Would that all cybercriminal operations presented such a tidy spreadsheet of the victim and perpetrator data as comprehensively as profsoyuz.biz, one of the longest-running criminal reshipping programs on the Internet.
Launched in 2006 under a slightly different domain name, profsoyuz.biz is marketed on invite-only forums to help credit card thieves “cash out” compromised credit and debit card accounts by purchasing and selling merchandise online. Most Western businesses will not ship to Russia and Eastern Europe due to high fraud rates in those areas. Underground businesses like Profsoyuz hire Americans to receive stolen merchandise and reship it to those embargoed regions. Then they charge vetted customers for access to those reshipping services.
Below is a screen shot of the administrative interface for Profsoyuz, which shows why its niche business is often called “Drops for Stuff” on the underground. The “Дроп” or “Drop” column lists Americans who are currently reshipping packages for the crime gang; the “Стафф” or “Stuff” column shows the items that are being purchased and reshipped with stolen credit card numbers.
The column marked “Холдер” or “Holder” indicates the cardholder — the name on the stolen credit card account that was used to purchase the stuff being sent to the drops. I rang Laura Kowaleski, listed as the person whose credit card was fraudulently used on Oct. 11, 2011 to buy a Star Wars Lego set for $189, plus $56 in shipping. She told me I reached her while she was in the process of filing a police report online, after reporting the unauthorized charge to her credit card company.
The Lego set was sent via FedEx to Oscar Padilla, a 37-year-old from Los Angeles. Padilla said he believed he was working for Transit Air Cargo Inc. (transitair.com), a legitimate shipping company in Santa Ana, Calif., and that he got hired in his current position after responding to a job offer on careerbuilder.com. However, the Web site used by the company that recruited him was transitac.com.
Padilla said the people who hired him have been sending 3-4 packages daily for the past two weeks, but sometimes as many as seven each day. The packages arrive with prepaid shipping labels, and Padilla’s job is to affix the labels on the packages and arrange for them to be picked up or sent via the corresponding shipping service, usually the US Postal Service or FedEx.
Padilla said he was promised a $1,000 salary via PayPal at the end of his first month of work, what his employers called a “trial period.” He looked up the history of Transit Air Cargo and found that it had an A-plus rating with the Better Business Bureau, and that it had been in business for many years.
“If approved, and I passed the trial period, it was supposed to be $2,500 every month I worked after that,” he said. “I didn’t see any complaints about the company, so I just went ahead and signed the contract.” A copy of the contract is here.
Padilla failed to notice that the emails from his employer came from firstname.lastname@example.org, not from Transitair.com, the legitimate company’s real address. He also had no way of knowing that reshipping mules almost universally are cut loose without pay at the end of their first month’s work.
Gary Syner, chief executive officer at the legitimate Transit Air Cargo, first learned that fraudsters were impersonating his company’s identity about six weeks ago, when he received a phone call from another drop that had fallen for the scam and was never paid for his work.
“You would think that common sense would tell you that if the deal sounds too good to be true, and you don’t even know who the parties hiring you are, then it’s probably not a real job,” Syner said. “I know these are desperate times for some people, but how the hell do you fall for something like this? If you don’t meet the employer in person, it’s probably a good indication that something isn’t right.”
Want to learn more about the “terms and conditions” to which Profsoyuz customers must agree? Check out a translated version of them here. The document helps explain how the service monetizes credit card fraud for itself and for customers.
If you missed the first segment in this series on reshipping scams, please see Shady Reshipping Centers Exposed, Part I.