Announcement

Collapse
No announcement yet.

OT: Need Help With Brushing Scam

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • OT: Need Help With Brushing Scam

    My wife is the victim of the brushing scam. For those who don't know, an Amazon.com vendor has some awful merchandise to get rid of. He knows if he puts it up for sale, those crucial initial reviews will be flames. He pays a hacker to get a dozen or so, maybe more, ID, name, and password. He then logs on as YOU, and orders his merchandise. He then writes, again, as YOU, those crucial initial reviews. Of course, they glow. BUT! Guess who gets to pay for the delivered merchandise! FORGET RETURNING. NO RETURN ADDRESS! To your credit card company, you logged on, you ordered it, it was delivered, YOU PAY. Amazon just doesn't care when you call to let them know. Amazon first became aware of this in 2015, and, to my knowledge, has done nothing.

    The only defenses are to terminate your Amazon account, and change your credit card. If you don't, the packages keep coming, and sometimes get pricier, if they see you're doing nothing.

    The Attorney General's Office of Consumer Protection is no help, as it's interstate commerce. The FTC is no help, "Not our yob." Forget the FBI.

    OK, here's where I ask for help. HOW DO I STOP THIS?!!

  • #2
    Change your Amazon password to a good one (long, random). If it keeps happening, then your computer is compromised and they are watching what you do on it. Don't use the same password on multiple web sites. Get a program like KeePass (free) to generate and store randomly generated passwords.

    Comment


    • #3
      That's good, but you forgot turning off your password helper. Keep a notebook with userids and passwords. Take your computer to a pro once a month for a professional virus sweep. $150. Get pro level security software. Buy and manage a genuine Cisco router with pro level security.

      Wouldn't it be simpler just to lose Amazon, and move on? There are now lots of merchandise websites. Keep the ones that don't have this, lose the ones that do.

      In the meantime, despite ending Amazon membership, the packages keep coming. I've tried contacting Amazon, but they WON'T do anything to stop it. At least, now we have a basis for claiming we didn't order it. No membership, no logon. Maybe the credit card company will listen. Maybe.

      Comment


      • #4
        I've heard of numerous Amazon scams. Wise up.....Change your card and dump CRAMAZON.

        Comment


        • #5
          Originally posted by John Buffum View Post
          That's good, but you forgot turning off your password helper. Keep a notebook with userids and passwords. Take your computer to a pro once a month for a professional virus sweep. $150. Get pro level security software. Buy and manage a genuine Cisco router with pro level security.
          The advice I gave you is basic, consumer-level security that costs you nothing. If your wife had followed it, you probably wouldn't have this problem. If you keep ignoring it, you can expect to have more problems like this in future.

          Comment


          • #6
            I'd dispute the charges with the credit card company. Let them work it out with Amazon.
            OPEN EYES, OPEN EARS, OPEN MIND

            THINK HARDER

            BETTER TO HAVE TOOLS YOU DON'T NEED THAN TO NEED TOOLS YOU DON'T HAVE

            MY NAME IS BRIAN AND I AM A TOOLOHOLIC

            Comment


            • #7
              hacker to get a dozen or so, maybe more, ID, name, and password
              The problem is not Amazon. The problem is that you did not protect your username and password. As Pinstripe said, this costs nothing and unless you do this quitting Amazon just means you'll be scammed somewhere else.
              Last edited by mickeyf; 10-20-2020, 11:12 PM.
              "A machinist's (WHAP!) best friend (WHAP! WHAP!) is his hammer. (WHAP!)" - Fred Tanner, foreman, Lunenburg Foundry and Engineering machine shop, circa 1979

              Comment


              • #8
                I don't know how people end up with these kind of problems.

                maybe some people just shouldn't have computers because they're too dangerous

                I hope you don't have any guns !

                JL....

                Comment


                • #9
                  The OP is not the problem either. CC scams have been going on for ages, and it does not take carelessness to get caught, no matter what some extra judgemental folks here are trying to say.

                  First of all, the idea of a "secure" password is utter and total BS. Just because it is "not a word", means nothing except that someone's little brother is unlikely to guess it. Computers do not CARE if it is "a word", it's all numbers to them. Just because the password has punctuation and all the usual stuff, and looks like a bee got into the ink and had a fit on tha page means NOTHING. Computers do not care, or know, it's all numbers to them.

                  Screw secure passwords, ain't no such anymule. Just use numbers and punctuation in it. It can and probably should make sense to you so that you remember it.

                  The secure password is the one you have not used. The longer you use it, the less secure it is. Change them every so often, it does not take much change to set folks back to square 1.

