Remote denial of present (DoP) attack via Amazon wishlist
I placed eleven items this year into my Amazon wish-list for my family and girlfriend to pick from and all were quickly purchased.
A few days later my mother asks if I can put some items to buy because after purchasing one or two the others have now gone.
My brothers don’t have debit cards, my sisters have limited net access my girlfriend claims she hasn’t brought them and nobody else knows about it.
Either I’ve got a secret Santa fulfilling my every Amazon wish or… somebody is executing a remote denial of present attack upon my Christmas!
How it works is simple.
- Find the Amazon wish-list of the target
- Buy items from the wish-list but ship to your own address
- Enjoy the items yourself
- Rejoice in knowing the target is deprived of the item now that Amazon believes he will get it
It’s pretty evil.
The only way I can see that Amazon would be able to prevent this attack is to either let you pre-select other Amazon accounts that are able to use your wish-list or to be able to see who brought what.