Money laundering via author impersonation on Amazon?(krebsonsecurity.com) |
Money laundering via author impersonation on Amazon?(krebsonsecurity.com) |
I had the same with Verizon after someone opened a wireless account in my name. After supplying all the documentation they asked for, they came back to me, "our investigation believes the account was not opened fraudulently" (i.e. that they were saying that the account, and credit tradeline, were in fact mine).
"So what documents did I use to open this account?" "We can't tell you, for privacy reasons." "Did you verify my identity at the start of this call?" "Yes." "And you're saying your investigation believes that I opened the account." "Yes." "So I can't see my own documents in order to protect my privacy?" "Well... in case the account isn't yours... umm, ahh..." "..." "..."
Last summer I get a teams message from my manager "Call me ASAP" uhhh, crap, what did I do wrong.
HR had received an attempt to verify my unemployment claim. Uh, er, what? Apparently, like millions of other Americans this past summer, I was one of the people that someone tried to fraudulently collect unemployment benefits on.
I contacted the unemployment office her and reported it, a day or so later got a form email back stating this was happening like crazy and I needed to take no further action.
>our investigation believes the account was not opened fraudulently" (i.e. that they were saying that the account, and credit tradeline, were in fact mine).
This is an ongoing fear of mine. That come tax time they're going to be like "whoa, you owe all these taxes on the thousands of unemployment income you were paid" and I'll be like "uhhhhhhhh, no?"
G.J. Blokdijk is the 'author' of thousands of medical titles: https://www.amazon.com/s/ref=dp_byline_sr_book_1?ie=UTF8&fie...
Gerardus Blokdijk gets more than 40,000 hits for computer-related titles apparently generated by template: https://www.amazon.com/s?k=Gerardus+Blokdyk&i=stripbooks&ref...
Ok, so to pull this of, you need to:
1. have one or more stolen credit cards (obviously not on your name)
2. sell a book under a false name and buy it with the stolen credit card
3. have a bank account somewhere either under the false name from 2. or under some other false name or with a bank that will never give out your real name
So the money is not "clean" because it now rests inside a bank account with a false name or a bank that does not cooperate with authorities. In any case it is still somewhat shady.
https://www.ebay.com/sch/i.html?_from=R40&_nkw=amazon+gift+c...
My only logic is that its a form of money laundering.
They most likely already had his information.
In many countries it’s difficult to request refunds for online payments, especially if it was clear what you were buying. There’s a look inside button you can use to see a large selection of pages.
He generated so many books probably to cover all kinds of tech topics, to reach more victims.
Not sure why this idea gets downvoted. The simpler explanation is usually right.
> Why All My Books Are Now Free (aka A Lesson in Amazon Scams and Money Laundering)
https://mebfaber.com/2018/04/18/how-to-launder-money-with-am...
1. it's a large trusted platform, so the victim's bank is less likely to freeze the transactions
2. multiple items with arbitrary pricing means maxing out each card is simpler
3. the platform will likely have to eat the charge-backs, so where ever the seller receives money from Amazon is relatively safe for a while to further convert into crypto or whatever
4. because of the size of the platform you can keep creating new accounts indefinitely - they cannot possibly vet all new sellers - this is probably where the stolen identities for authors come in. Amazon must be doing some basic sanity checks / credit score lookups or something similar - hence they need real peoples names / SSNs.
I've seen similar things on app stores / freelancer sites etc. Yes, the accounts get flagged after a while, but there's usually enough time to cash out and creating a new one isn't that hard.
It would be possible to launder with a similar setup - just not with stolen cards but with prepaid cash/crypto ones so amazon doesn't flag the account for charge-backs. But then there's no real need to steal the book author's identity. You could just put your own name or a pseudonym on it. For a 1099 to arrive they've clearly entered the stolen SSN somewhere. You'd want your own SSN there to prove to the IRS that you've made the money... (and then you'd want to pay the taxes).
These titles are created by an IT company that is selling software / services. The software appears to do platform price matching / analytics, and one of those is on Amazon.
