KEY POINTS

  • Amazon independent vendors offer free product for fake ratings
  • Customers receive their money back and also get to keep items for free
  • Not all fake reviewers were aware that they are doing things illegally

An unsecured database has just exposed a large-scale Amazon fake product review scam that implicates independent Amazon vendors and users in unethical and illegal behavior. The database containing information from scammers revealed a breach.

In a blog post on May 6, Safety Detectives revealed an unsecured ElasticSearch database that exposed 13 million records of organized fake review scams.

The server contained 7G of data, including direct conversations between Amazon independent vendors and customers involved in the massive product review scam. The total of 13,124,962 records involved almost 200,000 to 250,000 Amazon account profiles, Gmail addresses, usernames, PayPal account details, and some real names.

The breached ElasticSearch database exposed how some sellers try to gain a marketing edge by generating fake reviews of their products. They asked individuals to leave a positive review of a product in exchange for free items.

Safety Detectives discovered the unsecured server on March 1. The cybersecurity team put the database under surveillance for a few days before completely locking it down on March 6 to make it inaccessible by any outside party.

Reports say that the breached database owner is still unknown, although the physical location of the unsecured server appears to be in China due to some of the messages written in Chinese. The data relates to people based in the U.S. and Europe, ZDNet reported.

The database shows that the independent vendors send their targeted customers a list of products for positive reviews. The customers then buy the product using their Amazon profile and leave a five-star rating. Later, these customers send the vendor their PayPal details and a link to their Amazon profile showing a glowing review. The vendor later transfers the refund to the customer’s PayPal account. Not only this, but these people also get to keep the items they bought, for free, Computer Weekly reported.

The refund is done outside the Amazon platform to avoid any suspicion from Amazon moderators. Such activities evade detection as the fraudulent businesses provide their fake reviewers with a step-by-step guide to follow. Through their provided criteria, the fake review looks legitimate.

Meanwhile, Safety Detectives said that not all fake reviewers knew that what they were doing was wrong. Fraudulent businesses make their persuasion appear legitimate by using professional languages. They use the phrases “testing” and “free product trials” to procure their unsuspecting targets.

amazon An Amazon logo is pictured. Photo: AFP / INA FASSBENDER