20
Feb 18

Money Laundering Via Author Impersonation on Amazon?

Patrick Reames had no idea why Amazon.com sent him a 1099 form saying he’d made almost $24,000 selling books via Createspace, the company’s on-demand publishing arm. That is, until he searched the site for his name and discovered someone has been using it to peddle a $555 book that’s full of nothing but gibberish.

The phony $555 book sold more than 60 times on Amazon using Patrick Reames’ name and Social Security number.

Reames is a credited author on Amazon by way of several commodity industry books, although none of them made anywhere near the amount Amazon is reporting to the Internal Revenue Service. Nor does he have a personal account with Createspace.

But that didn’t stop someone from publishing a “novel” under his name. That word is in quotations because the publication appears to be little more than computer-generated text, almost like the gibberish one might find in a spam email.

“Based on what I could see from the ‘sneak peak’ function, the book was nothing more than a computer generated ‘story’ with no structure, chapters or paragraphs — only lines of text with a carriage return after each sentence,” Reames said in an interview with KrebsOnSecurity.

The impersonator priced the book at $555 and it was posted to multiple Amazon sites in different countries. The book — which as been removed from most Amazon country pages as of a few days ago — is titled “Lower Days Ahead,” and was published on Oct 7, 2017.

Reames said he suspects someone has been buying the book using stolen credit and/or debit cards, and pocketing the 60 percent that Amazon gives to authors. At $555 a pop, it would only take approximately 70 sales over three months to rack up the earnings that Amazon said he made.

“This book is very unlikely to ever sell on its own, much less sell enough copies in 12 weeks to generate that level of revenue,” Reames said. “As such, I assume it was used for money laundering, in addition to tax fraud/evasion by using my Social Security number. Amazon refuses to issue a corrected 1099 or provide me with any information I can use to determine where or how they were remitting the royalties.”

Reames said the books he has sold on Amazon under his name were done through his publisher, not directly via a personal account (the royalties for those books accrue to his former employer) so he’d never given Amazon his Social Security number. But the fraudster evidently had, and that was apparently enough to convince Amazon that the imposter was him.

Reames said after learning of the impersonation, he got curious enough to start looking for other examples of author oddities on Amazon’s Createspace platform.

“I have reviewed numerous Createspace titles and its clear to me that there may be hundreds if not thousands of similar fraudulent books on their site,” Reames said. “These books contain no real content, only dozens of pages of gibberish or computer generated text.”

For example, searching Amazon for the name Vyacheslav Grzhibovskiy turns up dozens of Kindle “books” that appear to be similar gibberish works — most of which have the words “quadrillion,” “trillion” or a similar word in their titles. Some retail for just one or two dollars, while others are inexplicably priced between $220 and $320.

Some of the “books” for sale on Amazon attributed to a Vyacheslav Grzhibovskiy.

“Its not hard to imagine how these books could be used to launder money using stolen credit cards or facilitating transactions for illicit materials or funding of illegal activities,” Reames said. “I can not believe Amazon is unaware of this and is unwilling to intercede to stop it. I also believe they are not properly vetting their new accounts to limit tax fraud via stolen identities.”

Reames said Amazon refuses to send him a corrected 1099, or to discuss anything about the identity thief.

“They say all they can do at this point is send me a letter acknowledging than I’m disputing ever having received the funds, because they said they couldn’t prove I didn’t receive the funds. So I told them, ‘If you’re saying you can’t say whether I did receive the funds, tell me where they went?’ And they said, “Oh, no, we can’t do that.’ So I can’t clear myself and they won’t clear me.”

Amazon said in a statement that the security of customer accounts is one of its highest priorities.

“We have policies and security measures in place to help protect them. Whenever we become aware of actions like the ones you describe, we take steps to stop them. If you’re concerned about your account, please contact Amazon customer service immediately using the help section on our website.”

Beware, however, if you plan to contact Amazon customer support via phone. Performing a simple online search for Amazon customer support phone numbers can turn up some dubious and outright fraudulent results.

Earlier this month, KrebsOnSecurity heard from a fraud investigator for a mid-sized bank who’d recently had several customers who got suckered into scams after searching for the customer support line for Amazon. She said most of these customers were seeking to cancel an Amazon Prime membership after the trial period ended and they were charged a $99 fee.

The fraud investigator said her customers ended up calling fake Amazon support numbers, which were answered by people with a foreign accent who proceeded to request all manner of personal data, including bank account and credit card information. In short order, the customers’ accounts were used to set up new Amazon accounts as well as accounts at Coinbase.com, a service that facilitates the purchase of virtual currencies like Bitcoin.

This Web site does a good job documenting the dozens of phony Amazon customer support numbers that are hoodwinking unsuspecting customers. Amazingly, many of these numbers seem to be heavily promoted using Amazon’s own online customer support discussion forums, in addition to third-party sites like Facebook.com.

Interestingly, clicking on the Customer Help Forum link link from the Amazon Support Options and Contact Us page currently sends visitors to the page pictured below, which displays a “Sorry, We Couldn’t Find That Page” error. Perhaps the company is simply cleaning things up after being notified last week by KrebsOnSecurity about the bogus phone numbers being promoted on the forum.

In any case, it appears some of these fake Amazon support numbers are being pimped by a number dubious-looking e-books for sale on Amazon that are all about — you guessed it — how to contact Amazon customer support.

If you wish to contact Amazon by phone, the only numbers you should use are:

U.S. and Canada: 1-866-216-1072

International: 1-206-266-2992

Amazon’s main customer help page is here.

Update, 11:44 a.m. ET: Not sure when it happened exactly, but this notice says Amazon has closed its discussion boards.

Update, 4:02 p.m. ET: Amazon just shared the following statement, in addition to their statement released earlier urging people to visit a help page that didn’t exist (see above):

“Anyone who believes they’ve received an incorrect 1099 form or a 1099 form in error can contact us1099@amazon.com and we will investigate.”

“This is the general Amazon help page:”

https://www.amazon.com/gp/help/customer/display.html?ie=UTF8&nodeId=508510

Update 4:01 p.m ET: Reader zboot has some good stuff. What makes Amazon a great cashout method for cybercrooks as opposed to, say, bitcoin cashouts, is that funds can be deposited directly into a bank account. He writes:

“It’s not that the darkweb is too slow, it’s that you still need to cash out at the end. Amazon lets you go from stolen funds directly to a bank account. If you’ve set it up with stolen credentials, that process may be faster than getting money out of a bitcoin exchange which tend to limit fiat withdraws to accounts created with the amount of information they managed to steal.”

Tags: , , ,

109 comments

  1. darkweb payments? bitcoin is clearly too slow… use amazon!

    • It’s not that the darkweb is too slow, it’s that you still need to cash out at the end. Amazon lets you go from stolen funds directly to a bank account. If you’ve set it up with stolen credentials, that process may be faster than getting money out of a bitcoin exchange which tend to limit fiat withdraws to accounts created with the amount of information they managed to steal.

    • Next day delivery.

  2. I don’t know why Amazon makes its customer support number so hard to find. Maybe it’s because they’re essentially useless. I quit my prime membership because they said a package had been delivered, but it wasn’t. The next day it was–to someone else’s house. I don’t think the promise of “2-day delivery” is being substantially met anymore.

    • In Amazon’s defense about this, it is a known issue that since they started using the USPS as the ‘last mile’ delivery, complaints like this have skyrocketed. USPS marks the packages as delivered as soon as they hit the local post office in order to meet contract requirements with Amazon. They then deliver the package whenever it works out for them…next day or three is fine.

      • Don’t defend Amazon on this.

        The ontime delivery guarantee is between Amazon and the customer, not USPS and the customer. If Amazon’s subcontractor can’t get the job done, that’s Amazon’s job to remedy.

        Me, I’m the customer. If my package is late, then Amazon (not USPS) owes me.

