The story of a scammer. Should the business resist theft, and what happens to it

image

Most recently, we have an interesting story that we want to share on Geektimes, since we have an official blog here. This can be an indicative case for executives of small companies that work on the Internet and, accordingly, face traditional problems for online businesses. Should fraudsters be worth it even if they threaten to “spoil your reputation” and that you “will no longer have customers”? Do you need to think at all about what products customers send with your help (if you are a mail forwarder) and how your customers pay you?

Today we will talk about the fraudulent use of someone else's credit cards and what happens when a company takes a scammer to the surface.

It’s worth mentioning right away that we consider payment security a very important aspect of our work. We consider the prevention of fraudsters on the site as an area of ​​our responsibility. The department that deals with these issues in the Parcel Box has been working for several years and even runs a separate Anticarder.com project (which many large Russian mail forwarders use). But the conversation is not about him now.

So, a few weeks ago, the parcel discovered suspicious activity in one of the accounts. Initial verification revealed that the client’s actions actually look atypical. Therefore, we continued the investigation. During it, it turned out that the client was engaged in the theft of someone else's credit cards. Moreover, he has been doing this for a long time, on an ongoing basis.

Apparently, assuming that the law enforcement authorities did not care about him, he was not particularly hiding, which allowed us to collect a substantial evidence base, on the basis of which we came to the conclusion that we were dealing with a fraudster and that he was hiding behind nicknames on the forums. Please note that all third-party data published in our mini-investigation is taken from open sources.

Who is he - our “hero"? His name is Konstantin Gennadevich Nezaprozvanny , born on August 7, 1993 (23 years old), lives in Yekaterinburg. Preventing the concern of the guardians for the safety of personal data, we emphasize that he did not think to hide and several times published posts in our VKontakte group directly from his account.

Let's start with the email. Konstantin’s is quite noticeable -jiks1993@gmail.com , another of his mails is on Yandex and starts with the same letters - jiks13@yandex.ru , well, and the third mailbox is here - jiks@bk.ru . As you can see, they all coincide with his Vkontakte address - vk.com/jiks13

As we said above, either from a feeling of complete impunity, or due to the peculiarities of the mindset, Konstantin inherited on the network using precisely this data.

image

Therefore, our first step was to establish a fundamental connection between the “client” and fraudulent schemes. As you can see, this can be done quickly and easily. Moreover, on different sites.

Here he is at the famous international forum of Internet scammers, where he has his own account, thanks for the description of another fraudulent scheme and promises to try it out:

image

leakforums.net/thread-672489&page=4

And this is another Carder forum where the hero of our story participates in discussions about cashing stolen bank cards by replenishing the balance of SIM cards:

image

www.dublikat.co/threads/zavliv-sim.15010

Pay attention to the dates of discussions. From them it is quite obvious that for our “hero” this is not some random episode of his biography, but a long-standing and constant activity.

Move on. After we found out that Konstantin the Uninvited, to put it mildly, is not a moral person, it is interesting to look at his activity on the Parcel website. Here, as it turns out, our “client” also didn’t particularly bother and made a classic mistake of the presumptuous carder. They call it “driving a cart (or cardboard) in the middle”. Which in normal language means that Konstantin decided to use stolen credit cards directly on the Parcel website. And immediately by busting many cards. It is worth emphasizing the word "credit." As you probably know, cards are different: credit, debit, and prepaid (prepaid). And if it is not difficult to get a debit or prepaid foreign card, then for a credit card you need to be a resident of the card issuing country, or at least live in the country for a rather long time, have local legal status, earn income and pay local taxes. This is what allows you to count on a loan at a local financial institution. Moreover, as a rule, not immediately, but only after a few years.

Maybe, you say, it was all that way, and Konstantin somehow managed to get an American credit card? Maybe. Moreover, many customers of the Parcel Box use their cards issued in the USA without any problems. For example, our “hero” could have relatives abroad. But how to explain that Konstantin Unzobrozvanny simultaneously owns credit cards in Germany, Belgium, Australia, France, the Republic of South Africa, as well as cards in Ireland and Italy? Moreover, maps of some countries are not presented in one copy. For example, only German credit cards Konstantin used 4 items on the Parcel website, Australia - 2 pieces.

Here you can see part of the payments of our “hero”. We look at the status of payments. Blocked means that the payment is recognized by the processing center as fraudulent. Such payments are called chargebacks. Processing minuses them from the business account and, as a rule, a fine of 15-35 dollars is added to each such chargeback.

image

And here you can consider the details of a separate blocked payment. These are just two of many examples. We will not give screenshots of each payment, but you can pay attention to the fact that the cards are credit.

image

image

Naturally, having received such a number of suspicious payments from Konstantin, we contacted our processing center, and after a while they confirmed that all payments were recognized as fraudulent and cardholders stated that they did not know these transactions.

After we made sure that all the funds with which Konstantin tried to replenish his balance were returned to their rightful owners, we blocked his account and informed him that the two parcels that had arrived at our warehouse by that time should be returned to the sellers, that we stop any cooperation and in the future the account will be closed forever.

