Credit card fraud has seen rampant increase in the past years, as customers use credit cards and similar financial instruments frequently. Both online and brick-and-mortar outfits repeatedly fall victim to cybercriminals who siphon off credit card information in bulk. Despite the many and creative ways that attackers use to steal and trade credit card information, the stolen information can rarely be used to withdraw money directly, due to protection mechanisms such as PINs and cash advance limits. As such, cybercriminals have had to devise more advanced monetization schemes to work around the current restrictions.
One monetization scheme that has been steadily gaining traction are reshipping scams. In such scams, cybercriminals purchase high-value or highly-demanded products from online merchants using stolen payment instruments, and then ship the items to a credulous citizen. This person, who has been recruited by the scammer under the guise of “work-from-home” opportunities, then forwards the received products to the cybercriminals, most of whom are located overseas. Once the goods reach the cybercriminals, they are then resold on the black market for an illicit profit. Due to the intricacies of this kind of scam, it is exceedingly difficult to trace, stop, and return shipments, which is why reshipping scams have become a common means for miscreants to turn stolen credit cards into cash.
In this paper, we report on the first large-scale analysis of reshipping scams, based on information that we obtained from multiple reshipping scam websites. We provide insights into the underground economy behind reshipping scams, such as the relationships among the various actors involved, the market size of this kind of scam, and the associated operational churn. We find that there exist prolific reshipping scam operations, with one having shipped nearly 6,000 packages in just 9 months of operation, exceeding 7.3 million US dollars in yearly revenue, contributing to an overall reshipping scam revenue of an estimated 1.8 billion US dollars per year. Finally, we propose possible approaches to intervene and disrupt reshipping scam services.
In this paper, we presented the first in-depth and large-scale study of reshipping as a service, a prominent way that cybercriminals use to monetize stolen credit cards and other financial instruments. We have shown that criminals operate reshipping scams in different ways, target different goods to be shipped through them, provide different levels of service and guarantees, charge different fees, and split profits differently. Yet, our results also highlight similarities between different reshipping scams when it comes to drop recruiting, management, and churn. That is, the scam operators advertise work-from-home and part-time jobs for recruitment and abandon mules by ceasing all communications shortly before the mules should be paid.
Furthermore, we have shown that a single criminal-operated re- shipping service (SHIPPING-C) can earn a yearly revenue of over 7.3 million US dollars,most of which is profit. Additionally, based on our analysis, we can estimate that nearly 1.6 million stolen credit cards are fraudulently charged as part of reshipping scams each year. These stolen credit cards, in turn, result in an estimated overall revenue for criminal-operated reshipping scams of 1.8 billion US dollars, and are possibly responsible for damages up to the same amount to merchants, credit card holders, banks, and insurers. Finally, we proposed various techniques that can be leveraged to disrupt the operation of reshipping scams by identifying, and selectively delaying or stopping packages containing repackaged merchandise that was purchased with stolen credit cards.