I have covered counterfeit cash and counterfeit credit cards (in-Store purchases).
This post will cover 3 shipping exploits that fraudsters employ when using stolen cards for online purchases.
Effective fraudsters are well-aware of the hoops that they need to jump through in order to successfully defraud a business.
Address Change
During the checkout process, the fraudster provides the cardholder’s information exactly as needed in order to meet the requirements of the fraud prevention system.
After the checkout is complete, the fraudster calls customer service and leverages social engineering, resulting in the shipping address being changed from an override. Due to this being a manual process, there are no data-point risk analyses completed.
Intercepts
This method takes place once the package is on it’s way.
During transit, the fraudster contacts the delivery service, employs a bit social engineering, and requests for the package to be sent to a post office for pick up by a “Brother-in-law / Sister-in-Law”.
The key thing regarding the “in-laws” is that the name doesn’t have to match the cardholder’s information.
This allows fraudsters to employ any ID that they have lying around, as long as they have someone who can use it effectively. Effective fraudsters have stacks of IDs and plenty of people.
Forwarders
This method exploits a legitimate secondary courier service to re-route packages wherever the fraudster designates. A fraudster purchases a mailbox at a secondary courier service.
When any mail is delivered to the box they are assigned, the forwarder has instructions regarding where to send the package.
This method is especially effective when using cards that are issued and registered in countries who don’t support AVS-Verifications.
Please note that I didn’t cover lower-level methods like “Porch Pirating” or “Drophouses”.
Effective fraudsters know that these tactics are well-known and they typically decide to limit their exposure to risk by employing more sophisticated methods.
Be proactive, my friends.
