Amazon Review Scam Uncovered in Exposure Reminds Us That Anyone Can Fall Victim to a Compromise

• A data exposure revealed an Amazon review scam. Messages were found between Amazon vendors and customers willing to provide fake Amazon reviews for free products. 
• According to Safety Detectives, the database contained over 13 million records and 200,000-250,000 affected users. The information exposed included full names, emails, usernames, PayPal addresses and links to Amazon profiles. 
• Vendors and customers who had their information exposed should keep an eye out for phishing emails, as well as their Amazon or PayPal accounts being accessed by scammers. 
• The data exposure is a great reminder that no one is immune from falling victim to a data compromise. Whether it is a consumer or a scammer, anyone can fall victim to these crimes and should practice good cyber-hygiene habits to reduce their risk. 
• For more information, contact the Identity Theft Resource Center toll-free by phone (888.400.5530) or live-chat. Visit www.idtheftcenter.org to get started.  

A recent data exposure of an ElasticSearch database divulged an elaborate Amazon review scam. According to Safety Detectives, the database, which contained over 13 million records and anywhere from 200,000 to 250,000 affected users, had direct messages between Amazon vendors and customers willing to provide fake Amazon reviews in exchange for free products. Now, people who were ready to get paid to leave fake reviews have had their data and messages exposed, leaving them vulnerable to a rise in phishing emails and having some of their accounts accessed. 

What Happened & What Was Exposed 

The Safety Detectives research team says the server was left open without any password protection or encryption. The personal data of people providing fake Amazon reviews, as well as Amazon vendors, could be found in leaked messages on the database. The information exposed in the data incident included full names, emails, usernames, PayPal addresses, links to Amazon profiles and more.  

Data Exposure Reveals Amazon Review Scam 

The information found in the recent exposure shines a light on a detailed Amazon review scam, where Amazon vendors send reviewers a list of items or products for which they would like a five-star review. The one’s providing the “fake reviews” then buy the products, leaving a five-star review on Amazon a few days after receiving their merchandise. Once the review is complete, the provider of the fake Amazon review sends a message to the vendor that contains a link to their Amazon profile, along with their PayPal details. 

Safety Detectives researchers say once the Amazon vendor confirms all reviews have been completed, the reviewer receives a refund through PayPal, keeping the items they bought for free as a form of payment. The refund for any purchased goods happens through PayPal and not directly through Amazon’s platform, making the five-star review look legitimate. 

Potential Impact for Those Affected   

Customers and Amazon vendors that were a part of the Amazon review scam who had their information exposed could see an increase in phishing emails. A hacker only needs someone’s email address to target them with a phishing attack. Also, depending on the password use of the people involved, there is the potential for Amazon or PayPal accounts to be accessed.  

Customers and Amazon vendors could face corporate and individual punishments for their fake Amazon reviews. ComputerWeekly.com adds that Amazon also retains the right to name the vendors involved and may pursue legal action against them in jurisdictions where paying people to leave fake reviews is illegal. The individual reviewers involved may also be legally prosecuted.  

No One is Immune from a Data Compromise 

Whether it is a cybercriminal or a regular consumer, no one is immune from being impacted by a data compromise. Anyone can fall victim, and it is why everyone should exercise good cyber-hygiene practices like unique passphrases, multifactor authentication on all accounts and use anti-virus software on their devices. It’s also a good idea for people to regularly check their accounts for suspicious activity. The more one that can protect themselves, the safer they will be if their information is exposed or fraudulently used.  

Contact the ITRC 

If you would like to learn more about the data exposure, or the Amazon review scam, check out the Identity Theft Resource Center’s (ITRC) resources online or contact the ITRC to speak with an expert advisor toll-free. You can call (888.400.5530) or live-chat. Just visit www.idtheftcenter.org to get started.