A Defensive Computing Checklist    by Michael Horowitz

NOTE: I gave a presentation on Defensive Computing at the HOPE conference in July 2022

HOME | Full Site Index | Domain Names | VPNs | iOS | Android | About | Rules of the Road | DC Presentation |

  AMAZON

Some topics below: Toxic Products, Fake Books, Other Fake Stuff, Amazon spies on us, Amazon search results, Fake Reviews, Bait and Switch Reviews, Defensive Steps, Privacy, FYI

Fake reviews, fake products, fake sales and toxic products. Even Amazon's Choice is purposely misleading.

• Amazon has two Help articles on their site with the same title and some basic Defensive Computing: Identifying Whether an Email, Phone Call, Text Message, or Webpage is from Amazon and again here: Identifying Whether an Email, Phone Call, Text Message, or Webpage is from Amazon. Both pages have this important warning: "While some departments at Amazon will make outbound calls to customers, Amazon will never ask you to disclose or verify sensitive personal information, or offer you a refund you do not expect."
• Banning sellers: In September 2021, it looked like Amazon was doing something about paid-for reviews Amazon has removed goods from 600 Chinese merchants for review fraud by Brad Linder. But the ban was flawed: We bought gadgets from Amazon’s banned brands and it was a piece of cake by Sean Hollister (Oct 2021)
• How to tell real products from scams when shopping online Washington Post (Oct 2021). A long list of ways to research the seller of a product. Most of the article is not specific to Amazon.
• Amazon sells hand sanitizers that people buy as a defense against the COVID-19 coronavirus. To do that job, a sanitizer needs to be 60% alcohol. Many sanitizers have no alcohol and depend on benzalkonium chloride instead. Will Amazon do anything to protect us? No. Not only are ineffective products not flagged as such, then too, there is the price gouging on said products. When queried, Amazon said nothing. From: You Might Be Buying a Hand Sanitizer That Won’t Work for Coronavirus (March 2020) by Marshall Allen and Lisa Song of ProPublica.
• TOXIC PRODUCTS:
  Amazon sells dangerous products both from third parties and from their own Amazon Basics line.
  
  
  1. August 2019: Huge expose from the Wall Street Journal Amazon Has Ceded Control of Its Site. The Result: Thousands of Banned, Unsafe or Mislabeled Products. Subhead: Amazon is unable or unwilling to effectively police third-party sellers on its site. The Journal found 4,152 items for sale that have been declared unsafe by U.S. government agencies, are deceptively labeled or are banned by federal regulators. Big-box retailers would not sell this stuff. Along with the expose, the Journal published a Defensive Shopping article: Amazon Shoppers: This Is How to Safety-Proof Your Order.
  2. July 2019: A month earlier, Vice had this story: Amazon Won't Stop Selling Toxic Products In the U.S. Amazon knows that some creams and cosmetics are dangerous, yet they allows them to be sold nonetheless, and without warnings. And, this: Amazon is shipping expired baby formula and other out-of-date foods.
  3. October 2020: AmazonBasics Electronics Fire Lawsuit from The Schmidt Firm LLC. A September 2020 investigation by CNN found at least 70 AmazonBasics® products linked to over 1,500 reviews describing serious safety hazards. Nearly 200 of the reviews involved property damage, such as burned walls. CNN warned that many are still for sale, despite Amazon being made aware of the problem. Amazon branded products to avoid include surge protectors, microwaves, USB cords, phone chargers, paper shredders and batteries.
• FAKE BOOKS
  A long standing problem that Amazon clearly does not care about. We are probably better off buying books elsewhere.
  1. Tweets from author François Chollet (July 2022): "Anyone who has bought my book from Amazon in the past few month hasn't bought a genuine copy, but a lower-quality counterfeit copy printed by various fraudulent sellers ... The problem is systemic. For my own book I've seen a total of 5 different fraudulent sellers so far. Reporting them achieves nothing." From here.
  2. What Happens After Amazon’s Domination Is Complete? Its Bookstore Offers Clues by David Streitfeld in the New York Times (June 2019). One book publisher bought 34 copies of their book on Amazon, as a test, and 30 were counterfeit. Amazon's business model is to have the same laid-back approach to bad guys as Facebook and YouTube. Follow-up by Streitfeld (Aug. 2019) about counterfeit George Orwell books: Paging Big Brother: In Amazon’s Bookstore, Orwell Gets a Rewrite. Eleven fake books were sold by Amazon as new. The author tried to find a way to report the counterfeit books, but failed.
• OTHER FAKE STUFF
  
  
  1. Fake UL safety certification: An Oct. 2021 tweet by @SwiftOnSecurity "There appears to be no way to alert Amazon to dangerous products fraudulently claiming UL safety certification. There's literally no mechanism on the largest e-commerce platform to flag abuse."
  2. Fake products: Fake and dangerous kids products are turning up for sale on Amazon by CNN (Dec 2019). Amazon sells both a good infant car seat for $500 and a counterfeit version of it that will kill a kid for $300. Seven different business owners told CNN their products were being actively targeted by counterfeiters.
  3. Fake products: Extra inventory. More sales. Lower prices. How counterfeits benefit Amazon by David Pierson of the LA Times (September 2018). Real and fake products are thrown into the same storage bin. A guy who owns a company bought his own product on Amazon and got sent a fake.
  4. Fake products: Trying to buy a microSD card proved to me that Amazon is becoming a scammers' paradise by Matt Hanson of TechRadar (April 2022). Avoid microSD cards that are too cheap. Bad guys use special software to make the cards appear to have a larger capacity than they actually do. "Once victims realize that they've been scammed, they invariably find that they can't contact the seller to ask for a refund." Some of the scam cards even showed up as 'sponsored' results.
  5. Fake "choice": Amazon's Choice is a label awarded by an algorithm based on customer reviews, price, and, of course, whether the product is in stock. After all, selling is what Amazon does. Two outlets have exposed it as a scam. First: 'Amazon's Choice' Does Not Necessarily Mean A Product Is Good by Nicole Nguyen of Buzzfeed (June 2019). The article documents many bad products marked as an 'Amazon Choice'. Amazon declined to answer questions about exactly how items are selected. The article also discusses fake products on Amazon. Then: Amazon’s Choice Isn't the Endorsement It Appears by the Wall Street Journal (Dec 2019). They examined 27,100 Amazon’s Choice items. Nearly 1,600 appeared to have been manipulated to get the Choice label. Worse, many Choice products were dangerous. Some products products have safety concerns, some make false claims and some violate Amazon's own policies. Amazon chose the word "Choice" rather than "Recommends" because they knew it was a scam.
  6. Fake Chromebook descriptions: In November 2020, Kevin C. Tofel warned (Getting your first Chromebook? Here’s a buying guide of what to look for) that Amazon lists many old Chromebooks as "new", "newest" or "2020" models, when in fact, they are not.
  7. Fake sales: A warning about fake sales on Prime Day from Ars Technica. Quoting: "... most of this year's Prime Day deals aren't really deals at all. Amazon will promote thousands of 'discounts' over the next two days, but with that much volume, the majority of those offers will naturally have less-than-special prices or apply to less-than-desirable products. Many 'deal prices' are relative to MSRPs that products have not sold at for months..." (July 2019)
• AMAZON SPIES ON US
  Amazon collects a lot of information about customers. They save everything customers search for, both on the website and with the Amazon app. This information is used in targeted advertising.
  
  
  1. Defense: Shop and browse using one browser in Private Mode while not logged in to Amazon. When you find what you want to buy, login to Amazon with another browser (also using Private Mode), copy the URLs of the items you want to purchase into this second browser, buy them, and then immediately log out of Amazon and shut down both browsers.
  2. Defense: You can disable the search history at Amazon.com. Click on the Account and Lists dropdown -> Browsing History -> Manage History and Turn Browsing History off. I did this and it did not seem to stick.
  3. Defense: Turn off interest-based ads -> Click on the Account and Lists dropdown -> Account -> Advertising preferences (in the Communication and content box). Here, opt for "Do not show me interest-based ads provided by Amazon"
  4. Celebrate Prime Day by Deleting the Data Amazon Has on You by David Nield for Gizmodo (July 2022). The article covers Amazon Echo recordings, Prime Video Viewing, Fire tablets, Kindles, Order History and more. Also, how to request the info Amazon has on you.
  5. Background: The data game: what Amazon knows about you and how to stop it by Kate O'Flaherty for The Guardian (Feb 2022). Excellent statement of the problem, not much on defense. Amazon is so good at figuring out what you will buy next, that they sell their algorithms as as a service called Amazon Forecast. Good explanation of why you should not store photos at Amazon.
  6. No Defense: Amazon's Eero routers spy on you. The only way to stop Eero devices from gathering data is to not use them. From: Your Router Is Collecting Your Data. Here's What to Know, and What You Can Do About It by Ry Crist of CNET (Feb. 2022)
  7. Obvious defense: Do not use Alexa, a Kindle, Eero or a Ring doorbell. Use Roku rather than Fire TV.
• AMAZON SEARCH RESULTS
  1. Amazon's search results full of ads that may be 'unlawfully deceiving' consumers, complaint to FTC claims by Cat Zakrzewski and Jay Greene of The Washington Post (Dec 2021). Because Amazon does not clearly label sponsored search results, consumers could be deceived into clicking on them without knowing. More than a quarter of the search results on Amazon are paid ads, according to the complaint.
  2. Overflowing with sleaze: Amazon Puts Its Own Brands First Above Better-Rated Products from The Markup (Oct 2021). That Amazon prefers its own brand is no surprise. It prefers its own brands over competitors with higher ratings and more sales. And, it also prefers exclusive products are not obviously connected to Amazon. They identified more than 150 brands registered by or owned by Amazon where the connection to the company is not obvious. Those are in addition to the hundreds of third-party brands that are exclusive to the site. And, ads in the search results are not all labeled as ads. And, Amazon has been accused of knocking off existing popular products to sell under its house brands.
• FAKE REVIEWS ON AMAZON
  1. How to Spot Fake Reviews and Shady Ratings on Amazon by Nicole Nguyen for the Wall Street Journal (July 2022). Amazon did not respond to requests for comment. Verified purchase ratings can be faked. Among a long list of things to do: avoid products with only 5-star reviews, inspect the one-star reviews first, read the most recent reviews and much more.
  2. Posing as Amazon seller, consumer group investigates fake-review industry by Jon Brodkin of Ars Technica (Feb. 2021). Fake Amazon reviews are sold in bulk. A thousand reviews are roughly $11,000. Based on this report by Which?, a Consumers' Association in the UK that does product research and advocacy on behalf of consumers: How a thriving fake review industry is gaming Amazon marketplace by Hannah Walsh (Feb. 2021).
  3. Manipulating Amazon reviews: Inside Amazon’s Fake Review Economy by Nicole Nguyen of BuzzFeed (May 2018). There is a vast web of review fraud. Merchants pay for positive reviews. Sellers trying to play by the rules are struggling to stay afloat amid a sea of fraudulent reviews and Amazon is all but powerless to stop it. This article: Her Amazon Purchases Are Real. The Reviews Are Fake. by Nicole Nguyen (Nov. 2019), profiles a woman who gives 5 star reviews in exchange for keeping the items for free. One take-away is that this activity could be detected by Amazon, if they cared.
  4. Even the FTC is involved. FTC Brings First Case Challenging Fake Paid Reviews on an Independent Retail Website (Feb 2019)
  5. Don't Get Duped! Here's How to Spot Fake Reviews on Amazon by Michael Tedder for Money magazine (March 2021). Some red flags: a flood of reviews in one day and aggressive positivity. Also, click on the profile of the person who wrote a review. If their profile is empty or was created the same day as the review, that's suspicious.
  6. Another reason not to trust Amazon reviews, from one of the above articles, was the story of a one-star review that was removed by Amazon after the buyer got a refund. The buyer could not get Amazon to restore the bad review.
  7. Fake Helpful Reviews: Also from the above article - some sellers hire people to hit the 'Helpful' button on a particular review so that it appears first.
  8. Spotting fake reviews is a skill we all need to learn. Which? magazine has a short video (April 2019).
  9. How to Spot Fake User Reviews: Amazon, Best Buy and More by Louis Ramirez (Feb. 2018)
  10. Is It Really Five Stars? How to Spot Fake Amazon Reviews by Joanna Stern (WSJ Dec. 2018).
  11. ReviewMeta is a website that analyzes Amazon product reviews and filters out reviews that look unnatural. It also recommends similar products with trusted reviews.
  12. The Review Index also analyzes reviews looking for fakes.
  13. The good news about fakespot.com is that it analyzes reviews at Amazon, Best Buy, Sephora, Steam, Walmart, TripAdvisor and Yelp. The bad news is that it used to be a website, but it is now a browser plugin that is able to read the content of every web page you view. Because of this, only install it in one browser and only use that browser for shopping in the few stores it can analyze. And never buy anything in that browser.
• BAIT and SWITCH AMAZON REVIEWS

