A coordinated crackdown on e-commerce fraud has seen 59 scammers arrested and new investigative leads triggered across Europe as part of the 2022 e-Commerce Action (eComm 2022).
The month-long operation saw 19 countries take part in this clampdown on criminal networks, using stolen credit card information to order high-value goods from online shops.
The action was coordinated by Europol’s European Cybercrime Centre (EC3) and the Merchant Risk Council. It received direct assistance from merchants, logistics companies, banks and payment card schemes.
After several months of preparation, law enforcement authorities in participating countries raided the locations where illegally purchased goods had been delivered, arresting the suspects and confiscating the fraudulently purchased goods. Evidence was built to support the cases all the way to prosecuting the suspects. Investigations are still ongoing in various countries, with more arrests expected in coming weeks.
Countries that participated in the joint operation included Albania, Austria, Bosnia-Herzegovina, Colombia, Czech Republic, Finland, France, Georgia, Germany, Greece, Hungary, Latvia, Poland, Portugal, Romania, Slovak Republic, Spain, Sweden and United Kingdom.
The findings of eComm 2022 identified the following key threats to the e-commerce sector:
- Phishing, vishing and smishing fraud: Stolen credit card numbers are often obtained through phishing/vishing/smishing attacks whereby criminals contact people by phone, text messages, messaging apps or email and attempt to convince them to hand over their credit card information. Sometimes these attacks promise a reward, other times they impersonate a trusted business or a government agency.
- Account takeover fraud: This fraud occurs when a criminal gains access to a user’s account on an e-commerce store. This can be achieved through a variety of methods, including purchasing stolen passwords, security codes, or personal information on the dark web, or successfully implementing a phishing scheme against a particular customer. Once they have gained access to a user’s account, criminals can engage in fraudulent activity. For instance, they can change the details of a user’s account, make purchases in e-commerce stores, withdraw funds, and even gain access to other accounts for this user.
- Triangulation fraud: This type of fraud happens when online criminals set up a fake or replica website and entice buyers with cheap goods. Sometimes these fake websites may appear in adverts, or be sent to a user’s email directing to the website through a phishing attempt. The catch is that these goods don’t actually exist or are never shipped.
Europol and the Merchant Risk Council have launched a campaign #SellSafe to help merchants understand the risks of e-commerce fraud and offered the following tips to protect your e-business:
- Ensure all your employees are aware of the fraud issues affecting online stores.
- Stay up to date on the types of payment fraud affecting businesses and have the tools in place to prevent them. Your national payments organisation will have details on payment fraud types.
- Get to know your customers to be able to verify their payments.
The campaign warns online shoppers never to send a card number, PIN or any other card information to anyone by email, to always save all documents related to online purchases, and to check bank statements regularly for any suspicious payments or withdrawals.
