Refund fraud schemes promoted on TikTok, Telegram are costing Amazon and other retailers billions of dollars
A UPS seasonal worker delivers packages on Cyber Monday in New York on Nov. 27, 2023.
Stephanie Keith | Bloomberg | Getty Images
Just before midnight on May 4, 2023, police were called to an Amazon warehouse in Chattanooga, Tennessee, to investigate a reported theft.
They were met by a loss prevention employee, who directed them to a warehouse worker named Noah Page, the suspected culprit, according to a police report of the incident that was obtained by CNBC.
When confronted by police, according to the report, Page admitted that he’d marked a customer’s order in Amazon’s internal system as returned even though the products were never actually sent back to the company. Page received $3,500 for his part in the scheme, the report said.
Page didn’t know the customer but had chosen to call him “Ralph,” the report said. Ralph, it turned out, was part of a group named Rekk, an expansive refund fraud organization that targeted major retailers and recruited company employees by promising them a cut of the profits, Amazon alleged in a lawsuit.
Refund fraud, which involves tricking retailers into refunding a customer for a purchase without an item being physically returned, has become so pervasive that groups now market their services on Reddit, TikTok and Telegram. Type in “refund method” — or “r3fund,” to skirt content moderators — on TikTok and videos will pop up of users showing off piles of cash, sneakers and iPhones. One video has the caption, “me after realizing you can get a refund on any Rick Owens if the ‘package never came,'” referring to the minimalist fashion brand. The clip shows a hand endlessly tossing shoes to the ground.
Fraud groups are taking advantage of retailers’ lenient return policies, experts told CNBC, which often include unlimited free returns and sometimes even a preference that customers keep the items. It’s ballooned into a massive problem for retailers, costing them more than $101 billion last year, according to a survey by the National Retail Federation and Appriss Retail. The figure includes multiple forms of fraud, such as sending back clothing after it’s been worn, known as “wardrobing,” and returning shoplifted merchandise, the survey said.
In December, Amazon filed a lawsuit against Page and 47 other people across the globe with alleged ties to Rekk, accusing them of conspiring to steal millions of dollars worth of products in a refund fraud operation. Amazon described these services as “illegitimate ‘businesses'” that look to “exploit the refund process for their own financial gain to the detriment of honest consumers and retailers who must bear the brunt of increased costs, decreased inventory, and service disruption that impacts genuine customers.”
Amazon also suffered more than $700,000 in losses at the hands of another alleged fraud ring in which 10 people were indicted last year, according to documents from a suit filed in 2023.
Robots transport goods to the employees in warehouse at Amazon fulfillment center in Eastvale on Tuesday, Aug. 31, 2021.
the Riverside Press-enterprise | Medianews Group | Getty Images
An Amazon spokesperson said the company is addressing the issue “head on” through specialized teams and machine learning tools that detect and prevent refund fraud. Amazon says its work with law enforcement has led to arrests, the dismantling of organized retail crime groups and civil lawsuits.
“We continue to make progress in identifying and stopping fraud before it happens, as well as dismantling the groups that attempt to damage the integrity of our store and the stores of retailers across the retail industry,” the spokesperson said in a statement.
Here’s how it works: A shopper buys a product online and sends the order information to a group such as Rekk, which then poses as the customer in requesting a refund. Amazon refunds the money to the customer, who then pays the fraud group usually between 15% and 30% of the refund amount, often via PayPal or with bitcoin. That means the customer ends up buying the product for what amounts to a huge discount.
The fraud group then pays the conspiring employee at the retailer, typically a certain amount for a batch of packages the employee scans as returned.
Retailers and law enforcement agencies are catching onto the trend. In September, a 25-year-old man in Michigan, Sajed Al-Maarej, was arrested and charged with conspiracy, wire fraud and mail fraud after he allegedly ran a return fraud service called Simple Refunds that targeted more than 50 retailers. The following month, 10 men were indicted in Oklahoma, charged with conspiracy to commit wire fraud for allegedly operating a refund fraud service named Artemis Refund Group. And a 24-year-old U.K. man was convicted of fraud in December after running the KeptSecrets refund service, which targeted retailers including Amazon, Walmart and Wayfair, according to court documents.
