Buyers Beware - Stolen Parcel, Be Careful with Expensive Purchases at Amazon

TLDR: Amazon sends expensive parcels with delivery protected by one time passwords. The system is flawed and can be internally circumvented. If that happens and your parcel is stolen, Amazon is likely to make issues with refund.

After 100+ successful deliveries from Amazon (typically low value, daily use items), decided to use them to get a new, expensive laptop. Amazon promised to deliver it on the same day by 10pm, great. At 5.36pm I get one time password, great. I’m at home from 6.15pm, awaiting delivery. Silence, nothing happens, after 9pm I check email, “Your parcel has been delivered 8.52pm”. What the….? Immediately, something doesn’t feel right. Parcel nowhere to be found. Contacted Amazon – “you just confirmed delivery with your one time password, there’s nothing we can do”. Raising a new case again “You must have shared password, check with your neighbours. Thanks for shopping with us”. Feels like few grand almost lost, but I keep pushing.

Two things that saved me in this case. First, I live in high security building with several cameras, revisited 1 hour window with security and made them send me email confirming there was no couriers at all in the indicated delivery time. Two, I have years of professional experience in tech industry, I know how to handle passwords, there’s next to zero chance for me to share/lose/misuse it.

Having strong evidence at my disposal, I don’t give up and finally get positive response. Amazon’s “Executive Relations” team contact me and issue a refund. I don’t believe I’d win this case if circumstances were different and quick search confirms it. Plenty of evidence I’m not the only person scammed and there many who claim having similar problems. IMO, their delivery process is clearly flawed, and Amazon uses “we have record you confirmed delivery with password, there’s nothing we can do” to defend their position. Read more about it on Forbes, for example: https://www.forbes.com/sites/barrycollins/2024/02/03/amazons…

Draw your own conclusions. After all these years of successful deliveries, I'm both disappoint and concerned, and I don't think I’ll risk ordering expensive items from Amazon again.

Related Stores

Amazon AU
Amazon AU
Marketplace

Comments

  • So in some cases you use a one time password for deliveries to your home (as opposite to parcel locker)?

    What determines when it's used?

    • +2

      From the article OP listed:

      The OTP system requires customers to give couriers a six-digit code before expensive items are handed over by the courier to the customer.

      When an order for an expensive item is placed, Amazon sends a text message to the customer with a six-digit code. The customer must provide that code to the Amazon courier at the point of delivery to ensure that the parcel reaches the correct customer.

  • +6

    I've never experienced this code process, but I've had ~$600 items delivered from Amazon US and they just leave them at the front door in the weather and in clear view. Seems like their policy is 'buyer beware'. Their cheap and fast delivery has to have some risk / drawbacks I guess…not good enough.

  • +6

    So the courier is stealing the item by saying they provided the code? Surely the code needs to be entered by the courier as well on their little signing device and they shouldn’t just have it.

    • +5

      Correct, in theory at least. Forbes article suggests there's a way for couriers to bypass OTP requirement by providing the last two digits of your phone number. Couriers shouldn't have access to it, however there are two, at least, possibilities:
      - they have access to your personal data from various stolen data leaks like Floptus, and they basically match your name/address with the phone number
      - there's insiders job - Amazon, after all, has your complete contact details, including phone number, and possibly the courier worked with someone who has access to get it

      • +1

        I've been called up a couple times by the Amazon driver - I thought my number was printed on the package or viewable from the app that the driver has?

        Can't think of a reason why a bypass would be required.

        • Can't think of a reason why a bypass would be required.

          Majority of customers aren't even aware there is a password required nor where to find it… much easier to get their mobile number.

  • Any chance you had a missed call?

    • +2

      Nope, no calls at all. Saved the call log, plus wanted to get details from the phone provider if needed, to prove there were no incoming calls that evening. In addition, Amazon's email with OTP warns, of course:

      "Do not communicate this password or your phone number to the driver over phone or intercom", but that kind of obvious.

      However, "don't communicate your phone number"…. IMO confirms weakness that Forbes reported that they use it as a backup to bypass OTP requirement, ignoring the fact tons of personal data is available on darknet due to various leaks, like Optus one etc.

      • +1

        Hard to plan given the random nature of despatch.
        Last two digits of your mobile is the backup method… Obtained via voicemail or customer delivery notes.
        To mark as delivered they must have been within 20 metres of address, no other way to close it out.

        • Good to know about 20m requirement. GPS spoofing? I see people doing it here for simple things like cheap 7/11 petrol, should be easy enough for delivery.

          Alternatively, it's a large complex, would have been trivial to park outside, beyond camera reach.
          Security checked recordings from the visitors car park etc. no one arrived at the time, one or two food deliveries only.

          • +1

            @User102430: If you've regularly had deliveries to that address it would be pinned fairly close to wherever they're normally left.

            GPS spoofing is not really possible with the current app… was previously.

            Bigger issue is marked as delivered with OTP …no photo required and assumed handover to customer…. more margin for error with third party last mile like dragonfly or fastway.

    • +5

      Since when are we able to go to Amazon and shop instore?

  • +10

    I wrote to them about the flaw in passwords as well. My delivery person SMSed me for the password an hour BEFORE they arrived. It should be in person only!

    • +4

      My delivery person SMSed me for the password an hour BEFORE they arrived.

