Fake Amazon Marketplace receipts fool unwary vendors
- TAGS:Amazon, AMZN, GFI, malware, scam, sunbelt
- IT TOPICS:Cybercrime & Hacking, Desktop Apps, E-Business, Security, Windows
By Richi Jennings. December 10, 2010.
A bogus tool to create fake Amazon Marketplace receipts is doing the rounds. There are fears that such fake receipts could fool unwary vendors. In IT Blogwatch, bloggers wonder if this is really news.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention História Do Natal Digital...
(AMZN)
Jeremy Kirk comes in peace (but phasers on stun):
The program is designed to create a customized HTML file that closely resembles an actual Amazon.com receipt. ... The scam relies entirely on social engineering, with the fraudster hoping a vendor will be tricked into thinking a product was sold.
...
Retailers can protect themselves by checking their own sales records. Amazon.com will also be able to confirm whether a real sale has taken place, Boyd wrote.
Shaun Nichols adds:
The tool allows a would-be attacker to enter information through a form ... [which] creates the phony receipt file with information such as an order number, item description and address information.
...
Potentially, a cyber criminal could use the artificial receipts to trick merchants into believing that an item was damaged or not delivered, leading the merchant to ship additional items or supply software licensing information.
Christopher Boyd and Adam Thomas claim to have discovered the generator:
This is a particularly interesting scam, as it doesn’t target regular PC users – it targets the people who sell you things, such as the merchants on the Amazon marketplace. ... It’s a pretty good facsimile of a genuine Amazon receipt.
...
Some things to note for the wary seller: not only will you not have a record of these people buying your products, you should be able to confirm with Amazon that no purchase was ever made. ... Sellers will need to keep their wits about them over the coming festive season. ... If a “customer” seems a little peculiar, ensure you take a good look at their receipt.
But Ronwald is as dismissive as a very dismissive thing:
Amazon Marketplace sellers refund through Amazon's system, not directly to the customer. ... So if the order number isn't legit, there's no way to refund. ... Boyd should do his homework (like maybe finding out how the Amazon Marketplace actually works) before screaming the sky is falling.
And Larry Seltzer also sounds unconvinced:
The merchant would have to be really careless and just trust the data on the receipt without checking it.
...
Receipt generators are not new, but in the past I've seen them pushed as a tool for creating fake expense reports to scam your own employer.
And Finally...
The Nativity, on the net, in Portuguese: História Do Natal Digital
[hat tip: Jemima Kiss]
Don't miss out on IT Blogwatch:
 |
Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. A cross-functional IT geek since 1985, you can follow him as @richi on Twitter, pretend to be richij's friend on Facebook, or just use good old email: itbw@richij.com. |
You can also read Richi's full profile and disclosure of his industry affiliations.
Free Insider Guide
