Analyzing Reshipping Mule Scams
Interesting paper: “Drops for Stuff: An Analysis of Reshipping Mule Scams. From a blog post:
A cybercriminal (called operator) recruits unsuspecting citizens with the promise of a rewarding work-from-home job. This job involves receiving packages at home and having to re-ship them to a different address, provided by the operator. By accepting the job, people unknowingly become part of a criminal operation: the packages that they receive at their home contain stolen goods, and the shipping destinations are often overseas, typically in Russia. These shipping agents are commonly known as reshipping mules (or drops for stuff in the underground community).
[…]
Studying the management of the mules lead us to some surprising findings. When applying for the job, people are usually required to send the operator copies of their ID cards and passport. After they are hired, mules are promised to be paid at the end of their first month of employment. However, from our data it is clear that mules are usually never paid. After their first month expires, they are never contacted back by the operator, who just moves on and hires new mules. In other words, the mules become victims of this scam themselves, by never seeing a penny. Moreover, because they sent copies of their documents to the criminals, mules can potentially become victims of identity theft.
Anura • November 4, 2015 2:10 PM
There are services that score ecommerce orders to determine the likelihood of Fraud. If you are buying something with a credit card associated with a Virginia address and the package is shipping to Seattle when your IP address originates from Texas, that will put the order at an elevated risk of being fraud. If you are purchasing from an open proxy and you are shipping to a freight forwarder in Florida then it is a very high fraud risk. Where I worked before, this would result in a phone call to the customer to confirm the order, and almost always this resulted in the card holder learning their credit card was stolen.
It sounds like the fraudsters are adapting, so instead of using known freight forwarders they use individuals that are not going to be detectable by the fraud detection service.