  Another type of fake review is one for a different product. Sellers take an existing product page, then update the photo and description to show an entirely different product. The goal is to retain the existing good reviews from the original product. Suggested defense: read the god and bad reviews and some old reviews. Just relying on the star rating and the number of reviews leaves you vulnerable to this scam.

  1. Here's Another Kind Of Review Fraud Happening On Amazon by Nicole Nguyen of BuzzFeed (May 2018).
  2. Hijacked Reviews on Amazon Can Trick Shoppers (Consumer Reports Aug 2019)
  3. Amazon still hasn’t fixed its problem with bait-and-switch reviews by Timothy Lee of Ars Technica (December 2020). A product has 6,400 reviews and a five-star rating. But most of the reviews are for a totally different item. Lesson: always check the most recent ratings. Three cases of this were brought to Amazon's attention by Ars Technica and they fixed only one.
  4. In Nov. 2021, Brian Krebs ran across an instance of this and tweeted: "So, searching for blood pressure monitors on Amazon is fun. None of the reviews seem to be about the actual product. Not sure if this just a glitch in the matrix or what. I'm used to inauthentic reviews, but this is a new one for me." Many people who responded said that they had seen this happen too. Interestingly, within a few hours, Amazon had removed all the reviews for the item Krebs referenced.
• DEFENDING YOURSELF
  1. Batteries: Test them immediately. This is a lesson I learned the hard way. In January 2020 I bought a package of AA Duracell batteries. In April 2020, I opened the package only to discover that they were all dead. The package claimed that the batteries last 10 years in storage. The batteries were dated March 2028 and they were sold by Amazon.
  2. Before buying from an unknown seller, be aware that you probably have no recourse for defective products. More here (Kate Cox July 2019) and here (Louise Matsakis July 2019). Sometimes, as seen here, it costs only 4 cents more to buy from Amazon.
  3. From Nicole Nguyen: Do a search to see if the company selling the product has a legitimate website. Also check if the item has been reviewed by a publication or site dedicated to consumer products. And, Here's One Way To Tell If An Amazon Product Is Counterfeit by Nicole Nguyen of BuzzFeed (March 2018).
  4. What to Do If You Think Your Amazon Purchase Is a Fake from The Wire Cutter (Feb 2020)
  5. In July 2016, I wrote Defending yourself from Amazon.com which makes the case for having a dedicated Amazon email address.
• Sidewalk: turned on everywhere on June 8, 2021. In the Alexa mobile app turn it off with: Settings -> Account Settings -> Amazon Sidewalk. You can either turn it off entirely or leave it half on with: Community Finding which lets your devices use Sidewalk but turns off locating sharing. (June 2021)
• PRIVACY:
  • Amazon tracks everything you do on their website. To combat this, I suggest shopping/researching in one browser, and buying in another. The shopping browser should use a VPN and not be logged in to an Amazon account. The buying browser should be in private/incognito mode.
  • Browsing History: Log in to your account at Amazon.com. If, under the big search rectangle at Amazon.com you see a Browsing History, click on it. Then click on the Manage history drop-down arrow on the right. Then switch off the "Turn Browsing History on/off" slider button.
  • Targeted ads: Log in to your account at Amazon.com. Under Accounts & Lists, click "Account". Scroll down and click on Advertising preferences (in a box labeled Communication and content). Choose "Do not show me interest-based ads provided by Amazon", then click the yellow Submit button.
  • Prime video Watch History: Log in to your account at Amazon.com. Under Account and Lists -> video purchases and rentals -> gear icon -> Settings -> Watch History. Each video has a "Hide this" link and the option not to use it for recommendations.
  • Episode 208 (February 26, 2021) of The Privacy, Security, & OSINT podcast was on Amazon Privacy. By Michael Bazzell.
