[Patentpractice] IMPORTANT: Off-Topic: PSA Amazon Fraud Scheme - LOG OUT ALL DEVICES

Patent Lawyer patentlawyer995 at gmail.com
Thu Oct 2 15:39:31 UTC 2025 

I am suggesting that you change the email account you use for your Amazon account.  Create a new gmail account just for that purpose.  And lock that email down with 2FA.   That should at least cut off that avenue for the bad actors (if they have accessed your current email). 

If they are somehow intercepting your phone messages without you seeing them, that is a much bigger problem.  But I doubt they are doing that.

> On Oct 2, 2025, at 11:34 AM, Suzannah K. Sundby <suzannah at canadylortz.com> wrote:
> 
> Yup, changed my password and logged out all devices at least 10X the past two days.
>  
> I’m using Authy for the 2FA.
>  
> Suzannah K. Sundby <http://www.linkedin.com/in/ssundby/> | Partner
> canady + lortz LLP <http://www.canadylortz.com/>
> 1050 30th Street, NW
> Washington, DC 20007
> T: 202.486.8020
> F: 202.540.8020
> suzannah at canadylortz.com <mailto:suzannah at canadylortz.com>
> www.canadylortz.com <http://www.canadylortz.com/>
> Confidentiality Notice:  This message is being sent by or on behalf of a lawyer.  It is intended exclusively for the individual or entity to which it is addressed.  This communication may contain information that is proprietary, privileged or confidential, or otherwise legally exempt from disclosure.  If you are not the named addressee, you may not read, print, retain, copy, or disseminate this message or any part.  If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message.
>  
> From: Patent Lawyer <patentlawyer995 at gmail.com <mailto:patentlawyer995 at gmail.com>> 
> Sent: Thursday, October 2, 2025 11:29 AM
> To: Patentpractice Patentpractice <patentpractice at oppedahl-lists.com <mailto:patentpractice at oppedahl-lists.com>>
> Cc: Suzannah K. Sundby <suzannah at canadylortz.com <mailto:suzannah at canadylortz.com>>
> Subject: Re: [Patentpractice] IMPORTANT: Off-Topic: PSA Amazon Fraud Scheme - LOG OUT ALL DEVICES
>  
> When the bad actors try open an account, Amazon will send you a "confirmation" message to approve this.
> But you did not see those messages.
>  
> That suggests that the bad actors have access to your account email (not your phone number).  They can monitor the emails, confirm (approve) the new Amazon accounts, and then immediately delete the Amazon messages.  They may be doing it at a time they know (or assume you are offline).  Maybe check your emails "deleted" folder.
>  
> I am not sure of the steps required to open a sub-account, but maybe you can try to open one and see what Amazon sends you.  And where it sends it. It is probably that "where" that has been compromised.
>  
> I suggest you change your password for the email you use with Amazon, and add 2FA to *that email* account.  And don't use your phone for the 2FA, use an app.
>  
>  
> 
> 
> On Oct 2, 2025, at 11:11 AM, Suzannah K. Sundby via Patentpractice <patentpractice at oppedahl-lists.com <mailto:patentpractice at oppedahl-lists.com>> wrote:
>  
> So… after a sum total of about 8 hrs talking with various Amazon people… I demanded to be transferred to or receive the contact info of Amazon’s Fraud & Security Dept.
>  
> They wouldn’t give the info to me and said that they can’t transfer me.
>  
> I then said if there’s nothing they can do then I want the contact info and mailing address of Amazon’s Legal Department because it looks like I will have to file a lawsuit.
>  
> They refused to give me that info too.
>  
> Suzannah K. Sundby <http://www.linkedin.com/in/ssundby/> | Partner
> canady + lortz LLP <http://www.canadylortz.com/>
> 1050 30th Street, NW
> Washington, DC 20007
> T: 202.486.8020
> F: 202.540.8020
> suzannah at canadylortz.com <mailto:suzannah at canadylortz.com>
> www.canadylortz.com <http://www.canadylortz.com/>
> Confidentiality Notice:  This message is being sent by or on behalf of a lawyer.  It is intended exclusively for the individual or entity to which it is addressed.  This communication may contain information that is proprietary, privileged or confidential, or otherwise legally exempt from disclosure.  If you are not the named addressee, you may not read, print, retain, copy, or disseminate this message or any part.  If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message.
>  
> From: Patentpractice <patentpractice-bounces at oppedahl-lists.com <mailto:patentpractice-bounces at oppedahl-lists.com>> On Behalf Of Jeffrey Semprebon via Patentpractice
> Sent: Thursday, October 2, 2025 9:42 AM
> To: For patent practitioners. This is not for laypersons to seek legal advice. <patentpractice at oppedahl-lists.com <mailto:patentpractice at oppedahl-lists.com>>
> Cc: Jeffrey Semprebon <jesemprebon at gmail.com <mailto:jesemprebon at gmail.com>>
> Subject: Re: [Patentpractice] IMPORTANT: Off-Topic: PSA Amazon Fraud Scheme - LOG OUT ALL DEVICES
>  
> Federal CPB may be closed, but the state may have an agency or department that's operating. 
>  
> Just this week, a recalcitrant financial company called me to let me know that I'll be receiving soon in the mail confirmation that they've resolved a dispute in my favor, shortly after reporting them to the NH AG's office's consumer protection & anti-fraud dept. 
