Millions Stolen In PayPal And eBay Web Theft Scam

Two Foreign exchange students from Vietnam are accused of being mules for an international identity theft ring believed to have stolen millions of dollars from online merchants, according to an affidavit filed by federal investigators in Minnesota district court.

The affidavit sought a search warrant to raid the home of two Vietnamese exchange students attending Minnesota’s Winona State University. During the resulting raid, federal agents from the Department of Homeland Security’s Immigration and Customs Enforcement unit seized documents and computer equipment, according to the Minnesota Star Tribune.

Vietnamese Underground Economy

The Department of Homeland Security affidavit, signed by Daniel Schwarz, claimed students Tram Vo and Khoi Van were money transfer mules and made more than $1.2 million using eBay to sell products purchased with stolen credit card numbers. The affidavit laid out the case for wire fraud, identity theft and money laundering against the students, who have not yet been formally charged, according to public records. The third person living at the house Vinh Dong was not named as part of the cyber-crime ring.

DHS’s Cyber Crimes Center was already investigating the “underground economy” involving criminal rings based in Vietnam that were committing Internet financial fraud, said Schwarz. The amount of money stolen in this criminal enterprise is “estimated to exceed hundreds of millions of dollars,” Schwarz said in the filing.

Agents have been investigating the online scam, dubbed “Operation eMule” since September 2009, according to the affidavit. The swindle involved criminals setting up eBay and PayPal accounts under other people’s names and offering popular, expensive products at discounted prices, such as $400 Rosetta Stone software and iTunes gift cards.

When legitimate buyers bought the products using PayPal, the scammers ordered the items using the stolen credit card numbers directly from the manufacturer and shipped them. By the time the original credit card owner finds and reports the fraudulent transactions, it is already too late as the money has already left PayPal and moved into another bank account, and then sent offshore to Canada or Vietnam.

“The criminal ring makes online purchases from e-commerce merchants using stolen credit card information and then utilises an elaborate network of mules based in the United States,” wrote Schwarz.

The legitimate buyer received the product they ordered, but online merchants lose the money and the credit card owner is left to resolve the credit card fraud and accounts at eBay and PayPal, according to the document. The affidavit named several major companies that have been hit by this scam, including eBay, PayPal, Amazon, Apple, Dell and Verizon Wireless.

The cyber-criminals relied heavily on the Internet to perpetuate this fraud, said Schwarz, noting that all the accounts were opened online, often using proxy IP addresses to hide the user’s origin. The personal information used to open up the accounts were obtained by hacking into people’s computers or merchant databases, he said. In some cases, the credit card numbers were purchased from underground online marketplaces.

Investigators found 56 PayPal accounts that were opened under various individuals’ names located through the US with Vo’s name and address listed, and 24 eBay accounts linked to those accounts, the affidavit said. Over $247,000 passed through those accounts. PayPal records also linked Van to 310 accounts that handled approximately $1 million and were linked to 157 eBay accounts. They were also linked to bank accounts at Wells Fargo, Capital One, Eastwood, and HSBC with deposits totalling approximately $900,000, of which approximately $680,000 was wired overseas, the investigators found.

When PayPal froze some accounts “due to suspected fraudulent activity,” Vo and Van generated copies of fake passports, utility bills, and bank statements using a software called GFI FAXmaker, to get the funds released, according to the affidavit.