The Major Security Problem Almost None Of Us Are Prepared For

Photo: Courtesy Amazon.
Passwords are notoriously not good at keeping our digital accounts secure, but there's another threat to your favorite online accounts that you may never have imagined: customer service representatives. You can have a long, inventive password and two-factor authentication switched on, but if someone really wants to get at your bank account, Amazon account, or Apple account (among others), all they need to do is a little Googling and some clever social engineering. Such is what happened to an Amazon user named Eric Springer. Springer got a strange email notification from Amazon one day that said, "Thank you for contacting us." He reached out, and got access to the online chat transcript. What he read, and realized, blew his mind: Someone had found his contact information and used it to impersonate Springer in a chat with an Amazon representative, gaining access to more of his personal information. The person then used that information across other services, including convincing Springer's bank, to send themselves a new credit card under his name. A similar instance happened again a few months later. "At this point, Amazon has completely betrayed my trust three times," Springer writes on Medium. "I have done absolutely everything in my power to secure my account, but it’s hopeless." You can read his full story here. This isn't the first time something like this has happened. A formerWIRED senior staff writer had an even more traumatic social engineering hack experience several years ago. A hacker gained access to his Amazon account, then used that information to access his Apple account, his Gmail, and his social media accounts. You can read about the fascinating nightmare (which, among other things, resulted in the hacker deleting his child's baby pictures when they remotely wiped his Apple devices) here. Women targeted by Gamergate, such as Anita Sarkeesian and Brianna Wu, have also had to deal with these types of hacking attempts. What can you do to make yourself less vulnerable to this kind of attack? First, keep your information private — don't share your phone number or home address publicly online anywhere. Second, if you have the ability to use different addresses for different accounts, do it. While Springer's hacker was able to glean his actual shipping address (which matched his bank information) through his chat with an online representative, having a shipping and banking address that don't match is one more hurdle an attacker has to go through. Third, make sure you have email or text notifications turned on for services that involve your credit card or bank account. That way, the moment an unusual transaction occurs, you know instantly, and can deal with it before it escalates. Being hacked is an unfortunate reality of today's world. It's not a matter of "if," but "when." But with the right precautions in place, and companies (hopefully) getting smarter about protecting consumers, you can minimize the chances of getting hacked, and the negative effects when it does.

More from Tech

R29 Original Series