Monday, May 23, 2022

How criminals get around retailers’ ban on shipping products overseas

Criminals have created sophisticated networks to monetize stolen credit card data, in part by buying valuable goods — from laptops to sports nutrition products — that are then resold for cash, according to security researchers at Hewlett-Packard Enterprise.

The network includes “administrators,” who create demand and reshipping websites for “stuffers,” who purchase products requested in the U.S. using the stolen card data. They in turn ship product to “drops” — usually in the U.S. — and who then reship the goods to Russia or Eastern Europe.

From there the group’s operators sell the products in grey markets for fat profits. The money they make in part pays the admins, who recruit stuffers and who are paid a percentage (sometimes in Bitcoin) from each product type they buy.

Drops often make nothing at all.

The schemes were outlined in an HPE report issued this month, which looked at how criminals are able to get around retailers who no longer ship products bought online to certain countries — mainly in Eastern Europe, where many of the gangs are — because so many purchases from there are fraudulent.

According to some estimates, the reshipping operations could account for 1.6 billion credit and debit cards being abused for more than US$1.8 billion a year.

HPE research done over a six month period starting last August shows most drops are in the U.S., because that’s where the most targeted retailers and stolen credit card data is.

“As an example of the scale and potential profitability,” says the report, “a single investigated site processed US$1.5 million of merchandise in 2015, representing $1 million in profit to the operator.”

The real suckers in this arrangement are the drops, who in the study were often found in low income areas. That’s probably because they are promised what appears to be easy cash — sometimes as high as US$750 a week, plus commission on each item reshipped by working from home. Or, they may be promised a flat rate per package. “Which model is offered makes no difference,” says the report, “because drops are almost never paid.”

This has been going on for some time. Security reporter Brian Krebs wrote on the indictment in 2011 of 100 people suspected of being part of one of these rings.The Canadian Anti-Fraud Centre’s web site warns residents about so-called mystery shopper and reshipping scams.

Goods in demand include gift cards, laptops, cameras, blenders, iRobot vacuums, rifle scopes and clothes. Victims include WallMart, Amazon, Best Buy, Staples, U.S. carriers such as AT&T and Verizon, and upscale retailers like Saks Fifth Avenue.

The report admits retailers have a problem: Spotting these fraudulent transactions is difficult if they don’t know a credit card being used online has been stolen. HPE advises CISOs to monitor for this activity and to keep up to date on how scam operations work to tune their defences.

As for individuals, to avoid being suckered into becoming a drop they are urged to be wary of online job listings with spelling mistakes, and jobs whose tasks include wiring funds, package forwarding and being an “import/export specialist.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.