My understanding / assumption is that it appears that if they are a high frequency sellerid paired to their developerid, then they can increase their requests per second (http://docs.developer.amazonservices.com/en_US/dev_guide/DG_...) either by requesting a change, or maybe via background quotas set by Amazon.
The IT company has some promotional stuff, and they indicate a number of VM's using multiple public IPs to avoid throttling, and in addition:
> [as a top seller we get 8 rp/s, instead of the newbie 0.5 rp/s against 20 items per request]
I went through some of the sellers, and noted some have some complete shite ratings, but that their ratings are consistently at a certain value even over 30/90/12 months. Lifetime values are highly skewed as it appears they pre-stuffed the hat. So for every real person that gets screwed by a cancelled order, they create a number of fake reviews.
So my conclusion based on what I see is that this is their place-holder author, each of the clients they've sold this to has a store front stocked with these titles, the clients generate a ton of fake sales at a reduced price, request a quota increase as "we're a large seller", and then happily do whatever system gaming they actually intended to do.
I could go further down this rabbit hole, but this hypothesis has been exhausted. I wish I was this interested in my actual job.
The business titles in the second SERP look similar -- they're poorly formatted scoring systems or checklists.
So yeah. Those books look "legitimate" inasmuch as they are at least intended to be bought by real people believing that they are useful, rather than as a means of money laundering. The content of the books is heavily templated to the point of making the books not worth their selling price, but that's a separate issue.
https://www.amazon.co.uk/Cyrus-IMAP-Server-Complete-Guide-eb...
I found the full text elsewhere and it's basically 215+ pages of boilerplate/generated questions with blank answers to fill in. Complete nonsense. It's not only sold on Amazon, but on several other otherwise-not-that-dodgy sites as well.
The author even has an Australia-based business selling "licenses", "certifications", "professional development" etc. Blokdijk/Blokdyk (he spells his name inconsistently) looks like a typical conman with a small number of Schroedinger accomplices and blindsided useful idiots.
I get the vibe that if you sign up with them, you end up as a "consultant"/"affiliate"/"coach" spending your time acquiring new nodes in the network... Maybe there's a scammy MLM-component, maybe not, it's not spelled out, but I've seen that before even when it's not obvious from anything public.
I'd be surprised if their business would hold up to legal scrutiny.
And given that, who are these purchasers of his books on Amazon, then? I can't imagine anyone genuinely buying this and not asking for a refund. Is it just him buying from himself to boost his image, or are they that good at selling snake-oil?
------------
Then take a look at this, one of the top results I got when searching (warning, scam and probably contains malware): https://iv.0li.ru/books_db/?q=OFdIalBBN1dvcU1DbThiNTJIOVp0YS...
This is the most clever piracy-scam site I've seen. Note how the title is generated from the query and post dates are dynamically set so the earliest is old while the most recent is yesterday.
It's quite poetic how these assisted auto-content generating scams are chaining on to each other (:
>2. sell a book under a false name and buy it with the stolen credit card
That probably won't work too well because you'll have a unusually high chargeback rate on your account which would lead to your account getting flagged. You also eat the charge of chargebacks so that will eat into your profits. This could work as a part of a larger money laundering scheme though. eg. you have cash from selling drugs and you want to clean them, so you buy amazon gift cards with it and then use them to buy your ebook. now you have a clean source of income (selling ebooks) that the IRS would be satisfied with.
I'm guessing they are using the identify of "real" authors to bypass some kind of check Amazon has on new accounts selling books from unknown authors. Otherwise, what you're saying makes sense.
Amazon is an Everything store, including more easily washed financial products like gift cards that companies normally avoid for these reasons. I bet they can use their proceeds to exchange for these.
I am curious if, by having a linked AWS account fueled by these, if there is a way to fully wash. E.g., bitcoin mining sets a super lossy floor.
(We do graph analytics, where mining webs of transactions & their meta data is super interesting. Funny behaviors like these pop out as weird and extreme looking topologies when looking at them :)
These days though, I just torrent more often than not. It's just too much work trying to pay for the content I like.
