
>
>
>
> Anyway, when looking at account settings in Amazon I discovered that one
> can set up 2FA and require a code in order to log into one’s account.
>
>
>
> Thus, y’all probably want to do this if you haven’t already.
>
>
>
> Suzannah K. Sundby <http://www.linkedin.com/in/ssundby/>
> <https://www.google.com/maps/search/1050+30th+Street,+NW+%0D%0A+Washington,+DC+20007?entry=gmail&source=g>
> *|* Partner
>
> *canady + lortz** LLP* <http://www.canadylortz.com/>
>
> 1050 30th Street, NW
> <https://www.google.com/maps/search/1050+30th+Street,+NW+%0D%0A+Washington,+DC+20007?entry=gmail&source=g>
>
> Washington, DC 20007
> <https://www.google.com/maps/search/1050+30th+Street,+NW+%0D%0A+Washington,+DC+20007?entry=gmail&source=g>
>
> T: 202.486.8020
>
> F: 202.540.8020
>
> suzannah at canadylortz.com
>
> www.canadylortz.com
>
> Confidentiality Notice:  This message is being sent by or on behalf of a
> lawyer.  It is intended exclusively for the individual or entity to which
> it is addressed.  This communication may contain information that is
> proprietary, privileged or confidential, or otherwise legally exempt from
> disclosure.  If you are not the named addressee, you may not read, print,
> retain, copy, or disseminate this message or any part.  If you have
> received this message in error, please notify the sender immediately by
> e-mail and delete all copies of the message.
>
>
> --
> Patentpractice mailing list
> Patentpractice at oppedahl-lists.com
>
> http://oppedahl-lists.com/mailman/listinfo/patentpractice_oppedahl-lists.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://oppedahl-lists.com/pipermail/patentpractice_oppedahl-lists.com/attachments/20251002/d75a0001/attachment.html>

More information about the Patentpractice mailing list