A new method of fraud is gaining popularity among cybercriminals, allowing you to “clear” the bank accounts of Amazon users. Secretly from the victim, the attackers connect a smart TV to their account, which is not displayed in the usual settings and which even the Amazon tech support team cannot remove. Through this phantom device, cybercriminals make online purchases using the victim’s bank card, even if she changed her password and turned on two-factor authentication.
According to The Register, linking phantom devices to someone else’s Amazon accounts in order to steal funds from bank accounts is a very common practice. The attackers somehow manage to add Android devices to the Amazon accounts that do not appear in the list of attached devices. These devices are authorized to make online purchases through a compromised account without the knowledge of the victim and technical support staff.
According to one victim named Jon d’Shade, he managed to get Amazon to recover the deducted funds, after which he changed all passwords. At first, d’Shade did not see any extraneous devices in the main settings of his account, but then on the Amazon Prime page he found two smart TVs Samsung and Vizio, which came from nowhere.
Amazon itself has not yet commented on the situation, however, according to a source from The Register, the company is currently conducting an investigation.