I’d ordered some stuff from Amazon. I wanted to check my shipping status as I need to both be here when it comes and be out doing stuff otherwise.
A quick DuckDuckGo search had found the login for Amazon before, so… I typed, a page that was very familiar opened. I logged in to my account. “No Orders!” in the last 6 months. “No Gift Card Balance!”. WT?
It looked smelled and tasted like Amazon. On a quick read of the URL it looked about right. Yet it both knew me and didn’t now about me. Paranoia begins to set it. Well, actually, it’s always set at “You are the Systems Admin! They are ALWAYS out to get you!” because they are. Capture accounts of the guy with root access, you capture it all; so I’m used to being the prime target. Was this a bogus web site, designed to look like Amazon and via some small typo pop up a login window that looks good, only to capture your Username and Password? Had I been phished and pwned?
I immediately logged out, hit my history listing for a link where I knew I was just looking at products and clicked it. Logged in again as me. There was my order history, my $5 or so of gift card balance. All was good, increasing the odds the “other login” was bogus. I immediately changed my password (so that anyone who captured it now had a useless thing and could not change it locking me out while they “loaded up my card” with goodies.
Well, the account only points at a Walmart reloadable debit card that typically has $20 on it at any one time, so not a high risk in any case; but still; pwned (owned by a hack) is pwned and you don’t want to be that. Smug that I’d reacted in a minute or maybe less, I proceeded with the “must do” spousal requests.
Now, a couple of hours later, I got to do a more detailed look at just who was a what. Inspecting my browser history and CLOSELY comparing the URLs showed that the “quasi bogus” one was NOT amazon.com it was amazon.com.au and an Australian site. A series of web searches turned up pages saying there WAS NO Amazon.com.au… but might be one soon. Unfortunately, many had no date or updates. So was it real or bogus? Has “will be” aged into “has been for a while”?
Turning to the terminal:
I did an “nslookup” and “whois” on Amazon and on it.
EMs-MacBook-Air:Downloads chiefio$ nslookup amazon.com Server: 22.214.171.124 Address: 126.96.36.199#53 Non-authoritative answer: Name: amazon.com Address: 188.8.131.52 Name: amazon.com Address: 184.108.40.206 Name: amazon.com Address: 220.127.116.11 EMs-MacBook-Air: chiefio$ whois amazon.com Domain Name: AMAZON.COM Registry Domain ID: 281209_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.markmonitor.com Registrar URL: http://www.markmonitor.com Updated Date: 2014-04-30T19:24:35Z Creation Date: 1994-11-01T05:00:00Z Registry Expiry Date: 2022-10-31T04:00:00Z Registrar: MarkMonitor Inc. Registrar IANA ID: 292 Registrar Abuse Contact Email: firstname.lastname@example.org Registrar Abuse Contact Phone: +1.2083895740 Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited Name Server: NS1.P31.DYNECT.NET Name Server: NS2.P31.DYNECT.NET Name Server: NS3.P31.DYNECT.NET Name Server: NS4.P31.DYNECT.NET Name Server: PDNS1.ULTRADNS.NET Name Server: PDNS6.ULTRADNS.CO.UK DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2018-03-28T15:28:08Z <<< For more information on Whois status codes, please visit https://icann.org/epp
So Amazon.com is registered via an intermediary of MarkMonitor Inc. OK…
EMs-MacBook-Air: chiefio$ whois amazon.com.au Domain Name: amazon.com.au Last Modified: 07-Nov-2016 10:19:54 UTC Status: clientDeleteProhibited Status: clientUpdateProhibited Status: serverDeleteProhibited (Protected by .auLOCKDOWN) Status: serverUpdateProhibited (Protected by .auLOCKDOWN) Registrar Name: MarkMonitor Inc. Registrant: Amazon Corporate Services Pty Ltd Registrant ID: ACN 082 931 600 Eligibility Type: Company Eligibility Name: Amazon Corporate Services Pty Ltd Registrant Contact ID: MMR-138740 Registrant Contact Name: Amazon Hostmaster Registrant Contact Email: Visit whois.ausregistry.com.au for Web based WhoIs Tech Contact ID: MMR-28993 Tech Contact Name: Hostmaster, Amazon Legal Dept. Tech Contact Email: Visit whois.ausregistry.com.au for Web based WhoIs Name Server: pdns1.ultradns.net Name Server: pdns2.ultradns.net Name Server: pdns3.ultradns.org Name Server: pdns4.ultradns.org Name Server: pdns5.ultradns.info Name Server: pdns6.ultradns.co.uk Name Server: ns1.p31.dynect.net Name Server: ns2.p31.dynect.net Name Server: ns3.p31.dynect.net Name Server: ns4.p31.dynect.net DNSSEC: unsigned
OK, it is looking legit.
