🤜🏻 👨‍👨‍👧‍👧 ⏮️ DEFCON Conference 27. Internet Scam Recognition 🔀 🥘 🛃

Briefing remarks:

Currently, Nina Collars, also known as Kitty Hegemon, is writing a book about hackers' contributions to national security. She is a political scientist engaged in research on the technological adaptation of users to various cybernetic devices. Collars is a professor at the Department of Strategic and Operational Studies at the Naval College and has worked at the US Library of Congress's Federal Research Division, Harvard University's African American Studies Department, World Bank, Anti-Glare Plant, and at night as a BSides volunteer. As a hobby, she once led the DC Cigars, Scotch and Strategy group and is still a certified bourbon specialist.

Hi, I'm Kitty, but at work people often call me Nina. Before I begin my presentation, I will say that the opinion expressed here does not necessarily coincide with the opinion of the Navy, the Department of Defense, or the US government. I have to say this because I am technically a federal employee, as I work as a professor at the Naval College at the Department of Strategic and Operational Research. This means that I am studying the latest technologies and how they affect military operations and defense, which will include elements of cybernetics. This is one of the reasons why I am watching the DefCon community. However, what I will talk about today has nothing to do with the military industry.

So, last August, I bought a used Nespresso coffee machine, and I wanted to come here and tell what happened after that. As you know, coffee machines and capsules are bought mainly online. There are several Nespresso boutiques throughout the country, but in general, you can buy your coffee for Nespresso machines directly on the company's website. Having bought a used car, I realized that coffee capsules on the Nespresso website are quite expensive and decided to look for a cheaper seller.

It turned out that at an eBay auction you can buy coffee much cheaper - the price of capsules was about half what I would have to pay when I bought directly from Nespresso. The only inconvenience was that you had to buy at least 200 capsules at once, but since I drink a lot of coffee, this did not bother me too much, and I made my bet on a batch of capsules. When the auction ended, I saw that I won and paid for the purchase through PayPal.
About a week later, the goods were delivered to me. Imagine my surprise when along with boxes of coffee they delivered me a box with a completely new coffee machine. It was the most popular compact model of a Nespresso Pixie coffee machine for $ 280, which uses small “tablets” of coffee at a price of 70 cents apiece.

I thought that I was simply mistaken at placing the order and returned to eBay to check if I had pressed something extra there and bought this thing by chance. However, I did not find anything like it.

Then I looked at the stickers on the boxes and saw that both the capsules and the coffee machine came from the same sender, and the strangest thing was that the sender was Nespresso itself. However, I did not order the goods from the manufacturer, but from a third party!

I went back to eBay again to look at the details of the transaction and compare them with the invoice, and found out that the seller’s name on eBay, let's call her Sue from Chicago, doesn’t look like the name of the sender in the Nespresso account, let's call him George from Pokeepsi. In addition, Sue from Chicago had a zero seller rating and she created her account just a couple of weeks before the order. The only thing she was selling was Nespresso coffee.

I thought it looked like a scam, so I decided to deal with the issue and called Nespresso. Very reluctant, because I'm a little greedy and would not mind leaving this coffee machine for myself. I explained to customer support that I did not order a car, but ordered only capsules and bought them not from Nespresso, but from a third-party seller on eBay. They confirmed to me that the money for both items of my order was actually withdrawn from George Pokeepsi's credit card.

I thought it was worth calling this George, who sent me such a wonderful gift to clarify the situation, but the customer service refused to give me his phone number. I continued to suspect some kind of fraud here, but I had no way to understand who was winning what in this situation. So I told Nespresso: “Please send me a prepaid return label by mail, and as soon as I receive it, I will gladly send you my coffee machine back.” For my part, this was a trick, because everyone knows how reluctant manufacturers are to take their goods.

The customer service girl wrote down my details, sent them to the anti-fraud department and told me to monitor my mail. If the company wants to return the erroneously sent coffee machine, this department will send me a prepaid label so that I do not have to pay my money for sending the parcel.

As you can see, a year later I still have a coffee machine. But my conscience is calm - I reported fraud, and I left this car to myself. However, I could not understand what really happened, and this constantly bothered me.

So I googled a little and found in the security section of the eBay website a scheme of the so-called Triangulation Fraud, or “fraudulent triangle”. It is so named because it involves three parties. This scheme helped to understand what could happen specifically in my case.

