Investigation: Portrait Of An Amazon Phishing Scam

amazon phishing scam seller scam phishing

It looked like just a typical Amazon seller account. It wasn’t. Here’s security pro Lee Munson’s deep dive into the dark world of Amazon phishing scams …

aNewDomainLee Munson Amazon phishing scam — When you hit up an independent Amazon seller to get a better deal on what you’re looking for, you probably never pause to wonder if that Amazon seller is really an Amazon scammer.

That’s what they’re counting on.

Amazon phishing scam accounts don’t look any different from all the other ones. But they do one thing legitimate sellers never will: They try to talk you into paying them outside the Amazon system. That’s a simple trick that lets them make off with your credit card data while leaving you precious little recourse to get any kind of renumeration from Amazon.

Amazon strictly prohibits buyers and sellers from going outside its messaging and purchasing systems. And you shouldn’t. It isn’t safe. But let’s say you did. When you click that link the seller sends you, which it claims is a “secure payment” link, it’s already happened.

And sooner or later you’ll figure it out: You’ve been phished.

My team ran an investigation of Amazon phishing scams this week for the security site Comparitech. We found plenty of bogus Amazon sellers who seem to be having no trouble luring shoppers with some unbeatable deals.

Here’s how they’re doing it, and you can keep them from doing it to you.

ScElegance Electronics: A case study 

To illustrate how Amazon phishing scams tend to look and work, we took our chances with an independent Amazon seller called ScElegance UK or, sometimes, ScElegance Electronics.

This seller, which described itself as a supplier of high-end electronics, was in fact offering a great deal: A 55-inch LG OLED TV in “used/like new” condition for a mere £1,318. Reality check: A new one is selling now for £2,200 on the official Amazon.co.uk site.

Was it a phishing scam? Only one way to find out.

We made the purchase. We added that bargain OLED TV to our shopping basket and got ready to checkout.

Here’s what happened next.

amazon phishing scam scams comparitech anewdomain lee munson

So we checked out; we made the purchase. Strangely, we immediately received an error message implying that Amazon had a problem with the order.

investigation amazon phishing scam report anewdomain

Now, for errors like this one, Amazon recommends changing the delivery address or seeing if the item is available from another seller.

But ScElegance sells the TV at the lowest price available among sellers at Amazon — and by a wide margin. So that’s not likely to happen.

And look at this. As you can see, ScElegance lists an email for delivery and order details. If you contact it through Amazon’s in-house messaging system, you get that same email:

“NEW!!! ALL Details about Delivery and Orders- Write to us: sales(@)scelegance.co.uk”

amazon phishing scam seller scam lee munson comparitech anewdomain

We contacted ScElegance via email to ask why the TV was so cheap, whether there was anything wrong with it and whether it comes with a guarantee.

amazon seller scam lee munson anewdomain

The TV is brand new, answered an ScElegance rep in an email. Its “Special Price,” he said, was due to “stock liquidation.”

amazon seller scam

We asked if we could reserve one then.

amazon seller scam 3

So far, so good … reservation accomplished.

amazon sales scam amazon seller scam comparitech lee munson gina smith

And just after 2 p.m. the same day, which was Wednesday. Jan. 4, 2017, we received notice that “the order was placed”

amazon seller scam

That’s when things went sideways.

A final invoice from the Sc-Elegance Electronics arrived in our email box.

At first glance, it appeared to be from Amazon, but look closely and you’ll see that isn’t right.

The Amazon email address it uses is: auto-confirm@amazon-payments-support.co.uk.

But that’s not right. That is, it’s not a real Amazon address. It looks real because it substitutes Amazon’s real email address as the username: “auto-confirm@amazon.co.uk”

And notice the email sender is now requesting a direct bank transfer to someone named Darva Arron.

screen-shot-2017-01-05-at-12-15-53-pm

I enlarged this last part, which was in faded, fine print at the very bottom of the above message …
screen-shot-2017-01-05-at-12-16-11-pm

And ScElegance UK used a fresh seller account with the “Just Launched” status.

So, despite having no seller feedback, the products themselves end up with multiple positive reviews left by customers who purchased identical items — only from legitimate sellers.

