Researcher explains how fraudulent drop-ships allow criminals to monetize card credentials

Brian Krebs explains how fraudulent drop-ships allow criminals to monetize card credentials
Brian Krebs explains how fraudulent drop-ships allow criminals to monetize card credentials

According to Brian Krebs of the Krebs on Security newswire, one of the longest-running fraudulent drop-ship operations is called Profsoyuz.biz and markets itself on invite-only forums to help credit card thieves “cash out” compromised credit and debit card accounts by purchasing and selling merchandise online.

Most Western businesses, says the researcher, will not ship to Russia and Eastern Europe due to high fraud rates in those areas. “Underground businesses like Profsoyuz hire Americans to receive stolen merchandise and reship it to those embargoed regions. Then they charge vetted customers for access to those reshipping services”, he reported.

After obtaining access to a set of spreadsheet data from Profsoyuz, Krebs says he rang one woman whose card was misused to buy a Star Wars Lego set for $189, plus $56 in shipping, and she told him that she was filing a police report online, after reporting the unauthorized charge to her credit card company.

The Lego set was sent via FedEx to a 37-year-old man from Los Angeles, who she says was apparently working for a shipping company in Santa Ana, Calif., and that he got hired in his current position after responding to a job offer on a recruitment site.

The man told Krebs that the people who hired him have been sending three to four packages daily for the past two weeks, but sometimes as many as seven each day. “The packages arrive with prepaid shipping labels, and Padilla’s job is to affix the labels on the packages and arrange for them to be picked up or sent via the corresponding shipping service, usually the US Postal Service or FedEx”, he told the security researcher.

Padilla went on to say that he had been promised a $1,000 salary via PayPal at the end of his first month of work, during what his employers called a “trial period.”

“If approved, and I passed the trial period, it was supposed to be $2,500 every month I worked after that,” he told Krebs, adding that he didn’t see any complaints about the company, so he went ahead and signed the contract.

“Padilla failed to notice that the emails from his employer came from transitaircargoinc@gmail.com, not from Transitair.com, the legitimate company’s real address. He also had no way of knowing that reshipping mules almost universally are cut loose without pay at the end of their first month’s work”, says Krebs, who went on to talk to Gary Syner, the CEO of Transit Air Cargo whose name was being misused for the shipping recruitment scam.

“You would think that common sense would tell you that if the deal sounds too good to be true, and you don’t even know who the parties hiring you are, then it’s probably not a real job,” Syner told Krebs.

“I know these are desperate times for some people, but how the hell do you fall for something like this? If you don’t meet the employer in person, it’s probably a good indication that something isn’t right”, he said.

What’s Hot on Infosecurity Magazine?