That doesn't really make sense. Why buy it online leaving a papertrail (ebay account, bank/credit card transactions), when you can buy it anonymously in person using cash? The daily volume also isn't there. It's a couple thousand dollars per day at most. You can easily get that amount in person without raising any suspicion by driving to different stores in your city.
You set up a bank account and amazon seller account you control in someone else's name. Then you use your stolen CCs to buy the "book" from yourself thereby converting credit card details into money in an account you control. From there you can get the money out in a multitude of ways (or launder it again through the same or another method) depending on your risk tolerance.
We just keep going back and forward between you and I, always getting the $1k Credit Card sign up bonuses and a TON of points each month.
But this also a good way to launder money, most often for low-level drug transactions. Drug addicts steal credit cards or pass bad checks to buy gift cards. Then either give the cards to a dealer directly, or to a broker. The broker gives them cash, which they take to the dealer.
Gift cards are always cheaper than face value. The basic economics tells you they can't be more expensive than that, since they are similar to money, but worse. They can easily be cheaper; $300 at Starbucks is not as good as $200 wherever you want.
Your incredulity is pretty shocking; if you want to see gift cards sold cheaper than face value, all you need to do is walk into a Costco.
Remember Amazon has the credit card fee margin of savings if someone uses a gift card instead of a credit card.
I know, $5 isn't much, but it is still lower than face value.
The store issuing the gift card is out of the town center and I have had it for ages. Make me an offer and, if I get enough booze or contraband for now/tonight then I am happy.
Buy gift cards with a stolen credit card
Sell the gift cards for cheap to random people on the internet for crypto
* Dark web resellers: "20-50% take for X cards at Y $ in Z time" => additional jumbling (drop shipping, ...) and exit points (discounted $ for anonymous purchases for/during illegal activities)
* Normal marketplaces: "$100 starbucks card, 10% off!"
* Sell to physical retailers like small corner stores
The approach & time will all impact % retained
Edit: Here's a fun one, esp. when you think through all the ground operations / people in the drug supply chain: https://losspreventionmedia.com/gift-cards-have-become-a-com... . We work with a lot of sec/fraud teams, where I've repeatedly heard the story "At $100M-1B revenue the finance wizards started a gift cards program, but it became such a pain point that we canceled it."
Basically you'd need to use their whole identity, then withdraw the cash, possibly with fake IDs. Which is what they're doing, I guess.
Sure you spend sum cash on cleaning the funds, you're still not paying taxes on that cash win/win
Still - if they're not paying the taxes I wouldn't call it laundering.
This is made possible at least in part because they have savings on the credit card cut
They have to sell it to retailers for less than they'd get after credit card acceptance. E.g. Apple sells gift cards for $88/$100 to a retailer, who then uses the remaining $12 on transaction costs (including paying their credit card fees) and profit margin.
Vs. Apple likely loses ~2% on credit card acceptance-- and gets to keep $98/$100.
It's still worth it, because they capture money from last-minute gifts, etc...
If you're doing an online purchase you can combine with a coupon collector site, credit cards, and gift cards to get steep discounts. When I shopped at H&M their gift cards regularly had 15-35% discounts from gift card sites and they will accept any piece of fabric in store for a discount coupon, making the clothes close to fifty percent off in total.
When shopping online it adds possibly two minutes extra to check out once you get used to the flow. It's not recommended for gifts as it mucks up the return flow but gift cards are usually only for large retail outlets so it's always possible to hold on to it and purchase something later.
This is all legitimate use and not a flow for money laundering.
E.g. most German cards don't work at amazon.com (unless things have changed recently), but work at PayPal.
[edit] - I'm not sure parent comment was replying to the gift card point. My comment was specifically about why buy Amazon Gift Cards from a third party ever.
edit: this is incorrect, see thread below.
The whole idea behind money laundering is to actually pay the taxes on the ill-gotten gains to prevent you from being hit with charges relate to tax fraud, which are certain to stick.
