Posts

Your Amazon Alexa Is a Spy

Digital assistants like Google Assistant and Alexa, from Amazon, have a secret: they are secretly learning everything about you. They can hear your conversations, they know the tone of your voice, and they are recording it all.

Confidential

Now, all of this is important, according to Google and Amazon, because once these devices learn these things about you, they will work even better. However, it’s causing issues with consumers. For instance, a family reported that their Echo began spontaneously laughing at them. Another family reported that their Alexa recorded and sent a conversation to a friend without them knowing about it. Amazon claims that it’s likely the devices misheard something in the conversations and thought they were commands.

Do you want to know what your Alexa device is hearing in your home? Here’s how:

First, open up the app for Alexa, and then open menu options. Click on “Settings,” and then “History.” You should see a list of all of the commands you have ever said to Alexa, and you can sort your results to see them more clearly. If you see a note that says “text not available,” and you click it, you can hear a recording of what it picked up.

If you don’t feel comfortable having a recording in your device’s history, it is possible to delete it. You can do this in one of two ways: you can delete it directly from the device’s app, or you can go to the Amazon.com website. There, you can choose the option called “Manage Your Content and Devices.” Here, you can totally delete the information. Amazon, of course, doesn’t actually want people do to this. They claim that it will “degrade” your experience when using Alexa.

Amazon does keep these recordings, and the company claims that they record and store them to help to personalize Alexa to better cater to your household. It then uses these recordings to create a model of your voice. The device keeps a voice profile for every use that it recognizes, but after three years, it deletes the model…it does not, however, automatically delete the conversations.

For people who use Alexa a lot, it could be a big job to go through these conversations and delete what they no longer want to keep. But, it might very well be worth your time to go through them, as you never know when Echo might send those conversations elsewhere due to a miscommunication.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

You need Two-Factor Verification for your Amazon Account

If you have a strong password for your Amazon account, you may still want to consider beefing up the security with two-factor verification (or authentication), which will prevent a thief from accessing your account (which is possible if he gets ahold of your password and username somehow).

2D

  • Log onto your Amazon account.
  • Have your mobile phone with you.
  • Click “Your Account.”
  • Scroll down where it says “Settings—Password, Prime & E-mail.”
  • Click “Login & Security Settings.”
  • Go to “Change Account Settings” and at the bottom is “Advanced Security Settings.” Hit “Edit” there.
  • You are now on the page for setting up two-step verification. Hit “Get Started.”
  • You will see two options. For ease of setting up the two-factor, choose the text message option.
  • Follow the instructions and wait for the texted code.
  • Enter the code and click the “continue” button.
  • You will now be on a page for adding a backup number—which is required.
  • You cannot use the same phone number you just did for your initial setup. If you do not have a landline for the backup number, and your only phone is a “dumbphone,” you will not be able to use the two-factor service from Amazon.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Beware of Amazon’s scary Customer Service Hack

Do you shop at Amazon.com? Are you aware they have a back door through which hackers can slip in?

11DLet’s look at Eric’s experience with hackers and Amazon, as he recounts at medium.com/@espringe.

He received an e-mail from Amazon and contacted them to see what it was about. Amazon informed him that he had had a text-chat and sent him the transcript—which he had never been part of.

Eric explains that the hacker gave Eric’s whois.com data to Amazon. However, the whois.com data was partially false because Eric wanted to remain private.

So Eric’s “fake” whois.com information wasn’t 100 percent in left field; some of it was true enough for the customer service hack to occur, because in exchange for the “fake” information, Amazon supplied Eric’s real address and phone number to the hacker.

The hacker got Eric’s bank to get him a new copy of his credit card. Amazon’s customer service had been duped.

Eric informed Amazon Retail to flag his account as being at “extremely high risk” of getting socially engineered. Amazon assured him that a “specialist” would be in contact (who never was).

Over the next few months, Eric assumed the problem disintegrated; he gave Amazon a new credit card and new address. Then he got another strange e-mail.

He told Amazon that someone was impersonating him, and Amazon told him to change his password. He insisted they keep his account secure. He was told the “specialist” would contact him (who never did). This time, Eric deleted his address from Amazon.

Eric became fed up because the hacker then contacted Amazon by phone and apparently got the last digits of his credit card. He decided to close his Amazon account, unable to trust the giant online retailer.

  • Frequently log into your account to check on orders. See if there are transactions you are unaware of. Look for “ship to” addresses you didn’t authorize.
  • Amazon’s customer support reps should be able to see the IP address of the user who’s connecting. They should be on alert for anything suspicious, such as whether or not the IP address is the one that the user normally connects with.
  • Users should create aliases with their e-mail services, to throw off hacking attempts. In other words, having the same email address for all your online accounts will make it easy for them to be compromised.
  • If you own domain names, check out the “whois” info associated with the account. It may be worth making it private.

Be very careful when sharing information about yourself. Do not assume that just because a company is a mega giant (like Amazon), it will keep your account protected from the bad guys.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.