  • All the ways Amazon tracks you and how to stop it by Matt Burgess for Wired (June 2021). Note that the links for Cookie Preferences do not work in the US (the article is for England) and there do not seem to be any Cookie related preferences available in the US.
  • Make sure your shopping and wish lists are not public. From the amazon.com home page, on the horizontal menu bar click All (its on far left) -> Your Account (in the Help and Settings section at bottom) -> Your lists box. For each list, click on the three dots on the right and select Manage List to insure it is private. Or, here is a direct link to the Your Lists page.
  • Security and Privacy by Amazon
  • Don't use an Eero router
• Does Amazon know your Wi-Fi password? They want to save it to make setting up new Alexa devices easier. To check, login to Amazon, click Accounts & Lists at the top of the page, then Your apps and devices, then go to the Preferences tab, look for the Saved Wi-Fi Passwords section.
• Pricing: Tweet by Brett Glass on July 24, 2020: "Wow; @amazon must really think it’s customers are dupes. It just doubled the price of yet another item right after I 'subscribed' to it." I have no confirmation of this.
• Data: You can request the data Amazon has stored about you. Episode 165 (April 10, 2020) of The Privacy, Security, & OSINT podcast discussed this and offered this link: How Do I Request My Data? The show warned that Amazon requires a phone number, they send a text with a PIN code to the phone and they store the phone number as part of the account information.
• A security hole: A stranger's TV went on spending spree with my Amazon account – and web giant did nothing about it for months by Shaun Nichols Oct. 2019. Smart TVs and Roku devices do not appear in the list of devices associated with your Amazon account. Yet, each can be used to buy stuff. This story is about a Smart TV that was making purchases billed to someone who did not own the TV. How it happened is a mystery. Changing the Amazon password and 2FA did not stop the TV. There is no real defense. The response from Amazon was quite poor.
• FYI
  • House panel flags Amazon and senior executives to Justice Department over potentially criminal conduct by John Wagner and Cat Zakrzewski in the Washington Post (March 2022). The article starts: "A bipartisan group of House Judiciary Committee members has alerted the Justice Department to 'potentially criminal conduct' by Amazon and senior executives in relation to a committee investigation into competition in digital markets." This is a significant escalation of lawmakers' years-long questioning of statements made by Amazon executives.
  • Amazon suppliers linked to forced labor in China, watchdog group says by Louise Matsakis of NBC news. (March 2022). Amazon declined to comment on the specific allegations.
  • "Millions of people's data is at risk" - Amazon insiders sound alarm over security by Vincent Manancourt for Politico (Feb 2021). Three former high-level information security employees warn that the company's efforts to protect the information it collects are inadequate. These employees were sidelined, dismissed or pushed out of the company. The corporate culture at Amazon prioritizes growth over other factors. Amazon has a poor grasp of what data it has, where it is stored and who has access to it. They found hundreds of thousands of instances where former employees still had system access. Amazon denies it all.
  • You Might Be Buying Trash on Amazon - Literally by Wall Street Journal (Dec 2019). After becoming aware of dumpster divers selling discarded garbage on Amazon, the reporters did just that. It was easy. Amazon did not ask about the origins of the stuff they sold or, for food, the sell-by date. Warehouse workers are supposed to identify problematic products but often there is too much stuff and too few workers, so things get missed, both accidentally and on-purpose.
• Amazon Alexa is in the Voice Assistant section

Copyright 2019 - 2022