UCL logo

UCL Discovery

UCL home » Library Services » Electronic resources » UCL Discovery

Drops for stuff: An analysis of reshipping mule scams

Hao, S; Borgolte, K; Nikiforakis, N; Stringhini, G; Egele, M; Eubanks, M; Krebs, B; (2015) Drops for stuff: An analysis of reshipping mule scams. In: Ray, I and Li, N and Kruegel, C, (eds.) CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. (pp. pp. 1081-1092). Association for Computing Machinery (ACM): New York, NY, USA. Green open access


Download (2MB) | Preview


Credit card fraud has seen rampant increase in the past years, as customers use credit cards and similar financial instruments frequently. Both online and brick-and-mortar outfits repeatedly fall victim to cybercriminals who siphon off credit card information in bulk. Despite the many and creative ways that attackers use to steal and trade credit card information, the stolen information can rarely be used to withdraw money directly, due to protection mechanisms such as PINs and cash advance limits. As such, cybercriminals have had to devise more advanced monetization schemes towork around the current restrictions. One monetization scheme that has been steadily gaining traction are reshipping scams. In such scams, cybercriminals purchase high-value or highly-demanded products from online merchants using stolen payment instruments, and then ship the items to a credulous citizen. This person, who has been recruited by the scammer under the guise of "work-from-home" opportunities, then forwards the received products to the cybercriminals, most of whom are located overseas. Once the goods reach the cybercriminals, they are then resold on the black market for an illicit profit. Due to the intricacies of this kind of scam, it is exceedingly difficult to trace, stop, and return shipments, which is why reshipping scams have become a common means for miscreants to turn stolen credit cards into cash. In this paper, we report on the first large-scale analysis of reshipping scams, based on information that we obtained from multiple reshipping scam websites. We provide insights into the underground economy behind reshipping scams, such as the relationships among the various actors involved, the market size of this kind of scam, and the associated operational churn. We find that there exist prolific reshipping scam operations, with one having shipped nearly 6,000 packages in just 9 months of operation, exceeding 7.3 million US dollars in yearly revenue, contributing to an overall reshipping scam revenue of an estimated 1.8 billion US dollars per year. Finally, we propose possible approaches to intervene and disrupt reshipping scam services.

Type: Proceedings paper
Title: Drops for stuff: An analysis of reshipping mule scams
Event: 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS '15)
ISBN-13: 9781450338325
Open access status: An open access version is available from UCL Discovery
DOI: 10.1145/2810103.2813620
Publisher version: http://dx.doi.org/10.1145/2810103.2813620
Language: English
Additional information: Copyright © The Authors 2015.
URI: http://discovery.ucl.ac.uk/id/eprint/1470377
Downloads since deposit
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item