The fact that they are operating in this manner indicates that they are not scared of the IRS, probably because they are not operating in the USA. Thus, the clearly system isn't designed for tax evasion purposes. They must have some other reason for operating in such a manner. The only thing I can think of is they are trying to bypass Amazon checks. Presumably they used to just create a fictitious LLC to do this under the name of a random name, but eventually were foiled by Amazon's automated systems, so they changed tactics.
Why would it go to Famous Writer? I skimmed the article and it only say the author on the product page is Famous Writer. If Famous Writer wrote it, but then signed over all the rights to Bob's Books LLC, then Famous Writer would be the author, but all the proceeds/tax bills will go to Bob's Books LLC.
As for why bother impersonating Famous Writer in the first place? Probably because an unheard of author selling $500,000 worth of books for $500/each would be suspicious, but if he was famous it would be less so.
"Money laundering is the illegal process of concealing the origins of money obtained illegally by passing it through a complex sequence of banking transfers or commercial transactions. "
I'm not sure how turning stolen CCs into money is fundamentally different.
why not just buy it from amazon directly? does ebay/paypal have looser anti-fraud systems than amazon?
>You set up a bank account and amazon seller account you control in someone else's name. Then you use your stolen CCs to buy the "book" from yourself thereby converting credit card details into money in an account you control.
That doesn't work because if you funnel a bunch of stolen credit card purchases into that account, it will quickly get flagged for an unusually high chargeback rate.
Every additional step is an additional level of obfuscation.
I don't get what you mean by "buy it directly". You don't want the book and you don't want to be buying things for yourself using illegitimate money.
>That doesn't work because if you funnel a bunch of stolen credit card purchases into that account, it will quickly get flagged for an unusually high chargeback rate.
I shouldn't have mentioned CCs. Nobody is buying $500 books with credit cards that are likely to charge back. You generally use those for drop-shipping scams where you list $5 toilet brushes for $4.95 on another site and then use the stolen CC to pay. Say you list on eBay and buy on Amazon, the people will dispute Amazon charges but it doesn't matter because the happy customers of your eBay account are getting their $4.95 toilet brushes just fine. $500 books could be an intermediary step where you have $24k sitting in a sketchy account you control (toilet brush business is booming) and you need to siphon it out. You'll be the only one buying the book so no charge-back risk.
I took it to mean buying the gift cards from Amazon/physical store, rather than going through ebay.
People can also abuse return policies. Most places will give you a gift card if you return unused merchandise without a receipt. So people will shoplift small, high-value items from one store and return them to another. Get a gift card, and then sell the gift card. The cash isn't traceable, and the broker gets a tidy profit.
Usually only if you paid with a credit card, so there's a record you made the purchase no?
I.e, a $10,000 outside "investment" allows you to sell 100, $100 gift cards for $120. Those profits get reinvested on the books, and now you have $12,000 to sell 120, $100 gift cards. Lather, rinse, repeat.
Where does your experience come from? It seems appallingly out of touch.
When Apple, Amazon, etc, seek to have retailers carry their gift cards, the retailer needs to have an incentive. So the gift cards are usually sold for below face value to the retailer. In turn, some retailers will sell gift cards for below their face value.
So, e.g., at this moment, Nintendo eShop $50 cards are $44.99; XBox/Sony Playstation $100 gift cards are $89.99; a $500 gift card on Alaska Airlines is $449.99; $100 at Hulu is $89.99.
These are not particularly good prices. Oftentimes Apple $100 gift cards will be $79.99.
The other incentives at Costco still hold, too; you can get the Executive Membership 2% back and the 2% credit card cash back.
Where gift cards are available, they are never cheaper than face value due to basic market dynamics.
In retail stores in non-Western countries I have never seen a gift card with e.g. 100 unit value sold for less than 100 units either, although I haven’t specifically looked for such.
In this thread, a fundamental misunderstanding of how gift card market works seems to prevail.
There’s basic arbitrage. Vendor Acme in region X locks out people from region Y (e.g., based on payment method address); Alice lives in region X and can buy an N value Acme gift card for N-1 at a local store; Bob lives in region Y and wants to transact with Acme; Alice buys a gift card for N-1 and sells it to Bob for N+1 online; Bob gains the ability to transact with Acme, Alice gains 2 as revenue.