Following the Rekk scheme, Page was arrested when police showed up at the Chattanooga warehouse in May, and he was charged with theft of property worth more than $60,000. He pleaded guilty and was sentenced in November to three years of probation, as well as ordered to pay Amazon $5,000.
Page didn’t respond to requests for comment.
A thriving refund fraud market
For every refund fraud service shut down by law enforcement, swarms of similar groups remain open for business.
CNBC viewed several active refund fraud services on encrypted messaging app Telegram, each with thousands of followers. Updates are posted almost daily of new stores on their services, or new retailers that have been successfully targeted. Amazon and Apple are frequently hit, along with Nike, eBay, Saks Fifth Avenue and Ralph Lauren. Some groups even offer their services for DoorDash and Uber Eats orders, claiming users can “eat for free.”
The groups are highly organized and run like businesses, providing customer service, cataloging orders and creating fake shipping labels. Some sell how-to guides.
A Google form from an active refund fraud service explaining which stores it targets and how much it charges customers.
Source: Google
Fraudsters employ multiple strategies. A common one is to claim a package never arrived so that the retailer issues a refund. According to Amazon’s lawsuit, a Rekk user received a full refund for two MacBook Air laptops after filing a police report falsely claiming the products never arrived.
Mail-in fraud involves a user filling out a company’s return form, but instead of sending back the purchased product, users will mail an empty box or a package filled with junk. In the case of Simple Refunds, Al-Maarej, the man who allegedly operated the group, sent an unnamed retailer “an envelope filled with plastic toy frogs” instead of the tools he claimed he was returning, prosecutors said.
Al-Maarej also recruited employees at UPS and the U.S. Postal Service who either manipulated a package’s tracking history or input false “return to sender” notices to fool the retailer into thinking an item couldn’t be delivered or that it was sent to the wrong address, according to court documents.
Chris Black, an attorney for Al-Maarej, declined to comment. Amazon said its own internal investigation identified Al-Maarej’s scheme and contributed to the eventual indictment.
The company didn’t respond to questions specifically about how it monitors and handles bribery of its employees by ORC and refund fraud groups.
Rekk allegedly used bribes, offering Amazon staffers thousands of dollars a day to approve customer returns for products that were never sent back.
In a text message last year to Page, a Rekk representative said they’d been working with two other Amazon employees for about two months and offered them $4,000 for 30 orders marked as returned, according to court documents.
“They usually do 30 scans per day per shift,” the Rekk user wrote. “Sometimes they choose to do more. So at least 12k a week.”
According to the complaint, Rekk also recruited one of Page’s colleagues at CHA1, Amazon’s name for the Chattanooga facility. Between February 2023 and May 2023, the CHA1 employee allegedly approved product returns for 76 orders at Rekk’s request, causing Amazon to refund over $100,000 to customers, and netting $3,500 from the scheme.
A refund fraud service claims to have access to Amazon insiders in a Telegram post.
Source: Telegram
Amazon said it has tried to address the bribery problem. In its lawsuit against Rekk, the company said it has an internal customer protection and enforcement team made up of attorneys, former prosecutors, and analysts investigating organized crime schemes such as refund fraud. The company has also reportedly fired employees who were allegedly bribed to leak confidential data on third-party sellers.
Cyril Noel-Tagoe, a cybersecurity expert who has studied refund fraud extensively, said the economic incentive for low-wage workers to get involved with these schemes creates a perpetual challenge for retailers.
“If you’re offering an employee much more than they’re getting paid, then it’s quite hard to combat that,” Noel-Tagoe, who works as a principal security researcher at bot detection software company Netacea, told CNBC.
‘All you need is a phone’
Those on the lookout for moneymaking opportunities will find no shortage of promotional videos across social media. For a fee, you can learn how to play the game.
One TikTok video on the topic shows bags of Louis Vuitton, Gucci and Apple products and reads, “[Point of view]: You mastered the art of r3funding and started to teach others.” TikTok clips often serve as advertisements for a user’s Telegram channel that’s linked in the bio of their account.
Similar tactics are used on Reddit.
