A team at cybersecurity company SafetyDetectives found a China-based Elastisearch server containing direct messages between Amazon vendors and customers running fake review schemes for free products. The details of the scheme were exposed in a data breach that revealed more than 13 million records, including email addresses as well as WhatsApp and Telegram phone numbers of vendor contracts.
It also contained email addresses, names, PayPal account details and Amazon account profiles of reviewers, impacting around 200,000 to 250,000 people.
The SafetyDetectives team discovered the database on March 1, although it was only secured later that month. The team was unable to track down the owner of the database, though the team suspects that it wasn't owned by the vendors running the scam.
"Given the extent of the records and vendors included in the database, it's possible that the server is not owned by the Amazon vendors running the scam. The server could be owned by a third party that reaches out to potential reviewers on behalf of the vendors," the team said.
The team did find the procedures by which the vendors could procure fake reviews for their products. (Related: INVESTIGATION: Amazon.com a marketplace of FRAUD.)
It starts with Amazon vendors sending lists of products to reviewers that they wish to receive a five-star review for. The reviewers then buy the item and provide a "review," usually with a five-star rating, for the product on the site.
Once they've bought and reviewed the item, the reviewers then send a message back to the vendors that contains a link to their Amazon profile and PayPal details. The vendors then send the reviewers a "refund" and even an extra case reward in some cases. The reviewers also keep the products they "reviewed."
The data also showed how vendors could avoid Amazon's moderation program. This includes running all communication outside Amazon, often using WhatsApp and Signal platforms, and using PayPal for payments.
It also showed how, in many cases, the vendors would reach out to customers directly to ask if they would like to join "reviewer rewards programs."
"Unassuming people may have been targeted by Amazon vendors with the offer of free products in return for a review," stated the report. "Vendors use 'professional' language to present the offer as legitimate trade, utilizing phrases like 'testing' and 'free product trials' when they message prospective reviewers. This is certainly the case in the database we detected."
The owner of the server, while still unknown, may face punishments in accordance with the consumer protection laws.
In addition, the vendors that paid for the fake reviews could face sanctions from Amazon for breaking the company's terms-of-service. While the SafetyDetectives report did not name any specific vendors, a number of vendors have seemingly been punished.
Products from popular companies such as Aukey, Tomtop and Mpow have been completely removed from Amazon as of Monday, May 10. This implies that they were among the vendors implicated in the scheme.
Fake reviews have been a long-standing problem for Amazon. While the company is aware of the problem, it has become increasingly difficult to detect them. As the SecurityDetectives report demonstrates, a cottage industry has developed around it with companies providing vendors ways to get convincingly real-looking reviews.
For more news on Amazon and other big tech companies, follow TechGiants.news.