Web program creates fake receipts, targeting retailers during the height of holiday shopping season

December 9, 2010

2 Min Read


Clearwater, FL – December 8, 2010 – GFI Software, a leading IT solutions provider for small and medium-sized enterprises, today announced that it has discovered a hacking program which cyber thieves are using to create fake receipts for items sold through Amazon.com and its merchant partners, in an attempt to report lost orders for refunds or new products. GFI Software has alerted Amazon.com to the deceptive program.

“The free program available online allows scammers to create an HTML ‘receipt’ for phantom Amazon.com purchases. By capturing a screenshot of the fake receipt, these cyber criminals are able to email unsuspecting sellers claiming they are missing items. This type of fraud, perpetrated en masse, could result in massive losses for retailers, especially during the holiday shopping season,” said Christopher Boyd, senior threat researcher, GFI Software.

GFI notes that there are some clues as to whether a submitted receipt is fake. First, not only will the merchant itself not have a record of the purchase, but Amazon should be able to confirm that no purchase was ever made. Also, merchants should check the orange order number at the top of the receipt because those are randomly selected from a set of looping numbers every time the scammer clicks on the “Order Number” button. The seller or Amazon should be able to verify whether it is a valid order number. Finally, the program seems to add random digits on the “Visa: payment method” section in payment information, which warrants further investigation.

“Many of the items in the fake printout are convincing as a whole, but once you start digging into the details a little bit, it quickly falls apart. If a ‘customer’ seems a little peculiar, ensure you take a good look at their receipt,” warned Boyd.

Mr. Boyd is available to comment on GFI’s discovery of the fraudulent program targeting Amazon.com and its merchant partners and a blog post detailing the scam can be viewed here: http://sunbeltblog.blogspot.com/2010/12/taking-look-at-fake-amazon-receipt.html About GFI

GFI Software provides web and mail security, archiving and fax, networking and security software and hosted IT solutions for small to medium-sized enterprises (SME) via an extensive global partner community. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of both delivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on the unique requirements of SMEs, GFI satisfies the IT needs of organizations on a global scale. The company has offices in the United States, UK, Austria, Australia, Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installations worldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also a Microsoft Gold Certified Partner.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights