What Is a Fraud Mule Attack and How Do I Prevent One?

A new fraud trend is developing in the eCommerce world, and it’s especially hard for most fraud detection solutions to catch. Known as a fraud mule attack, parcel mule scam, or reshipping scam, this notorious form of fraud harms innocent victims beyond the merchants that are scammed.

In this blog post, we’ll explain how fraud mule scams are operated, as well as tips on how you can keep your business safe and fight chargebacks.

Here’s how a fraud mule scam works:

1. The Promise

A scammer or group of scammers starts by recruiting unsuspecting accomplices. The scammer advertises a work-from-home position on a job board or social media site, promising a quick and easy way to make money as a gift wrapper, shipping inspector, packaging assistant, or similar title. All the applicants have to do, they are told, is receive packages to their home address and reship them to another address, often located in Eastern Europe or Nigeria. One study found that most shipping fraud scammers operated in or around Moscow, with ninety percent using mules living in America to ship packages to Russia.

When advertising the fake job opening, the scammer will often target low-income neighborhoods to take advantage of people desperate for more income. To the job applicants, the promise of earning a lucrative salary for performing simple and easy tasks must seem too good to be true—and it is.

2. The Setup

The fraudster hires one or more people, who will become his “mules,” or “drops,” as they are called by many scammers. Once they’ve chosen the mules, the fraudsters will collect their new hires’ personal information, ostensibly in order to pay them for their work. This usually includes their Social Security numbers, dates of birth, and banking information. Then, sophisticated fraudsters will add their “employee’s” billing address to the account of a stolen credit card via social engineering, using cards issued by banks with lax security.

3. The Purchase

Following instructions from his or her “boss,” the new “employee” will then make an expensive online purchase, unwittingly using the stolen credit card linked with their personal information. These purchases usually consist of valuable items that can easily be resold, such as consumer electronics.

From a fraud prevention standpoint, the order looks like a perfectly safe order. There is no detectable AVS mismatch; the customer’s billing address matches that on record at the bank, the shipping and billing addresses match and the name on the order is consistent with public records of where the “cardholder” lives.

Variations:

In a simpler but slightly less fool-proof version of the same scam, the fraudster will pay for the purchase himself (using the stolen credit card), and use the fraud mule’s shipping address. The fraud mule doesn’t pay for the packages they receive, but because their address and personal information is being used, they still act as a buffer between the scammer and the stolen goods.

Other scammers will ask their “employees” to pay for shipping costs themselves, promising to reimburse them later. Since many fraud mule scammers are based overseas, the cost of reshipping orders can be significant for the mules being taken advantage of. Of course, the fraud mules never receive reimbursement for the money they lay out.

While some small-time fraudsters carry out the entire scam on their own, more serious criminals operate the scam as a service to other crooks. The “operators,” as they are known, set up a network of mules and then charge other scammers (known as “stuffers”) to reship packages through the mule network.

5. The Aftermath

The merchant processes and ships the order to the “employee,” who sends it on to the fraudster. The real owner of the credit card sees the fraudulent charges to his account and calls his bank. Eventually, the merchant receives a notification and a chargeback fee.

The consequences can be devastating. The merchant loses valuable merchandise and receives a chargeback. The unsuspecting “fraud mule” can be held legally accountable for trafficking stolen goods, and will usually receive no payment for his or her “work.” Most are unceremoniously fired within thirty days of being “hired,” as the scammer tries to avoid detection by cutting ties with his mules.

In the worst scenarios, the scammer will “pay” the mule with a fraudulent check or money order, made out for more money than has been promised. The mule will be told to keep the amount he or she has “earned” and transfer the difference back to the “employer.” The mule will deposit the bad check and send the difference to the scammer from his or her personal bank account, only to be held liable by the bank for the full amount when the check is discovered to be counterfeit.

Why is this type of fraud happening now?

Fraud mule scams typically require stolen payment credentials, which can be obtained by attacks from hackers. Given the rash of data breaches that have occurred in recent years, the new trend of delivery address fraud comes as no surprise. The Equifax data breach in 2017 exposed the data of 140 million Americans, including, in some cases, credit card numbers. In March of 2019, 106 million people in the United States and Canada had their records exposed. Included among the stolen data were 140,000 Social Security numbers and 80,000 linked bank account numbers.

These incidents are only two examples of a growing global problem. The market consultancy Juniper Research projects that the number of records stolen in data breaches will increase 22.5% per year through 2023, reaching a staggering 146 billion private records compromised. Each one of these stolen records can be used to place fraudulent orders, putting untold numbers of businesses and individuals at risk.

How will this fraud trend affect your business?

Fraud mule scams typically involve large orders, often in the thousands of dollars. Because the most sophisticated scammers link their employees’ data to stolen credit cards, the fraudulent orders appear perfectly legitimate to most fraud prevention systems.

With so much at stake, merchants need to be able to identify orders placed by mules. Even one chargeback can be devastating to the bottom line, especially for merchants with narrow profit margins. On the other hand, overcautious fraud-prevention solutions result in lost sales.

Traditional fraud-detection solutions can’t keep up

It’s hard to estimate the amount of fraudulent behavior that goes undetected every year, but there are always new schemes being developed by unscrupulous thieves. As new methods of fraud evolve, standard rules-based fraud-detection systems fall short, unable to stay ahead of the trends.

The fraud mule scam is a perfect example of a fraud trend designed to slip past a rules-based fraud prevention solution. Most machine learning systems would also fail to uncover it because no similar fraud tactics would have been in the labeled training data for the supervised learning systems.

What can you do to protect your business from fraud mule attacks?

To avoid losing valuable merchandise to fraud mule scammers, you’ll need to learn to spot the red flags that many such scams have in common.

 – Order Velocity:

Some scammers cut their mules loose (usually by pretending to fire them) after ordering and reshipping one large, expensive purchase. Many more scammers, however, try to send as many packages as possible through their mules before firing them, usually after about thirty days. That means you’ll see a sudden spike of orders to one address, all in a short period of time, from a customer who’s never done business with you before.If one of your customers (and especially a new customer) is ordering more frequently than is normal, consider it a red flag.

 – Income Disparity:

Fraud mule scammers need to find mules who are desperate enough for money, and limited enough in employment options, that they’ll jump at the chance to reship packages. For this reason, they tend to target low-income neighborhoods.

At the same time, scammers are interested in stealing expensive items with high resale value. If you notice that a customer has placed a particularly expensive order for delivery to a low-income neighborhood, look deeper. You might be looking at an order placed by a fraud mule.

– Delivery Address Mismatch:

If you’re suspicious that an order might be part of a fraud mule scam, look up the cardholder’s address. If the scammer hasn’t managed to add his mule’s information to the stolen credit card, you’ll see that the delivery address doesn’t match the cardholder’s address on file. If this is the case, you can call the number associated with the cardholder to confirm that they placed the order.

Beware, though: if you’re dealing with a very thorough scammer, you might find yourself talking to someone who was hired to impersonate cardholders for just that reason.

Nothing beats expert humans

Today, even with advanced fraud rules engines and machine learning, merchants still need experienced fraud analysts to catch the sharpest fraudsters out there. NoFraud fuses man and machine to create the most effective fraud detection system available to interface with your integrated payments process, ensuring peace of mind for you. It’s a solution that has seen tremendous success in combating the recent wave of fraud mule scams. Using NoFraud’s cutting-edge technology, our expert analysts spot the subtle clues across our customer data and react quickly, saving our clients millions in potential fraud losses.

To learn more about this new fraud trend and how NoFraud can help you protect your business, reach out via email to shoshanah@nofraud.com