Scammers take aim at Amazon merchants

A new scam tool could be taking aim at online merchants over the festive period.

Security vendor GFI software has reported a new crop of malware applications that could be used to trick merchants on Amazon.com.

Researcher Christopher Boyd outlined the tools in a posting to the blog of GFI subsidiary Sunbelt Software.

Boyd said that the attack tool is an HTML generator that creates fake receipts. Designed to look like authentic Amazon receipts, the tool allows a would-be attacker to enter information through a form.

The form then creates the phony receipt file with information such as an order number, item description and address information.

Potentially, a cyber criminal could use the artificial receipts to trick merchants into believing that an item was damaged or not delivered, leading the merchant to ship additional items or supply software licensing information.

Boyd noted that the attacks can be thwarted by merchants checking the receipt files with sales and payment records. As no purchase was ever made, the merchant would have no record of a sale or shipment.

"It's clear that sellers will need to keep their wits about them over the coming festive season as I can see this being a particularly popular scam for the time being," wrote Boyd.

"If a 'customer' seems a little peculiar, ensure you take a good look at their receipt. You probably don't want to have a Homer Simpson moment after you've sent three Playstations to their dropoff address."