And it turned out the Amazon sea is full of lots and lots of phishing scans, pardon the pun.

We found lots of complaints about fraudulent merchants — including some directed at ScElegance in particular. These date back all the way to Nov. 15, 2016. We had no trouble finding them.

They were on Amazon’s own forums.

Nevertheless, Amazon didn’t do anything about the fraudulent ScElegance seller until after we contacted them, which was yesterday. At first the seller account remained, though its products were no longer listed as for sale.

Finally, after we provided Amazon with all the email records and communications you’ve seen so far in this post, Amazon seems to have shut things down altogether. That’s a good thing. But it points to a real problem you need to be aware of: Just because a fraudulent seller site has received complaints doesn’t automatically mean Amazon immediately downrates or gets rid of it.

We also noticed something else worth noting: Look at the discussion boards, and you’ll find messages from Amazon sellers who claim their seller accounts were hacked. We checked those account names and those “hacked accounts” seem now to be phishing scam seller sites, too.

Think about that for a moment. If the reports we read were true, that means these phishing accounts were legitimate ones before they were hacked.

In that case, any positive feedback ratings they would’ve earned would still be there — even as they are ripping people off. The best way to protect yourself from phishing scams, it seems, has nothing to do with ratings and histories and so on. The best way is still to ward off all too goot to be true deals.

And here’s yet another version of the same scam: In this one, victims were told to buy (worthless) gift cards in lieu of a bank transfer. We’ve seen Amazon-related email scams by independent sellers in the past, but these fraudsters have been so bold as to to try to use real merchant accounts on Amazon.

That’s shameless, but clever.

As January is a popular time of year for shoppers to find bargains, it’s a great time to sharpen your scam-spotting radar. And by all means, run away from deals that seem just too good to resist. In other words, it’s perfectly fine, these days, to look a gift horse directly in the mouth.

There is, simply, no other way to look at it.

We contacted Amazon to get an on-the-record comment on the facts in this story. Here is what it provided the Comparitech investigative team earlier today. US-based aNewDomain staffers contacted them a second time several hours later, they got the same message.

Here it is: 

“Amazon.co.uk Marketplace is safe, secure and guaranteed. Payment within the Amazon.co.uk site is the only authorised and recognised form of payment for items sold by Sellers on Amazon.co.uk. Every customer who orders on Amazon.co.uk is covered by our A-to-z guarantee; however items paid for outside of the Amazon.co.uk Marketplace aren’t eligible for protection.

We advise customers never to pay for a Marketplace item outside of the Amazon.co.uk site and for the security of our customers, all communication for Marketplace items between the Seller and buyer should be conducted solely through the Amazon.co.uk site. If a customer is contacted by a Seller requesting payment via another method, we ask that they report it to us.

Should an unauthorised person have gained access to a Seller’s account as a result of receiving account information outside of Amazon, we’ll take appropriate measures immediately to protect the customer and seller.

For more information about Amazon Marketplace and our A-to-Z Guarantee please visit: http://www.amazon.co.uk/gp/help/customer/display.html/ref=help_search_1-8?ie=UTF8&nodeId=3149521&qid=1451393389&sr=1-8.

For more information about Safe Online Shopping please visit: www.amazon.co.uk/security.”

For aNewDomain, I’m Lee Munson.

About the author

Lee Munson

Based in London, Lee Munson is a security analyst for Comparitech. A regular contributor to the Sophos’ Naked Security blog, he also serves Brian Honan’s BH Consulting as its social media director. Lee is also the proud winner of the Best UK Security Blog and Best European Security Blog at the 2015 European Security Blogger Awards. Follow him @Security_FAQs

1 Comment

  • I Basically think we all don’t have to face all these deceit and lies from our spouse. in a case of mine wen i got sick and tired of all the lies and deceit i had to contact a friend of mine to get me the contact of one of the best hackers in the states ..then i met accesshacking@gmail.com .He saved me from the lies of my cheating wife by hacking her phone..Incase you need help with hacking any phone or account or other jobs..Tell him i reffered you.He will help you.