# Fraudulent kindle book purchases on my account



## webhill (Feb 12, 2009)

Hi!

I wrote last week about my paperwhite's bizarre behavior here: http://www.kboards.com/index.php?topic=131651.0
I have found another problem that I think is related, though will submit it may not be. 
I woke up this morning and had received 2 emails from amazon informing me that "as per my request" I was being refunded for the cost of ebook A and ebook B. I did not recognize those titles so I went and checked my order history and found that both had been purchased, along with a third which I was not being refunded for, at about 12:15 AM (at which time I was sleeping, with the kindle on my nightstand). So, then I picked up the Kindle - and I noticed the three new titles at the top of my home screen, and I noticed that again, the battery was run down to near zero. Weird. Concerned about these purchases I went and looked through my last several weeks of stuff - see, my grandmother has been very dangerously ill (she is 98 years old but was living independently until a couple of months ago) so I have been focused on her and less so on reading every email from amazon etc. I noticed that in addition to the three fraudulent ebooks charged last night, there was a fraudulent magazine subscription from last night, and six fraudulent ebook purchases the night that the Paperwhite acted bizarrely as previously noted.
I immediately changed my password, and called Amazon. I was told:

-there is no way for Amazon to tell if a purchase was made through a website, or directly from a Kindle (that can't really be true, can it?)
-they would immediately refund all of the purchases I alleged to be fraud (and it looks like they have in fact done that)
-I should change my password (I told them I did that already)
-if it happens again, I should call back.

I asked "if it happens again, what will the next step be?" and they said they were curious to know if anyone else in my home made these purchases. I explained that while I could not rule out the possibility that a kid bought something from his/her kindle - it would be truly bizarre if my children were purchasing John Grisham novels (do 8 yr old girls read those? no!) and subscriptions to Smithsonian Magazine! Also, it would be extremely bizarre if they were waking up, making purchases at midnight, going back to sleep, and not being tired the next day. So I asked again, what would the next step be, and they said "just please call us if it happens again." So, I don't know what is going on but I'm pretty upset about it 

Has anyone else seen anything like this happen??


----------



## BTackitt (Dec 15, 2008)

Hate to ask, but do you take sleeping pills? I have a friend who took Ambien until she ran up $300 in internet purchases in the middle of the night.


----------



## ElaineOK (Jun 5, 2009)

Weird.  The question is why?  To download the books whomever did this would have to have a kindle (or Kindle app) registered to your account.  Have you checked to see if anything else is registered to your account?

Elaine 
Norman, Ok


----------



## CoffeeCat (Sep 13, 2010)

That is so strange, but Elaine has a good point. I wish there were some concrete answers for your situation.


----------



## Betsy the Quilter (Oct 27, 2008)

you could also temporarily, as a test, turn off access to the Kindle Shop on your PW...

Betsy


----------



## history_lover (Aug 9, 2010)

webhill said:


> -they would immediately refund all of the purchases I alleged to be fraud (and it looks like they have in fact done that)


I can't say why this is happening or that I've heard of it before but just thought I should mention that you can actually get a refund for any Kindle book within 7 days of purchase, for whatever reason. And you don't need to call them to do it, you should be able to do so from "Manage Your Kindle": http://www.amazon.com/gp/help/customer/display.html/ref=hp_200527380_returns?nodeId=200144510


----------



## webhill (Feb 12, 2009)

I have a large number of devices registered to my account - however, I did check them ALL for unauthorized activity - only *my* kindle has the "unauthorized purchases" on it (and in fact, all of the unauthorized purchases were downloaded to my personal kindle - the paperwhite. There are no unauthorized purchases that were downloaded onto any of the other devices!). I do not take Ambien or any other sleep aids - and for what it's worth, if I were up doing stuff in the middle of the night, it's almost 100% certain my husband would wake up and get annoyed, because that is usually what happens if for any reason I wake up in the middle of the night and start doing anything .

