Deep Inside a Reshipping Scam: Mules Victimized by "Air Parcel Express"
Since last fall the RSA FraudAction Research Lab has tracked several different reshipping scams engineered by online fraudsters to “Cash Out” merchandise purchased using stolen payment cards through the involvement of mules. We will profile one such scam in-depth – Air Parcel Express –that was discovered by RSA. First we will outline who is involved in a reshipping scam and how they generally operate.
The Cast of Characters Involved in a Reshipping Scam:
- Scammers are fraudsters who run a reshipping operation. They recruit unsuspecting individuals who work as Mules, also known as Reshippers and impersonal terms like Drops or Item Drops.
- Scammers sell merchandise that has been purchased online by their Customers (other fraudsters) with stolen payment cards. The stolen payment cards are collected via scams such as phishing, Trojan attacks, and hacked merchant databases. The action of buying good online using stolen card details is called “carding”.
- Scammers resell the items within their home country. The profits are split through between them and their Customers. The Customers are the original carders who bought the goods online.
How a Reshipping Scam Generally Operates:
- Mules are hired by Scammers through legitimate channels like popular employment websites and search engines. The deceiving jobs can be enticing – especially in this economy – through promises of flexible work-at-home jobs with good pay. Scammers employ websites which are typically designed to look like a legitimate import/export firm looking for new hires (See Figure 1). In many cases mules have no idea who they are working with, or that what they are doing is illegal.
- Fraudsters, the Customers of the reshipping service, go online and purchase expensive merchandise. The carded merchandise is shipped to a specific mule’s home address. These mules are assigned to each Customer.
- The hired mule reships the goods to the native country of their “employer” where that fraudster or his accomplice lives. While mules are supposed to receive a small commission from each shipment, they often do not.
- Reshipping is the process of unpacking the delivery with a merchant’s brand on it, repacking it into a new, plain box, and shipping it to their “employer” in another country. Reshipped merchandise includes popular laptops, smartphones and other valuable items that are in high demand and, thus, easier to sell.
- Once the Scammer receives the merchandise from the mule, they sell it or auction it off for cash. Proceeds are then split between the Scammers and their Customers.
E-commerce Fraud and the Need for Mules
In order to successfully purchase (“card”) expensive merchandise with stolen payment cards and later sell for cash, fraudsters have to ensure that the mailing address matches the billing address. This obstacle is usually easily overcome by changing the billing address of compromised cards to the addresses of their hired, pre-assigned mules.
Another challenge for fraudsters in managing a successful reshipping operation is obtaining a seemingly innocuous “drop” address where mules dwell. The most effective way to overcome this challenge is to recruit and hire mules that live in the United States. The United States is a strategic location for fraudsters in which to base their reshipping scams as many major online merchants who sell popular high-value goods do not ship their items outside of that country.
Air Parcel Express: Deep Inside a Reshipping Scam
The RSA FraudAction Research Lab uncovered the true inner-workings of Air Parcel Express – a large scale, centralized, reshipping service operated by criminals. The Lab researched and gathered information regarding its operation, the details of which are revealed here for the first time. We hope this information will help Internet users and the security community better understand this threat and the mechanisms behind it.
The reshipping scam used a legitimate looking website to recruit drops. As shown in Figure 1, the website designed by the criminals behind the operation was meant to lend credibility to a fictitious shipping company, Air Parcel Express, Inc. The website featured in Figure 1 is no longer active. This was never a legitimate firm.
Please note: There is a legitimate, accredited shipping firm based in Miami, Florida named Air Parcel Express or “APX”. APX is in no way associated with the fraudster’s fake company profiled in this blog that used the same name for the handful of months in which it was operational.
Figure 1: AirParcelExpress.net ‘s Homepage (Image provided by RSA FraudAction Research Lab)
The job opening that was designed to hire mules appeared in the “Careers” section of the site and was listed under “Correspondence Manager”. That listing (see Figure 2) included Core Responsibilities, Personal Qualities, Requirements and Working Conditions.
Figure 2: The “Correspondence Manager” Job Description on AirParcelExpress.net (Image provided by RSA FraudAction Research Lab)
Candidates who applied for this job were requested to send their personal details to the Scammers behind the Air Parcel Express reshipping operation. RSA’s data shows that more than 1,900 people sent their applications to the Scammers, out of which only thirty-three people were ‘hired’ for the job. “Job” applications first appeared in September 2008 and the scamming service rolled out in mid-November. New mules were still being hired at the end of 2008.
