mayank11280
Forerunner
Cybersecurity risk alert:
Amazon delivery associates may try to take control of your account through OTP. (Possible on other platforms also)
A very low value item was delivered to me the day before yesterday. No OTP was asked. The website shows item as “delivered”. Meaning, the product delivery process has been closed now. No further action is necessary.
However, yesterday I received a random OTP from Amazon. Soon after that I received a call from an unknown number (not from official Amazon provided number but personal number). The person said he is the delivery agent from yesterday and asked for the OTP to close the delivery. He clarified, he had forgotten to ask for it before. This felt sketchy. No OTP was required upon delivery.
Sketchy because:
1. Amazon makes a great deal about OTP being required during delivery through multiple emails, SMSs, WA messages and app notifications: none were received for this delivery.
2. OTP based delivery is required for high value items only, and largely for prepaid items: this was a low value, POD item.
3. For OTP based items, product delivery cannot be closed without it: this item was marked delivered immediately after the handover.
4. The message from Amazon mentions the purpose of the OTP in case of OTP based delivery. It is usually not mentioned for OTP based sign in. The message received didn’t mention anything about delivery.
Every day new forms of cybercrimes are coming to the fore.
As a rule of thumb: Please use caution and don’t share OTPs, especially when you don’t know the purpose of the OTP and the person you are sharing the OTP to.
Stay safe.
Amazon delivery associates may try to take control of your account through OTP. (Possible on other platforms also)
A very low value item was delivered to me the day before yesterday. No OTP was asked. The website shows item as “delivered”. Meaning, the product delivery process has been closed now. No further action is necessary.
However, yesterday I received a random OTP from Amazon. Soon after that I received a call from an unknown number (not from official Amazon provided number but personal number). The person said he is the delivery agent from yesterday and asked for the OTP to close the delivery. He clarified, he had forgotten to ask for it before. This felt sketchy. No OTP was required upon delivery.
Sketchy because:
1. Amazon makes a great deal about OTP being required during delivery through multiple emails, SMSs, WA messages and app notifications: none were received for this delivery.
2. OTP based delivery is required for high value items only, and largely for prepaid items: this was a low value, POD item.
3. For OTP based items, product delivery cannot be closed without it: this item was marked delivered immediately after the handover.
4. The message from Amazon mentions the purpose of the OTP in case of OTP based delivery. It is usually not mentioned for OTP based sign in. The message received didn’t mention anything about delivery.
Every day new forms of cybercrimes are coming to the fore.
As a rule of thumb: Please use caution and don’t share OTPs, especially when you don’t know the purpose of the OTP and the person you are sharing the OTP to.
Stay safe.