I did recently return two devices that had hardware issues (charging cable falling out of kindle fires - two of them!) but they were deregistered & completely wiped before being sent back. They no longer show up under "manage your devices."

I agree - this entire thing is *completely bizarre.* I do wish Amazon could take a look at the orders and verify - were they made via a web interface, from a device, or what? One would imagine they could do this but they insist it is impossible. Oh well. 

Turning of store access from the Paperwhite is a great idea. I think I might do that for now, I can't recall the last time I purchased anything directly from my Kindle in any case - probably when I finished the first in the Hunger Games series and had to have the second immediately 

Anyway, just wanted to share, see if anyone else has any experience with this type of issue. I'm a little afraid Amazon is going to think I'm insane and freeze my account at some point!


----------



## Cheryl M. (Jan 11, 2011)

It's interesting that you returned 2 Fires. My friend ended up ordering an iPad mini after returning his third Fire. Are all the Fires just made poorly?


----------



## SusanCassidy (Nov 9, 2008)

If you don't see any "extra" devices or apps on the Manage Your Kindle page, it is a pretty safe bet that no one external has registered a device to your account, which is the only way to purchase books.  Of course, they could have registered, bought a book, downloaded it, then deregistered, but it is unlikely.


----------



## The Hooded Claw (Oct 12, 2009)

Unless I missed something, sounds like this could be someone who had the password to your amazon account ordering off of another computer. Good that you changed password. You might consider using security software to check your computer for malware that might have reported your password to a bad guy. 

Sent from my DROID RAZR using Tapatalk 2


----------



## history_lover (Aug 9, 2010)

The Hooded Claw said:


> Unless I missed something, sounds like this could be someone who had the password to your amazon account ordering off of another computer. Good that you changed password. You might consider using security software to check your computer for malware that might have reported your password to a bad guy.
> 
> Sent from my DROID RAZR using Tapatalk 2


I think what's missing in that scenario is that there are no unknown (or lost) devices on the account - so while someone could have stolen the OP's login and bought books, what would be the point if the thief has no device attached to that account and therefore nothing to read them on? Theoretically, Cloud Reader could be used but the thief would then loose access as soon as the OP changed their password. A rather pointless hijack, if you ask me, unless the thief was able to change the password and block the OP out of his own account but we know that didn't happen.


----------



## metal134 (Sep 2, 2010)

webhill said:


> it would be truly bizarre if my children were purchasing John Grisham novels (do 8 yr old girls read those? no!)


As to this part, perhaps not as bizarre as you think. I was reading Stephen King books at that age. But as to rest of it, yeah, highly unlikely and sounds as though your account was hacked. I recommend canceling any credit cards associated with that account ASAP.


----------



## history_lover (Aug 9, 2010)

metal134 said:


> As to this part, perhaps not as bizarre as you think. I was reading Stephen King books at that age. But as to rest of it, yeah, highly unlikely and sounds as though your account was hacked. I recommend canceling any credit cards associated with that account ASAP.


I don't think that's necessary - don't they hide the full credit card number from view when they store it? For example, to the person who hacked the account, it would look like: **** **** **** 1234. I'm pretty sure that they have to do this by law, it's illegal for companies to store a full credit card number where anyone but the computer system can see it, so that no employees or anyone unauthorized can access it.


----------



## readingril (Oct 29, 2010)

history_lover said:


> I think what's missing in that scenario is that there are no unknown (or lost) devices on the account - so while someone could have stolen the OP's login and bought books, what would be the point if the thief has no device attached to that account and therefore nothing to read them on? Theoretically, Cloud Reader could be used but the thief would then loose access as soon as the OP changed their password. A rather pointless hijack, if you ask me, unless the thief was able to change the password and block the OP out of his own account but we know that didn't happen.


Another scenario: the
thief is using the K4PC program (registering the account and then de-registering when done) to download the books to a computer and then stripping the DRM to read at their leisure.

