In these past few weeks I have witnessed or experienced 4 significant spoofing attempts / events. Most of us will have caught the news about over 1 million Android users inadvertently downloading a fake version of the WhatsApp chat app. I’ve received a fake Adobe tax refund email, several fake Amazon SMS delivery notifications (with suspicious ’preview’ pop-up links), as well as encountered what I believe are a couple of spoof ’Sign into iTunes Store’ pop-ups on my iPhone.
For most of these there is little or no data as to the potential or actual damage being done here. Some of these are just attempts at harvesting User IDs and Logins, some of these are triggers for malware infections which can do worse damage or even hold the victims to ransom.
For email, there has been a concerted effort for a while now to root out unsolicited and unsavoury emails, yet still too often some slip through. But there is genuinely a real effort going into dealing with and preventing malicious attacks via email. Although I’m sure more could be done here - some better verification, so that if a brand name is being used, it has to be validated as coming from very specific email relays / originations. I find it somewhat worrying that a big name like Adobe can be so easily spoofed. Generally I think Gmail does an excellent job of security-filtering emails, but the perpetrators keep upping their game, which means we will eventually be reduced to just plain text emails with no clickable elements!
For most of the rest there seems to be very little happening - in terms of any kind of response or action. iPhone owners have been victims to the ’Sign into iTunes Store’ spoof for several years now, and I’m pretty sure Apple could have done more to secure against this, but it still happens to such an extent that I’m nervous about signing into anything on my phone these days.
As for the recent spate of Amazon delivery notification spoofs, I’m alarmed that Amazon has not notified the public that his is happening, and I was disappointed how laissez-faire their customer service response teams were with this.
For ’Amazon’, you get the following kind of SMS notification (about something you have definitely not ordered):
Shipped: Your Amazon package with iPad Pro 10.5 Inch Charcoal Gray Color Case - Companion C... will be delivered Fri, Nov 03.
[Tap to Load Preview]
I contacted customer services after I received a couple of these - the spoofer is obviously trying to get you to click on the dodgy link. Amazon customer service thanked me for my ’input’ and promptly told me I should forward all of that through to: ’firstname.lastname@example.org’ .
I then got a classic circle-jerk response from the stop-spoofing team - that I should really be contacting Amazon Customer Services, who had just redirected me to that very same service. I have no confidence that anything is being done about this, I’ve not seen any kind of satisfactory response, nor any kind of page or general notice to inform other customers who may be witnessing / experiencing the same.
Amazon is now one of the largest and most profitable companies in the world, parts of their customer service can be exemplary, but I’ve found them to be seriously lacking in several departments of late. Tow of my last orders in fact both ordered under ’Prime’ (next day delivery) were randomly delayed, one heading on for a fortnight, yet no notifications or alerts to let me know that my order had been delayed in such a manner. I don’t understand either how when they confirm dispatch and a delivery date (i.e. product has left warehouse) that they can then randomly add a number of days to the arrival date. For the first package which was supposed to be coming the Monday after, but was then flipped to maybe arriving sometime in the next few days - this was explained away that the package was damaged in transit and had to be returned to the warehouse (I of course had to cancel as I was not given any assurance as when or if a replacement would be dispatched and when likely to turn up). I had to chase Amazon up for all this info, and why a replacement could not be delivered the following day - there was no answer for that.
One of my recent Amazon packages was delayed and rescheduled no less than 3 times in a row, the last communication I received said dispatched and guaranteed for 11th of November, but then when I viewed my order it said package may be delayed until the 14th?? (It actually showed up on the 12th after Amazon accelerated the re- re- delivery??. And there was some other kind of warehouse mistake so a replacement had be be shipped from Germany in double-quick time?). This is possibly something to do with the quality of Amazon’s own ’Amazon Logistics’ delivery service which is all contracted and outsourced and I find to be of very variable quality.
So Amazon’s pristine levels of service seem to have slipped significantly of late, just as it hits its highest stock market position of all time? I really don’t like how Amazon hides away the ’Contact Us’ form at the base of the 3rd Help page you are forced to navigate through.
I generally speak very favourably about Amazon, and I have a long standing and very high frequency relationship with that company, but it is guilty of significant lapses in service too.
I think all the Tech companies need to make a more concerted effort to stamp out all this fraudulent and spoofing activity which all of us now encounter daily. I still get a lot of random call centre phone calls sometimes several times a day, on top of the various forms of spam, malware, malvertisements and spoof messages.
I would have thought companies like Amazon, Apple and Google - which all have so much control over their own technologies and ecosystems / infrastructures could engineer better security for their customers. I don’t believe any of these companies properly have their customers’ complete safety and security as a priority - they are more concerned with their own profitability, and only really consider security from a liability angle - and that attitude needs to change...