In the “Illegal Life Pro Tips” forum on Reddit, which is no longer active but counts 1.1 million members, refund scammers shared their tips and tricks. In recent days, Reddit banned an offshoot of that subreddit, called “illegallifeprotips2,” saying it violates the site’s rules “against transactions involving prohibited goods or services.” Users quickly resurfaced on a new subreddit, “ELegalLifeProTips.” After CNBC flagged “ELegalLifeProTips,” Reddit took down the subreddit for violating its ban evasion policy.
In the past, such illicit behavior ran rampant on the dark web and required VPNs and a special browser, said Brittany Allen, a trust and safety architect at fraud detection software company Sift. These days the perpetrators regularly discuss their activities openly on forums and in messaging apps, which Allen described as the “democratization of fraud.”
“You don’t need to be that specialist that can figure out how to find these deep web groups,” Allen said. “All you need is to have a phone that can go to Reddit, or a TikTok account you’re already on, and you’ll potentially be exposed to fraud that doesn’t take as much uplift to participate in.”
Remi Vaughn, a spokesperson for Telegram, told CNBC in an email that the company moderates “harmful content” on its platform, including posts that promote fraud. “Moderators use a combination of proactive moderation on public parts of the platform and accept user reports in order to remove content which breaches Telegram’s terms,” Vaughn added.
A Reddit spokesperson said it uses a combination of automated tooling and human moderators to enforce its content policies, which prohibit users from soliciting or facilitating any transaction that involves fraudulent services.
After CNBC provided TikTok with examples of videos about refund fraud, the company said it removed them for violating its community guidelines. It said it also blocked hashtags that were used to promote refund fraud.
The use of mainstream apps in these schemes has made it easier for investigators to do their work. Noel-Tagoe referenced a case in which a retailer was able to track down an individual whose email address was in an Instagram post.
Allen said she’s been able to identify fraudsters through “vouches,” or screenshots of successful fraudulent returns. Some of the images show order numbers, store pickup locations or cart items, according to Allen, all useful intel for retailers investigating return fraud.
David Johnston, vice president of asset protection and retail operations at the National Retail Federation, said an increasing number of companies are “tightening up their return policies” in response to customer abuse and fraudulent activity.
Delivery workers, for example, are encouraged to photograph a package once it reaches its destination, and retailers are looking more closely for suspicious behavior in analyzing returns.
“There are some retailers that monitor the number of returns you make in-store, and if you return too much too frequently, they might put you on pause,” Johnston said. “We’re starting to see more of that now on the e-commerce side.”
WATCH: The ‘shopping journey will drastically look different’
Elon Musk, CEO of SpaceX and Tesla, attends the Viva Technology conference at the Porte de Versailles exhibition center in Paris on June 16, 2023.
Gonzalo Fuentes | Reuters
Top proxy advisor Institutional Shareholder Services is recommending that Tesla investors vote against a pay plan for CEO Elon Musk that would grant him nearly $1 trillion more in stock.
The “mega performance equity award” to Musk, designed to retain the CEO long-term, “has an astronomical grant value conditioned upon far-reaching performance targets that, if achieved, would create enormous value for shareholders,” ISS wrote on Friday.
Tesla’s 2025 annual shareholder meeting and proxy vote is scheduled for Nov. 5. The company is scheduled to report third-quarter results on Wednesday.
ISS said that while some shareholders may support the pay plan, “there are unmitigated concerns surrounding the special award’s magnitude and design.”
Musk’s plan, if approved, would be the largest ever awarded to a public company CEO. It could could net Musk up to an additional 12% stake in Tesla, should the company hit a market cap of $8.5 trillion and achieve other goals.
Tesla disagreed with the ISS recommendations.
In a post on X, which is owned by Musk, the automaker accused ISS of missing “fundamental points of investing and governance,” and complained that the advisors had previously “recommended against compensation that shareholders have voted on twice before (and that Elon has already earned), as well as the 2025 CEO Performance Award (where Elon receives nothing unless shareholders win big).”
The company urged shareholders to vote with the board’s recommendations on all proposals on the 2025 proxy.
ISS previously advised investors to reject a “ratification” of Musk’s 2018 CEO pay package, which was worth an estimated $56 billion at the time.
The Delaware Court of Chancery ruled early last year that the 2018 pay plan had been improperly granted by the Tesla board and must be rescinded. The ruling said Tesla hid crucial details from shareholders that they were entitled to before voting, and that Musk had controlled the board.
Musk has appealed that court’s decision to the Delaware State Supreme Court, with opening arguments in the appeal heard by a panel of judges this week.
Representatives for ISS declined to comment beyond the report.
ISS, along with Glass Lewis and smaller peers, can influence how shareholders decide to cast their votes at annual elections. Musk accused ISS and Glass Lewis in 2023 of effectively controlling the stock market because of their influence with passive or index funds in some matters. He also baselessly compared ISS to a terrorist organization.
Musk will be able to vote his own shares in the vote concerning his future pay. He holds at least 13.5% of Tesla’s voting power, according to the most recent available disclosures on his stake. Those holdings alone could be enough to secure approval for the nearly $1 trillion pay package.
In September, Musk added to his ownership of Tesla stock buying another $1 billion worth of shares.
Among other ISS recommendations, the firm also suggested that shareholders should vote against giving Tesla’s board authorization to invest in xAI, the AI company that Musk started in March 2023 but only disclosed publicly in July that year. Tesla has sold tens of millions of dollars worth of its Megapack battery energy storage systems to xAI.
ISS also recommended against voting to reinstate Tesla board member Ira Ehrenpreis, a longstanding and close friend of Musk.
In May, Tesla changed its corporate bylaws to limit shareholders’ ability to sue for a breach of fiduciary duties so that only a shareholder that owns at least 3% of the company’s stock can bring what’s called a “derivative” action. Ehrenpreis presided over Tesla’s governance committee at the time that change was made without a shareholder vote.
WATCH: Former Tesla board member says it’s hard to argue with valuation
A demo setup of racks of AI servers connected with Credo cables, displayed at the Open Compute Summit in San Jose, California.
Credo
In July, Elon Musk posted photos from inside an xAI data center called Colossus 2, which the artificial intelligence startup aims to turn into a massive supercomputing facility in Memphis, Tennessee.
Musk’s pictures, posted to his X feed, didn’t show off the pricey Nvidia racks that are filled with powerful graphics processing units. Rather, he focused on the wires behind the servers, including one image with thousands of neatly organized purple cables connecting the computers together.
Those purple cables are the signature offering of Credo, a 17-year-old Silicon Valley-based semiconductor company whose name rarely gets mentioned alongside the leaders of the AI boom.
But Wall Street has taken notice.
Credo shares have more than doubled this year to $143.61 after soaring 245% in 2024. The company’s market cap, which was about $1.4 billion at the time of its IPO in 2022, now sits at close to $25 billion. Credo is angling to position itself as a key supplier in the trillion-dollar AI infrastructure expansion, and is benefiting as the money flows downstream.
The stock jumped 5% on Friday after analysts at JPMorgan Chase initiated coverage with the equivalent of a buy rating and a $165 stock price. They said the active electrical cable (AEC) market, which Credo pioneered, is on pace to hit $4 billion by 2028, as all the major hyperscalers invest in data center buildouts.
“The industry outlook is supported by increasing deployments from major companies such as Amazon, Microsoft, and xAI as well as broadening adoption, including Meta and more,” the analysts wrote. They predict annualized revenue growth for Credo of at least 50% through 2028.
Revenue in fiscal 2025, which ended in early May, more than doubled to $436.8 million. The company also turned profitable, recording net income of $52.2 million after losing $28.4 million the prior year. Analysts are expecting sales to more than double again in fiscal 2026 to almost $1 billion, according to LSEG.
Credo’s purple AECs cost between $300 and $500 each, depending on bulk discounts and other negotiations, according to an estimate from the 650 Group, an industry researcher. They are sturdy, moderately thick copper cables wrapped in a braided covering with big connectors containing chips on each side.
Much of the excitement around Credo is driven by the AI boom, which to this point has been driven by a handful of hyperscalers that are rapidly building data centers for future expected workloads. Analysts expect $1 trillion in spending on AI data centers by 2030, but any pullback from the major cloud providers or scaling back in OpenAI’s plans could hurt many suppliers, including Credo.
For now, projections are way up and to the right.
Expanding opportunity
Previous servers typically had one or two processors on a motherboard. Individual servers today can have up to eight, and the most powerful AI models require potentially millions of GPUs all working together as one.
Each GPU needs its own connection to the switch, the term for a computer that routes data around the cluster, often mounted on the top of a server rack.
