A new online scam has been discovered that targets retailers selling through Amazon’s marketplace with a fake receipt generator program.
“This is a particularly interesting scam, as it doesn’t target regular PC users – it targets the people who sell you things, such as the merchants on the Amazon marketplace,” said GFI Software's senior threat researcher Christopher Boyd on Net-Security.org.
Users of the fake receipt generator can fill in information such as the item name, price and the date of the order and also allows selecting which Amazon domain to use, including .com and .co.uk. The program then generates a HTML file which Boyd said was “a pretty good facsimile of a genuine Amazon receipt.”
“Many sellers on Amazon will ask you to send them a copy of your receipt should you run into trouble, have orders go missing, lose your license key for a piece of software and so on,” said Boyd.
The scam relies on the fact that the seller will not check the details and accept the receipt at face value. Retailers particularly busy during the Christmas season may be especially vulnerable to the social engineering scam.
“Some things to note for the wary seller: not only will you not have a record of these people buying your products, you should be able to confirm with Amazon that no purchase was ever made,” said Boyd.
“Check the orange order number at the top, because those are randomly selected from a set of looping numbers every time the scammer clicks on the “Order Number” button – again, something either the seller or Amazon should be able to check.”