How do ordinary people become pawns in the game of experienced scammers?
Recently, cybersecurity experts hacked one of the largest cybercrime services involved in money laundering by sending goods purchased using stolen credit cards. The hack allowed researchers to gain information about the internal structure, finances, and organization of the fraudulent service.
The service, called SWAT USA Drop, involves more than 1,200 people in the United States who knowingly or unwittingly participate in reshipping high-value consumer goods purchased with stolen credit cards.
Services such as SWAT are widely known on cybercrime forums and operate on a "Drops for stuff" basis.
"Drops" are people who have responded to ads for work at home for sending parcels posted on sites with ads and job search. Employers promises of salary and bonuses are usually not fulfilled, and communication with people (drops) is cut off on the eve of the payment day. Only scammers, who are also "staffers", remain in the black here.
Drops check and pack packages sent on invoices paid for with stolen credit card numbers. The SWAT service charges a commission of up to 50%, where staffer scammers armed with stolen credit card numbers pay part of the retail price of the product as a transfer fee.
SWAT USA Drop has been operating for almost a decade under various names and owners. Recently, the current co-owner of the service under the pseudonym "Fearlless" accused the owner of a competing service of hacking and trying to poach its staffers and drops.
The American company Hold Security shared screenshots of the SWAT stauffer user panel, which indicates that more than 1,200 drops are registered in the United States. One of the drops, Kareem from Maryland, who sent an iPad and an Apple Watch, was shocked to learn that his salary promised in the next few days might not be paid.
Karim was instructed to register on the website "portal-ctsi [.] com" in order to check cargo reports on a daily basis. Anyone can register on this site as a potential "mule", although this requires providing personal and financial information, as well as copies of personal documents.
Checking the source code of the "portal-ctsi[.]com" page revealed dozens of other sites with the same login panel, all of which are apparently designed to interact with stuffers or drops.
Constant updating of the drop database is required due to the fact that they are suspended approximately 30 days after the first shipment-just before the promised salary payment. This is necessary for continuous recruitment of new members and ensuring functioning even when one of the sites is closed.
A 2015 study found that the average loss from forwarding fraud is over a thousand US dollars per person, and the total damage from such fraud is estimated at $1.8 billion per year.
Hacking "SWAT USA Drop" revealed not only the pseudonyms and contact information of all staffers and drops, but also the monthly income and payments of the group. A Google spreadsheet of financial data has been made publicly available, showing that Fearlless and its business partner received more than $100,000 a month running their businesses.
The leak also revealed the identity and financial transactions of the main owner - "Fearlless", also known as "SwatVerified".
In the future, we will probably hear more about the details of this fraudulent service, because the investigation of its activities has only just begun to gain momentum.
Recently, cybersecurity experts hacked one of the largest cybercrime services involved in money laundering by sending goods purchased using stolen credit cards. The hack allowed researchers to gain information about the internal structure, finances, and organization of the fraudulent service.
The service, called SWAT USA Drop, involves more than 1,200 people in the United States who knowingly or unwittingly participate in reshipping high-value consumer goods purchased with stolen credit cards.
Services such as SWAT are widely known on cybercrime forums and operate on a "Drops for stuff" basis.
"Drops" are people who have responded to ads for work at home for sending parcels posted on sites with ads and job search. Employers promises of salary and bonuses are usually not fulfilled, and communication with people (drops) is cut off on the eve of the payment day. Only scammers, who are also "staffers", remain in the black here.
Drops check and pack packages sent on invoices paid for with stolen credit card numbers. The SWAT service charges a commission of up to 50%, where staffer scammers armed with stolen credit card numbers pay part of the retail price of the product as a transfer fee.
SWAT USA Drop has been operating for almost a decade under various names and owners. Recently, the current co-owner of the service under the pseudonym "Fearlless" accused the owner of a competing service of hacking and trying to poach its staffers and drops.
The American company Hold Security shared screenshots of the SWAT stauffer user panel, which indicates that more than 1,200 drops are registered in the United States. One of the drops, Kareem from Maryland, who sent an iPad and an Apple Watch, was shocked to learn that his salary promised in the next few days might not be paid.
Karim was instructed to register on the website "portal-ctsi [.] com" in order to check cargo reports on a daily basis. Anyone can register on this site as a potential "mule", although this requires providing personal and financial information, as well as copies of personal documents.
Checking the source code of the "portal-ctsi[.]com" page revealed dozens of other sites with the same login panel, all of which are apparently designed to interact with stuffers or drops.
Constant updating of the drop database is required due to the fact that they are suspended approximately 30 days after the first shipment-just before the promised salary payment. This is necessary for continuous recruitment of new members and ensuring functioning even when one of the sites is closed.
A 2015 study found that the average loss from forwarding fraud is over a thousand US dollars per person, and the total damage from such fraud is estimated at $1.8 billion per year.
Hacking "SWAT USA Drop" revealed not only the pseudonyms and contact information of all staffers and drops, but also the monthly income and payments of the group. A Google spreadsheet of financial data has been made publicly available, showing that Fearlless and its business partner received more than $100,000 a month running their businesses.
The leak also revealed the identity and financial transactions of the main owner - "Fearlless", also known as "SwatVerified".
In the future, we will probably hear more about the details of this fraudulent service, because the investigation of its activities has only just begun to gain momentum.
Last edited:
