My YouTube "suggested video" feed is currently being bombarded with Indian videos for some reason. Not just Bollywood but also Indian cookery and Indian lifestyle. I think all I did was watch an Indian programming tutorial a few weeks ago, that's all it took to convince them that I am besotted with all things Indian. 

sharkeHowever I'm starting to think that maybe this person doesn't have access to my email at all and just signed up for an Amazon account with the wrong email. I had thought that the name as written in the "to" field of an email (i.e John Smith &lt johnsmith@whatever.com>) must be linked to the email address in some way, like from the name they used in their profile, but from remarks someone made on the Gmail forums when I asked there, I'm now under the impression that this name came from Amazon's end when they sent the emails. I'm still sort of confused though. 

If everything they "bought" is a download, there's a good chance that it's not an email screwup but hackers using stolen info. They may just be using a long dormant account that now forwards to your email or it could be spoofed.

sharke
If I log into googlemail.com, it just redirects me to my gmail account. 

 
That means "googlemail.com" and "gmail.com" are tied. For security, I would change the password - just to make sure they don't have access to your account. Then rest easy.
 

sharke
It's really incredible that neither Amazon or Apple send a confirmation email to open an account. I had thought that was just, well y'know, standard. So I can basically open an Amazon account using anyone's email address. I could use it for various nefarious activities such as trolling authors with abusive reviews etc...

 
I agree... I'm not 100% sure they don't send a confirmation, but I don't recall every getting one from them.
 

sharke
Actually I was able to get into their Amazon.co.uk account. I just clicked the "forgot password" link and requested a password reset. They sent an email which came to my gmail account and I changed the password. I got in there,  and unconnected their tablet device which they'd linked to the account. So they won't be able to download any more apps onto their device from Amazon, and they won't be able to log into Amazon.co.uk to see what the problem is. There was also a credit card in the account, some guy in Cheshire with a different name to the name on the Amazon account. That made me feel a little uneasy, I could have had some fun with it if I'd been "that" kind of person. But I deleted it from the account. 

 
This says everything. With a different name on the card than what is on the account tells me it's likely a stolen credit card. My hunch is that hacks know "googlemail" and "gmail" are tied and are therefore creating fake accounts with "googlemail.com" addresses in order to buy digital items. Script Kiddies are not stupid. By using your "googlemail" account they know the email won't bounce back to amazon or apple raising a red flag. They also know those company's do not send confirmations to open an account. They also know they will gain access to a ton of digital items quickly before the credit card holder will see the problem.
 

sharke
I feel a little bad because it looks like someone had opened an Amazon account for their kid to download apps, and now that kid is going to be frustrated that she can't download anything.

 
I doubt it. I suspect it was a script kiddie... a young person that stole a credit card number and knows how to play the systems. C'mon... who opens an unlimited account for their kid. If this was legit and they were that stupid, you just did them a favor.
 

sharke
I'm still confused about how names work in the "to" field of emails you get. If I get an email from Amazon and this is in the "to" field: 
 
TheirName &lt myemail@googlemail.com>
 
Then where does TheirName come from? Is it taken from the name they entered into their email profile when they opened the account? Or is the name taken from their Amazon account? I really don't understand how it works.

This can all be spoofed... and the emails you get from Amazon are formatted by Amazon. They would use the account name on file, along with the email address on file. Faking a name and the email address is just as easy as spoofing the phone number on a call display (ever get a call from 000-000-0000). Anything that is left to "user input" can be faked.

Your issue piqued my curiosity, and I spent a significant amount of time trying to find an easy way to contact Amazon to report suspected fraudulent activity without any success. Is it that Amazon does not want to receive such reports, or is it that they do now want anyone to think about the possibility that their account can be hacked? You would think there would be a report fraud email, chat and phone number prominently displayed, but most Google results as forums (some hosted on Amazon.com) with customers asking what they should do. There is an email address to report phishing emails, but that does not seem to be the issue here, and it explicitly says that they will not respond to you.

I have no clue about the amazon side, but I had never heard of googlemail.  I just an email to myname.googlemail.com and sure enough, it showed up in my gmail account inbox.
 
Weird
 
Hope you get the amazon thing sorted.  You could go back into the account and set the email address to webmaster@amazon.co.uk - or whatever it is.  That might eventually get somebody at amazon to pay attention

slartabartfast
Your issue piqued my curiosity, and I spent a significant amount of time trying to find an easy way to contact Amazon to report suspected fraudulent activity without any success. Is it that Amazon does not want to receive such reports, or is it that they do now want anyone to think about the possibility that their account can be hacked? You would think there would be a report fraud email, chat and phone number prominently displayed, but most Google results as forums (some hosted on Amazon.com) with customers asking what they should do. There is an email address to report phishing emails, but that does not seem to be the issue here, and it explicitly says that they will not respond to you.

