NBCS helps disrupt ‘friendly fraud’ and urges businesses to be vigilant

With the annual online frenzy that is Black Friday and Cyber Monday on the immediate horizon (24th and 27th November) a warning has been issued to retailers and courier businesses to check their return processes after a sophisticated and audacious fraud which scammed hundreds of thousands of pounds in bogus refund claims was uncovered by the National Business Crime Solution (NBCS).

The NBCS, a not-for-profit data and intelligence sharing organisation, which described the scam as the ‘almost perfect crime’, is now warning businesses to check their goods lost in transit’ (GLIT) refund data to make sure they too do not fallen victim to the socially engineered deception which is almost impossible to detect.

After one of NBCS’s retail member raised suspicions about anomalous patterns in courier-related refund claims linked to GLIT, NBCS began an investigation utilising its Claims Detect Online (CDO) software which works by monitoring thousands of transactions to identify and disrupt the growing trend of refund fraud before instigating civil recovery claims on behalf of multiple high street retailers.

These specific incidents of so-called ‘friendly fraud’ work through third parties or moderators who advertise their ‘fraud as a service’ (FaaS) scam across social media after having obtained access to the courier company’s confidential tracking details by using social engineering deception techniques.

NBCS discovered that once inside the tracking software the fraudsters have been able to manipulate the proof of delivery data such as the GPS tracking and even the doorstep drop off photographs to make it look like a different property.

The customer then makes a ‘GLIT’ or goods not received claim, keeps the product for themselves or re-sale on the black market and then obtains a full refund – the result being that the retailer where the order was placed is twice out of pocket while the courier business is out of favour.

The middleman fraudsters who market their service through non-regulated social media platform Telegram, as well as closed Facebook groups, then take their percentage, as much as 20 per cent of the refund through cryptocurrency accounts which are notoriously difficult to monitor.

Impacted courier companies are now tightening access procedures to their handheld device pin numbers that record proof of delivery to prevent it falling into the wrong hands and mandating NBCS to target the fraudsters by infiltrating the social media platform forums and then instigating civil recovery claims against those involved through CDO.

The known fraud that has come to light so far from the scam is more than £395,000 in refunds for one company alone, claims which have now been challenged and recouped by NBCS on behalf of the retailers in question through civil recovery claims which include the threat of County Court Judgements (CCJs) for failure to comply with the order.

“It was almost the perfect crime with fraudsters able to create an eco-system whereby those purchasing their service receive their ordered goods and then get a complete refund, and almost without leaving a trace,” said Lyndsey Owen, the online fraud and risk specialist at NBCS.

“They are in the position of either to keep the goods for themselves or sell them on the black market and no one is the wiser while the courier company takes all of the blame,” she added.

“Once the refund has been received the moderator who has been able to manipulate the delivery data receives their cut, often through difficult to trace cryptocurrency.”

NBCS which has passed the detailed evidence package to Action Fraud and for investigation is now urging other retailers and courier companies to analyse their own refund data.

“What we have uncovered is likely to be the tip of a very large iceberg – other retailers will be targeted and at present will not be aware of this sophisticated hack.”

They are making thousands of pounds through hundreds of willing customers investing in these FaaS scams who do not believe they are doing anything wrong as it is been done through a third party.

It is seen as a proxy crime where others are taking the risk by exploiting loopholes and system vulnerabilities.

The courier company who formed part of the investigation – although there are likely to be more delivery business impacted – is now also working with Action Fraud and the National Cyber Security Centre and has launched a dedicated taskforce within its own business to crackdown on the practice.

These bogus refund claims which ultimately increase the cost to business and will ultimately be passed on to legitimate customers are still seen by many people involved as a victimless crime, especially during a cost-of-living crisis where families are struggling to make ends meet.

“We issued one civil recovery demand on behalf of one of our members for almost £20,000, it was paid straight away in full to avoid us taking it to the next level of a CCJ and us launching a criminal prosecution.

“In a world where many civil recovery claims for a few hundred pounds are negotiated to repayments in instalments, who can afford to re-pay such sums straight away other than those with the kind of deep pockets created from the proceeds of crime.

“With Black Friday and Cyber Monday on the immediate horizon, retailers need to be aware of these scams and check their own refund processes to makes sure they don’t get caught out’” she added.

Anyone who wishes to explore their own suspicious claims can contact NBCS which can deploy CDO to analysis their refund data and, if necessary, instigate civil recovery claims to re-coup losses and disrupt online fraud activities.

Back to news articles