        • Good luck getting Amazon to honor its commitment to you, the customer! They are Too Big To Care.

          • They are too big to care because they don’t get slammed with consumer lawsuits or criminal charges. Like the author in the article above, he needs to go after Amazon in a big way, IMHO. And like in the movie “Friday”, the only way you stop a bully from bullying is to knock them on their butts. If consumers and the government keep letting Amazon do things of this nature, it follows that they will continue to do so, and probably more brazenly in the future. On a side note, many spam emails and hacking attacks on SSH and web page logins come from Amazon Cloud servers. So I’m not surprised that money laundering is going on via Amazon…

            • I’ve seen multiple spam campaigns run from both EC2 and SES, and run for weeks before being shut down. AWS places very little stock in handling spam. They’re happy as long as you’re paying, but the moment that you have a complaint they become very quiet.

      • What are you, a Russian troll? Don’t blame the United States Post Office. They do a great job given how much money and man(woman)power has been taken away from them. I’ve never had any issues with any packages/letters sent by or sent to me in the many decades I’ve used them. Amazon is another matter. I have had innumerable issues with them, whether they were using UPS, DHL, USPS or drones.

        • Norio,
          The people in my small subdivision have had plenty of problems with the USPS delivering mail and parcels to the wrong address. By small I mean there is only ONE set of those stupid neighborhood mailboxes for the entire subdivision. We get mail for other people and other people get our mail. It even happens with packages. They put the package in one of the locked package bins and put the key in the wrong mail bin. It’s really bad when mail or a package key gets put in the mail bin for the guy who travels for a week or more at a time. Multiple calls to the local postmaster didn’t do it. We even put up notes on the mailbox indicating which column of mail boxes belong to which street. Things have gotten better recently, but it shouldn’t take 3+ years for the USPS delivery person to figure out how to do their job.

    • Ebay is more fair to sellers than Amazon. It seems it doesn’t matter if you mailed your item with tracking, if someone files an a-z claim you don’t get your money back, but the customer does, and they keep your product.

      Not to mention Amazon keeps your money for about 2-3 weeks before they send it to you. I switched to eBay because it is much quicker than using Amazon in moving funds to my account.

      If you are a seller starting out, I’d start on eBay first since they have way better seller support than Amazon does.

      • Yes, I’ve had to clarify with Amazon not to ‘reship’ an entire order from a third party seller and that I only needed them to correct the order because it was missing 6 items. (they’d included the wrong part a package of 4 instead of a package of 10)

        I think I said it no fewer than 4 times while on the phone with the rep. No refund. Don’t reship the entire order. Just resend the accidentally omitted ‘6 items’ and I’m good.

    • The reason it’s not readily available because Amazon has just 63 million Prime customers alone. Many people bring up questions that can be answered via a quick Google search. These people tie up the phone lines for legitimate problems that require more research and ruin it for the rest of the people.

    • Yes, useless.

      Here’s an example of uselessness. Amazon changed my seller account type. The changed policies and decided that my account needed to be a Merchant or some such, despite that I had sold only 1 or two things ever. The personal, amateur account type would no longer exist. Ok, whatever. I don’t click links in e-mails. I to straight to the site itself and log in there. The e-mail was real. Got it.

      Over 18 months later, I was starting classes, while working full time, among other things, and didn’t think much of it when they said I wasn’t selling enough for my account type and that I would need to change my type if I wanted to sell again. My account would be closed until I changed it to another account type that fit my actual lack of sales. Since they had changed it in the first place and they wanted me to change it back, it just sounded like stupid bureaucracy. So, they were closing my seller account but if I wanted to use it, I would just have to change the type.

      Sure. I wasn’t selling at the time, and severely pre-occupied with school, work, perpetual physical therapy (think: permanent injuries) and practical observations, so I decided I’d re-open eventually when I needed to list an item. It didn’t look like a fraudulent e-mail and I didn’t have time to investigate anything. Heck, for 6 months I barely had time to cook!

