The Amazon Replacement Order Scam, and How to Avoid It

If you, like many, have been using Amazon.com for some of your Christmas shopping, then your account may be vulnerable to a scam using your order number that is genius in its execution, and uncovers some of Amazon’s failings in inventory control. It all comes down to the individual order numbers assigned to your orders. Those order numbers are for sale, along with the corresponding email address (as in your email address), and scam artists are using that information to get duplicates of your orders sent to them.

Chris Cardinal of HTMList.com broke the story today after he fell victim to the scam. In meticulous detail, Cardinal laid out the chain of events that led to him speaking to multiple Amazon customer service representatives, canceling several fraudulent replacement orders, and receiving even more follow-up replacement orders.

This is how it happened:

 

Cardinal awoke to find four emails from Amazon apologizing that a chat session had ended early. Ready to chalk it off to another phishing scheme, Cardinal noticed that there was a slight difference in the email address to which the emails were sent, and his actual email address. So how did it get through?

You see, Gmail email addresses are what is called “dot-blind.” What that means is that, if we had an email address that was wearetheinternetpatrol@gmail.com, and someone sent an email to weare.theinternetpatrol@gmail.com, we would still get it. Gmail does not distinguish the dot in the email. Amazon, however, does. When Cardinal looked at the last email that Amazon sent, it said, “I did check on your account and found that no orders are present on this account. However if you’ll be able to provide us the order numbers, we’ll be able to proceed from there.” He figured that someone else was trying to get the order numbers.

Within a few hours, Cardinal got another email from Amazon Customer Service mentioning a chat that he had not had. The email said:

“I’m so sorry about the problem you had with your orders. I’ve created a replacement order for you at no additional charge. Here are the details:

Order Number: 103-4XXXXXX-XXXXXXX
Shipping Speed: One-Day Shipping
Guaranteed Delivery Date: Tuesday, December 18, 2012

I’ve requested a refund of $42.99 to your card for B+W 67mm Clear UV Haze with Multi-Resistant Coating (010M).

You’ll see the refund on your Visa statement in the next 2-3 business days.”

This is where the whole thing got even more bizarre. Cardinal *had* indeed ordered that camera part, but he had already received it and had definitely not ordered a replacement. Upon logging into his Amazon account he found that there was indeed a replacement order being set to ship to him. Then he received another email:

“I’m so sorry about the problem you had with your orders. I’ve created a replacement order for you at no additional charge. Here are the details:

Order Number: 103-4XXXXXX-XXXXXXX
Shipping Speed: One-Day Shipping
Guaranteed Delivery Date: Tuesday, December 18, 2012

Shipping To:

Mr Chris Cardinal
13820 NE Airport Way
K5981
Portland, Oregon 97230
United States
Primary Phone: 647-234-1819”

Cardinal noted that the shipping address for his replacement was a completely different state from the one in which he lives. Cardinal called Amazon to tell them about the latest development and he was informed that his account had been compromised (as if he had not already figured that out), and he was reassured that he would not be financially responsible for any of this. Cardinal told the Customer Service Rep that his Amazon account was fine and he had changed his password already and that he felt that the issue was Amazon being loose with handing out replacement parts with very little verifying information required. While in his account, Cardinal cancelled the latest replacement order.

Within a few hours, Cardinal received yet another email promising a new replacement part and he had to again call customer service to tell them what was going on. This time customer service suggested that he change the email address on his account, which he did and then requested that his call get escalated so he could speak to a supervisor. Once on the line with the supervisor, Cardinal explained the long story and the supervisor seemed surprised that the replacement parts were allowed to be shipped to any other address other than what the original order was sent.

Read Internet Patrol Articles Right in Your Inbox as Soon as They are Published! Only $1 a Month!
Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
Or get notified of new Internet Patrol articles for free!

The supervisor was also adamant that Cardinal’s Amazon account had been hacked, but he again explained to her what he felt was going on and requested that she pull all chat transcripts from the day. At first attempt, she was unable to find chats, until Cardinal had her check under the secondary email with a dot in in it – and there were the chat transcripts. At this point the supervisor says she can only send copies of that chat to the email listed on that chat, which is the fake email and would go to Cardinal anyways.