Thus, gift cards going for higher than face value does not automatically imply anything beyond a market acting as it should and is not specific to Amazon in any way.
Though $88/100 is super unrealistic with margins on electronics of 1-2% Amazon would be taking a loss of what the profit from 10 laptop sales every time they dealt with someone buying a laptop all in gift cards.
Or maybe gift cards are so rarely used in this way they write it off with higher margin uses
From the article:
> Reames said Amazon refuses to send him a corrected 1099, or to discuss anything about the identity thief.
The writer in question received a 1099, which states that he earned the proceeds from this book, and the IRS is going to require him to pay taxes on those earnings.
> As for why bother impersonating Famous Writer in the first place? Probably because an unheard of author selling $500,000 worth of books for $500/each would be suspicious,
The author says this book made much more than any of his other books:
> Reames is a credited author on Amazon by way of several commodity industry books, although none of them made anywhere near the amount Amazon is reporting to the Internal Revenue Service.
They (the hackers) impersonated the author because they had access to his information via his publisher. Thus, they could bypass Amazon's normal vetting process for self-published books.
This is a terrible money laundering scheme (since it doesn't actually result in legitimate money), but it's a very good theft scheme.
Most places typically will provide the refund if you have the merchandise and an ID. The ID helps loss prevent determine if someone's returning an abnormally large amount of goods, but there's no shortage of mules for this kind of scam.
I'm not in the loss prevention field (anymore), and my knowledge of these sorts of scams is a few years old.
> Usually only if you paid with a credit card, so there's a record you made the purchase no?
This makes absolutely no sense. If the store demands that it demonstrate to you that it knows you made the purchase, before it will allow a return, then you can easily demand to be refunded in cash. What purpose would the receipt serve?
No. Usually, if you can prove that you made the purchase at the store, by any acceptable means, they will refund you (for credit card purchases, usually exclusively to the card used for the purchase).
If you can’t, but they let you return anyway, they’ll typically give you store credit (if they don’t issue gift cards) or a gift card, so that the “money” you get ultimately is going to be spent at the store (or not at all.)
In degenerate cases, I can see that the reverse could be true.
As far as I understand it, the process of moving money through complex transactions is to make it look like it came from somewhere legitimate and making it hard to trace back to something that isn't, by mixing it with legitimate funding in a hard-to-see way or by making it come from an otherwise legitimate source[1]. The goal of money laundering is being able to point at a legitimate source and being able to claim that's where the money came from and the complex transactions are meant to make it look plausible or at least hard to disprove.
[1] eg: if I pay a utility bill with illegitimate funds and overpay and then they refund me, that refund may be seen as laundered, because the utility company is legitimate, which is why they tend to have restrictions around such things -- I came across this example when I was doing anti-money laundering training when I did contract work for a bank recently, although admittedly I might not be remembering all the details correctly.
some argue above that there's no fraud involved, it is people simply doing manufactured spend, that makes little sense to me, as there are cheaper and simpler ways of doing manufactured spend (I've done it!). Heck, just buy the gift cards direct from amazon.
> Heck, just buy the gift cards direct from amazon.
Indeed, unless you're out to commit fraud or legal-definition-money-laundering, there seems little point in jumping through the hoops.
With a car was, 1000 washes, at 5m per wash is 84 hours of active operating time. This creates an upper limit on the amount of money that can reasonably flow through the company, since 84 hours is roughly 3 hours a day of utilization per month. You might be able to get by with about double that many washes without raising suspicion. But all it takes is a peak at the company's water bill to determine how accurate that figure really is.
Plus the operating expenses are much higher, as it requires a specialized building, land, etc. Whereas the online retail requires a computer and some software. It's easier to move and hide. There's just so many benefits to using online retailers over brick and mortar operations.
What kind of a mom and pop store sells $3M year in amazon gift cards?
You... are aware that the primary market for USD-denominated gift cards is US residents, right?