      I'd reply back that the code is under the door mat.

    • Did you provide it ? of course you shouldn't until the item is in your hands.

      • +3

        I did and then panicked. Just stupid to do, but no issues in the end. I did make a complaint to Amazon though. $700 Mini PC as well.

  • +4

    From the article linked above

    The reader claimed that in cases when the customer is unable to provide an OTP, courier drivers can instead use digits from the customer’s cell phone number as proof of identity.

    While I get Amazon doesn't like repeat deliveries as that costs money, what is the point of a OTP password if the package is going to be left anyhow if bypassed by a simple thing like their mobile number!?

    Seems like a flawed system open for abuse!

    • +1

      bypassed by a simple thing like their mobile number!?

      How would the driver get access to the phone number?

      • My speculation, as above:
        - they have access to your personal data from various stolen data leaks like Floptus, and they basically match your name/address with the phone number
        - there's insiders job - Amazon, after all, has your complete contact details, including phone number, and possibly the courier worked with someone who has access to get it

      • +1

        How would the driver get access to the phone number?

        Just checked an Amazon box here (delivered by Australia Post) and my phone number is on the label! I use a VoIP number though when dealing with companies, rather than my mobile.

        • +1

          Amazon labels don't usually have phone numbers, especially OTP deliveries… number is whatever is listed on your Amazon account (land or mobile) last 2 digits.

    • +1

      Seems like a flawed system open for abuse!

      Precisely, it's just the worst and most nonsensical OTP implementation I've seen.
      Plus, they use it as an excuse - not in my case, luckily but many others - to refuse any compensation claims.

  • +2

    Sounds like the issue is with Amazon farming their delivery service out to independent contractors

  • +1

    Interesting to know that doing Amazon deliveries has fringe benefits. I might have to sign up and start doing deliveries. How many deliveries do I have to do until I get the free laptop?
    /$

  • That's weird. I've had multiple deliveries all require OTP and on days when I was not around to provide the code, or missed the call from the delivery guy, they had to re-organise a delivery and send a new code.

    • +1

      Makes sense, I would never say all their couriers are thieves, probably majority is honest…. but some clearly are stealing stuff

  • How did the delivery guy know it was an exy laptop? Did Amazon send it in the manufacturer's box only?

    • +1

      My last Amazon AU purchase of a PC component was shrink wrapped with a packing label stuck on it. The Amazon US purchase (of a motherboard) was still in an Amazon box with no padding.

    • +2

      Possible. If it was in a box, it's not hard to guess what's inside, if you have some experience: size, weight, same day delivery plus it requires OTP? Also possible, it was a joint operation, where courier had someone else to assist and provide specifications, with better system access and data

    • +1

      Well, if it's a delivery that requires a OTP it's something expensive. Does it really matter to them whats inside?

  • lucky my 4x 8tb ssds came through okay! phew.

  • I had to use codes twice for a telescope and some other thing, there were no issues though

    • +5

      That is astronomical.

  • +3

    Not quite related as it doesn't involve an OTP, but the most expensive thing I have ordered from Amazon by a long way (Quest 3) was the only item I have ever received that was completely the wrong item. It contained two or three cheap plastic trays for putting soft drink cans or something in.

    Luckily the box felt too light when I picked it up, so I filmed myself opening it. Managed to get an actual Quest 3 delivered quite quickly and with surprisingly little push back (don't think I even needed the video footage, maybe just a couple of photos showing what was in it).

    Definitely seemed suspect.

  • +2

    they used the last 3 digits of your mobile.

  • +2

    The Amazon courier who delivers to me throws my parcels on top of our letterboxes, available to anyone living inside the complex or anyone passing by outside. I’ve also had expensive items go missing - eg an 18 year old bottle of single malt Scotch that “smashed” apparently. It’s always the expensive items that go missing or get smashed. I’ve given up on Amazon now because of the delivery issues and the fact the Chinese have infiltrated it and sell their fakes on there masquerading as the real deal.

  • +1

    I haven't had any issues with otp deliveries, seem to get them for certain categories of items or items over a certain value under $100. Who knows.
    Stupid flaw though.

    I always imagined that a contractorb would be black marked if x% of deliveries had reported issues.

  • Amazon customer service is very hit or miss. Last month I had a delivery scheduled on two separate occasions and on both days no one came to deliver. Eventually they told me it was lost and the best they can do is a refund. I requested the customary $5/$10 account credit for wasting my time waiting for a delivery. The rep gave me every BS excuse under the sun why she couldn't do that. I then requested a supervisor call back, said supervisor tried to give me the same BS before "oh actually I can see an option to apply the credit now".

    Another occasion a couple of weeks ago I bought a used copy of a game and the copy that got shipped to me was a Japanese version, not Aussie. Called up and the rep immediately offered me a full refund and told me not to even send back the game.

  • +1

    Just use local drop off easy free. Especially for expensive stuff

  • Use a parcel locker or your nearest post office. They're both free and you'll never lose a parcel/package.

  • Just had my first encounter with dragonfly. Was for an order coming from Amazon US (ordered via AU). The guy could not read obviously as my business details and directs are clearly stated in my shipping details. I doubt he even turned up as there is a big directory board at the foyer of the building. Complained twice and got 2 lots of $10 credit as compensation. Let see if my parcel arrives today.

Login or Join to leave a comment