      Then comes the weirdness. 8 or 9 months later, I’m finished with school and practicals, etc, back to just working full time. I wanted to list some books, but couldn’t get Amazon’s site to let me fix my account. I went through the Amazon site found how to contact them.

      Here’s what’s useless. After having my account closed, I had basically 4 weeks only to make the changes on my end to undo the changes Amazon unilaterally made to my account. After that, my account would be closed irreparably. Really? I can’t use the same e-mail to open another seller account nor get my seller account re-opened after it lapsed. That’s their policy. So, how do I get a seller account? Their instructions are to GET ANOTHER NEW E-MAIL ADDRESS. I already juggle 4 e-mail addresses, and most people juggle more than that. Why is Amazon customer service so useless and disrespectful to their selling customers? Maybe because we are a competition to their sales, despite them getting a cut of our sales on their channel. To the point, telling your customers to get a new e-mail address rather than helping them fix an account is SOP for Amazon treating customers like trash. Their Customer Service really is useless.

    • It’s here for regular customers
      https://www.amazon.com/gp/help/customer/contact-us/
      and here for Amazon Smile:
      https://smile.amazon.com/gp/help/customer/contact-us/

      They hide the help button.

      Also, complain every single time USPS or a third party carrier screws up. I mean it.

      We’ve been a Prime customer since 1998 and we use Prime a lot. UPS never misses a date but Amazon’s in house delivery service and USPS has about a 10% loss/missed date rate.

      If you talk to someone via chat/email or phone, they’ll usually extend your Prime membership, immediately refund the item if lost/reship or find another way to satisfy you. They used to be a lot more liberal with their reship & return policies but scam artists ruined that for everyone.

      • We have had over 10 deliveries mishandled badly by USPS over the last 2 months, they are awful. UPS has been OK over all this time. Tell the Amazon vendors about any UPSP problems, tell them you don’t want to use USPS, let them pressure A to do smthg, and cc A.

    • So – They guarantee the 2nd day delivery, or your money back (on the free 2nd day shipping). Doh…

  3. I would guess Amazon will get this straightened out very soon. Bezos is not likely to tolerate Amazon being used like this, now that you have insured this issues goes straight to his ears. I will look for an annoucement in the Washington Post, owned by Bezos.

    • Maybe Jeff Bezos is “in” on the scam?

      • Sounds like Amazon gets a 40% cut of the fraudulent transactions. Pretty good reason to not look too deep into the problem.

        “Reames said he suspects someone has been buying the book using stolen credit and/or debit cards, and pocketing the 60 percent that Amazon gives to authors.”

        • Amazon won’t get to keep that cut. They would get hit with chargebacks and chargeback fees. You’re daft if you think Amazon would profit off of stolen credit cards.

          • They’re not necessarily using this just for stolen card transactions; as Brian’s title mentions, this is a great way to launder otherwise unusable funds.

            Sure, it costs 40% to do so, but the technique also carries none of the physical dangers or time constraints associated with other “more conventional” laundering schemes.

    • Bezos may have no choice.

      If any laundered funds are from anything related to human rights abuses, there’s a good chance all of Amazon may have its accounts frozen. I believe the enforcement applies to people, not companies, though, so I could be wrong.

      It stems from the Executive Order signed on Dec 20. The addendum to the Order names 13 people who are targeted, but the order does not apply to only those 13. If any funds flowing through Amazon come from human trafficking, the Feds will figure out what all they want to freeze until the problem is straightened out. That could include the personal accounts of board members, if Amazon has a board.

  4. Amazon is such a target because of their automation systems ( payment and returns) and the fact they dont use paypal. Perfect medium for such activities hoping to get ‘lost’ in the sea of everyday transactions.

  5. Yep clear as mud Kenneth 😉 but Amazon needs to sort this out quick, it reflects badly on them!

  6. If Amazon is getting a cut of each purchase, there’s no rush to fix it… until it’s a PR problem.

    • It looks like it just became a PR problem.

      Kudos to Krebs for making the world a better place, one investigation at a time.

