Scammers Actually Got Away With Millions Of Microtransactions Scam
from the office-space dept
Wired digs into the details of how this was set up, which highlights the complexity of the operation:
According to court documents filed (.pdf) in the U.S. District Court for the Northern District of Illinois, the scammers -- identified only as "John Does" in the complaint -- recruited money mules through a spam campaign that sought to hire a U.S.-based financial manager for an international financial services company.See? A bit more complex than just taking a fraction of a penny off of each transaction. But, as the IDG report notes, if you're looking to set up an online scam, here's a blueprint.
Mules who responded to the ad and were chosen for the task opened multiple bank accounts and about 100 limited liability companies for the scammers, which were then used to make the fraudulent charges and launder money to bank accounts in Cyprus and several east European countries, including Estonia and Lithuania.
Front companies set up by the mules included Albion Group, API Trade, ARA Auto Parts Trading, Data Services, New York Enterprizes, and SMI Imports, among others.
The scammers then purchased domain names and set up phone numbers and virtual office addresses for the front companies through services such as Regus. They used this information -- along with federal tax I.D. numbers stolen from legitimate companies with similar names -- to apply for more than 100 merchant accounts with credit card processors, such as First Data.
According to IDG,They used another legitimate virtual business service -- United World Telecom's CallMe800 -- to have phone calls forwarded overseas. To further make it seem as though their companies were legitimate, the scammers would set up fake retail Web sites. And when credit card processors asked them to provide information about company executives, they handed over legitimate names and social security numbers, stolen from ID theft victims.Once approved by the card processors, the front companies were able to charge consumer credit and debit cards. Money charged to the cards was directed into the bank accounts set up by the money mules, who then transferred it to accounts overseas.
When they had to log into payment processor Web sites, they would do this from IP addresses that were located near their virtual offices, again evading payment processor fraud detection services.
The charges showed up on consumer credit and debit card statements with a merchant name and toll-free phone number. But consumers who called the numbers to question the charges generally encountered an automated voicemail recording saying the number had been disconnected or instructing them to leave a detailed message. The calls, of course, were never returned.