Published: June 14, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
Yet another data security incident involving an ElasticSearch database happened earlier this year. More than 13 million records were made public without any encryption or password protection. But the real news here is how this data breach exposed a database used for fake reviews of products sold on Amazon. The data from over 200,000 Amazon users was compromised, including that of the vendors and reviewers involved in the scam. Security researchers from SafetyDetectives first discovered the database and it’s currently unknown who’s behind the product review scam.
One thing we learned from this finding is that fake review scams do exist and how this one using Amazon products worked. Seven gigabytes of personal data were made public in the data breach, including PayPal user email accounts and other email addresses, more than 75,000 links to Amazon accounts and profiles, and account usernames or “fan names.”
How the Fake Review Scam Worked
To get five-star reviews for their products, we learned that vendors gave refunds to product reviewers for the items they purchased and fake-reviewed on Amazon. Scam reviewers were allowed to keep the products they pushed even though they were refunded. These and other perks provided the incentive for a user to make bogus, glowing reviews for the products and also provide negative reviews for its competitors. It’s important to remember that some reviewers have been misled and could ultimately become victims of the scam themselves.
When the review from the provider is completed, the reviewer sends a message to the vendor, alerting them that it’s completed. The message also includes the reviewer’s PayPal account details and a link to their Amazon profile. That’s information no one should give out, especially in a text message.
PayPal was used to facilitate the review providers “refund” as payment for their bogus review, potentially including additional cash payments. Using PayPal for this scam avoids going through Amazon’s platform and eludes suspicion from Amazon moderators. The scam appears legitimate and goes unquestioned, that is until this latest ElasticSearch data breach. As more findings about this fake review scam come to light, more details will be made public.
SCAM ALERT – If a vendor requests your financial account number to process a refund or credit, it’s a scammer red flag. The vendor already has your payment information from your purchase and should use it for processing.
Identify Fake Reviews
Here is some great information offered by SafetyDetectives to spot fake reviews:
Be skeptical of extreme reviews. The ‘perfect’ product rarely exists. If a product has a ton of overbearingly positive reviews (especially when compared to similar products), you should question the legitimacy of those reviews. You should also look out for reviews that are 100% positive or 100% negative.
Look for suspicious language. Fake reviews often use less emotional language, and they can be hard to read. A fake review may even read like an advert, badmouthing the product’s competitors in the process.
Look for generic statements about the product. Several of the five-star reviews may highlight the same plus points, or the reviews could generally lack variance – not revealing anything about each individual’s specific experience. Fake reviews might contain lots of generic keywords, too, or reference the brand’s name multiple times.
Fake reviews can be shorter. If a review is just a few words long, the reviewer might be trying to affect the product’s star rating as quickly as possible.
Be extra-vigilant when buying from unknown brands. Early start-ups often try to elevate their status with fake reviews. Check for reviews of their products on other sites before buying, and make sure they have legitimate contact details should anything go wrong.
Check for irrelevant information. ‘Review merging’ is commonplace for guilty vendors, who republish reviews from other products onto their own. Fake reviews could contain other examples of false information, too. Make sure any feedback makes sense for the product it’s supposedly reviewing.
Cross-examine five-star reviews with bad ones. Bad reviews might consistently highlight issues that fake five-star reviews don’t acknowledge. Fake reviews may even say this characteristic of the product is a positive.
Check the reviewer’s account. If they have left positive reviews on loads of the same vendor’s products, they could be fake, and the same can be said if they are leaving negative reviews. If their account lacks personal information and their buying habits are random, that’s another sign of a fake reviewer.
Check for patterns. A negative review could be followed by a cluster of fake five-star reviews. Also, a number of the reviews might sound similar, or a fake reviewer might post similar reviews on multiple products.
Check the dates of reviews. If a product’s five-star reviews have been posted before the product was listed, or over a short time-span, they could well be fake.
Use software. There are loads of good online tools that will analyze a product’s reviews and tell you if they seem fake. Use them!
You can report a fake review whenever you have your suspicions. Most online marketplaces have a symbol of a flag or an exclamation mark next to each comment. On Amazon, there is a ‘report’ button. Clicking this will take you through the referral process.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org