So most likely I just didn’t notice the appended .au in the URL and got logged into the Australian site. It knew about my login, but not about my USA order history.
So is this a new service and I’ve “stepped in it” prior to full launch? Is it a new service that is up and running but doesn’t share actual order and shipping data across continents? Is it a “dummy” being tested? I have no idea.
I’ve not gone back to explore it.
So why mention all this? Well, first, because it illustrates the kind of vigilance and awareness everyone ought to have. If something “isn’t quite right” you don’t ignore it, you react fast and block a potential attack. Secondly, it could illustrate how perfectly normal things can look suspicious especially if a bug (or just mis-feature) makes it possible to log into a remote account in a country other than yours, but not see your actual account data.
And of course, finally, so you can have a bit of a chuckle at my foibles while hopefully appreciating that yes, it can be a bit paranoid, but it’s still a good idea to react first, then research at leisure.
If anyone “down under” happens to know the status of Amazon.com.au (i.e. is it live and working) that would be interesting to know as a clarification point. I’m a bit too busy today to chase that down right now.
Yes Amazon Australia is up and running and it’s so annoying. My login is the same for the .com.au site but is has no record of anything from the US site. I had freaked out because all it looked like my orders and Amazon credit had vanished.
And Amazon provide no way to switch between US and AU sites. In fact they make it very difficult with their, “you’ve gone to a product link on the US site but we can see your IP address is from Australia so we’ll bounce you to the AU site and the give you a 404 error because that product doesn’t exist for you there.”
I have to use a VPN that exits in the US so I can access my profile on the US site.”
Fortunately the iPhone app doesn’t care I’m in Australia so I generally just use that now to instead.
Same, its a real thing thing – and my amazon.com will no longer sell me e-books – they all have to come from amazon.com.au which is also slowly adding all the other products. They do share login but not a lot of other stuff yet.
Agree with Trent. It is highly annoying. I used Amazon USA from Australia to get books unavailable locally. Now I am forced to use the .au site, and I find the books I want missing there.
Well, it’s nice to know I figured it out. Sorry to hear it’s being a pain to folks down under. Wondering how many “like me” will do a web search on “Amazon login” and end up there instead of the USA and be baffled. Progress, gotta love it… /sarc;
This is one area where text-to-speech actually aids detection, eyes can kind of ‘skip over’ stuff you expect to be present but when listening you pretty much have to hear it all.
I have ben using Amazon.com.au for some time (although it isn’t my first choice for books). No problem seeing them available in the USA.
I think the change came as a result of the Australian government trying to tax overseas purchases, so Amazon forced people to use the Australian portal without warning. Great public relations I don’t think.
Apart from the confusion between National Amazon sites, the company has a problem with its promotion of Amazon Prime. We accepted an offer of a “free trial”, and a month later when we checked our credit card statement saw a charge of some $70 (Canadian) from Amazon. It turned out that they had debited our card IMMEDIATLY with the fee, as if we had already committed to become a permanent subscriber to the Prime service. As it happened, we did not use the service, and were able to get the transaction reversed. It seems that if we had ever used the service AT ALL, the refund would have not been available. Some “trial” – if you use it, it is not free. Very odd behaviour..
I’ll tuck this away on the odd chance that I’ll ever buy something online. Unlikely, but it could happen.
I live in Australia. I too got conned by the Amazon Prime free offer. I cancelled the deal when I discovered I was paying full USA price and getting a crippled Australian version with few videos and no free deliveries. I was refunded a fraction of the free fee. To my annoyance it seems the full fee was charged again the following month despite the cancellation.
I was amused to see an item that costs $300 here (including postage) can be bought for about the same from Amazon.com.AU, but the postage was about $350 (Sorry it has to come from the USA)
You must have been doing something in Oz. And it assumed you were there?
When using VPN, I often get strange “assumptions” on the part of sites.
Yes, Amazon.com.au is annoying. No wish list available, so I have to go back to the US site just to keep a copy of interesting potentials.
But to go from .au to .com I just deleted the .au characters from the url. Bizarrely, this worked. Often works on ebay.com.au too.
I’d done a web search for “Amazon Login” and may have typed something more like folks in Oz type ;-)
From the stories above: It sounds like it was something that had to be slapped together in a hurry to dodge some $Millions of taxes; and had a lot of loose ends when first brought up.
Hopefully they’ll get it smoothing integrated soon enough. (Or politicians will realize that such greed doesn’t work and just stop being stupid… when unicorns dance in the street ;-)
Yes, pruning the URL works. You are removing the country high level qualifier and the rest of the name matches the generic name. Many companies just append a country qualifier for special cases, so that’s a generic tool / skill.
Take what pleasure you can from knowing your politicians are just as stupid and greedy as those in the rest of the world…