Nvidia’s latest products slot several of these boards together to comprise a system with 72 GPUs. Next year’s fastest racks will have twice as many, and the following year, a Kyber rack will have 572 GPUs, Nvidia says.
“In the past, Credo’s opportunity was one cable per server, but now Credo’s opportunity is nine cables per server,” said Alan Weckel, an analyst at 650 Group. He estimates that Credo has 88% of the market for AECs, which are also made by Astera Labs and Marvell.
Many GPUs are connected by fiber optic cables powered by components made by companies like Broadcom and Coherent. AECs offer an alternative to fiber optic cables. They have chips called digital signal processors on both sides that use sophisticated algorithms to pull data out of the cable, enabling much longer lengths than traditional copper cables. Credo’s longest AEC is seven meters long.
Credo CEO Bill Brennan, who joined the company in 2013, told CNBC that hyperscalers are choosing his company’s cables because they’re more reliable than fiber optic cables. He said customers are trying to avoid what’s called a “link flap,” where one part of an AI cluster goes offline because the optical cable connecting them fails, costing hours of pricey GPU time.
“It can literally shut down an entire data center,” Brennan said.
He said Credo is increasingly working with hyperscalers in the early stages of planning large AI clusters, especially as some designs become denser, allowing more servers to be connected by shorter cables.
“When you connect with these hyperscalers, the numbers are very large,” Brennan said.
Credo’s AEC leadership team, Hal Hawthorne, Don Barnetson, Ameet Suri, and Ryan Cai.
Corey Bentley, Credo
The company doesn’t name its hyperscaler clients, but analysts have cited Amazon and Microsoft as customers. Amazon Web Services CEO Matt Garman posted an image on LinkedIn of the company’s Trainium AI chip racks on Friday that appeared to show Credo’s purple cables.
Credo says it expects three or four customers to make up more than 10% of revenue each in the coming quarters, including two new hyperscale customers this year.
Amazon and Microsoft declined to comment. Meta and xAI didn’t respond to requests for comment.
At a conference for data center professionals in San Jose this week, Credo presented alongside a representative from Oracle Cloud. An example rack of Nvidia GPUs designed by Meta displayed at the show prominently featured Credo’s purple cables.
“Every time you see a new announcement of a gigawatt data center, you can rest assured that we view that as an opportunity,” Brennan told investors on an earnings call in September.
It’s a market that everyone in AI networking is targeting.
Analysts at TD Cowen estimated earlier this month that the market for AI networking chips could be worth $75 billion per year by 2030. Major players include Nvidia and Advanced Micro Devices, which both have their own networking businesses and have the power to dictate which technologies are part of their broader systems.
‘Insatiable demand’
Credo was founded in 2008 by a group of ex-Marvell engineers, who developed chips for a relatively arcane technology called SerDes, which is used for high-speed chip-to-chip connections.
Brennan’s job, when he joined in 2013, was to commercialize the technology. The company raised its first round of venture funding in 2015 from investors including Walden International, which was run by Lip-Bu Tan, now Intel’s CEO.
Christina Locopo | CNBC
The AEC business didn’t take off until the AI boom in the early 2020s, because data centers didn’t yet need its technology, Brennan said.
However, there was early excitement in the air when Musk’s car company came knocking in 2017. Tesla wanted help with its Dojo AI supercomputer and needed chips with more bandwidth than what was available at the time.
Now, Credo is hoping to use its foothold with its active copper cables to branch out into additional product lines, including intra-rack connections, or what’s called “scale-up” networking. The company announced new transceivers and software for optical cables this week.
“You’ve got this market pull like we’ve never had before,” Brennan said. “If you could deliver the next generation right now, it would be consumed. Generation after that, it would be consumed. You’ve got this insatiable demand from the AI cluster world.”
WATCH: OpenAI in Abilene, Texas
-
Sports3 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports2 years agoStory injured on diving stop, exits Red Sox game
-
Sports2 years agoGame 1 of WS least-watched in recorded history
-
Sports3 years agoButton battles heat exhaustion in NASCAR debut
-
Sports3 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports4 years ago
Team Europe easily wins 4th straight Laver Cup
-
Environment2 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Environment1 year agoHere are the best electric bikes you can buy at every price level in October 2024