My first Phishing experience!
On September 20th, around 5PM IST, I received a phone call from the number + 91 8XX0580XX6.
The caller greeted me and introduced himself as part of Amazon India. More specifically, the sales and promotional department. He asked me if I spoke English and I told him ‘Yes’. Weird much?
He told me as part of the order that I purchased from Amazon a couple of days back(He gave the order number) I had won a lucky draw.
He told me I could choose any one of the 5 options below as gift.
- Dell Inspiron Laptop
- One Plus 8 Pro
- Sony Bravia TV
- Voltas AC
- A Refrigerator (forgot the liters!)
By this time, I was pretty convinced this was an elaborate scam because not only Amazon not make calls to users promising gifts, their agents are very professional and remarkably skilled in communication. Here I was given a lot of robotic broken answers probably memorized, with thick Hindi Mother Tongue Influence(Not criticizing, merely observing).
Curiosity led me to continue the call purely for entertainment purposes.
I feigned happiness and thanked the agent multiple times and enquired how I may claim the gift. I was told that in order to claim it, I ought to purchase goods worth 5000 Rs from Amazon India. However, I just needed to add those items to the cart and not make the payment. He would initiate it from his end and add the gift along with it. He assured me that I would be receiving it in 2–3 working days.
I told them I intended to purchase the Samsung Galaxy M51 (Electric Blue, 6GB RAM, 128GB Storage) and added it to my cart in Amazon. He confirmed the product and told me that he was adding it over at his end for checkout.
Additionally, he confirmed my address.
He already seems to have it. My home address. Scary.
The payment was to be made via any of the UPI payment applications — Google Pay or PhonePay since this was not a regular purchase. Cash on Delivery was also not available.
I asked them to sent a mail for confirmation and suddenly he hung up the phone.
After around 15 minutes — the guy called me up again(greetings and all that!) and told me my payment was pending.
10/10 for user follow-up!
He patiently gave me the account number and IFSC details of the account.
Please Note: The Account Holder Name was manually added by me to remember and is in no way related to Amazon
Once that was done, he asked me to send the money of the equivalent amount of my Samsung Galaxy M51. By now I told him I’d hang up the phone call because the internet would not work for payment alongside the call. He agreed reluctantly but not without reminding me to send the screenshot of the payment made to their official number.
Only after its confirmation would he be able to initiate the processing of the order request it seems. Fair enough!
He kept on calling soon after and I told him that I was unable to make the request — and at one point he started getting agitated and switched to Hindi to which I politely told I do not understand ( I was lying of course!).
He asked me to make the payment fast and send him the reference number of the transaction.
I could hear similar calls happening in the background. I had been recording all the calls until now. I told him I made the transaction and still didn’t get any order confirmation to which he angrily replied that I ought to send him the screenshot. I hung up.
Also by this time I removed all the saved cards and addresses from Amazon.
I stopped picking after I received around 5–6 calls from the same number. I think by this time he might have figured out that I wasn’t intending to make the payment and this lead wasn’t a possible convert.
Soon afterward, I called Amazon customer care and narrated the entire incident. I was told that they would never perform such a call and that they would tell the respective department and requested me to drop a mail to the customer helpdesk, which I did. They did not seem to have any liability to the fact that perhaps their seller would have misused the information passed to them to carry out my order.
- Affiliated Businesses We Do Not Control: We work closely with affiliated businesses. In some cases, such as Marketplace sellers, these businesses operate stores at Amazon.in or sell offerings to you at Amazon.in. In other cases, we provide services jointly with or on behalf of these businesses. Click here for some examples of co-branded and joint offerings. You can tell when a third party is involved in your transactions and we share customer information related to those transactions with that third party.
- Third Party Service Providers: We employ other companies and individuals to perform functions on our behalf. Examples include fulfilling orders, delivering packages, sending postal mail and e-mail, removing repetitive information from customer lists, analysing data, providing marketing assistance, providing search results and links (including paid listings and links), processing credit card payments and providing customer service. They have access to personal information needed to perform their functions, but may not use it for other purposes. Further, they must process the personal information in accordance with this Privacy Notice and as permitted by applicable law.
I mailed Amazon a couple of days later to check if some action was there and I got this. Made me wonder what could have happened if the phishing had gone through. What if someone actually made the payment falling for the play?
What worried me was the fact that this person had my phone number and address. And Amazon does not seem to have any liability about how they could possibly use it. Or do they?
In fact, it wasn’t just me. I noticed several others posting similar seller experience in other social media tagging Amazon.
I have had and still do, the highest regard for Amazon for their exemplary customer service.
But this, tsk tsk.