Why would so many people apply for the Air Parcel Express “job”? Many Internet users are not well aware of scams like these, and just see them as an opportunity for relatively easy money. For example, there are some telltale signs on the fraudster-designed Air Parcel Express homepage that may not be obvious to some people. This includes:
- The copy written in English is not very good, and there is too much of it
- A new warehouse is noted in Latvia, a country where fraudsters often dwell
- Key words like “residential delivery”, “intermediary”, “EBay” and “create an illusion”
There are some murky details around how mules are paid (or not paid) for their efforts. Mules may be told by their Scammers that they will be paid after a full month’s work. In this case they agree to reship during that time but eventually their “boss” stops answering their emails. Some mules may receive some money from time to time, but it is much more likely that most of them never get paid at all. RSA’s data has shown that many people realize they are involved in a scam after reshipping only a few packages.
The Air Parcel Express Management Tool and its Day-to-Day Operations
While “AirParcelExpress.net” was the front-end to what is meant to look like a legitimate business, a management tool located on another website served as its back-end operation. The management tool enabled the Scammers to manage the mules they recruited and also provide their Customers with the ability to track the merchandise they had previously carded as well as the mules they are assigned to carry out the rest of their operation.
After a Customer signed up for the reshipping service, he could log in to the management tool using a username and password. RSA is aware of at least twenty-five Customers that registered for the service. After registration, every Customer is assigned one or more mules – in some cases up to twenty mules at a time. At the time of the analysis of this particular reshipping scam, 20 mules (drops) appeared to be active. (See Figure 3)
Figure 3: The Database of Active Mules “working” for Air Parcel Express (Image provided by RSA FraudAction Research Lab)
Reshipped Merchandise
The reshipped items listed in the Scammer’s management tool included:
- Laptops from leading manufacturers
- Apple iPhones and Nokia smartphones
- Cameras made by Canon, Nikon, and Kodak
- Sony PlayStation 3
- Pioneer and Technics DJ mixers and equipment
- Apple iPods
- Other items outside the realm of electronics
We could not exactly ascertain the value of the reshipped merchandise through Air Parcel Express but we can make some rough estimates:
- If most of the Customers follow the classic 30/70 split of the profits offered by the Scammers, about USD$ 6,000 was paid to nine fraudster Customers.
- This represents approximately one-third of the total merchandise value; just over USD$18,000.
- Since it can take up to two weeks to card an item to a U.S. address and then have it reshipped to another country, RSA estimates that over USD$36,000 worth of merchandise was cashed out every month during its operation.
The mules recruited by the Scammers behind Air Parcel Express reshipped the merchandise they received to addresses in Russia and Belarus. The recipients were either the Scammers themselves or accomplices who received packages on behalf of the Scammers. Again, after the packages reach their destinations, the merchandise they contain was likely resold on auction websites like eBay and through other means and the Scammers forward a pre-determined share of the proceeds to their Customers.
The RSA FraudAction Research Lab based at the RSA Anti-Fraud Command Center openly shared all data related to the discovery of the Air Parcel Express reshipping operation to the proper law authorities in the U.S.
Reshipping Services Offered to “Customers” Through a Fraudster Forum
So how do Customers of such re-shipping services learn about them? These services are advertised through fraudster underground forums where they cannot be seen by legitimate Internet users. The “underground advertisement” (See Figure 4) discovered by RSA is one of the most comprehensive and detailed we have seen to date. It reveals how the scamming service works and details terms and conditions.
Figure 4: English Translation of the Scammer’s Advertisement to Potential Customers (Translated image provided by RSA FraudAction Research Lab)
How Proceeds are Split
In this advertisement, the Scammers have stated that an item’s value is determined by the lowest listed price of the item as it appears at the time of payment. To accomplish this, they reference a handful of websites such as pricegrabber.com and bizrate.com. The Scammers then determine their Customers’ share of the proceeds. The Customer’s share is based on several payment schemes, depending upon the value of the merchandise and other characteristics.
Rules and Disclaimers
Disclaimers in this advertisement are quite striking when compared to those from the legitimate world of business. The scammers disclaim liability in the following cases:
- The customer / carder cannot be reached for more than seven days.
- The items are bought from an online auction site (such as eBay).
- The service cannot be used with seven specific websites, including those belonging to Dell and Best Buy. What makes this rule most striking is this: “if not complied with, the package is confiscated”.
How to Identify a Job Fraud Scam; Why Some People are Especially Vulnerable
Several organizations including Privacy Rights Clearinghouse, the U.S. Federal Trade Commission (FTC) and Monster.com have provided helpful information on how to avoid job fraud. In addition to employment websites, fraudsters have also enhanced their abilities to fool potential victims by placing advertisements on major news websites and Google.
It is possible that due to the instable economy, the resulting high rates of unemployment, and need for immediate income from those out of work, applicants to Air Parcel Express were looking for jobs outside of their professions or were simply less selective than usual. What makes these scams even more attractive is that they offer “easy money” while working from home. While these jobs may sound alluring, they can oftentimes be completely illegal.
In addition to being unwittingly recruited to participate in a chain of crime, the applicants are also in danger of identity theft and other fraud committed by their “employer” against them. The fraudsters behind Air Parcel Express and others like them collect a wealth of personal data from both applicants and those who are hired. As a result, mules face the risk of being victimized:
- They can be completely unaware they are involved in criminal activity
- They can be the target of identity theft perpetrated by those they had trusted to give them a job
Reshipping scams are simply one of a multitude of services that constitute the online fraud supply chain. In the case illustrated here, fraudsters introduced a form of “Fraud-as-a-Service” that facilitates the cashout stage following e-commerce fraud. This scam is very similar to other ones that seek out the recruitment of money mules.
We hope that by demonstrating a specific reshipping scam like Air Parcel Express and providing external resources will help more people avoid falling into these criminal traps.
The Real Air Parcel Express. Inc. Thanks Those Who Fight Fraud
For years I have been battling the fraud perpetrated by these and other crooks who have used our good name and stature in the shipping industry in order to mask their true identity. It has caused enormous harm in lost sales and diminished profile all over the world. I am confident this exposure to the truth will repair some of the lost luster and lost revenue and stature.
Thanks to those who worked behind the scene!
Sincerely,
Andy
CEO
Great Piece!
Guys, thanks a lot for laying this all out – one of the best such articles I’ve ever seen. I reposted it to CIRCLEID and the CAUCE blog to help protect those that might fall for such a scheme.
Keep up the good work!
Neil Schwartzman
Executive Director
CAUCE: The Coalition Against Unsolicited Commercial Email
Re-publish request
Can I publish this article on my website? I’ll give you full credit. I think it is good information that all can use.
- Michael Kern
SIA Training
In Europe and the UK there will be interesting changes for both private security and national security – we all await more information, interesting times!
Hi
I was new to US. I got a email from emscomp@gmail.com The lady name is Elena. She sent the link of http://www.emscomp.com where one needs to registart by giving his creditianls like name , date of birth , address. The work is pretty simple
i) receive incomming packages
ii) receive the shipping lables from teh lady
ii) sent them to international address moslty in USSR
I ahve been told that she will give 45$ per each package.
I have shared my last ssn last 4 digit too.
After sending 20 packages I have, came to know that this one is fake. Just after 2 days police came to my house in search of package. Unknowinly i have became part of the crime.
I sincere request to make this website.
http://www.emscomp.com
I think I have been sweet hearted into a re shipping scam, he only has my name, birthdate, and address. He has sent flowers 3 xs so far, tonight he told me he needed to leave for Ghana and he needed me to accept his donations, repackage then and he would supply the labels to reship them to his charity. What do I do? I don’t want a bunch of packages coming to mt home, I don’t want any part of this. How do I stop it before it starts?
Good article! I wish I’d found it before I tried a reshipping job offered by a company calling themselves AbsoluteWayInc. It seemed legitimate at first, but after a few packages I realized something was not right. Fortunately, I was not asked for my SSN, nor any account information. I have put a fraud alert on my credit accounts and it seems that all I’m going to be out is the money I was promised, but only about $120. Wish I had run across this article before I got involved with these jerks!
For the real Air Parcel Express, Inc. please go to the following websites
http://www.shipping-worldwide.com
https://www.freight-calculator.com
We have over 30 domains that all go to the https://www.freight-calculator.com freight calculator system
Thanks again for restoring our standing in the industry.