The whole point of this fraud is to cash out a credit card using the connection between the company and the last element of the scheme - the mule, as it is commonly called. This is the person who converts cash.

Three participants in this scheme:

an unsuspecting client who places an order at an auction or electronic market using any form of credit, debit or tender PayPal;
-, , - , ;
, .

Most often, a fraudster uses a legal seller with a reputation working at home in his scheme. Such a seller may not even assume that he is part of a fraudulent network, and some of these sellers have a solid sales history. Scammers often place advertisements for employment seller to sell their goods at a certain percentage, usually 30%, and many sellers agree to such

work.The employer is the real criminal who has stolen credit card information.He provides the seller with a list of “his” goods for sale, including a full description of the products .

The seller places the goods in his account on the electronic trading platform. Legal customers buy goods, and the seller sends information about the order to his employer.

The employer places the same order on a legal website, pays for it with a stolen credit card and passes the product tracker to the seller.

The seller passes the tracker to the client. Now an order made in a fraudulent manner is sent to the client from the legal website of the manufacturer of the goods.

A client who unexpectedly received a stolen product and a legal manufacturing company are victims. If fraud is discovered, the legitimate website will issue a chargeback or lose funds received to pay for the order. This site can contact the client to return the stolen goods, or the client himself will declare this, as happened in my case. The buyer can also file a fraud lawsuit with his bank against the seller.
However, there is another victim - this is the person who stole the credit card. He does not know anything about the deal until he receives a credit card statement. Naturally, he will try to challenge the purchase, and sometimes this leads to a refund of the legal website.

Typically, the fraudster represents a large company, in this case Nespresso, and opens an account there. Such companies have a streamlined delivery system and a simple account system that does not contain complex security checks. Then the fraudster, if he works alone and is both an employer and a seller, creates his eBay account, a fake profile and starts selling things very cheaply. When the auction ends, an unsuspecting buyer sends his money to eBay and becomes a mule - thanks to an honest buyer, the fraudster gets the cash he needs.

However, it is worth remembering that the fraudster sells goods that he does not actually own. And the purchase process on eBay will not be completed until the delivery invoice is closed. This means that further the fraudster uses a credit card to buy goods directly from the manufacturer, and then the triangle closes. A delivery notification is generated on the site, and everyone is happy. A fraudster takes money from the sale of goods, pays an eBay commission and pays for additional items, in my case these are capsules for a coffee machine. This is a seamless triangle, and the buyer has no idea that he is a “mule”, all he knows is that he received his product at a bargain price. The incentive to continue fraud is that everyone continues to be silent. Of course, if the buyer is not me who received the espresso machine that I didn’t order,and who really wanted to know why it happened.
I had 2 versions of what happened. The first is an error of the order processing service when someone mistakenly copied an extra line from an Excel spreadsheet on the manufacturer’s website, and they accidentally sent me an additional coffee maker. The second - scammers just wanted to buy my love! Perhaps this fraudulent triangle is such a fragile thing, and all these accounts and “fake” credit cards are so delicate things that the fraudster tried to make me so happy that I didn’t doubt anything and continued to buy his goods.

So, the most right step after receiving a Nespresso gratis coffee machine was to start your own investigation by buying more coffee! I know, you think I'm a terrible person, but ... firstly, for some reason I still called my speech “confessions”, and secondly, I just assumed that it was a fraud, but I was not in it sure. I don’t know how big this operation is, so I need more data.

In particular, I didn’t just need more data from one seller, I wanted to know if there was a whole bunch of scams like “Nigerian princes” or sellers of fraudulent gift cards. In short, I needed to somehow evaluate the scale of what was happening.

So, I come up with a bunch of questions to find out who these thieves are. To be clear, eBay is full of thieves. I just wanted to find these. So, do scammers have other accounts, can I find them? How quickly do these accounts burn out? And the main question is - can I make them make the same mistake twice? Like, "send me even more free stuff?"

Using the eBay auction search tool and the initial account as a template, I tried to find another, newly created account with zero Nespresso sales ratings. So, I needed 3 things: for them to sell Nespresso, for them to have a zero rating, and for the account to be created relatively recently.

