Stealing $10 Million, 20¢ At A Time

The US Federal Trade Commission (FTC) has stopped a $10 million international scam that was siphoning off tiny amounts of cash from more than 1 million credit and debit card holders.

The elaborate scheme allegedly used identity theft to place more than $10 million in fraudulent charges against  consumers’ cards.  Consumers were hit with one-time charges of between 20¢ to $10, and the payments were routed through fake comopanies in the US to Eastern European and Central Asia bank accounts.  The operation used an expansive network of money mules to move the money overseas.

Named as defendants are the 16 fake companies and one or more persons who are unknown to the agency at this time.  They are charged with making unauthorized charges to consumers’ credit cards in violation of Section 5 of the FTC Act.  The court ordered the defendants’ assets be frozen and for the organizations to stop operating, pending a final hearing.

They used phony company names resembling real companies, and US identity theft information to open more than 100 merchant accounts that process charges to consumers’ credit and debit card accounts.  They may have run credit checks on the identity theft victims first, to insure they were creditworthy. The accused scammers also provided each fake merchant with a virtual office address, a phone number, a home phone number for the “owner,” a web site pretending to sell products, a toll-free number consumers could call, and a real company’s tax number found on the Internet.

Most consumers either didn’t notice the charges on their bills, or didn’t seek chargebacks because of the small amounts.  Consumers who called the toll-free numbers that appeared on their bills either found them disconnected or heard recordings instructing them to leave a message.

At least 14 “money mules” were duped into responding to spam email pretending to seek a US finance manager for an international financial services company.  They were paid to form 16 dummy corporations, open bank accounts to receive the card payments, then transfer the money overseas.  They used debit cards linked to these bank accounts to set up telephone service, virtual addresses and web sites that helped deceive the card processors.    Payments were sent to bank accounts in Lithuania, Estonia, Latvia, Bulgaria, Cyprus, and Kyrgyzstan.  Most times, the money mules don’t realize they are part of a money laundering ring until their bank or law enforcement agencies contact them.  They are typically recruited, given some cover story, receive money transfers, take the money out and wire it internationally to a money drop, and the money then goes to the real criminals.