According to Brian Krebs of the Krebs on Security newswire, one of the simplest ways to extract cash from stolen card accounts is to buy expensive consumer goods online and resell them on the black market.
Most online retailers, he notes, have grown wise to these scams years ago and stopped shipping to regions of the world most frequently associated with credit card fraud, including Eastern Europe, North Africa, and Russia.
But, he asserts, these restrictions have created a burgeoning underground market for reshipping scams, which rely on willing or unwitting residents in the US and Europe to receive - and relay - high-dollar stolen goods to crooks living in the embargoed areas.
Krebs says that there are dozens of businesses in the criminal underground engaged in merchandise laundering, known as `drops for stuff' on cybercrime forums. The drops, he adds, are people who have responded to work-at-home package reshipping jobs advertised on craigslist.com and job search sites.
Most reshipping scams promise employees a monthly salary and cash bonuses. But the crooks almost always sever communications with drops just before the first payday, usually about a month after the drop ships their first package.
“A typical drop will receive and reship between two and four packages per day. The packages arrive with prepaid shipping labels that are paid for with stolen credit card numbers - or with hijacked online accounts at FedEx and the US Postal Service. Drops are responsible for inspecting and verifying the contents of shipments, attaching the correct shipping label to each package, and sending them off via the appropriate shipping company”, he says in his latest security posting.
One drops operation – dropforrent.net - allows clients to rent drops who have signed up for reshipping jobs, with managers - those who facilitate drop recruitment scams – earning money by purchasing merchandise that the reshipping operation can quickly resell.
“Most reshipping operations seek consumer electronics that can be easily sold for cash, including laptop computers, cameras, smart phones and parts for sports cars. Dropforrent.com pays managers and clients 30% of the value of laptops from Acer, HP, Toshiba, Dell, Compaq and Samsung, for example, and more than 40% of the retail price for Apple, Sony, Vaio, Canon and Nikon products”, he says.
“The dropforrent.com managers recruit new hires by posing as legitimate businesses. One manager who uses the name Dick Martin operates a dummy business called applestore-direct.com, and actively recruits drops via ads on craigslist.com. Recruited drops are given a login to applestore-direct.com where they receive daily updates about pending shipments. Drops also are required to use this web-based interface to notify their managers of received and reshipped items”, he adds.
And here's where it gets interesting, as Krebs says that Kent Tribbett - a 24-year-old from West Berlin, New Jersey - has been reshipping for applestore-direct.com for almost three weeks, after being hired by Martin via an ad on craigslist.com.
10 clients have been using Tribbett as a drop and, to give readers a taste of the scale of the operation, he also reports that those same records show that Tribbett was one of 60 different drops recruited by Martin in the past 10 months.
“I spoke with Tribbett briefly by phone; he denied receiving or reshipping packages for applestore-direct.com, and then hung up. But the numerous USPS tracking numbers and Express Mail bills attached to the past shipments in his account at the site suggest otherwise”, notes the former Washington Post security researcher.
Krebs concludes that well-run reshipping schemes can launder huge volumes of stolen goods in a relatively short time.
“The minimum order dropforrent.net accepts is $300. Records at dropforrent.net show that since the beginning of this year, drops hired through Martin’s applestore-direct.com front site have shipped more than 800 orders — at least a quarter million dollars worth of stolen goods,” he says.