Fraudulent refund services are becoming a vicious vector of attack for malicious actors on the dark web.
This newest form of fraud targets online retailers, banking on their generous refund policies to fraudulently claim money or replacements for products they hadn’t purchased in the first place.
Fraudulent refund services are a particularly pervasive form of cybercrime since merchants are stuck between trying to ensure customer satisfaction and mitigating the loss of an estimated 500,000 euros every month through cybercrime.
A typical fraud case occurs when the false buyer claims that the product they allegedly purchased never arrived. Due to the fierce competition going on between online retailers, many of them promptly respond to such claims with refunds or replacements purely to control damage to their reputation and to keep the customer happy.
When fraudulent vendors are thrown into the mix, it is almost impossible for the con not to work since it largely involves social engineering and fake documents.
A Growing Sector of Cybercrime
Refund fraud has grown significantly since 2017, coasting on the increasing number of online sales. It is openly discussed on dark web forums where fraudulent vendors are quick to offer their “specialized services” to interested parties.
In return for effective service, these illegal vendors gain massive followings and create a reputation that is conducive to the continuity of their business. Happy customers have been known to go as far as leaving screenshots alongside messages of gratitude and praise following a successful refund scam.
Vendors who pull off scam after scam successfully will often receive repeat business from many of their customers, who are sometimes satisfied enough to leave positive reviews about their experience.
Even as online retailers struggle to figure out a way around this scam, more and more illicit vendors pop up on these dark web forums offering their services.
Fake Receipt Scams Emerging
This increase in criminal activity has led to an influx in the advertisement of fraudulent receipts on the dark web.
These fake receipts often look as authentic as the next and can be engineered to target a wide variety of online retailers. Fake receipt vendors rely on social engineering as their main tactic since there are no parameters to be bypassed in this scenario.
The customizable nature of these fake receipts only makes it more difficult for companies to preempt these actors’ next move.
In addition to saturating the market with an indeterminate number of fake receipts, these illicit vendors have made it easier for malicious actors to claim reimbursement even without making the initial purchase.
Similarly, they have made it increasingly difficult for companies to spot instances of fraud even if they’re perpetrated by the same person.
Fake receipts will also present a huge problem for brick and mortar stores, as Flashpoint analysts cautiously predict.
The availability of physical fake receipts will make it harder for stores to stop people from using them to wrongfully claim reimbursement. As an added risk, physical receipts will make it impossible for retailers to avoid reimbursing customers for stolen products.
Several illicit vendors offer digital and virtual receipts alongside product serial numbers just to increase the legitimacy of the claim.
Aside from the very pertinent concern of having a market that is flooded with fake serial numbers, the availability of fake product serial numbers leads Flashpoint analysts to speculate that these vendors are in possession of the serial number-generating software.
Already, several of these types of software have been spotted on various forums both on the dark web and on the surface web.
Will the Trend Continue?
Increasing competition and a need for transparency will continue to force retailers to extend generous return policies, usually at their own expense. This gap is one that may only widen as businesses compete to differentiate themselves and to build loyal customer bases.
As bleak as the situation appears to be, online businesses can avoid falling for some of these fraudulent claims by carefully analyzing all refund claims before fulfilling them. A dedicated intelligence service can facilitate this and help businesses to avoid massive losses from cybercrime.
Thank to this newfound insight, however, online businesses now have the ability to make wiser decisions about their refund policies in spite of the pressure to attract repeat business and build loyalty.