Refund fraud as a service, which allows consumers to outsource refund fraud to professional social engineers, is highly impactful to e-commerce stores. As consumer-facing criminal services, refund fraud-as-a-service operations prioritize ease of use for their customers. Fiat currency and widely accessible cryptocurrencies (e.g., Bitcoin or Ethereum) are often allowed as payment methods instead of privacy focused cryptocurrencies which may be harder for consumers to acquire.
Until recently, there was an impression that it was impossible to trace and retrieve cryptocurrency that had been used for illicit purposes. However, after Colonial Pipeline paid 75 bitcoins to restore its systems from a devastating ransomware attack, the DoJ and FBI managed to recover 63.7 bitcoins by tracing the funds through cryptocurrency wallets. This highlighted the viability of cryptocurrency investigations to unmask criminal perpetrators and retrieve funds.
In this session we share our insights from a real-world cryptocurrency investigation we conducted into a notable refund fraud as a service operation. We will showcase how we used open-source tools to quantify their operations from dark web bitcoin scams, to refund fraud-as-a-service, and even NFTs, and ultimately attributed the members of the group to wallets which enforce Know Your Customer.