Want CNET to notify you of price drops and the latest stories?

Cybercrooks create fake Amazon receipts

A new hacking program lets cybercriminals generate phony receipts for Amazon goods, which they're using to get refunds for items that they claim were lost in the mail.

Lance Whitney Contributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
Lance Whitney

The bad guys have created yet another online scam, this one involving fake Amazon receipts.

Targeting Amazon and its retail partners, cybercriminals are using a phony Amazon receipt generator to print bogus receipts, and then are asking for refunds from the retailer, claiming that the items they ordered were never received.

Reportedly discovered by security vendor GFI Software, this scam comes at an especially bad time, as online retailers are dealing with the onslaught of the holiday season.

"The free program available online allows scammers to create an HTML 'receipt' for phantom Amazon.com purchases," Christopher Boyd, senior threat researcher for GFI Software, said in a statement. "By capturing a screenshot of the fake receipt, these cybercriminals are able to e-mail unsuspecting sellers claiming they are missing items. This type of fraud, perpetrated en masse, could result in massive losses for retailers, especially during the holiday shopping season."

At first glance, the receipts are fairly convincing, according to Boyd. But upon closer inspection, some of the details are off. As a result, GFI advises online retailers to check their own records if they come across a receipt that doesn't look right. Retailers can also confirm with Amazon whether the purchase listed in the receipt was actually made.

GFI said it has passed along the information and the receipt generator program to Amazon.