Discover a network of fake product reviews through an open database

Estafa online

Researchers at the cybersecurity firm Safety Detectives have just shared that they recently found an unsupported database, without passwords or encryption, which highlights the dreaded existence of an organized network for the creation of fake reviews on e-commerce platforms, affecting even Amazon itself, and whose procedure makes it seem completely legitimate reviews to those responsible for reviewing them.

Basically, participants also used non-platform mechanisms such as Amazon, especially for communication and payments, based on data found in the unprotected database, consisting of more than 13 million records, equivalent to 7GB of data, found on the Elasticsearch server.

These records belong to both reviewers and item suppliers, affecting an estimated 200,000 to 250,000 users, according to the, directly and indirectly, identifiable personal data found therein, including full names, email addresses, PayPal addresses, links to Amazon profiles, and even phone numbers for communication by WhatsApp and Telegram, and more.

Seeking to look like legitimate reviews to moderators

The operand modes consist of the creators of fake reviews receiving from item providers a list of items to choose the one on which they want to create the review, subsequently making the purchase of the chosen item, and once they receive the item at home, within a few days, they make a false review, offering a five-star rating.

The network's own providers urged patch creators to wait a few days after receiving the articles to give more veracity to the reviews themselves, even instructing them to make reviews much longer than usual.

How Does Facebook Measure Fake Accounts? - About Facebook

Once fake review creators post their reviews, they get to contact vendors by telling them a web address with the link to their Amazon profiles and their PayPal addresses so that item providers verify that the reviews have been made, always with a five-star rating, subsequently refunding the amount via PayPal, although in some cases they have been able to offer something else.

In practice, it's getting the desired items for free in exchange for fake reviews with a five-star rating.

At this point, it should be recalled that Amazon does not use PayPal as a payment system, and this procedure makes it seem, a priori, as a legitimate review of a purchase made. Researchers do not know who owns the database, so they were unable to make timely notifications.

Still, five days after the discovery of the database, that is, on March 1, 2021, the server itself protected it, making it inaccessible to third parties. Researchers believe that the database may not belong to the suppliers of articles that are part of the fake review network, but rather to a third party that contacts reviews on behalf of suppliers, or even a large company with several subsidiaries.

More information: SafetyDetectives

Post a Comment