Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Amazon Inside Job? Phishing for Government ID (nakedcapitalism.com)
2 points by throwaway81523 7 months ago | hide | past | favorite | 3 comments



The email being from no-reply@amazon.com should in theory not be spoofable due to Amazon's DMARC record, and it links to a real existing amazon.com page for ID verification. Amazon has a help page[0] indicating that asking for ID on refunds is a real policy.

Most likely explanation to me seems to be that it's a real email and the rep on the phone erred on the side of safety when asked about potential phishing. Author insists against that possibility in the comments ("Please do not contradict information in the post", "You need to start from the fact that this was a fraud").

[0]: https://www.amazon.eg/-/en/gp/help/customer/display.html?nod...


The author states in the comments that Amazon customer service has consistently insisted that they never ask for government ID, even after she escalated. Is it possible that a different department at Amazon implemented a government ID verification system and did not tell customer service about it?

Otherwise if this is due to bad actors it would mean an enormous failure of security.


An actual "inside job"? Or just some cybercrime group, that's gotten inside Amazon's network, and is making real-time use of the data?




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: