Justin Schuh

@[email protected]
2.1K Followers
270 Following
273 Posts
Stay-at-home dad. Expect a mix of infosec (plus privacy and safety), 3D printing, and some US politics. You're probably following me because of my old job.
Twitterhttps://twitter.com/justinschuh
Githubhttps://github.com/jschuh
Blueskyhttps://bsky.app/profile/justinschuh.com
Show threadJustin SchuhJan 3
@agl As I said elsewhere, I'm really going to miss the Pax Americana. I won't deny that it was imperfect and unevenly distributed. But damn, it sure seems a whole lot better than whatever this thing is that we're blindly stumbling into.
Show threadJustin SchuhOct 26, 2024
@troed Turns out the attacker initiated account recovery over the phone using stolen personal information. The link was the last step, which had to be clicked from a device Amazon already recognized for that account. And the firehose of spam was to bury the alert emails Amazon was sending.
Show threadJustin SchuhOct 26, 2024

Gmail account appears to be fine, but the Amazon account has definitely been hijacked. Looks like the attacker texted a link that the neighbor clicked on this morning, and that completed some sort of account ownership transfer. Neighbor assures me they just clicked the link and didn't enter anything. They just landed on an Amazon page that said their account had been successfully transferred to someone else (they have a screenshot of the hijacker's email address).

They've been on the phone with Amazon trying to get it resolved, but if the description is correct it sure seems like there's a vulnerability on Amazon's end here.

At exactly the same time the SMS was sent the neighbor's Gmail account got hit with a firehose of thousands of spam messages persisting for several hours, which is why they thought the Gmail account was hacked (and also why they clicked the Amazon phishing link from the SMS).

Does this sort of thing sound familiar to anyone?

Justin SchuhOct 26, 2024
Neighbor just called asking for help because their Gmail account was hijacked and now they're locked out (and the hijacker chained off that to other accounts). I'm heading over in a bit to help. This is the will be my first experience with the process from the consumer perspective.
Justin SchuhOct 5, 2024
@fugueish Indeed.
Justin SchuhOct 5, 2024
@fugueish I have thoughts... that I'm going to keep to myself.
Show threadJustin SchuhJul 1, 2024
@AlesandroOrtiz Thing is I have no interest in changing my email provider or adding new services. I'm really just looking for a drop-in replacement for my domain service.
Show threadJustin SchuhJul 1, 2024
@sgraham Thanks. I'll take a look at it.
Justin SchuhJul 1, 2024
@_dm Yeah, looking for more of a drop-in replacement in a single service.
Justin SchuhJun 30, 2024

I just determined that plus addressing on email forwards broke with the transition from Google Domains to Squarespace (i.e. forwarding [email protected] to [email protected] used to also forward [email protected] to [email protected]). This means I'm now missing a bunch of emails, because as a general rule I would create a custom plus address with a relevant tag anytime I registered an email.

So now I'm wondering if anyone has thoughts on a way to get this working in Squarespace. I added a wildcard email rule as a stopgap, but even that requires 24-48 hours to take effect.

Alternatively, does anyone have any good recommendations on domain hosting providers that support email forwarding with plus addressing?