Revealed: How one Amazon Kindle scam made millions of dollars

For years, thousands were tricked into buying low-quality ebooks.

Image: File photo

NEW YORK -- Emma Moore could have been the health and weight loss guru you spent your life looking for.

You might be forgiven for not knowing her work -- after all, she has a common name, one that she shares with other similarly successful authors on Amazon. Until this week, she had dozens of health, dieting, cooking, and weight loss ebooks to her name. She published over a dozen ebooks on Amazon this year -- five ebooks alone this month. And Moore would even work with other authors -- like Nina Kelly, Andrew Walker, and Julia Jackson -- who have all published about a dozen ebooks each this year as well.

Here's the snag: to our knowledge, Moore doesn't exist. None of them do.

Moore was just one of hundreds of pseudonyms employed in a sophisticated "catfishing" scheme run by Valeriy Shershnyov, whose Vancouver-based business hoodwinked Amazon customers into buying low-quality ebooks, which were boosted on the online marketplace by an unscrupulous system of bots, scripts, and virtual servers.

Catfishing isn't new -- it's been well documented. Some scammers buy fake reviews, while others will try other ways to game the system.

Until now, nobody has been able to look inside at how one of these scams work -- especially one that's been so prolific, generating millions of dollars in royalties by cashing in on unwitting buyers who are tricked into thinking these ebooks have some substance.

Shershnyov was able to stay in Amazon's shadows for two years by using his scam server conservatively so as to not raise any red flags.

What eventually gave him away weren't customer complaints or even getting caught by the bookseller. It was good old-fashioned carelessness. He forgot to put a password on his server.

Inside the scam

Shershnyov is a former engineer turned "entrepreneur".

He spent a little over 10 years working as a software development engineer for various companies, including Microsoft. He went on to co-found a startup, Alteroxity, which claims to help authors publish ebooks that are already "done for you" -- that includes the writing, the creation, the publishing, and even "dozens of honest positive reviews".

The company appears genuine, according to public records, but its main source of sales is Shershnyov's catfishing scheme. To date, it's generated over $3 million in revenue.

Alteroxity's other co-founder, Alex Gorov, doesn't exist. Until recently, Gorov purported to offer an online course promising to spill secrets on what he learned "from publishing over 2,000 titles on Kindle". We later found that the photo on Alteroxity's website was taken from a stock image site.

We were left to conclude that Shershnyov was the sole organizer of the scam.

For two years, Shershnyov has run a powerful and complex database, which was hosted on an Azure instance by Microsoft.

That database, found by the MacKeeper Security Research Center, was the brains behind the scam, but it was left open for anyone to peek in -- if they knew where to look. MacKeeper security researchers did just that, sparking our investigation, which led to Shershnyov's scam unravelling.

Here's what we found.

amazonaccounts.png

An example of one of the fake Amazon accounts used to log in to download books. (Screenshot: ZDNet)

Each of the 18 tables in the database plays an important role in the scam.

Over the past two years, the database has stored data on 1,453 low-quality ebooks. Most have been written in just a few days for a few dollars, covering topics that are extremely mundane or flat-out bizarre: anything from an ebook on understanding non-verbal communications, to a guide on how to stop procrastinating, and even a boxset on herbal, homemade antibiotic lotions. Each book was hastily written and littered with spelling and grammatical mistakes.

These books were associated with a publisher's email account used to collect royalties on all the ebook and physical books that were sold. (Shershnyov used his own personal email address, along with other accounts.) Each account was responsible for publishing hundreds of ebooks. If one account was caught or disabled, it wouldn't upend the entire scheme.

These accounts worked together to artificially inflate the number of ebooks downloaded, thus raising the ranking of each ebook in Amazon's charts. That visibility helped to draw in real readers.

The server hosted a table containing 83,899 fake Amazon accounts (an easy feat given that, when we checked, Amazon doesn't verify email accounts). At any given time of the day, dozens of those accounts could be pushed through one of over 200 proxy servers -- provided by a third-party internet company -- which makes it harder for Amazon to detect the logins. The server installed the Selenium web driver, a browser automation tool, which simulates a real person typing in the accounts' usernames and passwords, one after the other.

Not all logins will be successful. Some are blocked or banned. If that happens, the table would log the the failure, and move on to the next account.

