Refund fraud schemes promoted on TikTok, Telegram are costing Amazon and other retailers billions of dollars
A UPS seasonal worker delivers packages on Cyber Monday in New York on Nov. 27, 2023.
Stephanie Keith | Bloomberg | Getty Images
Just before midnight on May 4, 2023, police were called to an Amazon warehouse in Chattanooga, Tennessee, to investigate a reported theft.
They were met by a loss prevention employee, who directed them to a warehouse worker named Noah Page, the suspected culprit, according to a police report of the incident that was obtained by CNBC.
When confronted by police, according to the report, Page admitted that he’d marked a customer’s order in Amazon’s internal system as returned even though the products were never actually sent back to the company. Page received $3,500 for his part in the scheme, the report said.
Page didn’t know the customer but had chosen to call him “Ralph,” the report said. Ralph, it turned out, was part of a group named Rekk, an expansive refund fraud organization that targeted major retailers and recruited company employees by promising them a cut of the profits, Amazon alleged in a lawsuit.
Refund fraud, which involves tricking retailers into refunding a customer for a purchase without an item being physically returned, has become so pervasive that groups now market their services on Reddit, TikTok and Telegram. Type in “refund method” — or “r3fund,” to skirt content moderators — on TikTok and videos will pop up of users showing off piles of cash, sneakers and iPhones. One video has the caption, “me after realizing you can get a refund on any Rick Owens if the ‘package never came,'” referring to the minimalist fashion brand. The clip shows a hand endlessly tossing shoes to the ground.
Fraud groups are taking advantage of retailers’ lenient return policies, experts told CNBC, which often include unlimited free returns and sometimes even a preference that customers keep the items. It’s ballooned into a massive problem for retailers, costing them more than $101 billion last year, according to a survey by the National Retail Federation and Appriss Retail. The figure includes multiple forms of fraud, such as sending back clothing after it’s been worn, known as “wardrobing,” and returning shoplifted merchandise, the survey said.
In December, Amazon filed a lawsuit against Page and 47 other people across the globe with alleged ties to Rekk, accusing them of conspiring to steal millions of dollars worth of products in a refund fraud operation. Amazon described these services as “illegitimate ‘businesses'” that look to “exploit the refund process for their own financial gain to the detriment of honest consumers and retailers who must bear the brunt of increased costs, decreased inventory, and service disruption that impacts genuine customers.”
Amazon also suffered more than $700,000 in losses at the hands of another alleged fraud ring in which 10 people were indicted last year, according to documents from a suit filed in 2023.
Robots transport goods to the employees in warehouse at Amazon fulfillment center in Eastvale on Tuesday, Aug. 31, 2021.
the Riverside Press-enterprise | Medianews Group | Getty Images
An Amazon spokesperson said the company is addressing the issue “head on” through specialized teams and machine learning tools that detect and prevent refund fraud. Amazon says its work with law enforcement has led to arrests, the dismantling of organized retail crime groups and civil lawsuits.
“We continue to make progress in identifying and stopping fraud before it happens, as well as dismantling the groups that attempt to damage the integrity of our store and the stores of retailers across the retail industry,” the spokesperson said in a statement.
Here’s how it works: A shopper buys a product online and sends the order information to a group such as Rekk, which then poses as the customer in requesting a refund. Amazon refunds the money to the customer, who then pays the fraud group usually between 15% and 30% of the refund amount, often via PayPal or with bitcoin. That means the customer ends up buying the product for what amounts to a huge discount.
The fraud group then pays the conspiring employee at the retailer, typically a certain amount for a batch of packages the employee scans as returned.
Retailers and law enforcement agencies are catching onto the trend. In September, a 25-year-old man in Michigan, Sajed Al-Maarej, was arrested and charged with conspiracy, wire fraud and mail fraud after he allegedly ran a return fraud service called Simple Refunds that targeted more than 50 retailers. The following month, 10 men were indicted in Oklahoma, charged with conspiracy to commit wire fraud for allegedly operating a refund fraud service named Artemis Refund Group. And a 24-year-old U.K. man was convicted of fraud in December after running the KeptSecrets refund service, which targeted retailers including Amazon, Walmart and Wayfair, according to court documents.