>  
> 
> -Jeff 
> 
> Jeffrey E. Semprebon
> Registered Patent Agent (mechanical) looking for remote work
> jesemprebon at gmail.com <mailto:jesemprebon at gmail.com>
> 7 Bates Alley
> Claremont, New Hampshire 03743
>  
> On Thu, Oct 2, 2025, 05:57 Leigh T via Patentpractice <patentpractice at oppedahl-lists.com <mailto:patentpractice at oppedahl-lists.com>> wrote:
> Hi, Suzannah,
>  
> I’m sorry this happened to you, and thanks for posting. Amazon should fix those policies. In the past you could maybe also try complaining to the Consumer Protection Bureau but I’m not sure it’s still active.
>  
> Something similar happened to us a couple of months ago with our Chase bank credit card and then also a replacement card that was immediately hacked again. The fake charges were all over the place and included pizza and hotel stays at “Purpose Driven Stays” in Florida and Virginia, where we had not been for a long time, so at least they were easy to dispute and Chase has been really good about taking fake charges off.
>  
>  I pointed out when calling to get the second replacement card that it seemed that the hacker was able to get our new card details immediately. The Chase representative looked around and told us there was a Stripe account (like Venmo) linked to our card that we didn’t even know about. With that, the hacker was able to get our new card details immediately and make more fake charges.  So the Chase representative deactivated all of the automatic updates for the (second) new card to prevent the hacker from automatically getting the new card info. 
>  
> We had to re-link all the accounts where we had set up auto pay, but it did stop that hacking. Also, we have since put freezes on both my and my husband‘s credit and that seems to have helped cut down on phishing efforts a bit.
>  
> Best regards,
> Leigh
>  
>  
> On Wed, Oct 1, 2025 at 10:30 AM Suzannah K. Sundby via Patentpractice <patentpractice at oppedahl-lists.com <mailto:patentpractice at oppedahl-lists.com>> wrote:
> IMPORTANT FOLLOW-UP – MUST DO – BOT FARMS BUSY
>  
> (See yellow highlight below for bullet point as to how to secure your Amazon account.)
>  
> Serious bots are busy hacking into people’s Amazon accounts with their phone numbers.  A friend of mine who I warned said that just yesterday and today someone tried logging in with his phone number.  Since he was not online, he knew it couldn’t be himself who triggered the confirmation request.  He also saw an unauthorized charge, which doesn’t marry up to any of his purchases.
>  
> Now for my continuing episode:
>  
> I canceled my credit card yesterday and am getting a replacement.  Despite this, last night (after the credit card was canceled), there was another unauthorized Amazon charge.  Turns out the new charge resulted from the canceled card was still in my Amazon account as a payment method and the credit card company allows obvious recurring payments/charges to pass thru to the replacement card… So, I removed the canceled card.
>  
> But the problem is that any new card I put as a payment method in my Amazon account will suffer the same unauthorized access.
>  
> So, I called up Amazon this morning.  Dealt with multiple people at multiple levels of stupidity for 3 hours.
>  
> They say there is nothing they can do to prevent others from setting up a sub-account under MY Amazon account using MY cellphone number.  WTF.  Also, because of Amazon privacy policies, Amazon can’t tell ME who is using MY cellphone number to set up sub-accounts under MY Amazon account.  WTF.  Basically, they told me there is nothing they can do and that each time this happens I have to dispute the charge with my credit card company.  BS.
>  
> So, I was going to cancel my Amazon account and set up a new Amazon account.  Big problem there because my digital subscriptions… music, Kindle books, Audible books, etc.  I was in the process of dealing with that and getting refunded for the music titles I purchased way back when… My library of Kindle books (and likely Audible books) can be transferred.
>  
> So, I figured I’d set up the new Amazon account so the Kindle/Audible libraries could be transferred.
>  
> Turns out in order to set up an Amazon account, you must use a cell phone number… and I cannot myself set up another primary Amazon account with my own freaking cell phone number (yet others can continue to set up sub-accounts using MY cell number … someone make it make sense).
>  
> Anyway, in the Amazon account settings there is the login/security options.  After selecting that, there are options for signing out anyone and everyone.  It forces a password reset.  So, first one will want to have 2FA set up for logging into Amazon, and have a new email alias* set up to use.  Then after confirming both are set up, log out all devices.  I think this process will put an end to others being able to login and set up sub-accounts under one’s own Amazon account.
>  
> You will then have to re-login any Alexa devices, Alexa phone app, etc.
>  
