Is it possible Kaspersky total security is overlooking a virus on my PC; someone from Nigeria signed into my Amazon account.

[Guest]

I’m in the U.S. I was notified by Amazon that someone signed in to my account from Nigeria (not that someone “attempted” to sign in).  I’ve had the account for many years and this has never happened before. They didn’t order anything and I changed my password, but 48 hours after notification.

I made this new password only 10 days ago, a random mix of 25 characters. I have not used this password for any other website. I do not use a password manager. I store passwords on a flash drive that is plugged in only when I need them. I access my Amazon account only from one device, a Windows PC. I update Kaspersky and Windows 10 automatically. I ran a full Kaspersky scan and no threats were found. I use 2FA on Amazon with my phone number.

How could someone have figured out what my password was unless there is something on this PC that recorded it that Kaspersky missed?

Also, if it is OK to ask a related question, as Amazon stores my credit card number which someone in Nigeria could have seen, I guess I should cancel the card and ask for a new number, or is this overreacting?

Should I be worried about someone porting the contact phone number and/or accessing my contact email, since they would have needed one of these for the 2FA?

 

 

 

 

[petsy]

I suspect that email was simply a phishing one and didn’t actually come from Amazon. I hope you didn’t click on any links in that email to verify your account as that would be a fatal mistake.

btw Amazon doesn’t display your full card number in your account only the last 4 digits.

[Berny]

@Intra If Kaspersky didn’t detect any threats means that your system is clean.
Off Topic : Personally I should turn off the multi-device option in your ? Authy ? 2FA app 🤔

[Guest]

petsy, I hadn’t realized Amazon doesn’t display the full card number. I signed in to Amazon and you are correct. Good! Thank you.

I received the “signed in from Nigeria” text both as an email and on my phone. I ignored the phone message link but I did use the link in the email. (Yes, it was a risk.) It looked legitimate to me -- https://www.amazon.com (then a long string of characters and numbers).
When I clicked on the link, I was sent a 2FA code on my phone as usual.

After I clicked on “Deny”, I signed out, then signed in again to the main website to change my password, just in case that “Deny” page was fake.

BUT looking at the URL link now that was in the email, the web page now reads
“Thank you. Sign-in was denied.” 
DENIED -- not SIGNED IN like the email stated!
IF this was just sloppy writing from Amazon, then this is a big relief, and shame on Amazon.
 

Berny,

Is there a Kaspersky web page that explains how they can detect all threats when new threats are constantly being made? Is that possible?

Off Topic: I know that 2FA by phone is not completely secure because phone numbers can be ported. But I read from a few security advice sources that 2FA by phone is “better than no 2FA”.  Can you please explain why you don’t agree? I know I need to learn more.

Thank you both.

[Berny]

@Intra Please see this  Kaspersky article:

https://usa.kaspersky.com/resource-center/definitions/heuristic-analysis
 

I am recommending the use of 2FA , above “Off Topic” was only related to your personal issue.

[Guest]

Berny, thank you for the article. It helps me understand.

[Guest]

Regarding the “signed in from Nigeria” I wrote above...I changed my Amazon password and decided not to worry about it since my full card number is not shown. But today, when I signed in to Amazon, I received the message “Signed in from 34, TR”, which is Turkey. (I’m still in the United States.)

Looking at KVPN, my Fastest connection was listed as Turkey! I changed it back to the U.S. I have difficulty believing Kaspersky needed to connect to servers in Nigeria and Turkey instead of finding one in the United States. And my Kaspersky stats for today lists only United States of America, the USA - West Coast.

Which am I supposed to believe?

 

 

[Guest]

Still in the western United States, I signed into Amazon again and Amazon immediately sent me text “Action Needed” notice for New York. I did not click on the link in case by an amazing coincidence, it was fake.

Immediately looking at KSVP, it still reads USA (West Coast), as it did when I sign in to Amazon. I use the Kill Switch, so I think I would be aware if I was switched from West Coast to New York and then back again. Yes?

[Flood and Flood's wife]

I was notified by Amazon that someone signed in to my account from Nigeria. 

Regarding the “signed in from Nigeria” I wrote above..  I have difficulty believing Kaspersky needed to connect to servers in Nigeria.

Hello @Intra, 

1. Did you check the Amazon (Nigeria) email message source? 
2. Kaspersky does not have remote virtual servers in Nigeria

As discussed in your other topic, please log a case with Kaspersky Technical Support & please share the outcome when it’s available? 

Thank you🙏

Flood🐳+🐋