Someone signed into my Amazon account and changed the email address. I received a phishing email from Amazon this morning saying my email address had been revised. I think it was a bit of coincidental timing because the email address wasn't the same as the one that the one in my account was changed to.
I automatically delete phishing emails, but if it doesn't contain a link, which this one didn't, I will typically type in the address of the website it's pretending to be and check things out.
So I go to log in and Amazon typically has my email address pre-populated (not the password). Yet, this time it was a completely different email address. I contacted Amazon and the email address had indeed been changed, fortunately no orders. They have locked the account pending review.
I am just wanting a little confirmation here. I am assuming the change had to start on my computer. Otherwise the new email address it changed to wouldn't have populated in my field. I am assuming a cookie is used on their site to do that. So that cookie shouldn't have been updated on my computer unless my computer was the one to log into the account with it, right?
I am running AVG and Microsoft Windows Malicious Software Removal Tool at the moment, but no hits on either yet. I was going to use Malwarebytes, but I had to uninstall because it wouldn't update, and I tried to do it while I was chatting with Amazon, but it requires a restart. I will run it after these two finish.
Any thoughts? Thanks. David