Phishing Scams in E-commerce — The Vulnerabilities of E-commerce
For a complete understanding of this writing, the reader should watch the Netflix documentary “Jamtara” @Netflix Technology Blog.
Vulnerabilities in E-Commerce platforms consist of five entities.
- The Buyer (Anyone looking to purchase on the web)
- The Product Vendor (Hosts a platform to generate money by charging a percentage amount to the buyer and product vendor)
- E-Commerce Provider (Hosts platform for public use and earns money by charging a percentage amount to the buyer and product vendor)
- The Package Receiver (Receives the package with or without consent)
- The Manipulator (Scammer/Attacker/Hacker)
My family has received several unsolicited packages from Amazon, no one in my family ordered. These packages were random and included items such as KIND Snacks, packets of M&Ms candy, a box of perfumes, two female jackets, and two cartoon designed t-shirts.
The estimated worth of these packages ranged anywhere from $400 to $500 in the total price.
To find out about the sender of the packages, contacted Amazon customer service along with their customer service web chats. Amazon Customer Service 1–877–590–2114
The only piece of information found with the packages was the first name of the unknown sender, as “_________”.
The currency of the online purchases was PKR (Pakistani Rupee), confirmed by the Amazon Customer Service team.
After a repetitive explanation of the creepiness of unwanted merchandise, one Amazon representative reluctantly confirmed the full name of the gift sender as “_____________”. In conversation with the Amazon CSR team, the sender may have used stolen credit/debit cards to send these packages.
The proposed conclusion is the only logical answer.
Amazon representative gave two names that she confirmed were the names of the related credit/debit cardholders to the sender’s Amazon Account. The identities of the owner of the linked credit/debit cards that the Amazon representative provided are,
“______ Rana” , “_______ Dar”
Rana and Dar are two distinctively unrelated names used among the Pakistani community. Amazon team further confirmed that there were more credit/debit cards linked to the account but refused to give away any more names by stating it was against Amazon policy to share information on the sender.
The Amazon representative confirmed that the Amazon account used to sent these packages had a U.S.-based address and, the Amazon account had been active since 2016. The account holder was also an Amazon Prime member. The conclusion is that these people probably didn’t know that their credit/debit card took part in fraudulent purchases on the world-renowned E-commerce platform.
The CSR team stressed that millions of purchases get done on Amazon and, it is strenuous to handpick fraudulent purchases.
A.I. and Machine Learning should properly get implemented to put a complete stop to fraudulent E-Commerce purchases.
An indispensable appropriate end to end auditing of the collected data of,
- The Buyer
- The Product Vendor
- E-Commerce Provider
- The Package Receiver
- The Manipulator
, is essential.
Computer base cross-referencing of user data will allow large scale E-Commerce platform providers to catch the bad actors (scammers) and to shrink the damage. It resolves the issue of unsolicited packages and unauthorized use of debit/credit cards.