Andres Guerra-Mondragon
CEO
Air Parcel Express, Inc.
305-597-0258
877-597-0258 TOLL FREE USA
Thank you to all of the information concerning this. Yes, I am a victim, and I found out the second day of the scam, when I received an unsolicited package (the “manager” said to expect certain items on certain days, complete with tracking numbers. This was not one of them. Once I found out, I quit and told them not to threaten me (since they started). I just told them to hold their breath because I knew all their ploys and tactics at making threats. I reported it to the FTC, 3 credit bureaus, my bank, my creditors, DMV or Secretary of State etc. My problem is this; what do I do with the three packages I have at my home? I have close to $800 worth of merchandise and don’t know what to do with it, since I don’t know what credit card company was used. So I feel I’m stuck at the moment. I am writing down information on when I received the items, who made the purchase (contrived names), and tracking codes. I don’t know what else to do. I called two of the company’s, and they told me to mail them back, with provided shipping lables. But if I do that, what if the unknown credit card companies want the merchandise?
I did the reshipping thing for a week before I realized that I was doing something illegal. I do wish I knew it was a scam before I started. Now that I know, I have put the word out to the FBI, local authorities and the Postal Inspection service. I have gathered as much evidence as I could and will turn it over so that these people can be caught. I don’t know what their success rate is as far as catching these fraudsters but. I am glad that there are sites like this to educate us. Thanks.
Watch out for Splandos.com and Hogost.com. These are re-shipping scams. They have all my details and I am now in posession of goods ready for re-delivery. Names to look out for are Cheri W Walton and Emma Jackson.
This is a nasty one, look out for these sites and names.
I too have just been a victim of this horrible scam. Found the job on Craigslist. Seemed very legit to me. Proper grammar, they had their own company website, contract, the works. So I ended up reshipping stolen goods for a month up until my payday arrived. No emails or responses from them whatsoever. That’s what gave it away. I started researching about it and what do I know, it turns out to be a very popular scam that can send the victim (me) to prison at worst case scenario. So today, I reported the situation to my local police department. They said not to worry and I’m in the clear. Just return the remaining packages to where it came from. Thank the Lord I didn’t lose any of my own money.
There are some nasty people out there.
What about a company allegedly on Orange St.,
Wilmington DE? Online Shopping Assistant, LLC
I was recruited by the following emails at a work from home position:
sabina.tognetti@shippingnetwork.biz
troywestbmore@gmail.com
tupperboysx3@aol.com
To become a, “Transportation Assistant” OR aka “Correspondence Assistant” They ship items to me and they email me shipping label. They ship through FEDEX and I was to ship out throught UPS. After sending only 2 packages, I began to think “this is too good to be true”. It wasnt until I made a through search that I discovered this was fraud. Luckily I only shipped 2 items out and asked them to stop sending packages as per my local sheriffs dept. I informed all that I could and now I am imforming as many as I can about this scam. Its sad bc many will not catch this in time and think its a real job when in fact, its not. If it feels wrong, then please follow your gut feeling and do some research. The phone # is a google voice, the address listed as main address in NY is fake and the shipping labels are addresses to to ship to another country like RUSSIA. I am lucky to have caught this in a few days but know there are many others who will not be as lucky.
