FTC: Scammers Stole Millions Using Micro Charges to Credit Cards
June 28, 2010
[Virtual office fraud, front companies]
According to court documents filed (.pdf) in the U.S. District Court for the Northern District of Illinois, the scammers — identified only as “John Does” in the complaint — recruited money mules through a spam campaign that sought to hire a U.S.-based financial manager for an international financial services company.
Mules who responded to the ad and were chosen for the task opened multiple bank accounts and about 100 limited liability companies for the scammers, which were then used to make the fraudulent charges and launder money to bank accounts in Cyprus and several Eastern European countries, including Estonia and Lithuania.
Front companies set up by the mules included Albion Group, API Trade, ARA Auto Parts Trading, Data Services, New York Enterprizes, and SMI Imports, among others.
The scammers then purchased domain names and set up phone numbers and virtual office addresses for the front companies through services such as Regus. They used this information — along with federal tax ID numbers stolen from legitimate companies with similar names — to apply for more than 100 merchant accounts with credit card processors, such as First Data.
According to IDG,
They used another legitimate virtual business service — United World Telecom’s CallMe800 — to have phone calls forwarded overseas. To further make it seem as though their companies were legitimate, the scammers would set up fake retail Web sites. And when credit card processors asked them to provide information about company executives, they handed over legitimate names and social security numbers, stolen from ID theft victims.
When they had to log into payment processor Web sites, they would do this from IP addresses that were located near their virtual offices, again evading payment processor fraud detection services.