I thought that scammers would not try to make each of their ads unique, but would prefer template descriptions and the same pictures for several seller accounts. In addition, if these "triangles" are fragile enough and quickly "scorch", I will have to look for such ads every day.

Since eBay allows you to automate searches, I set my own template to buy 200 Nespresso capsules for $ 99. The third condition I set the coffee machines, but three parameters create a dubious data pool, so I stuck only to search for capsules. I received a report of the search results by e-mail, and I had to check up to 100 letters every day. At first it was a bit complicated - it took time to find a lot that exactly matched my selection criteria. Coffee is sold by many people, but 200 Nespresso capsules at a price of $ 99 from a seller with a zero rating and a fresh account is a rare enough item.

If you look at this slide, you will see stars at the top. So, this is not the seller’s rating, as you might think, but the reviews of people about this product. But seeing such stars, buyers feel calmer, imagining that this is the seller’s rating. In fact, for new accounts, the rating is written in small print at the very bottom of the ad. To view it, as well as find out the date the account was created, you need to click a separate button, which takes time.

The good news is that the eBay website helps me in searching - even if my clicks didn’t lead to the desired results, he watched me and placed a selection of ads at the bottom of the page: “we picked up a similar product for you, maybe it will interest you ". As a result, I soon discovered the accounts that interest me, and as a real researcher, I created a spreadsheet to track each unique account with the date of its creation, temporary rating changes, the number of lots sold and the amount of sales.
After that, I selected 2 accounts created one after the other within 6 days, and made 2 separate purchases to find out if they would send me additional goods not provided for by the order.

As a result, after a week I received 200 capsules of coffee plus 200 more capsules, and after another 6 days - 200 capsules of coffee and a completely new milk frother for cappuccino for $ 119. This was a very useful gift, because I am a cappuccino person, I love when coffee has foam. In general, I switched from regular coffee to cappuccino, but more importantly, I realized that I found these scammers. In their ads, they used the same pictures and the same product descriptions. And then I entered into correspondence with them. I wrote them all nonsense about the goods, asked about different coffee products, different types of coffee, sometimes I just sent greetings. But they never answered me.

I also looked at the eBay fraud page to try to tell them about these accounts because I realized that this was not fair, I should not be involved, right? But it turned out that the buyer can not report fraud on the eBay website if he really received the goods. There is a complaint form “I did not receive the ordered goods” or “I received the damaged goods”, but there is nothing like “I received excess goods and I want to report it.” So I gave up the idea of complaining to eBay about these scammers.

So, I continued my investigation, found 2 more similar accounts and made 2 more orders. I got 200 + 200 capsules of coffee again, and something interesting happened - a scammer wrote me a letter.

"Hello Friend! Firstly, thank you for choosing my product for purchase. Secondly, I apologize for the fact that the product is not in the best condition, and I could not send it to you, because I try to always sell only excellent things. My mother is in the hospital, but soon I will try to find another product in good condition to send it to you. I need to go to the hospital to be with my mother, so I hope you enter my position and let me cancel the order. Thank you and God bless you! ”

What a cute guy, right? He canceled the order, and my money was returned to me. His account was closed a week later. It was a very delicate con man, and I want to believe that everything is fine with his mom. I probably frightened him off with my desire to regularly receive additional lots of coffee for free.

Next, I spent several hours searching for a tool. My exuberant imagination suggested that perhaps someone had created something that in English could be called guessor - a “grammar error generator”, something like a shitty version of Google Translate, which specifically distorted translation into a foreign language. It turned out that such a tool does not exist, so the task for you is to develop something similar!

I began to ask friends who spoke other languages if they had met something similar, to some my questions seemed racist, so I stopped searching. The fact is that I realized that scammers will try to portray poor knowledge of the language in order to knock you off the trail by specially placing illiterate ads in English, and I should find them.

One way or another, my coffee business got out of hand, and my conscience gnaws. My kitchen is a complete disaster, so it's time to stop this game. I did not need so much coffee, in fact I just paid a hundred dollars to collect information about the seller’s account. Every time I paid this money, I wanted to learn as much as possible about these people.

However, I am not rich enough to constantly conduct such expensive research. Here is the result of my work, tabulated.

