Rather than attacking computers, a "social engineering" hack goes after the most fallible element in a system: its operators. Let's say, for instance, that you know the birthday, postal and email addresses of someone you really, really hate. You could use this information to contact a service provider that they use and pretend to be them, explaining away any missing data by saying you'd been knocked on the head. If the customer services agent believes your story, then they'd give you further pieces of information or, in the worst case, let you avoid standard security procedures altogether.
Springer, understandably, vents his anger at Amazon, which he says failed to understand that he was at risk of impersonation. That failure led to his account being compromised a second time just "a couple of months" later. The attacker attempted to get the customer services agent to hand over Springer's credit card data, which, he believes, they may finally have been able to do. This isn't an isolated incident, either, since a commenter to Springer's story was able to spoof their own account with similar levels of success.
It's quite a big charge to level against the mega-retailer, and one that could do some extensive damage to its reputation. We contacted the company to learn if it had any official response to the accusations leveled toward it by Springer. Unfortunately, it has not yet responded to us at the time of publication although we are very sure that Amazon will want to be heard on this topic. Those with long memories will recall that this isn't the first time that the firm has been slammed -- journalist Mat Honan lost access to his Amazon account after attackers impersonated him in 2012.
[Image Credit: Getty]