Categories: AccidentallyScammers

Scammers accidentally reveal fake Amazon review data

More than 13 million records relating to an organised fake review scam have been found on an unsecured ElasticSearch database, implicating hundreds of thousands of people in unethical behaviour


Published: 06 May 2021 15: 57

An opsec-illiterate scammer has accidentally exposed more than 13 million data records via an open ElasticSearch database, relating to a large-scale fake review scam implicating independent Amazon vendors and users in unethical and illegal behaviour.

The data, which totals 7GB and relates to more than 200,000 individuals, was discovered by researchers working on behalf of antivirus specialists SafetyDetectives, who found found the server on 1 March 2021 and monitored its status over the next few days – it was locked down on 6 March. The unsecured server appears to be physically located in China but the data relates to individuals in both Europe and the US.

“We were unable to identify the owner of the ElasticSearch server,” the team said. “As a result, we could not notify the company in question regarding this security issue.

“Given the extent of the records and vendors included in the database, it’s possible that the server is not owned by the Amazon vendors running the scam. The server could be owned by a third party that reaches out to potential reviewers on behalf of the vendors. Third parties might post a picture of the product in a Facebook or WeChat group, asking for reviews in return for free products.

“The server could also be owned by a large company with several subsidiaries, which would explain the presence of multiple vendors.

“What is clear is that whoever owns the server could be subject to punishments from consumer protection laws, and whoever is paying for these fake reviews may face sanctions for breaking Amazon’s terms of service.”

The process of procuring fake reviews on Amazon that was exposed in the leak works as follows. The vendors send to people who are prepared to leave fake reviews a list of products for which they would like a five-star review on Amazon. These people then buy the products and leave the review, at which point they send a message to the vendor containing a link to their Amazon profile and, crucially to the scam, their PayPal details for a “refund”. They get to keep the product they bought.

By actioning the refund process through PayPal, said SafetyDetectives, the process makes the review appear legitimate, and avoids arousing attention from Amazon’s moderators.

The data relating to the vendors included contact details, email addresses, and telephone numbers linked to WhatsApp and Telegram accounts used to communicate with reviewers. The data related to the fraudulent reviewers included multiple items of personally identifiable information (PII) including 75,000 links to their Amazon accounts and profiles, PayPal account details, 232,664 Gmail addresses, and usernames – many of which contained real names.

As the activity is against Amazon’s terms of use – and is unlawful – it is unlikely that any of the victims will have any form of official recourse. However, some of them may have been inadvertently tricked into taking part in the scam, said SafetyDetectives.

“Although a lot of people providing fake reviews likely know what they’re doing, we must also highlight how vendors don’t advertise that fake reviews are illegal,” the team said. “Unassuming people may have been targeted by Amazon vendors with the offer of free products in return for a review. Vendors use ‘professional’ language to present the offer as legitimate trade, utilising phrases like ‘testing’ and ‘free product trials’ when they message prospective reviewers. This is certainly the case in the database we detected.

“Without knowledge of marketing law, Amazon terms of service or the wider impact that fake reviews can have, some individuals may think nothing of collaborating with an Amazon vendor to conduct a fake review.

“When considering those who are implicated in this breach, and the impacts they could face because of this exposure, we should be mindful that some of these reviewers have been misled themselves.”

The vendors involved can be sanctioned in a number of ways, usually by having their Amazon accounts terminated permanently, and pending earnings withheld by Amazon. The reviews themselves will be removed from any product page found to contain t

Read More

News Bot

Published by
News Bot

Recent Posts

5 ways Microsoft Edge is better than Chrome

No, seriously, Microsoft's web browser just keeps getting better. Today's Best Tech Deals Picked by…

25 mins ago

Walmart Onn Streaming Stick and Device reviews: Surprisingly great budget streamers

Walmart's cheap streamers should make Roku and Amazon sweat. Jared Newman / IDG Today's Best…

25 mins ago

X-Sense S21 Outdoor Security Camera review: Outstanding quality for a low price

This unassuming video camera is packed with features, including an LED spotlight for color night…

25 mins ago

The best pre-built PCs with AMD’s Ryzen 5300G, 5600G, or 5700G APUs

Beat the graphics card crunch with one of these pre-built PCs powered by AMD’s 5000-series…

25 mins ago

The best robot vacuum and mop combo is Narwal’s T10, and it’s $100 off at Amazon

If you purchase an independently reviewed product or service through a link on our website,…

27 mins ago

Android 12: Everything there is to know about Google’s next mobile OS

Android 12 is well and truly on the way. The world’s most-used operating system was…

27 mins ago