  7. Last year – around September timeframe – I have noticed several high-dollar purchases made on many of our cardholders’ accounts at Createspace. At the time I did not even know what Createspace is! I blocked the accounts and blocked all transactions with Createspace – corporate-wide, all customers came back confirming the fraud, some of the amounts were as high as $40K!!! Thankfully we had chargeback rights and the merchant/processor paid us/our customers the money back!!! Now I know what happened! Thanks for sharing, Mr. Krebs!

  8. Agree with some of the comments.

    For one thing, Amazon is completely responsible for this fraud. Secondly, I’ve not had a problem returning faulty items and getting refunded. Prime membership so far has helped with getting our items in 2-days whether personal or company’s.

    This breach is serious. Am sure now that it’s on Krebs, it will get the attention it deserves and Mr. Reames will get his money back.

    Amazon being the giant it is, should not treat these incidents lightly, ever.

  9. Sounds like Amazon needs a lesson in identity proofing.

  10. Maybe this book would be a good candidate found on createspace as of this morning, only costs $2589.83/copy. Hurry only 2 left in stock. Oh, yeah, the title is great too:

    The Man Dan Who Is Author Producer Filmaker: The Man Is A Media Manufacturing Innovator (Dans Plan) (Volume 1) 1st Edition

    can’t wait for volume 2

    Oh, Amazon, don’t you have any idea the Man Dan isn’t really who he says he is.

    • “Oh, Amazon, don’t you have any idea the Man Dan isn’t really who he says he is”.

      This turns out to be a good practical illustration of the severe limits of so-called “artificial intelligence”. (Which is actually just rule-based software).

      Beyond its set of rules, the software has absolutely no imagination, common sense, creativity, or even knowledge of Amazon’s legal obligations.

  11. Another one:

    https://www.amazon.com/Teaching-Global-Population-Everywhere-write/dp/1517367131/ref=sr_1_5?ie=UTF8&qid=1519139510&sr=8-5&keywords=createspace

    This one is called
    Teaching Global Population Everywhere to write Books Today: Illiteracy must be eradicated Globally (Reading And Writing For Peace) (Volume 1) 1st Edition

    only costs $728.26

    Hurry only 9 left in stock. My favorite is the blurb from the author:

    HOW, WHEN, WHERE, WHY DO YOU WRITE A BOOK AND WHO DO WE GET TO HELP US. I HAVE WRITTEN THIS BOOK TO HELP THE WHOLE WORLD TO BECOME LITERATE AND POSITIVE AND PRODUCTIVE. THIS BOOK IS ONE OF THE GREATEST GIFTS YOU CAN GIVE YOURSELF AND OTHERS.

  12. You may also see “just launched” sellers, not to mention the age old “insurance” fraud some sellers commit by sending damaged items and claiming damaged in transit. This one is clever—unfortunate that with so much data at hand Amazon cant lint point the pepetrator.

  13. Amazon said they could prove he didn’t get the money, but they couldn’t prove he did, could they?

    Since he was not asking to get money he didn’t actually receive, Amazon should have been all over this ASAP. User and account security is fine, but it should not be used to block an internal investigation by Amazon so they could deal with a reported problem of this nature.

    It sounds like they shut down once they heard “I never got the money you say I did”.

  14. Help me out here.

    They reported to the IRS that he received $24k.

    They acknowledge that he is disputing receiving it.

    But they can’t tell him where they sent the money they claim he received?

    This is why we can’t have nice things.

  15. I would posit that that these “books” are using steganography to encode additional stolen data or encrypted messages. The high prices could act as a deterrent to the casual code breaker as well as a means of transferring funds to an embedded agent.

  16. “Amazon refuses to issue a corrected 1099 or provide me with any information I can use to determine where or how they were remitting the royalties.”

    If Amazon does not cooperate, I suppose Mr Reames will be forced to inform the IRS of the full circumstances and let it see if it can prise the information from Amazon.

    It sounds to me as though Amazon is probably guilty of one or more crimes.

    • he should take them to court. he has certainly suffered harm in the form of IRS liability and deserves to be made whole.

