Patrick Reames had no idea why Amazon.com sent him a 1099 form saying he'd made almost $24,000 selling books via Createspace, the company's on-demand publishing arm. That is, until he searched the site for his name and discovered someone has been using it to peddle a $555 book that's full of nothing but gibberish.
The phony $555 book sold more than 60 times on Amazon using Patrick Reames' name and Social Security number.
Reames is a credited author on Amazon by way of several commodity industry books, although none of them made anywhere near the amount Amazon is reporting to the Internal Revenue Service. Nor does he have a personal account with Createspace.
But that didn't stop someone from publishing a "novel" under his name. That word is in quotations because the publication appears to be little more than computer-generated text, almost like the gibberish one might find in a spam email.
"Based on what I could see from the 'sneak peak' function, the book was nothing more than a computer generated 'story' with no structure, chapters or paragraphs -- only lines of text with a carriage return after each sentence," Reames said in an interview with KrebsOnSecurity.
The impersonator priced the book at $555 and it was posted to multiple Amazon sites in different countries. The book -- which as been removed from most Amazon country pages as of a few days ago -- is titled "Lower Days Ahead," and was published on Oct 7, 2017.
Reames said he suspects someone has been buying the book using stolen credit and/or debit cards, and pocketing the 60 percent that Amazon gives to authors. At $555 a pop, it would only take approximately 70 sales over three months to rack up the earnings that Amazon said he made.
"This book is very unlikely to ever sell on its own, much less sell enough copies in 12 weeks to generate that level of revenue," Reames said. "As such, I assume it was used for money laundering, in addition to tax fraud/evasion by using my Social Security number. Amazon refuses to issue a corrected 1099 or provide me with any information I can use to determine where or how they were remitting the royalties."
Reames said the books he has sold on Amazon under his name were done through his publisher, not directly via a personal account (the royalties for those books accrue to his former employer) so he'd never given Amazon his Social Security number. But the fraudster evidently had, and that was apparently enough to convince Amazon that the imposter was him.
Reames said after learning of the impersonation, he got curious enough to start looking for other examples of author oddities on Amazon's Createspace platform.
"I have reviewed numerous Createspace titles and its clear to me that there may be hundreds if not thousands of similar fraudulent books on their site," Reames said. "These books contain no real content, only dozens of pages of gibberish or computer generated text."
For example, searching Amazon for the name Vyacheslav Grzhibovskiy turns up dozens of Kindle "books" that appear to be similar gibberish works -- most of which have the words "quadrillion," "trillion" or a similar word in their titles. Some retail for just one or two dollars, while others are inexplicably priced between $220 and $320.
Some of the "books" for sale on Amazon attributed to a Vyacheslav Grzhibovskiy.
"Its not hard to imagine how these books could be used to launder money using stolen credit cards or facilitating transactions for illicit materials or funding of illegal activities," Reames said. "I can not believe Amazon is unaware of this and is unwilling to intercede to stop it. I also believe they are not properly vetting their new accounts to limit tax fraud via stolen identities."
Reames said Amazon refuses to send him a corrected 1099, or to discuss anything about the identity thief.
"They say all they can do at this point is send me a letter acknowledging than I'm disputing ever having received the funds, because they said they couldn't prove I didn't receive the funds. So I told them, 'If you're saying you can't say whether I did receive the funds, tell me where they went?' And they said, "Oh, no, we can't do that.' So I can't clear myself and they won't clear me."
Amazon said in a statement that the security of customer accounts is one of its highest priorities.
“We have policies and security measures in place to help protect them. Whenever we become aware of actions like the ones you describe, we take steps to stop them. If you’re concerned about your account, please contact Amazon customer service immediately using the help section on our website.”
Beware, however, if you plan to contact Amazon customer support via phone. Performing a simple online search for Amazon customer support phone numbers can turn up some dubious and outright fraudulent results.
Earlier this month, KrebsOnSecurity heard from a fraud investigator for a mid-sized bank who'd recently had several customers who got suckered into scams after searching for the customer support line for Amazon. She said most of these customers were seeking to cancel an Amazon Prime membership after the trial period ended and they were charged a $99 fee.
The fraud investigator said her customers ended up calling fake Amazon support numbers, which were answered by people with a foreign accent who proceeded to request all manner of personal data, including bank account and credit card information. In short order, the customers' accounts were used to set up new Amazon accounts as well as accounts at Coinbase.com, a service that facilitates the purchase of virtual currencies like Bitcoin.
This Web site does a good job documenting the dozens of phony Amazon customer support numbers that are hoodwinking unsuspecting customers. Amazingly, many of these numbers seem to be heavily promoted using Amazon's own online customer support discussion forums, in addition to third-party sites like Facebook.com.
Interestingly, clicking on the Customer Help Forum link link from the Amazon Support Options and Contact Us page currently sends visitors to the page pictured below, which displays a "Sorry, We Couldn't Find That Page" error. Perhaps the company is simply cleaning things up after being notified last week by KrebsOnSecurity about the bogus phone numbers being promoted on the forum.
In any case, it appears some of these fake Amazon support numbers are being pimped by a number dubious-looking e-books for sale on Amazon that are all about -- you guessed it -- how to contact Amazon customer support.
If you wish to contact Amazon by phone, the only numbers you should use are:
U.S. and Canada: 1-866-216-1072____
Amazon's main customer help page is here.
Update, 11:44 a.m. ET: Not sure when it happened exactly, but this notice says Amazon has closed its discussion boards.
Update, 4:02 p.m. ET: Amazon just shared the following statement, in addition to their statement released earlier urging people to visit a help page that didn't exist (see above):
"Anyone who believes they’ve received an incorrect 1099 form or a 1099 form in error can contact firstname.lastname@example.org and we will investigate."
"This is the general Amazon help page:"
Update 4:01 p.m ET: Reader zboot has some good stuff. What makes Amazon a great cashout method for cybercrooks as opposed to, say, bitcoin cashouts, is that funds can be deposited directly into a bank account. He writes:
"It’s not that the darkweb is too slow, it’s that you still need to cash out at the end. Amazon lets you go from stolen funds directly to a bank account. If you’ve set it up with stolen credentials, that process may be faster than getting money out of a bitcoin exchange which tend to limit fiat withdraws to accounts created with the amount of information they managed to steal."