Only 5 purchases, 1 refund, the total number of capsules received for the coffee machine - 1200 pieces, 1 milk frother, 1 compact coffee machine. My expenses amounted to 391.9 dollars, the total cost of the goods I received was approximately 939 dollars. In October, I took all the information I collected, invoices, account information, and, together with the printed documents I had, sent it to the FBI. I was wondering if they would try to do something about it. I also sent the results of my investigation to eBay and everyone who was interested. I still have not received a response from the FBI, but after 30 days, the activity of coffee scammers seemed to have come to naught. Maybe something happened. I could not find out who these people were. I really wanted to reveal some cool criminal community,something like credit card thieves from Morocco or something like that, but that didn't happen. But this is not a heroic story, right? This is my confession.

That's all I’ve learned about the fraudulent triangle on eBay. When I began to tell people this story, I began to explain how it works, they often told me that this was a crime without victims. However, it was worth considering, and you understand that this is not true, there are no crimes without victims. I learned very little about George from Pokeepsy, as well as about other sellers, but I found out that all of them were pensioners or were in pre-retirement age. This is a fairly vulnerable population. And they act as victims who are not able to mitigate the damage caused by them, most of them do not even know what is happening on their behalf. People who have stolen credit cards when they discover illegal deductions of money begin to appeal against them. And the extreme ones in this chain are not manufacturing companies, but sellers, elderly people,from which money stolen by a fraudster can be collected.

As a nation, we have not progressed far enough in protecting these people. For companies or large retailers, this type of fraud does not deliver as much damage as older people. The sad thing is that anyone can easily become an accomplice in such schemes. A certain limit of discounts should be set to stimulate the buyer, below which fraud begins. This is a real gold mine for crooks. But eBay doesn’t care, Nespresso doesn’t care either, because when buying goods at bargain prices, you continue to buy, and they continue to receive their percentage or increase sales.

You are encouraged to participate in fraudulent schemes, because everyone is delighted with such discounts and gift items. However, in reality, all this is sold at a market price, and large sellers are protected against losses by insurance, which also covers damage from fraud with stolen credit cards. They will have nothing to do with if you manage to turn the arrows on the one who bought the goods from them for the purpose of further resale - in this case, John from Pokeepsi, or on the one who stole credit card information
So in fact, the only person who can stop this is you or me. And I stopped. I will not do this anymore. It is not normal. All that I have left is my recognition and the promise to quit buying super-cheap goods. And I still have a lot of coffee. Perhaps I can do one more good thing - put up for auction this carefully used wonderful Nespresso coffee machine.

Bidding, by the way, is a terrible idea. They will begin as soon as I place an ad on my Twitter account. Just go to the site and place your bet. Only cash accepted. The result of the bidding will be announced tomorrow at 10 am, and the winner will be able to come to the Tamper Evident campus and pick up his coffee machine. Do not be silly and do not try to make the maximum bid so that you do not come for it later. All proceeds will go towards the implementation of the Diana initiative. I promise that I will follow up on all these transactions to ensure absolute transparency.

If no one wants to participate, well, this is DefCon, where anything happens. On the last slide, you see my real Twitter account, so write, thank you so much!

The auction starts with a bid of $ 1, so I’ll go and place this ad right now. Thanks again guys, you are awesome!

A bit of advertising :)

Thank you for staying with us. Do you like our articles? Want to see more interesting materials? Support us by placing an order or recommending to your friends, cloud VPS for developers from $ 4.99 , a unique analog of entry-level servers that was invented by us for you: The whole truth about VPS (KVM) E5-2697 v3 (6 Cores) 10GB DDR4 480GB SSD 1Gbps from $ 19 or how to divide the server? (options are available with RAID1 and RAID10, up to 24 cores and up to 40GB DDR4).

Dell R730xd 2 times cheaper at the Equinix Tier IV data center in Amsterdam? Only we have 2 x Intel TetraDeca-Core Xeon 2x E5-2697v3 2.6GHz 14C 64GB DDR4 4x960GB SSD 1Gbps 100 TV from $ 199 in the Netherlands!Dell R420 - 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB - from $ 99! Read about How to Build Infrastructure Bldg. class c using Dell R730xd E5-2650 v4 servers costing 9,000 euros for a penny?

DEFCON Conference 27. Internet Scam Recognition

A bit of advertising :)

More articles: