Refund fraud schemes promoted on TikTok, Telegram are costing Amazon and other retailers billions of dollars
A UPS seasonal worker delivers packages on Cyber Monday in New York on Nov. 27, 2023.
Stephanie Keith | Bloomberg | Getty Images
Just before midnight on May 4, 2023, police were called to an Amazon warehouse in Chattanooga, Tennessee, to investigate a reported theft.
They were met by a loss prevention employee, who directed them to a warehouse worker named Noah Page, the suspected culprit, according to a police report of the incident that was obtained by CNBC.
When confronted by police, according to the report, Page admitted that he’d marked a customer’s order in Amazon’s internal system as returned even though the products were never actually sent back to the company. Page received $3,500 for his part in the scheme, the report said.
Page didn’t know the customer but had chosen to call him “Ralph,” the report said. Ralph, it turned out, was part of a group named Rekk, an expansive refund fraud organization that targeted major retailers and recruited company employees by promising them a cut of the profits, Amazon alleged in a lawsuit.
Refund fraud, which involves tricking retailers into refunding a customer for a purchase without an item being physically returned, has become so pervasive that groups now market their services on Reddit, TikTok and Telegram. Type in “refund method” — or “r3fund,” to skirt content moderators — on TikTok and videos will pop up of users showing off piles of cash, sneakers and iPhones. One video has the caption, “me after realizing you can get a refund on any Rick Owens if the ‘package never came,'” referring to the minimalist fashion brand. The clip shows a hand endlessly tossing shoes to the ground.
Fraud groups are taking advantage of retailers’ lenient return policies, experts told CNBC, which often include unlimited free returns and sometimes even a preference that customers keep the items. It’s ballooned into a massive problem for retailers, costing them more than $101 billion last year, according to a survey by the National Retail Federation and Appriss Retail. The figure includes multiple forms of fraud, such as sending back clothing after it’s been worn, known as “wardrobing,” and returning shoplifted merchandise, the survey said.
In December, Amazon filed a lawsuit against Page and 47 other people across the globe with alleged ties to Rekk, accusing them of conspiring to steal millions of dollars worth of products in a refund fraud operation. Amazon described these services as “illegitimate ‘businesses'” that look to “exploit the refund process for their own financial gain to the detriment of honest consumers and retailers who must bear the brunt of increased costs, decreased inventory, and service disruption that impacts genuine customers.”
Amazon also suffered more than $700,000 in losses at the hands of another alleged fraud ring in which 10 people were indicted last year, according to documents from a suit filed in 2023.
Robots transport goods to the employees in warehouse at Amazon fulfillment center in Eastvale on Tuesday, Aug. 31, 2021.
the Riverside Press-enterprise | Medianews Group | Getty Images
An Amazon spokesperson said the company is addressing the issue “head on” through specialized teams and machine learning tools that detect and prevent refund fraud. Amazon says its work with law enforcement has led to arrests, the dismantling of organized retail crime groups and civil lawsuits.
“We continue to make progress in identifying and stopping fraud before it happens, as well as dismantling the groups that attempt to damage the integrity of our store and the stores of retailers across the retail industry,” the spokesperson said in a statement.
Here’s how it works: A shopper buys a product online and sends the order information to a group such as Rekk, which then poses as the customer in requesting a refund. Amazon refunds the money to the customer, who then pays the fraud group usually between 15% and 30% of the refund amount, often via PayPal or with bitcoin. That means the customer ends up buying the product for what amounts to a huge discount.
The fraud group then pays the conspiring employee at the retailer, typically a certain amount for a batch of packages the employee scans as returned.
Retailers and law enforcement agencies are catching onto the trend. In September, a 25-year-old man in Michigan, Sajed Al-Maarej, was arrested and charged with conspiracy, wire fraud and mail fraud after he allegedly ran a return fraud service called Simple Refunds that targeted more than 50 retailers. The following month, 10 men were indicted in Oklahoma, charged with conspiracy to commit wire fraud for allegedly operating a refund fraud service named Artemis Refund Group. And a 24-year-old U.K. man was convicted of fraud in December after running the KeptSecrets refund service, which targeted retailers including Amazon, Walmart and Wayfair, according to court documents.
Following the Rekk scheme, Page was arrested when police showed up at the Chattanooga warehouse in May, and he was charged with theft of property worth more than $60,000. He pleaded guilty and was sentenced in November to three years of probation, as well as ordered to pay Amazon $5,000.
Page didn’t respond to requests for comment.
A thriving refund fraud market
For every refund fraud service shut down by law enforcement, swarms of similar groups remain open for business.
CNBC viewed several active refund fraud services on encrypted messaging app Telegram, each with thousands of followers. Updates are posted almost daily of new stores on their services, or new retailers that have been successfully targeted. Amazon and Apple are frequently hit, along with Nike, eBay, Saks Fifth Avenue and Ralph Lauren. Some groups even offer their services for DoorDash and Uber Eats orders, claiming users can “eat for free.”
The groups are highly organized and run like businesses, providing customer service, cataloging orders and creating fake shipping labels. Some sell how-to guides.
A Google form from an active refund fraud service explaining which stores it targets and how much it charges customers.
Source: Google
Fraudsters employ multiple strategies. A common one is to claim a package never arrived so that the retailer issues a refund. According to Amazon’s lawsuit, a Rekk user received a full refund for two MacBook Air laptops after filing a police report falsely claiming the products never arrived.
Mail-in fraud involves a user filling out a company’s return form, but instead of sending back the purchased product, users will mail an empty box or a package filled with junk. In the case of Simple Refunds, Al-Maarej, the man who allegedly operated the group, sent an unnamed retailer “an envelope filled with plastic toy frogs” instead of the tools he claimed he was returning, prosecutors said.
Al-Maarej also recruited employees at UPS and the U.S. Postal Service who either manipulated a package’s tracking history or input false “return to sender” notices to fool the retailer into thinking an item couldn’t be delivered or that it was sent to the wrong address, according to court documents.
Chris Black, an attorney for Al-Maarej, declined to comment. Amazon said its own internal investigation identified Al-Maarej’s scheme and contributed to the eventual indictment.
The company didn’t respond to questions specifically about how it monitors and handles bribery of its employees by ORC and refund fraud groups.
Rekk allegedly used bribes, offering Amazon staffers thousands of dollars a day to approve customer returns for products that were never sent back.
In a text message last year to Page, a Rekk representative said they’d been working with two other Amazon employees for about two months and offered them $4,000 for 30 orders marked as returned, according to court documents.
“They usually do 30 scans per day per shift,” the Rekk user wrote. “Sometimes they choose to do more. So at least 12k a week.”
According to the complaint, Rekk also recruited one of Page’s colleagues at CHA1, Amazon’s name for the Chattanooga facility. Between February 2023 and May 2023, the CHA1 employee allegedly approved product returns for 76 orders at Rekk’s request, causing Amazon to refund over $100,000 to customers, and netting $3,500 from the scheme.
A refund fraud service claims to have access to Amazon insiders in a Telegram post.
Source: Telegram
Amazon said it has tried to address the bribery problem. In its lawsuit against Rekk, the company said it has an internal customer protection and enforcement team made up of attorneys, former prosecutors, and analysts investigating organized crime schemes such as refund fraud. The company has also reportedly fired employees who were allegedly bribed to leak confidential data on third-party sellers.
Cyril Noel-Tagoe, a cybersecurity expert who has studied refund fraud extensively, said the economic incentive for low-wage workers to get involved with these schemes creates a perpetual challenge for retailers.
“If you’re offering an employee much more than they’re getting paid, then it’s quite hard to combat that,” Noel-Tagoe, who works as a principal security researcher at bot detection software company Netacea, told CNBC.
‘All you need is a phone’
Those on the lookout for moneymaking opportunities will find no shortage of promotional videos across social media. For a fee, you can learn how to play the game.
One TikTok video on the topic shows bags of Louis Vuitton, Gucci and Apple products and reads, “[Point of view]: You mastered the art of r3funding and started to teach others.” TikTok clips often serve as advertisements for a user’s Telegram channel that’s linked in the bio of their account.
Similar tactics are used on Reddit.
In the “Illegal Life Pro Tips” forum on Reddit, which is no longer active but counts 1.1 million members, refund scammers shared their tips and tricks. In recent days, Reddit banned an offshoot of that subreddit, called “illegallifeprotips2,” saying it violates the site’s rules “against transactions involving prohibited goods or services.” Users quickly resurfaced on a new subreddit, “ELegalLifeProTips.” After CNBC flagged “ELegalLifeProTips,” Reddit took down the subreddit for violating its ban evasion policy.
In the past, such illicit behavior ran rampant on the dark web and required VPNs and a special browser, said Brittany Allen, a trust and safety architect at fraud detection software company Sift. These days the perpetrators regularly discuss their activities openly on forums and in messaging apps, which Allen described as the “democratization of fraud.”
“You don’t need to be that specialist that can figure out how to find these deep web groups,” Allen said. “All you need is to have a phone that can go to Reddit, or a TikTok account you’re already on, and you’ll potentially be exposed to fraud that doesn’t take as much uplift to participate in.”
Remi Vaughn, a spokesperson for Telegram, told CNBC in an email that the company moderates “harmful content” on its platform, including posts that promote fraud. “Moderators use a combination of proactive moderation on public parts of the platform and accept user reports in order to remove content which breaches Telegram’s terms,” Vaughn added.
A Reddit spokesperson said it uses a combination of automated tooling and human moderators to enforce its content policies, which prohibit users from soliciting or facilitating any transaction that involves fraudulent services.
After CNBC provided TikTok with examples of videos about refund fraud, the company said it removed them for violating its community guidelines. It said it also blocked hashtags that were used to promote refund fraud.
The use of mainstream apps in these schemes has made it easier for investigators to do their work. Noel-Tagoe referenced a case in which a retailer was able to track down an individual whose email address was in an Instagram post.
Allen said she’s been able to identify fraudsters through “vouches,” or screenshots of successful fraudulent returns. Some of the images show order numbers, store pickup locations or cart items, according to Allen, all useful intel for retailers investigating return fraud.
David Johnston, vice president of asset protection and retail operations at the National Retail Federation, said an increasing number of companies are “tightening up their return policies” in response to customer abuse and fraudulent activity.
Delivery workers, for example, are encouraged to photograph a package once it reaches its destination, and retailers are looking more closely for suspicious behavior in analyzing returns.
“There are some retailers that monitor the number of returns you make in-store, and if you return too much too frequently, they might put you on pause,” Johnston said. “We’re starting to see more of that now on the e-commerce side.”
WATCH: The ‘shopping journey will drastically look different’
Technology
Samsung expects second-quarter profits to more than halve as it struggles to capture AI demand
A Waymo autonomous self-driving Jaguar electric vehicle sits parked at an EVgo charging station in Los Angeles, California, on May 15, 2024.
Patrick T. Fallon | AFP | Getty Images
Waymo said it will begin testing in Philadelphia, with a limited fleet of vehicles and human safety drivers behind the wheel.
“This city is a National Treasure,” Waymo wrote in a post on X on Monday. “It’s a city of love, where eagles fly with a gritty spirit and cheese that spreads and cheese that steaks. Our road trip continues to Philly next.”
The Alphabet-owned company confirmed to CNBC that it will be testing in Pennsylvania’s largest city through the fall, adding that the initial fleet of cars will be manually driven through the more complex parts of Philadelphia, including downtown and on freeways.
“Folks will see our vehicles driving at all hours throughout various neighborhoods, from North Central to Eastwick, and from University City to as far east as the Delaware River,” a Waymo spokesperson said.
With its so-called road trips, Waymo seeks to collect mapping data and evaluate how its autonomous technology, Waymo Driver, performs in new environments, handling traffic patterns and local infrastructure. Road trips are often used a way for the company to gauge whether it can potentially offer a paid ride share service in a particular location.
The expanded testing, which will go through the fall, comes as Waymo aims for a broader rollout. Last month, the company announced plans to drive vehicles manually in New York for testing, marking the first step toward potentially cracking the largest U.S. city. Waymo applied for a permit with the New York City Department of Transportation to operate autonomously with a trained specialist behind the wheel in Manhattan. State law currently doesn’t allow for such driverless operations.
Waymo One provides more than 250,000 paid trips each week across Phoenix, San Francisco, Los Angeles, and Austin, Texas, and is preparing to bring fully autonomous rides to Atlanta, Miami, and Washington, D.C., in 2026.
Alphabet has been under pressure to monetize artificial intelligence products as it bolsters spending on infrastructure. Alphabet’s “Other Bets” segment, which includes Waymo, brought in revenue of $1.65 billion in 2024, up from $1.53 billion in 2023. However, the segment lost $4.44 billion last year, compared to a loss of $4.09 billion the previous year.
-
Sports3 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports1 year agoStory injured on diving stop, exits Red Sox game
-
Sports2 years agoGame 1 of WS least-watched in recorded history
-
Sports2 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports4 years ago
Team Europe easily wins 4th straight Laver Cup
-
Environment2 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Sports2 years agoButton battles heat exhaustion in NASCAR debut
-
Environment2 years agoGame-changing Lectric XPedition launched as affordable electric cargo bike