Omg! I’m a victim too! I’m so embarrassed, I had no clue what so ever. I don’t even know where to start. So I’ve been unemployed for about 3 months now and I’m a full time student and a single mom. I need some extra income so I decided to go ahead and try to look for work on the Internet. My last job was at a senior living facility and I got it through craigslist. Well I decided to look for work again on craigslist. I signed up for a at home assistant for this M.D person named “Rogers Jackson” and it seemed so legit that I wasn’t thinking but I gave him my info like address, number, and full name and age. Well that’s not all I also went ahead and signed up for this shipping and receiving job as well. For that job I thought hey sounds good I’ll try it out and see if I can do this job. They had a website and everything to make it seem legit once again. I was skeptic at first but I thought well if I don’t have to pay anything I’ll try it. 1st week I received a packaged which contained clothes, I was to wait for another package, so I did just that. Now the 2nd week I received another box. Well I was to put the clothes into one box and ship it, but I didn’t because unfortunately my laptop’s hard drive went out on me so I wasn’t able to print their label and ship it. That’s not all I woke up the next day to a mail delivery to receive a flat envelope containing a check. Now let me tell you when I looked at the check, it seemed so real I mean it looked crazy real and it was containing $2,630. So I checked my email on my phone and sure enough there was an email from the M.D stating that I should be receiving a check through the mail and that I need to follow the instructions carefully. I was to deposit it into my bank account and take pictures of the check and the receipts. They also mentioned that i can go ahead deduct $600 from it for my pay. Geez I fell for it! I went to the bank and instead of going to the ATM machine and depositing it like he said I went ahead to the teller because I had to pay my rent that day and I figured oh goodie! I get to pay it with the money I make. Well when I handed the check to the teller and asked to deposit it, he said I’ve never seen this before and had this weird look on his face, I waited for what seemed like an hour but really was only like 3 min. Well his manager asked what was going on and he asked what I did for a living and where I got the check and I told them and as I was doing so I felt so embarrassed because all I can think of was OMG!!!! This is Fake!! And so I asked them what should I do and they told me to file a report. Well not was I so humiliated in my life but I’m sure those people were probably looking at me like I was a con artist or something. Well I went home and thought about what just happened and well as I was sitting there I thought can this other job be the same a scam! And I did a little research on my phone and these to job descriptions popped up as scams!!! Omg! Once again I felt even more embarrassed not to mention but terrified that I was going to get into trouble and some police officers would come knocking on my door and arresting me either which way even if I told them what has happened! Well I haven’t called the cops because one I wrote an email to those 2 jobs saying that I know what they’re doing and I don’t want any part of it! And the other reason well I don’t want to get involved in questioning with the cops because I’ve been already humiliated, I just don’t want to even deal with the cops questioning me and having my neighbors looking at me all crazy too. The thing is I still have the 2 packages of clothes and I’m thinking of returning the packages to the companies once I have money to pay to ship it. Lesson learned on my part never take a job that sounds to good to be true. Please if you have any advice on what I should do please do let me know since after reading a couple of reviews and stories from other victims about what has happened to them, i’ m pretty shaken up here not to mention I do have a 2 year old I’m raising on my own. Thank you so much for taking you time in reading this and all I can say is be careful with at home jobs. Especially on craigslist!
I have been the victim of a reshipping scam. What did everyone do and what can i do?
What did u do with the packages when u found out.
@Frances:
I’d really encourage you to go to the police and make a report, like the bank people suggested. The people who scammed you have your personal contact information, *and* you’ve told them you’re aware of their scam, so you could be targeted for identity theft. If you make a report with the police, they’ll at least have that on file if anything happens in the future.
Also: write down *everything* that you remember about this incident. Keep your notes in a safe place and always include the date when you write something. If you do end up having legal problems in the future, having detailed notes will DEFINITELY help your case.
I know it’s embarrassing, but please look at this as a learning experience! Those people at the bank were trying to help you, even if they did look at you suspiciously. (They just don’t know you personally, and it’s their job to be suspicious. And that’s a good thing! because they stopped you from depositing that cheque and losing money)
^^^^ For those asking what you should do with the (stolen) goods, return them to the supplier. The address should be on an invoice sent with the goods. DO NOT KEEP THE GOODS.When this happend to me, the supplier was very helpful. Most suppliers are legitimate and have email addresses and phone numbers. But under no circumstances send the goods to where the scammer wants you to send them! Hope this helps. After I sent the goods back to the supplier I have heard nothing more about this scam.
I am also a victim. I have packages that contain computers, iPhones, etc. I called the police and filed a report with the USPS . What to do with the opened pkgs of electronics?
There ‘s another Company out there calles Express Shipping supposedly from Arlington Heights, IL. Same pattern! Thank God I read this before I got involved with These guys.
I fell victim to this due largely in part to needing a job. I was paid and had “worked” for 6 months with the company Lunar Logistics, only to now having to go ro court for 15 indictments of fraud, theft and fencing, 10 accounts of identity theft and credit card theft. Not to mention other associated charges. ANYONE have any information on Lunar Logistics or fell victims themselves please email me sshawnfoster@aol.com or call my lawyer (267)808-5874 or kmeehanlaw@gmail.com I will provide a cash reward of $1000 to each person with RELATED information.
Thank you
I m victim too. After working month I realize it is scam. Suddenly I stop working and don’t know what to do . I found job online where they took interview and I was selected for job. I have question will I go jail since I m innocent .