Shared publicly  - 
Antonio O's profile photoRichard Tong's profile photomary lemire's profile photoSteve Sexton's profile photo
As per the "your thoughts" at the end of the post...

It might also be that the black market value of the Kindle is worth a month's salary wherever he is, making all of that effort worth it.  Also, as you eluded to, this might have been one of a large batch of accounts he was doing the same thing to.

Lesson learned for the social engineer: make sure the person you're doing it to isn't an experienced systems guy.
Wow Scott. This makes me want to double check my account controls on Amazon and other places. 
I've read about this scam before - with cameras I think. Amazon really need to increase the security when talking to someone on the phone. I know it's a pain from the legitimate customer's perspective, but they could ask a question only you should know - like what you ordered a couple of weeks ago.
+Scott Hanselman good question.  I suppose if he'd been able to get Amazon to change the address before getting to UPS you would have?  

Otherwise it's probably just a reduction in profit.  They retail for $90 and weigh 6oz (really? that light?).   According to USPS, shipping to China (just a guess) is ~$70, UPS is $90.  But that's a single unit.  If he's using an exporter I'm sure there's a discount for bulk shipments so a cost saving there.  

All leading me to agree even more that he's likely doing this with several accounts.
+Chris Forman I'm also going to guess it's cheaper for Amazon to eat it than to build in better security, not that I'd agree with that decision if it's true.
I thought after that tech reporter guy account got hacked into Amazon increased the security protocol. Crazy what one could accomplish with just your email, name and billing(for most home) address. 
UPDATE: Just updated the post with my recommendations on how Amazon can fix this.
I've read something similar to this happening with Amazon before. It's amazing how people will circumvent the system and what they do it for. It also goes along way in showing how important training is for company and how hiring the right people (Sue) can be beneficial in many ways to companies. 
If it's any solace, you've made an informative PSA to other Amazon customers, as well as to anyone working in eCommerce.

I once had a similar experience with They too refused to provide details to protect the fraud. Interesting fact: they limit their passwords to 11 characters or less.
Very well written summary and great recommendations at the end. Thank you for sharing this :)
Wow! I guess I need to check my amazon emails more closely.  Scary.  You did give excellent recommendations though.
Well played and excellent writeup +Scott Hanselman. Hopefully the value you just provided by sharing helps payback your time spent.
Thanks for being the good guy, social engineering is a powerful force.
Scott, you are a wonderful person! Thank you for taking the time to trip up the bad guys. You have saved a whole lot of us a lot of grief
Scott!  Great points and rec's made in your post.  It will be interesting to see what policy changes - indeed - if any amazon makes. Not.
Worst part is that this fraud has been pointed out months ago, and Amazon still hasn't choked off the leaks. Very disappointing and not very confidence inspiring.
Add a comment...