I recently discovered a number of businesses in the USA that are helping the Russian Mob rip people off. If you sell a product, your company could be one of them.
I’m not kidding.
HP and Office Max are on the list. So is PayPal. And hundreds of other companies that sell products online are also, unknowingly, helping criminals get rich.
Maybe you already know that someone stole my identity a few weeks ago. They used my name and credit score to buy $6,000 worth of juicy HP Laptops. According to the Charlotte Police Department, the PCs were purchased by — and headed toward — an organized crime syndicate in the Ukraine. (The detective on my case says about 80% of the identity theft cases lead back to the former Soviet Bloc in one way or another.)
The crime is so simple, yet it takes advantage of businesses both large and small... perhaps even yours. Learn how it works so you can prevent it.
How Does It Work?
6 Steps to the Russian Recipe for Identity Theft
- STEP 1: Someone in the Ukraine starts collecting data on me. They put together my name, address and a few other details. Maybe they find my birthday on Facebook. Perhaps they got the last 4 digits of my Social Security Number from an consumer database they hacked… but they don’t really need much, and that’s part of the problem.
- STEP 2: They place an ad on CriagsList.com, hoping to find someone in the USA to “work from home” as a “freight forwarder”. This part-time soccer mom agrees to accept packages delivered to her house by UPS and to simply re-label them for shipping overseas… Destination: Ukraine.
- STEP 3: The Ukrainians purchase laptops from Hewlett Packard using a new credit account they set up through “BillMeLater.com” — a PayPal company. They use personal data (mine, in this case!) which allows him to apply for a new line of credit right on the HP website.
- STEP 4: The buyer amends the shipping address to include the address of the freight forwarding person.
- STEP 5: The HP laptops are shipped by FedEx to the American forwarder (our work-at-home soccer mom in this case), who repacks them and re-ships them the Ukraine.
When this recipe works, the Ukrainians get $6,000 worth of computers at my expense. HP, BillMeLater and I are left to fight over who gets paid and who does not.
When the scam does not work, the trail of bits and digits goes almost no-where. Local police have very little recourse for pursuing what is essentially an IP address in the middle of the Russian arctic. All emails and payments (such as to the work-at-home buyer), are done using generic Yahoo email accounts and bogus PayPal accounts.
Who is to blame?
Every company that touched this transaction failed.
- PAYPAL… Their service, called BillMeLater.com is a widely used on-line credit application. Unfortunately, BillMeLater’s simple credit application is easy to fake — it does not even require a complete Social Security Number. The detective on my case said, “BillMeLater is the single worst offender” — opening credit without proper identification.
- BILLmeLATER again… Even though they issued $6,000 worth of credit, they did not report this account to the credit bureaus. Customers who have a bad credit score love this, but so do thieves because it also hides the transaction from me. Without this notice, it can be 6 months or more before you learn there is a (now overdue) account opened in your name.
- HEWLETT PACKARD… for endorsing BillMeLater as a credit issuer, and for allowing people to ship things to addresses other than the address used for the credit application.
- FEDEX…. For delivering things to the changed address. Now, to be fair, both my address AND the address of the work-at-home soccer mom were on the FedEx label. So to make this work the Russians had to find a freight forwarder in my zip code because FedEx does not allow you to change the zip code.
- ME…. for putting my personal data online. A recent study suggests that Facebook, Linkedin and Twitter users are more likely to be victims of identity theft. Even just using a smartphone makes me 1/3 more likely to be a victim!
Which role are you playing?
- Do you sell online and allow shipments to unknown persons?
- Do you offer easy credit through a third party?
- Do you thoroughly check and report the credit that you offer to customers?
- Would you even know if you ship a product to a fake account?
- How many of your outstanding receivables are actually cases of fraud and identity theft?
Are You Losing Too?
Businesses are victims in this scam too.
HP, PayPal and FedEx all took a loss on my case. Even though the transaction was caught and reversed, each of those companies had put time and resources into making a sale (and later reversing it).
It would have been worse for them had the scam worked. HP and BillMeLater.com could have lost the $6,000. (The police report absolved me of liability.) And I’m just 1 guy: There were over 11 million cases of ID fraud in the USA in 2011.
If you sell anything online, you’re eventually going to face the same thing. Small businesses are at significant risk, and the big financial players are not protecting us.
Take action now to lock down your e-commerce and credit issuing policies and procedures. If you aren’t sure what to do, call the Financial Crimes department of your local Police Department and ask for help. They have great resources and would love to get you started on preventing this kind of crime.
Dedicated to your (Ukrainian-Mob-Free) profits, David
PS: My case wrapped up nicely. The local soccer-mom “forwarder” had (by sheer luck and coincidence) been warned about her activities by the police, and she smartly declined to accept “my” shipment from HP. FedEx then delivered the boxes to me and the scam was obvious. I contacted HP, BillMeLater and the CMPD. I had a few days of forms to fill out, but came away from this without a blemish. I count myself extremely lucky.