On three separate calls, an attacker used social engineering techniques to trick a representative of Amazon’s customer service into disclosing a user’s personal information. An Amazon user named Eric Springer described how it all started with an email from Amazon’s customer service thanking him for reaching out. Curious, Eric contacted Amazon’s customer service only to discover that someone claiming to be him had contacted a representative of the popular e-commerce company and had tricked them into disclosing his real shipping address and phone. The attacker succeeded in their effort by providing the representative with a fake address: a nearby hotel’s address that Eric had used to set up some domains, knowing that the whois information would eventually become public.
View full story
ORIGINAL SOURCE: Graham Cluley