Refund Fraud, Part 1: What is it?
Updated: Aug 9
It started with Amazon 2014. On Evolution Marketplace, the biggest darkweb forum and market on the planet at the time, some members started bragging about profiting $10,000 a month doing refund fraud through Amazon. Consensus of other Evolution members? Bullshit. No one makes that through refunding.
Refunding is technically illegal, so you have to play it safe. You can not do 10x 10.000 EUR orders every day. You have to make sure the company does not catch on to you doing refunds, as it costs them money. Technically it is possible, but it requires a lot of experience and almost no mistakes. Possible mistakes might result in an account closure. Legal problems are also a possibility, but this has never happened before. However, it's still recommended to play it safe and not let companies have the option to pursue legal options against you. There are a few tricks which let you do unlimited refunds at zero risk.
Those who called Bullshit? They forgot one of the major tenets of cybercrime: Don’t immediately dismiss any claim. Pause, consider, ask questions, determine if it’s possible, and then proceed. Don’t be that guy that dismisses something out of hand. Why? Cause that something might bite you in the ass.
The $10k a month thing? That was an understatement. Refund Fraud would redefine cybercrime.
It ate Amazon alive. Sign up for an Amazon Prime Free Trial using your real name, address, credit card. Order a MacBook Pro $2500. Amazon would ship it out 2-Day Delivery. UPS or Fedex would leave it on the porch. Get the package, start a chat session or call Amazon Customer Service. Tell them it didn’t arrive. Amazon would apologize and send out another MacBook Pro to replace the one which “never arrived.” That one would be left on your porch two days later. Start a chat session or call Amazon Customer Service. Tell them that one didn’t arrive either. Amazon would refund your money.
That’s right. You’d get two MacBook Pros and your money back. Took about ten days overall. And it wasn’t just laptops. It was 70-inch LED TVs, living room sofas, whatever you wanted.
Amazon got eaten alive with it for a couple years before they decided to do anything about it. Amazon’s response? Police reports. Suspicious orders requesting replacements or refunds for items marked DNA (Did Not Arrive) were required to submit a police report to receive a replacement or refund. Good in theory, right?
It wasn’t. Amazon didn’t understand the cybercrime mindset. And Amazon didn't appreciate how Refund Fraud was changing the dynamic of cybercrime.
What is Refunding? It is very simple to explain. You complain about a problem you do not have and the company grants a refund or replacement to satisfy you. Example:
1) Order a PS4 from Amazon
2) Wait for the package to arrive
3) Contact Amazon
4) Claim the PS4 is missing in the parcel
5) Amazon grants you a full refund for the missing item
Refund Fraud took the cybercrime world by storm. Forums popped up dedicated solely to refunding. Professional Refunders started to appear who would charge 7%-15% of the order total to get the refund for you. Refunding started to rival credit card fraud in popularity. Along the way? A cybercrime dynamic changed.
Before refunding, an aspiring cybercrook would start his career by purchasing stolen credit card details. He would then try to defraud Apple or Amazon for electronics. He would fail miserably because he didn’t know how to commit credit card fraud. Many of those would-be fraudsters would then tuck their tail between their legs, stop fantasizing about getting rich through credit card fraud, and find a job. A few would stick around. That few would then start learning how to do credit card fraud. It was a process. There were things to learn. And it took time to start profiting. It was like a natural filter that kept the riffraff out of the cybercrime world.
Refunding changed that. Now an aspiring cybercriminal could immediately start profiting $10k a month through Refunding. They didn’t have to know anything. They could even pay someone a percent to do the refund for them. And while they were profiting those thousands of dollars a month? They could then learn other types of online crime.
The result? No filter. No gatekeeper. Now anyone could profit as a cybercriminal. And they did.
I was the first person to warn merchants and law enforcement of this type of crime. October 6, 2016, I wrote an article on Linkedin which detailed it. (https://www.linkedin.com/pulse/amazon-refunding-meat-potatoes-cybercrime-world-brett-johnson/)
I wrote that article as I was beginning my career on the legal side of things. It was the first blog article I wrote. I wrote it because of the way it was redefining online crime and as an attempt to warn businesses of their future.
Then I was invited to Keynote the CNP Conference in 2017. I spoke about it there as well. I warned the merchants in attendance what was coming their way. And I gave advice on what to do about it.
The response? Other than a morbid curiosity, no one listened. None of the merchants, none of the conference organizers.
In fact, other than the FBI and Amazon, the only people who seemed worried about Refund Fraud were the criminals profiting from it.
Ah, that’s right. Let’s not forget about Amazon. It started with them. It eats them alive for a couple years until they start to institute security measures. But they don’t understand the criminal mindset. They don’t understand that Refunding has already redefined things. The box is opened and its not going to be closed.
Amazon started requiring police reports in order to process the refunds or replacements. The idea was crooks would never be brave enough to walk into a police station and file a false report. Makes sense, right? Not really. First, Amazon didn’t appreciate that cybercriminals are a different breed. We test everything. We don’t just take someone’s word for things.
Requiring police reports? Seemed OK until someone on the darkweb asked out loud, “Wonder if Amazon is verifying those police reports?” Someone else photoshops a police report and sends it in. They get the refund. Turns out Amazon wasn’t verifying anything. The next day photoshopped police reports are being sold for $25 each.
So begins Amazon’s fight against Refund Fraud.
Police reports. Banned accounts. AI and Machine Learning. Delayed action. Pictures of delivered packages. And much more.
Did it work? Did Amazon defeat the Refunders? Not hardly. Amazon is still being hit with Refund Fraud. The only thing that has changed is today every merchant is now a target. And the profit potential is much higher. Whereas no one listened to those warnings of a few years ago? Today everyone is all ears.
Did I say profit potential is much higher? The snapshot below comes from a Telegram Refund Channel, Noir’s Luxury Refunds:
It shows a list of merchants Noir will refund for you, the dollar limits, and the length of time it takes to get your refund. The way it works is you place an order with one of the listed merchants. You then contact Noir or one of his staff members. They then get the refund or replacement/refund processed for you. Charge? 7%-25% of the order total depending on the merchant and items ordered.
There are several Professional Refunders on Telegram. Noir is one of the most popular and one of the best in the business. Some have estimated based on his Telegram traffic and customer feedback that the channel profits tens of thousands per day. One contact told me that Noir himself has made several million dollars during his time on Telegram.
Customers of Noir regularly post of the amounts they are profiting. Profits in the $2000 range seem normal. One individual claimed to have profited $100,000 in one week and posted video of the storage locker of merchandise stolen during that week as proof.
It is a profitable crime. It is a profitable business.
Today, the crime is more refined. The excuse used a few years ago—Did Not Arrive, leaky battery, not in the box—are still used, but more sophisticated tactics are being employed. The latest is TID: manipulating or faking the tracking ID of the return package. Refunders can make it appear that the package has been returned to the merchants for a full refund without ever sending the package back.
Can merchants stop this type of fraud? It seems the writing is on the wall and the answer is no. This type of crime started at Amazon. Today, Amazon is still able to be victimized through Refund Fraud. There are, however, things merchants can do to mitigate the problem.
This blog article is part one of a three-part series on Refund Fraud available on www.cybercrime101.com.
Part One: Refund Fraud - What is it? (Where we define Refund Fraud).
Part Two: Refund Fraud - How is it Committed? (Where we walk through exactly how this crime is committed so merchants know what it looks like).
Part Three: Refund Fraud – How Can it be Stopped? (Where we discuss strategies and tactics for mitigating this crime).