Another thought after reading your other thread on this: have you turned off the sharing capability with twitter? I am wondering if somehow you were hacked via that avenue?

via me, my Droid, & Tapatalk


----------



## Betsy the Quilter (Oct 27, 2008)

history_lover said:


> I don't think that's necessary - don't they hide the full credit card number from view when they store it? For example, to the person who hacked the account, it would look like: **** **** **** 1234. I'm pretty sure that they have to do this by law, it's illegal for companies to store a full credit card number where anyone but the computer system can see it, so that no employees or anyone unauthorized can access it.


This is correct. You can't see your own full credit card number.

Betsy


----------



## metal134 (Sep 2, 2010)

history_lover said:


> I don't think that's necessary - don't they hide the full credit card number from view when they store it? For example, to the person who hacked the account, it would look like: **** **** **** 1234. I'm pretty sure that they have to do this by law, it's illegal for companies to store a full credit card number where anyone but the computer system can see it, so that no employees or anyone unauthorized can access it.


They do hide the number, but hackers can get around that. I've had accounts of mine hacked and my credit card info stolen before.


----------



## Betsy the Quilter (Oct 27, 2008)

Clearly, businesses like Amazon have the number stored somewhere, and hackers have broken into databases and gotten large groups of numbers.  Or keyloggers can trap your credit card number as you enter it for a purchase.  Or a ton of other ways to get someone CC#.  But, someone just viewing your account page won't see the number.  Doesn't mean it wasn't gotten some other way.

The whole hacking thing just seems strange to me.  Why would someone hack the account, buy two books, return at least one of them (doing this from memory; I'm heading away from the computer and not going back to read the OP, sorry.)  When I've had my CC# stolen, they did it in a big way.  Or, several small items repeated over time that weren't supposed to be noticed.  Not a couple of things that were returned.

Betsy


----------



## history_lover (Aug 9, 2010)

Betsy the Quilter said:


> Clearly, businesses like Amazon have the number stored somewhere, and hackers have broken into databases and gotten large groups of numbers. Or keyloggers can trap your credit card number as you enter it for a purchase. Or a ton of other ways to get someone CC#. But, someone just viewing your account page won't see the number. Doesn't mean it wasn't gotten some other way.
> 
> The whole hacking thing just seems strange to me. Why would someone hack the account, buy two books, return at least one of them (doing this from memory; I'm heading away from the computer and not going back to read the OP, sorry.) When I've had my CC# stolen, they did it in a big way. Or, several small items repeated over time that weren't supposed to be noticed. Not a couple of things that were returned.
> 
> Betsy


Yeah, that's my point. If someone was going to steal your credit card number, you wouldn't think they'd be interested in using your account to buy a couple books and post some highlights on twitter. Of course there are plenty of ways to hack into a system and steal CC numbers... but my point is that it doesn't sound like that is what's going on here so I doubt the OP needs to go through the hassle of cancelling their cards.


----------



## metal134 (Sep 2, 2010)

Betsy the Quilter said:


> The whole hacking thing just seems strange to me. Why would someone hack the account, buy two books, return at least one of them (doing this from memory; I'm heading away from the computer and not going back to read the OP, sorry.) When I've had my CC# stolen, they did it in a big way. Or, several small items repeated over time that weren't supposed to be noticed. Not a couple of things that were returned.


People are weird. Awhile back, I had my credit card info stolen. Did they buy video game systems, stereos, TVs? No. They went to a Family Dollar. They stole my info to go to a freaking Family Dollar.


----------



## MamaProfCrash (Dec 16, 2008)

I would immediatly go and download any books that you have purchased to your desktop. If your account has been hacked it is possible that Amazons solution will be to close that account. You will not have access to those ebooks. In the past, Amazon has given people who have faced this situation gift certificates to repurchase their books but they cannot transfer your books from the closed account to the new account.

If you have the books stored on your hard drive you are in a position to choose to remove DRM and keep those books without having to repurchase them or repurchase the books. In my view, it is better to be in that position then to not have a choice to make.


----------

