What You Can Learn from Amazon’s Customer Service Security Hole

Even the biggest companies with great reputations can come across customer service security holes they didn’t realize they had. Within the last couple of years, an Amazon customer experienced a situation that left him feeling helpless and at the mercy of a cyber hacker. There’s no doubt Amazon has some of the most secure customer solutions in place to protect their customers’ information, but a hacker found a loophole.

The Backstory

The Amazon customer received an email thanking him for contacting their support department. The only problem is the customer had not ever contacted them. After receiving the transcript of the chat, the customer realized he was being victimized by an identity thief. And even with the customizable customer support software Amazon has in place to protect from security breaches, the identity theft attempt was unbeknownst to the Amazon customer service representative.

Through a simple “whois” search, the hacker was able to obtain basic information about the victim. But what’s so incomprehensible is the victim actually created a fake address so his real address would never be known. The problem is the hacker used the fake address to ask the Amazon support representative where the package was being shipped. The representative confirmed the address, which gave the hacker exactly what he wanted...the customer’s real address.

The Issue Surrounding Amazon’s Incredible Security Hole

This issue is just one of the many social engineering schemes hackers use today. The good thing is Amazon’s standard protocol is to send a chat transcript to the account owner’s email address. Otherwise, the victim would have never known about the conversation.

The gaping security hole in Amazon’s secure customer solutions has since been addressed, but not without prompting many other questions about their security protocols. If anyone can pose as another customer and be provided sensitive information, then the customer is put in a helpless situation.

Takeaways to Implement in Your Organization

One of the main takeaways resulting from Amazon’s security failure is to have strict policies to confirm the identity any time a customer calls support, gets on live chat or asks a question via email. Your customizable customer support software should have the customer’s information stored securely, so this should not require much extra effort from a business side. The vast majority of the time, a customer is who they say they are, but all it takes is one hacker to reveal major issues, as Amazon experienced.

PhaseWare noted the security issue experienced by Amazon and used their results to develop even more secure customer solutions. Whether it’s through cloud based customer support software or any other solution fitting your needs, we will help your organization be more efficient and protect your customers’ information as much as possible. To learn more about where you stand from a security standpoint and how you can improve your processes, contact us today.