Amazon retailers are being targeted by fraudsters who have created a custom-built a program that generates fakes receipts for nonexistent orders, according to researchers from GFI Software.
The program is designed to create a customized HTML file that closely resembles an actual Amazon.com receipt, wrote Christopher Boyd, senior threat researcher, on GFI's blog.
A fraudster can fill out the date, item, price, order number and address among other information. Users also have the option of selecting specific Amazon portals, including ".com," ".co.uk," ".fr" and ".ca."
When the "generate" button is clicked, a file is placed in the computer's program folder which is nearly identical to the "printable order summary" on a legitimate receipt, Boyd wrote.
The scam relies entirely on social engineering, with the fraudster hoping a vendor will be tricked into thinking a product was sold.
"The gag here is that the scammer is relying on the seller not checking the details and accepting the printout at face value," Boyd wrote. "After all, how many sellers would be aware somebody went to the trouble of creating a fake receipt generator in the first place?"
Retailers can protect themselves by checking their own sales records. Amazon.com will also be able to confirm whether a real sale has taken place, Boyd wrote.
Nonetheless, others interested in defrauding Amazon.com retailers have created derivatives of the program. Boyd included a screen shot that shows an imitation of the original receipt generator.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.