Reshipping
This joint initiative is focused on developing intelligence regarding the concealment of the true recipients of merchandise purchased with stolen payment credentials. Taking over existing legitimate shipping accounts through a variety of online methods, shipping fraud, reshipping, and the credit card fraud associated with it currently cost the US economy almost $1 billion per year. This has a direct adverse impact on the US Postal Service in particular.
In 2009, the NCFTA met several times with UPS, FedEx, the US Postal Service, and federal LE to reach agreement on establishing an information sharing protocol and legal framework, whereby information, such as Internet Protocol (IP) addresses involved in shipping fraud, will be centrally collected at the NCFTA and made available to these entities for e-channel mitigation through authentication controls. This information as well as threat assessments will be shared with LE and is vital in developing investigative cases that will effectively neutralize the largest reshipment threat actors. This initiative is a re-tooled version of Operation RELEAF (Retailers & Law Enforcement Against Fraud), which was a joint (LE & online merchant) initiative developed in 2001, in coordination with the Internet Crime Complaint Center (IC3). In support of this project, a secure (Closed/vetted) listserv was established through which a growing contingent of partners from e-commerce, Government and LE (domestic & international) could share timely threat/incident intelligence. This group has now grown to more than 300 global participants.
Summary Objectives:
- Develop and implement a new tiered membership based business model to assure adequate participation and funding of this initiative.
- Host 2-3 Focus group meetings/annually to develop and refine joint strategy, including near and long term objectives.
- Enlist support of primary federal LE partners including USPIS, FBI, DHS-ICE and the FTC.
- Enlist State Agency partners including the National Association of Attorneys General (NAAG) and the IACP.
- Develop timely threat /actor assessments together with industry and LE partners.
- Development timely demographic threat assessments including challenges (gaps) associated with enforcement in various non-US venues.
NCFTA Cyber Alerts
Tax Refund Spam
Individuals should be vigilant of emails concerning tax refunds. Fraudsters consistently send spam appearing to be from the IRS and financial institutions containing a link to a phishing website and/or malware typically during tax season in the US. Fraudsters then attempt to either socially engineer potential victims and/or infect their computers in order to gain [...]
Email Compromise and Wire Fraud
The NCFTA, along with its law enforcement and industry partners, has observed that cyber criminals are gaining access to compromised email accounts and leveraging the relationship between the email account holder and their financial advisor to request unauthorized wire transfers. The criminals either use the existing email address or slightly change the email address by adding or supplementing a letter or number. The criminals then typically attempt to socially engineer the advisor through stories of hardship or loss in order to justify the wire transfer.
Once the criminals have verified the amount in the account, they request that funds be sent to bank accounts in the US, Australia, and Malaysia. Some of the funds sent to US and Australian accounts have ultimately been sent to Malaysian accounts. Some of the money mules were recruited by romance scams on dating websites. Banks, brokerage firms, and credit unions of all sizes have been affected by this scam.
Please see http://www.ic3.gov/media/2012/EmailFraudWireTransferAlert.pdf for additional information on this scam and guidance on how to report such incidents to law enforcement.