The fake accounts would download hundreds of these ebooks over a short period of time -- usually a few hours. Each promoted ebook can be offered for free for a short period of time, allowing the downloads to run at no additional cost. Free books don't generate royalties, but they do help to raise an ebook's visibility in the Amazon charts.

An author who didn't want to be named for the story said that the visibility can drive paid sales, earning the publisher money.

"Once a book is visible on Amazon due to being free it can benefit from increased interest. That increased interest and visibility doesn't just go away once the book goes back to its original price," explained the author.

trackedbooks.png

This list contains all the data on hundreds of ebooks used in the scheme. (Screenshot: ZDNet)

The downloads would be tunneled over the Tor anonymity network, masking the IP addresses of the server, making it tougher for Amazon's systems to spot the fraudulent downloads.

It can take just a few days for an ebook to rise up the charts and increase visibility -- these books can easily reach the Top 100 list, particularly in niche categories.

That visibility could drive dozens of genuine downloads per day. Some reach the hundreds of sales, which can drive thousands of dollars in royalties. Imagine that on a far larger, automated scale -- and those royalties begin to add up.

Millions in months

There are a lot of four-letter words to describe Shershnyov. One springs to mind: "rich".

On a small scale, each ebook can generate anything from a few cents to hundreds of dollars over the course of its life span -- until Amazon figures out that the book is a fraud. Fraudulent books get pulled offline quickly but often reappear under a different title, cover, and author's name.

SECURITY

Meet the new ransomware that knows where you live

The carefully-crafted email tries to trick you into installing ransomware.

Read More

"If the authors were trying to increase their visibility on Amazon then thousands of downloads per day would certainly achieve that," said one of the authors who spoke to ZDNet.

"But, you have to keep it going or you'll drop like a rock. Amazon's algorithm is very sensitive to fluctuations so if the momentum isn't maintained you can drop off fast," the author said.

Even if that momentum is maintained over a few days for each ebook, each little boost adds up.

Once the royalties (and refunds, rarely) begin to trickle in, the transactions are recorded in Amazon's sales and royalties reports. Shershnyov's royalty report showed that itemized revenues from the 11 master accounts generated $2.44 million since June 2015, which is when Amazon changed the terms in which authors were paid based on the number of books loaned. (It's not known what was made during the six months prior to that, which was when the scam began.)

The scheme also generated $83,340 in physical book sales since early March 2016.

Shershnyov was so successful with his scheme that he created near-identical databases for his girlfriend, Anna Mandryko, a former investment advisor.

Since we reached out on Thursday, neither Shershnyov or Mandryko have responded to a request for comment. But both servers were pulled offline within hours of the email. Shershnyov subsequently deleted his Twitter account, scrubbed his LinkedIn page, and pulled his company's site offline -- though, a cache remains online.)

Catfished and caught

Amazon isn't happy. After all, it's not the company's first rodeo with scammers.

A spokesperson for Amazon said on Tuesday: "All titles related to this issue have been removed, and we're evaluating all our legal options against the perpetrators." (We should note that in our checks, a handful of titles still exist on the site but only as physical book sales.)

The company has spent years knocking out one catfishing scam after another -- those who create phony ebooks, to others selling fake reviews. This year Amazon filed three separate lawsuits in the past year targeting more than 1,000 alleged fake reviewers. A handful of review-selling sites have closed, while others persist.

But online stores are faced with headaches in shutting these scams down.

Shershnyov broke both Amazon's terms of service -- and likely Microsoft's by hosting the database. (Microsoft declined to comment for this story.) But as far as we can tell, he hasn't broken the law.

Writing a book under a pen name, or even outsourcing the work to a third-party, isn't a crime. We found two people who had contracted work by Shershnyov on Fiverr, a marketplace for outsourcing work, but they did not respond to our questions about the nature of the work.

Sites that offer fake reviews services and even private scams that have complex systems designed to pump sales for profit likely won't face criminal charges, even if they do violate the terms of service for the marketplaces that they operate in.

Shershnyov was caught and his scheme is over -- for now. Amazon faces a constant battle against these schemes, not least overcoming technical hurdles that aim to catch these kinds of scammers in their tracks.

But given how quickly scams can alter and evolve, Shershnyov could be back in a week or a month, pulling the same old tricks under a different name.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All