      • Exactly. He should sue for libel. Amazon published the false statement by sending it to a public agency. The harm is obvious – he has to pay the tax on the income. And discovery rules should open up all of Amazon’s records relating to that action.

  17. This is why I may find an item/vendor/price on Amazon but order direct from said vendor using paypal or other secured method. Amazon is based on convenience and price competition, but the whole interface is horribly insecure and rife with problems. If there is a way to exploit any part of their system, it can and will be done.

    Seems like the IRS and the FBI would be all over this on-line money-laundering method…oh, forgot, they are still functioning like it’s 1999.

  18. As a few have said above, the stunning part is that Amazon won’t tell Reames where they sent money that they allege to be his.

    “We sent your money somewhere, but we can’t tell you where,” sounds like a scam. And knowing that Amazon pocketed a hefty chunk of that money doesn’t make it any less scammy.

  19. A California man who sold bank accounts in order to bypass e-commerce companies’ identification systems was indicted by Mueller. He “willfully and intentionally avoided learning about the use of stolen identities,” according to the indictment. His website advertised that he could help individuals who had been blocked from using certain sites. Sell identities/bank accounts to the Russians and more books on Amazon..how clever these bad guys must be.

  20. I hope that Patrick Reames and anyone who has been a victim to this will contact the IRS to report the fraud. Here’s a link to their reporting forms:

    https://www.irs.gov/individuals/how-do-you-report-suspected-tax-fraud-activity

  21. Has Mr. Reames reported this to law enforcement? If not, he might want to consider doing that. He can make a report to the FBI’s Internet Crime Complaint Center at https://www.ic3.gov/complaint/default.aspx

    It seems that the FBI would be interested in this, as there is obviously a lot of criminal activity related to this issue. And they may be able to get the information from Amazon that Mr. Reames is unable to get.

  22. Theft if IP and impersonation is nothing new and U.S. manufacturers have been fighting counterfeiting problems on Amazon for years. I wouldn’t expect any changes until there is government involvement.

    http://www.hearthandhome.com/magazine/2017-10-16/stealing_creativity.html

  23. I had an item for sale that I unlisted and months later got a request to purchase it!

    Amazon was NO help. Changed my password.

  24. clever,very clever thats clever way to earn good profit!
    my respect !!!

  25. Brian, thanks for shining some virtual UV on my issue.

    I do want to respond to Amazon’s comment to you since they won’t follow-up with me as promised. Their spokesperson said, “If you’re concerned about your account, please contact Amazon customer service immediately using the help section on our website.”

    See the problem, Amazon, is that you didn’t notify me that you had established an account in my name on your CreateSpace site. That account was not known to me until you sent the 1099…more than 4 months after the thief set it up using my credentials. So, yeah, I’m concerned about my account because you never bothered to confirm with me via the address you had on file (as evidenced by the 1099) that I even wanted an account with your company.

    I have a suggestion for you, Amazon spokesperson…Hire a security expert to prevent these types of occurrences in the future! Previously, I would have assumed you would have hundreds of such experts in your employ, but clearly, that’s not the case.

  26. Google Dork: site:amazon.com “Paperback $555.00”

    Returns a few results of dog breeding books for $555. Most certainly part of the same network.

  27. Funny. I’ve reported highly overpriced items like this to Amazon without realizing I was reporting money laundering.

    I’ve come across them in health & beauty and a couple other places. Regular things like allergy medications priced at over $1,000.00. Seemed sketchy. I thought they were street drugs being sold in OTC bottles.

  28. I can’t believe that listing a book for a few grand didn’t raise a robotical eyebrow somewhere… Are all their internal systems that sloppy?

  29. Back in 2015 I reported on a massive scam piracy operation in CreateSpace. Amazon wouldn’t say what measures they were taking to fight scams in their POD service, but apparently it’s not enough.

    https://the-digital-reader.com/2015/09/10/scammers-are-using-createspace-to-spam-amazon-with-pirated-textbooks/