Online shopping fraud – a winter tale that always ends with fraudsters behind bars

news

A coordinated crackdown on e-commerce fraud has seen 59 scammers arrested and new investigative leads triggered all across Europe as part of the 2022 e-Commerce Action (eComm 2022). 

  • Safe sales safe revenue

The month-long (1-31 October 2022) operation saw 19 countries take part in this clampdown on the criminal networks using stolen credit card information to order high-value goods from online shops.  

The action was coordinated by Europol’s European Cybercrime Centre (EC3) and the Merchant Risk Council. It received the direct assistance from merchants, logistic companies, banks and payment card schemes. 

After several months of preparation, law enforcement authorities in participating countries raided the locations where illegally purchased goods had been delivered, arresting the suspects and confiscating the fraudulently purchased goods. Evidence was built to support the cases all the way to prosecuting the suspects. Investigations are still ongoing in various countries, with more arrests expected in the coming weeks.

Participating countries 

Albania, Austria, Bosnia-Herzegovina, Colombia, Czech Republic, Finland, France, Georgia, Germany, Greece, Hungary, Latvia, Poland, Portugal, Romania, Slovak Republic, Spain, Sweden and United Kingdom 

Changing attack vectors 

Even if payments online are generally very secure, mostly thanks to Secure Customer Authentication (SCA) methods widely implemented in Europe, criminals are continuously altering their techniques to unlock new ways of stealing money. 
The findings of eComm 2022 have identified the following key threats to the e-commerce sector: 

  • Phishing, vishing and smishing fraud: Stolen credit card numbers are often obtained through phishing/vishing/smishing attacks whereby criminals contact people by phone, text messages, messaging apps or email and attempt to convince them to hand over their credit card information. Sometimes these attacks promise a reward, other times they impersonate a trusted business or a government agency.
  • Account takeover fraud: This fraud occurs when a criminal gains access to a user’s account on an ecommerce store. This can be achieved through a variety of methods, including purchasing stolen passwords, security codes, or personal information on the dark web or successfully implementing a phishing scheme against a particular customer. Once they have gained access to a user’s account, criminals can engage in fraudulent activity. For instance, they can change the details of a user’s account, make purchases on ecommerce stores, can withdraw funds, and can even gain access to other accounts for this user.
  • Triangulation fraud: This type of fraud happens when online criminals set up a fake or replica website and entice buyers with cheap goods. Sometimes these fake websites may appear in ads, or be sent to a user’s email directing to the website through a phishing attempt. The catch is that these goods don’t actually exist, or of course are never shipped.

 

How to fight back against e-commerce fraud 

Through an awareness campaign launching today, law enforcement across Europe are teaming up with Europol and the Merchant Risk Council to share practical advice on how to outwit criminals trying to abuse the online shopping experience. 

The aim of the campaign is to make e-commerce more secure by promoting safe online purchasing methods and by helping new merchants to open their online shop without the risk of cyberattacks.

Participating countries and partners will promote the campaign through their social media channels using the #SellSafe hashtag to help merchants understand the risks of e-commerce fraud.

Tips to protect your e-business:

  • Ensure all your employees are aware of the fraud issues affecting online stores.
  • Stay up to date on the types of payment fraud affecting businesses and have the tools in place to prevent them. Your national payments organisation will have details on payment fraud types.
  • Get to know your customers in order to be able to verify their payments.

Tips for online shoppers:

  • Never send your card number, PIN or any other card information to anyone by e-mail.
  • Never send money to anyone you don’t know.
  • Always save all documents related to your online purchases.
  • If you are not buying anything, don’t submit your card details.
  • Check your online banking service regularly. Notify your bank immediately if you see payments or withdrawals that you have not made yourself.

 

Find more tips on how to protect your business from e-fraudsters.

Read more general advice on how to shop safely online.
 

Tags

Empact

The European Multidisciplinary Platform Against Criminal Threats (EMPACT) tackles the most important threats posed by organised and serious international crime affecting the EU. EMPACT strengthens intelligence, strategic and operational cooperation between national authorities, EU institutions and bodies, and international partners. EMPACT runs in four-year cycles focusing on common EU crime priorities.