> *New email alias: Years ago when my personal Microsoft email account was hacked, I discovered one can set up email aliases.  Email still goes to your primary account, but you can set it up so that one cannot login to your Microsoft email using the alias (e.g., use primary email address to login and don’t give the primary email address to anyone, instead use the email aliases… I have one for shopping, one for financial accounts like IRS, banks, etc., and now I have a specific email alias for Amazon only.)
>  
> Suzannah K. Sundby <http://www.linkedin.com/in/ssundby/> | Partner
> canady + lortz LLP <http://www.canadylortz.com/>
> 1050 30th Street, NW <https://www.google.com/maps/search/1050+30th+Street,+NW+%0D%0A+Washington,+DC+20007?entry=gmail&source=g>
> Washington, DC 20007 <https://www.google.com/maps/search/1050+30th+Street,+NW+%0D%0A+Washington,+DC+20007?entry=gmail&source=g>
> T: 202.486.8020
> F: 202.540.8020
> suzannah at canadylortz.com <mailto:suzannah at canadylortz.com>
> www.canadylortz.com <http://www.canadylortz.com/>
> Confidentiality Notice:  This message is being sent by or on behalf of a lawyer.  It is intended exclusively for the individual or entity to which it is addressed.  This communication may contain information that is proprietary, privileged or confidential, or otherwise legally exempt from disclosure.  If you are not the named addressee, you may not read, print, retain, copy, or disseminate this message or any part.  If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message.
>  
> From: Suzannah K. Sundby 
> Sent: Tuesday, September 30, 2025 2:54 PM
> To: patentpractice at oppedahl-lists.com <mailto:patentpractice at oppedahl-lists.com>
> Subject: Off-Topic: PSA Amazon Fraud Scheme - Setup 2FA
>  
> I have my credit card setup so it sends me a notice when an online purchase/charge.
>  
> I do a LOT of shopping on Amazon… and I do the Subscribe & Save, which my deliveries are at the end of the month.
>  
> Last Friday, there was a $100 charge I thought was curious, but I didn’t have time to investigate… I assumed it was likely a charge for the Subscribe & Save stuff… though I thought it was curious that the amount was an even 100.
>  
> Today, there was a $200 charge.
>  
> So, I checked my Amazon orders and nothing marries up to these charges.
>  
> I called Amazon.
>  
> ESL guy saw the charges on my account… and he told me that there are other accounts “associated” with mine via my phone number.  WTF I said.  He asked me if I authorized these other people to use my Amazon account.  No effing way I said.
>  
> Thus, he removed the accounts from my phone number and email and said that they will investigate.
>  
> He told me that I had to call my credit card company and dispute the charges.  WTF.
>  
> He wouldn’t tell me how/why someone can make charges to my account and whether they have access to my credit card via Amazon.
>  
> I called my credit card company and had to dispute the charges, which then triggers the fraud-based card replacement process.
>  
> Anyway, when looking at account settings in Amazon I discovered that one can set up 2FA and require a code in order to log into one’s account.
>  
> Thus, y’all probably want to do this if you haven’t already.
>  
> Suzannah K. Sundby <http://www.linkedin.com/in/ssundby/>  <https://www.google.com/maps/search/1050+30th+Street,+NW+%0D%0A+Washington,+DC+20007?entry=gmail&source=g>| Partner
> canady + lortz LLP <http://www.canadylortz.com/>
> 1050 30th Street, NW <https://www.google.com/maps/search/1050+30th+Street,+NW+%0D%0A+Washington,+DC+20007?entry=gmail&source=g>
> Washington, DC 20007 <https://www.google.com/maps/search/1050+30th+Street,+NW+%0D%0A+Washington,+DC+20007?entry=gmail&source=g>
> T: 202.486.8020
> F: 202.540.8020
> suzannah at canadylortz.com <mailto:suzannah at canadylortz.com>
> www.canadylortz.com <http://www.canadylortz.com/>
> Confidentiality Notice:  This message is being sent by or on behalf of a lawyer.  It is intended exclusively for the individual or entity to which it is addressed.  This communication may contain information that is proprietary, privileged or confidential, or otherwise legally exempt from disclosure.  If you are not the named addressee, you may not read, print, retain, copy, or disseminate this message or any part.  If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message.
>  
> -- 
> Patentpractice mailing list
> Patentpractice at oppedahl-lists.com <mailto:Patentpractice at oppedahl-lists.com>
> http://oppedahl-lists.com/mailman/listinfo/patentpractice_oppedahl-lists.com <http://oppedahl-lists.com/mailman/listinfo/patentpractice_oppedahl-lists.com>
> -- 
> Patentpractice mailing list
> Patentpractice at oppedahl-lists.com <mailto:Patentpractice at oppedahl-lists.com>
> http://oppedahl-lists.com/mailman/listinfo/patentpractice_oppedahl-lists.com <http://oppedahl-lists.com/mailman/listinfo/patentpractice_oppedahl-lists.com>
> -- 
> Patentpractice mailing list
> Patentpractice at oppedahl-lists.com <mailto:Patentpractice at oppedahl-lists.com>
> http://oppedahl-lists.com/mailman/listinfo/patentpractice_oppedahl-lists.com <http://oppedahl-lists.com/mailman/listinfo/patentpractice_oppedahl-lists.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://oppedahl-lists.com/pipermail/patentpractice_oppedahl-lists.com/attachments/20251002/ae08c2eb/attachment.html>

More information about the Patentpractice mailing list