                  Yes there are a few people guessing passwords, too, but they are going for the really low fruit. Yes, there are people whose password is "password", and the guessers find them.

                  If the account and password files at Amazon have been accessed, they have lots of information, and can work on them at leisure. We do not know if that is the case, it could be, Amazon would not let that info out unless they were forced to tell.

                  OK, so do not stay with what you have, get the CC Co to change the card number like right NOW. Change the account password, and do that regularly. Also dispute the charges as bborr01 says. Can't hurt, may help. If possible, do NOT associate a CC with the account.

                  If you want to quit Amazon, go ahead, but you do not have to.

                  Oh, yeah... That never use the same password? Forget THAT too. You can use the same password across non-financial accounts, where no money is risked, and the consequences of hacking are not a big deal. Save the fancy stuff for accounts than matter.

                  Many savvy folks have a series of passwords.... one for "nothing" accounts, one or two for other stuff, and individual ones for places it matters. That seems to work well for them, it can work for you.

                  Originally posted by bborr01 View Post
                  I'd dispute the charges with the credit card company. Let them work it out with Amazon.
                  This. That's something they will pay attention to, they do not like any sort of CC scam..

                  At a minimum, you can get the card # changed.
                  CNC machines only go through the motions

                  Comment


                  • #10
                    Are you claiming the hacker gained access to the Amazon database and obtained member id and password?
                    Wow he must be even smarter than Mr. Robot.

                    Comment


                    • #11
                      Originally posted by reggie_obe View Post
                      Are you claiming the hacker gained access to the Amazon database and obtained member id and password?
                      Wow he must be even smarter than Mr. Robot.
                      Was that aimed at me?

                      I am claiming nothing. I say it is POSSIBLE, and we would not know about it. Things like that have in fact happened elsewhere. And we found out MONTHS later, if at all.

                      But there IS NO member and password file. At most there is a hash file, the password gets hashed, and that goes in the file.... so when the password is used, it comes up as the hash value and al is well. Amazon has no idea what it was.

                      But, if you get the files, and know the hash, you can maybe un-hash the hashed value and get the original password. Or, go the other way, "throw the dictionary at it" and then see what got a match.

                      CNC machines only go through the motions

                      Comment


                      • #12
                        Question: If the OP had deleted his CC on Amazon, would this still happen? Are the crooks getting the CC info from a database somewhere, or simply using the card so many people leave visible on their account? After every transaction on Amazon I immediately delete the card. Yes, I know it lurks somewhere in Amazon's system, but it isn't visible or retrievable from my account page. Am I wasting my time doing this?
                        Southwest Utah

                        Comment


                        • #13
                          Originally posted by J Tiers View Post

                          Was that aimed at me?

                          I am claiming nothing. I say it is POSSIBLE, and we would not know about it. Things like that have in fact happened elsewhere. And we found out MONTHS later, if at all.

                          But there IS NO member and password file. At most there is a hash file, the password gets hashed, and that goes in the file.... so when the password is used, it comes up as the hash value and al is well. Amazon has no idea what it was.

                          But, if you get the files, and know the hash, you can maybe un-hash the hashed value and get the original password. Or, go the other way, "throw the dictionary at it" and then see what got a match.
                          Why do you think it was aimed at you? The OP seems to be saying......
                          There is a file or database (organization of files) of member id's addresses, CC#'s, etc. Worked on CC transaction systems for many year for a company that moved more money in a day than most banks did in a month and I am very familiar with CC#'s, CVV2's, PINs, ACH, fraud detection, transaction scoring, Federal Banking regulations, etc. etc.

                          A retailer will store the entire credit card number encrypted (first digit is card type, first 4 is merchant), but the entire card number is not visible to anyone, not even IT systems people. They are not permitted to store the card CVV2 anywhere, it is just "carried" along for each transaction. Yes, I think you are paranoid.
                          Last edited by reggie_obe; 10-20-2020, 10:02 PM.

                          Comment


                          • #14
                            Originally posted by bborr01 View Post
                            I'd dispute the charges with the credit card company. Let them work it out with Amazon.
                            yep One call, problem solved. They will issue you a new card in a day also. I've never had a CC company not back me.

                            Comment


                            • #15
                              Originally posted by reggie_obe View Post

                              Why do you think it was aimed at you?
                              Because it was posted directly under his (J Tiers) post and you wrote,,
                              "Are you claiming the hacker gained access to the Amazon database and obtained member id and password?"

                              Which you? Several people have posted.

                              Comment

                              Working...
                              X