Unfortunately, instead of calmly returning the parcels to sellers and then resolving issues with them separately, Konstantin decided to give out black for white and published a post stating that the parcel had picked up his parcels. Moreover, he initiated spammer attacks on our official VKontakte, Facebook, and YouTube communities. It is worth emphasizing that these were not attempts to really clarify the situation, they were precisely the attacks of hundreds of spammers and bots with obscene expressions and insults against both our company and individual employees.

image

Konstantin’s behavior is somewhat different from the typical behavior of a carder after a ban. He appeals to the public, posts several posts on the Internet that the Parcel is “scammers,” where it shows screenshots of how he used a certain unnamed referral to receive money for which goods were bought, as proof of the legitimacy of his activities (like screenshots of iPhones on some site announcements explain something - leave it to the reader).

That is, he does not sit "quietly", even knowing that the Parcel, and potentially the law enforcement agencies of the Russian Federation, has his data, and even triumphs, thinking that the only information against him is his suspicious registration in a strange "referral system" . Konstantin’s confidence in his abilities can be explained by several factors: firstly, judging by the activity on the Internet, in addition to carding, he is also engaged in spam and doorway searches, and secondly, he did not know that all unsuccessful attempts to “drive in” stolen credit cards from Our processing center is also visible, or maybe it thinks that this is not a criminally punishable activity.

And here you can observe an interesting phenomenon: the “public” believes it, because if you don’t get a grasp on Konstantin’s posts, the position of an ordinary buyer person (even with a slightly obscure story) who goes against a large and “overloaded” company is understandable and close to the heart of a simple Russian person, and the parcel at this moment is quite stingy with comments and a bunch of screenshots in no hurry to upload. All doubters and asking questions under the posts of Konstantin are ruthlessly driven into the minuses and banned, apparently - not without the help of bots.

Obviously, spamming attacks on all fronts (VK, YouTube, Instagram, Facebook) are detrimental to any company operating on the Internet, and probably many smaller companies would have already “showered” and went to the terms of a fraudster - who now needs a negative “noise” ? Unfortunately, we have already seen this in the mail forwarders market, however, for a company this usually ends sadly.

We are rightly proud and cherish our reputation, and we are not going to negotiate with obvious fraudsters, which we also wish colleagues from other companies.

One can only guess why Konstantin the Uninvited does not want to send parcels back to the store. For us, the fact that he tried to pay for the Parcel services with stolen credit cards is enough. In this connection, he was blacklisted, not only with us, but also with other mail forwarders.

Separately, it is worth emphasizing: we give law enforcement agencies all the necessary information about each such case, but, nevertheless, we are convinced that it is the company's responsibility to prevent all kinds of scammers from using its services. This is a responsibility to both clients and the law. Because otherwise, the law in the face of US law enforcement will come to us as partners in the crime, and then not only our company will suffer, but also tens of thousands of customers whose purchases are in our warehouses every day.

Also, if we are talking specifically about business damage, then when receiving payment with stolen credit cards, it also incurs direct financial losses, because every fraudulent transaction is also a penalty that processing centers apply to business. And if such cases are repeated regularly, then it is the business that loses its license and, in general, the ability to accept payments with credit cards.

Therefore, as you understand, in addition to the moral aspect (which is very important and consists in the concept that it is not good to steal, and the thief should be in prison), there are also quite prosaic reasons why any responsible business should do everything possible to provide protection yourself and your honest customers from the actions of scammers.

Over the past few days, we have been asked many times and in different forms the same question: “Does the Parcel have the right to call someone a fraud? Is it not the case of the Parcel post simply to send the parcels without wondering how legitimate this or that purchase is? ”

These and other similar questions can be answered with a quote from Jerzy Lec: “It is ugly to suspect if you are quite sure.” In this case, we are fully confident that Konstantin Unzobrozvanny is a fraudster. He can argue with this by suing us. There we will gladly provide all the facts available on paper. True, there is a suspicion that Konstantin will not go to any court. Well, or will go on a completely different occasion and in a different capacity. In the meantime, we are waiting for the summons and will continue to close the scammers' accounts, send their purchases back to the stores and do everything in our power to ensure the safety of honest parcel customers.

All parcels of Constantine the Uninvited are sent back to sellers.

imageimage

imageimage

Check the tracking of these packages here:

tools.usps.com/go/TrackConfirmAction?tLabels=9405510200828099042918
tools.usps.com/go/TrackConfirmAction?qtc_tLabels1=9405510200829098966861

UPD regarding locks in VK group
Regarding the numerous comments about the fact that the parcel banned adequate people in the VKontakte group - we explain. We were subjected to a spam attack, which affected not only communities on social networks, but also online chat support, as well as personal accounts of our employees. Most of the comments were in this style:







All such posts were deleted, and commentators were automatically sent to the ban. We provided a detailed explanation of our position on the VKontakte group wall, in the comments of which a quite adequate discussion started, and many questions asked in a calm tone received clear answers:






Comments and questions that duplicated the discussion were also deleted.

Also popular now: