Cyber criminals are using a hacking program to create fake receipts for items sold through Amazon.com and its retail partners, in an effort to receive refunds or new products, according to security firm GFI Software.
“The free program available online allows scammers to create an HTML ‘receipt’ for phantom Amazon.com purchases,” said Christopher Boyd, senior threat researcher, GFI Software.
“By capturing a screenshot of the fake receipt, these cyber criminals are able to email unsuspecting sellers claiming they are missing items. This type of fraud, perpetrated en masse, could result in massive losses for retailers, especially during the holiday shopping season.”
GFI says there are some indications that a receipt is fake. The merchant will not have a record of the purchase, but Amazon should be able to confirm that no purchase was ever made. Merchants should check the orange order number at the top of the receipt because those are randomly selected from a set of looping numbers every time the scammer clicks on the “Order Number” button. The seller or Amazon should be able to verify whether it is a valid order number. Finally, the program seems to add random digits on the “Visa: payment method” section in payment information, which warrants further investigation.
“Many of the items in the fake printout are convincing as a whole, but once you start digging into the details a little bit, it quickly falls apart. If a ‘customer’ seems a little peculiar, ensure you take a good look at their receipt,” warned Boyd.