Blog article
See all stories »

Agents of Evil

Air Parcel Express is a boutique international shipping company based in Sweden. They offer a wide choice of logistic services such as mail forwarding and global distribution, creatively supporting their customers’ supply chain. They maintain several warehouses worldwide – according to their well designed website (see image below), the latest was opened in Riga, Latvia on September 2008. Their turnover last year was around 4 million dollars, up from 2 million a year before. Due to their fast growth they are hiring additional staff despite the bad economy, with various career opportunities guaranteed above-average pay.

And it’s absolutely fake.

It’s a complete scam. The company doesn’t exist. Behind it is a sophisticated criminal service, according to a fresh report by RSA FraudAction Research Labs.

Recruitment for Air Parcels Express started September 2008; those that clicked on the Careers section in the website could apply for a Correspondence Manager position. The RSA FraudAction Labs found that an astonishing number of 1,925 Americans applied to this “work from home, get lots of money” scam.

1,925 Americans. That’s a huge figure that marks the tip of a very big iceberg. In this troubled economy, so many people will respond to these type of ads. Those that were made redundant; that had to suffer a pay cut; that lost their small business. I wrote about the phenomenon in a previous blog call Riders on the Storm.

The applicants had to provide all their details to Air Parcel HR. Out of the 1,925 only 33 were actually hired. Their job was really easy:

All they had to do was receive packages from eCommerce website, unpack them, and put them in another box. Then an international courier, their service pre-paid, will contact them to pick up the package.

That’s all.

For this service, they were promised thousands of dollars per week.

The people who got hired for the “job” are known in the fraud underground as “drops”, and in the anti-fraud community as “reshipping mules”. My own perspective on these people is mixed: on one hand they are victims – they apply for a job, never get paid, miss other opportunities, get involved in a fraud ring, and eventually their details may be traded for identity theft (there was evidence that at least one of the 33 mules had her identity stolen and a bank account was opened in her name).

On the other hand, these people that light-headedly respond to a “work from home, gets easy cash” ad are the fuel of the fraud ecosystem. Without mules it’s difficult to cash-out stolen online banking credentials and monetize eCommerce goods purchased with compromised credit cards. They are agents of evil. Unaware agents perhaps, but still agents.

Moving away from the issue of the mule themselves, this rare glimpse into the back-end operation of a reshipping scam provides many insightful revelations.

The interesting thing about the scammers was that they provided their customers – eCommerce fraudsters – with three valuable services packed in a single “cash out as a service” offering.

The first service was reshipping mules: this itself is quite valuable because eCommerce websites became good at spotting items that go to shoddy addresses, and couriers got better in claiming proof of identity when delivering high-value goods. So, you just send it to someone real. A mule. This is almost impossible to detect.

The next service is international shipping, free of charge. If you’re an eCommerce fraudster, you know that any domestic shipping may eventually leave traces that point to you. By reshipping the items out of the country, you reduce risk.

The third valuable service was monetization. The mule reshipped the items abroad to representatives of the scammers, who took care of selling the goods in their locales, or in auction sites.

The service was marketed first in Russian fraud forums. eCommerce fraudsters subscribed to the service at no cost, got a user name and password, and were allocated reshipping mules. Then they simply used stolen credit cards to buy at eCommerce websites, and used the mule’s name, address and phone number as recipient. That was all they had to do on their end; the rest was taken care of by the service operators. After a couple of weeks the fraudsters got paid about 30% of the goods’ value, which is a win-win situation for both the fraudsters and the service providers.

The FraudAction Research Lab report has many screenshots from the scam’s back-end, including the list of hired mules showing they were from every corner of the US; and a translation of the original post in the Russian speaking fraud forum. Worth a glance.

If you think this is a one-off incident, thing again. This isn’t an anecdote: mule recruitment is a flourishing business. www.bobbear.co.uk is an excellent source tracking all sorts of recruitment scams; you can get an impression of how many live scams are on.

I only wish more would-be-mules were aware of such resources so they can validate their work-from-home shiny job isn’t going to turn them into agents of evil.

Air Parcel Express
5025

Comments: (0)

Uri Rivner

Uri Rivner

Chief Cyber Officer

BioCatch

Member since

14 Apr 2008

Location

Tel Aviv

Blog posts

87

Comments

37

This post is from a series of posts in the group:

Online Banking

This community is for discussion of developments in the e-banking world, including mobile banking. This can include all the functional, business, technical, marketing, web site design, security and other related topics of Internet Banking segment, including public websites of the banks and financial institutions across the globe.


See all