Amazon is going to get itself in serious trouble because no one can contact them. It's just a cash cow until such a time as the FCC or someone else gets to it.
 
They need to get seriously punished until they learn to respect people a bit more.

codamedia

sharke
If I log into googlemail.com, it just redirects me to my gmail account. 

 
That means "googlemail.com" and "gmail.com" are tied. For security, I would change the password - just to make sure they don't have access to your account. Then rest easy.
 

sharke
It's really incredible that neither Amazon or Apple send a confirmation email to open an account. I had thought that was just, well y'know, standard. So I can basically open an Amazon account using anyone's email address. I could use it for various nefarious activities such as trolling authors with abusive reviews etc...

 
I agree... I'm not 100% sure they don't send a confirmation, but I don't recall every getting one from them.
 

sharke
Actually I was able to get into their Amazon.co.uk account. I just clicked the "forgot password" link and requested a password reset. They sent an email which came to my gmail account and I changed the password. I got in there,  and unconnected their tablet device which they'd linked to the account. So they won't be able to download any more apps onto their device from Amazon, and they won't be able to log into Amazon.co.uk to see what the problem is. There was also a credit card in the account, some guy in Cheshire with a different name to the name on the Amazon account. That made me feel a little uneasy, I could have had some fun with it if I'd been "that" kind of person. But I deleted it from the account. 

 
This says everything. With a different name on the card than what is on the account tells me it's likely a stolen credit card. My hunch is that hacks know "googlemail" and "gmail" are tied and are therefore creating fake accounts with "googlemail.com" addresses in order to buy digital items. Script Kiddies are not stupid. By using your "googlemail" account they know the email won't bounce back to amazon or apple raising a red flag. They also know those company's do not send confirmations to open an account. They also know they will gain access to a ton of digital items quickly before the credit card holder will see the problem.
 

sharke
I feel a little bad because it looks like someone had opened an Amazon account for their kid to download apps, and now that kid is going to be frustrated that she can't download anything.

 
I doubt it. I suspect it was a script kiddie... a young person that stole a credit card number and knows how to play the systems. C'mon... who opens an unlimited account for their kid. If this was legit and they were that stupid, you just did them a favor.
 

sharke
I'm still confused about how names work in the "to" field of emails you get. If I get an email from Amazon and this is in the "to" field: 
 
TheirName &lt myemail@googlemail.com>
 
Then where does TheirName come from? Is it taken from the name they entered into their email profile when they opened the account? Or is the name taken from their Amazon account? I really don't understand how it works.

This can all be spoofed... and the emails you get from Amazon are formatted by Amazon. They would use the account name on file, along with the email address on file. Faking a name and the email address is just as easy as spoofing the phone number on a call display (ever get a call from 000-000-0000). Anything that is left to "user input" can be faked.

I'm not sure if the different name on the card is the smoking gun it seems like. The order history on the account is basically a long stream of free kid's apps, with a couple paid ones (most expensive $4.99). Seems like a lot of trouble to hack accounts and steal credit cards just to pay for downloads totaling $7. What it looks like to me is that an adult has opened an account for a kid to download stuff for her tablet, and has paid for a couple of her downloads. While it's true that the name on the card is different to the name on the account, this could just mean it's a stepfather, uncle etc.

slartabartfast
Your issue piqued my curiosity, and I spent a significant amount of time trying to find an easy way to contact Amazon to report suspected fraudulent activity without any success. Is it that Amazon does not want to receive such reports, or is it that they do now want anyone to think about the possibility that their account can be hacked? You would think there would be a report fraud email, chat and phone number prominently displayed, but most Google results as forums (some hosted on Amazon.com) with customers asking what they should do. There is an email address to report phishing emails, but that does not seem to be the issue here, and it explicitly says that they will not respond to you.

I have been in phone contact with Amazon before, due to a problem with a delivery. I should think that if I got in contact with them the same way, they'd be able to direct me to a department which deals with such things. I'm loathe to do so however because it's such a pain calling these companies. The wait, the surly staff, the being cut off randomly while you're on hold etc.

Moshkito

slartabartfast
Your issue piqued my curiosity, and I spent a significant amount of time trying to find an easy way to contact Amazon to report suspected fraudulent activity without any success. Is it that Amazon does not want to receive such reports, or is it that they do now want anyone to think about the possibility that their account can be hacked? You would think there would be a report fraud email, chat and phone number prominently displayed, but most Google results as forums (some hosted on Amazon.com) with customers asking what they should do. There is an email address to report phishing emails, but that does not seem to be the issue here, and it explicitly says that they will not respond to you.

Amazon is going to get itself in serious trouble because no one can contact them. It's just a cash cow until such a time as the FCC or someone else gets to it.
 
They need to get seriously punished until they learn to respect people a bit more.

They're not breaking any laws, so they're not going to be "punished." It's as simple as that.