Scammers on Amazon are using a complex system to obtain fake 5-star reviews for their products, avoiding detection by using different forms of payment so the purchase seems as normal as any other, a watchdog site has found.
A whopping 13 million records of Amazon users and vendors participating in the colossal con job were discovered by SafetyDetectives, a cyber security team that stumbled on the trove of data on an unsecured ElasticSearch database last week.
The leak amounted to some 7 gigabytes of data, all told compromising the privacy of some 200,000 people.
Those curious about the identities of the vendors involved could find not only email addresses, but also WhatsApp and Telegram numbers. Emails were often shared as well.
Also on rt.com Ransomware used in cyber attack on one of US’ largest fuel pipelines
On top of all that data were reportedly 75,000 links to pages of Amazon review sellers, PayPal account details (required to send the money in the last stage of the scam), email addresses and so-called “fan names” — presumably to provide the veneer of legitimacy for any business lacking in such.
Supposedly based in China, the network would send lists to their buyers of products they wanted a five-star review for. The users would obediently write up the review upon buying the product, allowing them to keep the product in the bargain. After leaving a five-star review, they would message the vendor with a link to their review via PayPal — notably not the payment processor they had initially used to purchase the item in the first place. Instead, the user would receive a “refund” via PayPal, being made whole for the cost of the product they initially bought.
In some cases the process was more complex, SafetyDetectives observed, claiming any “third party” in question could be operating as a middleman between the vendors and the receivers, “reaching out” to potential reviewers and potential buyers alike.
The identities of those responsible for the fake network have not yet been discovered. When it was first found in March and secured later that month, researchers believed it was based in China, given the fact that users communicated largely in Chinese over the ElasticSearch platform, but this was not confirmed. Should that be the case, Chinese fraudsters could be whacked with a fine as high as $7.6 million (5% of the company’s profits from the previous year).
Fraudsters conscious of their malfeasance could be hit with punishments as high as $100 million if Americans were victimized, while Europe’s GDPR privacy law could target the business in question with fines of 20 million euros. Europeans would in turn be protected by the GDPR euros against the database’s owner for mishandling their data.
While it can be difficult sometimes to distinguish between a new Amazon seller and a con artist luring in partners for their scam, SafetyDetectives argued that the latter could be filtered out by merely analyzing the reviews on Amazon. Most would be identical or similar but would often include a description suggesting the business had been around for some time – while the Amazon clone would only include very new profiles, perhaps hoping no one would notice. (RT)
Whatsapp xəttimiz - 070 224 40 25