A new scam has been circulating the internet lately that aims to swindle Amazon sellers by generating fake receipts. Amazon Receipt Generator, an executable file, has been making the rounds on hacking forums for the last few months.
The program allows scammers to input an array of fake information and in turn spits out an HTML file that looks strikingly similar to an actual Amazon receipt. Upon generating the forged receipts, scammers have to get in contact with a seller, present the receipt, cry foul and hope the sellers fail to check twice. While there are subtle differences to the receipt, the program relies mostly on a mode of social engineering to accomplish its scam.
These kind of hacks, those that focus on people rather than machines are slowly beginning to gain ground over those using technology. At a presentation at this year’s SOURCE Conference, Lenny Zeltser of the SANS Institute warned “the outsider is now on the inside,” when it comes to social engineering attack techniques.
At this year’s DEFCON Conference, a social engineering contest revealed that enterprises like Cisco, Microsoft and Google would have failed an audit that tested their ability to defend against social engineering attacks.