Cardinal then chatted with customer service and got his order history, which showed a flurry of orders for the last month. He also found a forum where users were offering to buy order numbers, which seems to be all that you need – small bits of information like the order number and email address. This apparently will allow you to get whatever you want out of Amazon. It was then that Cardinal received yet another email:

“Good day!

Per our conversation a few minutes ago, the replacement was successfully processed under order Id. No.: 103-4xxxxx-xxxxxxx. I gave you this confirmation but the replacement was then cancelled.

Shipped To:
Shipping To:
Mr Chris Cardinal
13820 NE Airport Way
K5981
Portland, Oregon 97230
United States

Primary Phone: 647-234-1819

It seems that we are still currently working on this matter. I am so sorry for the inconvenience.”

At this point Amazon has frozen Cardinal’s account, per his request, and they informed him that they had forwarded the case to their fraud prevention department. While Cardinal is unclear as to how the fraudster managed to match the order number with enough information to figure out what he bought in order to replace it, and his full name, Cardinal suspects it didn’t take much since he had recently Tweeted about buying a Canon T4i and his Twitter account has his actual name, and his whois information included his name, email address and mailing address.

And that Portland address went to a company called ReShip.com, which allows customers to have a fake mailing address and will forward packages received to the customer, often out of the US. So anyone overseas can carry out the fraud, have the package sent to the “legitimate” address in Portland, and then have it forwarded to them at their actual location. Cardinal suspects that the scammers got around the fact that the replacement part is being sent to a different address than the original order by telling Amazon that they are out of town, or something along those lines.

While Amazon will not add a payment method, review existing payment methods or place new orders without more specific information, like your password, they will offer up order numbers and process refund and replacement requests with nothing more than a name, billing address and email address. Another area where Cardinal points out that Amazon is failing is the fact that there appears to be a serious disconnect between each communication that a user has with different customer service reps. Says Cardinal, “They could also do better to collate chat/support history. This user had at least 4 separate live chat requests nearly simultaneously, like raptors testing a fence for weakness, all asking about the same account email address. That should be a huge red flag to Amazon. Instead, no one rep knew about the other. And when he went to place his replacement order two hours later under a different rep, they never knew there was a history where he was complaining about his ‘account being hacked.’”

While the legitimate Amazon user will likely not be responsible financially for extra orders sent out at the request of the fake Amazon user, it is still disconcerting to have someone using your personal information to piggyback your Amazon orders. Cardinal’s aim is to spread the word on this scam and get Amazon to sit up and take notice. If you are an avid Amazon user and want Amazon to look into this issue, they make it nearly impossible to actually speak to someone of substance. But if you have a Twitter account, you can tweet at their social media director, John Yurcisin @johnyurc.

 

In the meantime, it seems that the best way to avoid your account being used for this scam is to use an email address that is *not* ‘dot blind’, which includes not using a Gmail account.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!

Get notified of new Internet Patrol articles!

2 Replies to “The Amazon Replacement Order Scam, and How to Avoid It”

  1. I was informed today by eonlinedata, my merchant services provider, a customer has initiated a charge back in the amount of $327.48. I looked a little deeper into the shipping and billing address.even though my payment gateway approved the transaction no problem.
    I just now discovered some info on the shipping address through the link you commented on.

    noor azlinda

    13820 NE Airport Way
    Suite #K129462
    Portland, OR 97230
    United States
    503-914-6316
    (Residential Address)

    I immediately though some asshole used a stolen card, but I think my system may have been hacked. I do a good amount of business on amazon as well and come to think of it, i have shipped to 13820 NE airport way through amazon.
    I will now continue to present this to card services. Thank you.

    Michael Henderson

  2. My account was hacked on March 23, 2013 by using very simple social engineering.
    There were no credit cards there but the $300 in giftcards balance are gone.
    The first order made by hackers were to the same address in this emails thread:
    13820 NE AIRPORT WAY STE K21957
    PORTLAND, OR 97230-3440
    Filed a police complaint as well as one with the BBB
    Today I managed to get the Amazon customer service SUPERVISOR on the phone…
    Summary: My account is closed. Amazon will NOT refund me the $300 balance in gift cards. The guy said it’s a matter for the police now.
    Since basically I was robbed because of a lack of security measures on behalf of Amazon – I am trying to organize a class action suit on the above.
    If you think you’ve been robbed in a similar manner – please shoot me an email to
    zombit@hushmail.com

Leave a Reply

Your email address will not be published. Required fields are marked *