Following the Rekk scheme, Page was arrested when police showed up at the Chattanooga warehouse in May, and he was charged with theft of property worth more than $60,000. He pleaded guilty and was sentenced in November to three years of probation, as well as ordered to pay Amazon $5,000.
Page didn’t respond to requests for comment.
A thriving refund fraud market
For every refund fraud service shut down by law enforcement, swarms of similar groups remain open for business.
CNBC viewed several active refund fraud services on encrypted messaging app Telegram, each with thousands of followers. Updates are posted almost daily of new stores on their services, or new retailers that have been successfully targeted. Amazon and Apple are frequently hit, along with Nike, eBay, Saks Fifth Avenue and Ralph Lauren. Some groups even offer their services for DoorDash and Uber Eats orders, claiming users can “eat for free.”
The groups are highly organized and run like businesses, providing customer service, cataloging orders and creating fake shipping labels. Some sell how-to guides.
A Google form from an active refund fraud service explaining which stores it targets and how much it charges customers.
Source: Google
Fraudsters employ multiple strategies. A common one is to claim a package never arrived so that the retailer issues a refund. According to Amazon’s lawsuit, a Rekk user received a full refund for two MacBook Air laptops after filing a police report falsely claiming the products never arrived.
Mail-in fraud involves a user filling out a company’s return form, but instead of sending back the purchased product, users will mail an empty box or a package filled with junk. In the case of Simple Refunds, Al-Maarej, the man who allegedly operated the group, sent an unnamed retailer “an envelope filled with plastic toy frogs” instead of the tools he claimed he was returning, prosecutors said.
Al-Maarej also recruited employees at UPS and the U.S. Postal Service who either manipulated a package’s tracking history or input false “return to sender” notices to fool the retailer into thinking an item couldn’t be delivered or that it was sent to the wrong address, according to court documents.
Chris Black, an attorney for Al-Maarej, declined to comment. Amazon said its own internal investigation identified Al-Maarej’s scheme and contributed to the eventual indictment.
The company didn’t respond to questions specifically about how it monitors and handles bribery of its employees by ORC and refund fraud groups.
Rekk allegedly used bribes, offering Amazon staffers thousands of dollars a day to approve customer returns for products that were never sent back.
In a text message last year to Page, a Rekk representative said they’d been working with two other Amazon employees for about two months and offered them $4,000 for 30 orders marked as returned, according to court documents.
“They usually do 30 scans per day per shift,” the Rekk user wrote. “Sometimes they choose to do more. So at least 12k a week.”
According to the complaint, Rekk also recruited one of Page’s colleagues at CHA1, Amazon’s name for the Chattanooga facility. Between February 2023 and May 2023, the CHA1 employee allegedly approved product returns for 76 orders at Rekk’s request, causing Amazon to refund over $100,000 to customers, and netting $3,500 from the scheme.
A refund fraud service claims to have access to Amazon insiders in a Telegram post.
Source: Telegram
Amazon said it has tried to address the bribery problem. In its lawsuit against Rekk, the company said it has an internal customer protection and enforcement team made up of attorneys, former prosecutors, and analysts investigating organized crime schemes such as refund fraud. The company has also reportedly fired employees who were allegedly bribed to leak confidential data on third-party sellers.
Cyril Noel-Tagoe, a cybersecurity expert who has studied refund fraud extensively, said the economic incentive for low-wage workers to get involved with these schemes creates a perpetual challenge for retailers.
“If you’re offering an employee much more than they’re getting paid, then it’s quite hard to combat that,” Noel-Tagoe, who works as a principal security researcher at bot detection software company Netacea, told CNBC.
‘All you need is a phone’
Those on the lookout for moneymaking opportunities will find no shortage of promotional videos across social media. For a fee, you can learn how to play the game.
One TikTok video on the topic shows bags of Louis Vuitton, Gucci and Apple products and reads, “[Point of view]: You mastered the art of r3funding and started to teach others.” TikTok clips often serve as advertisements for a user’s Telegram channel that’s linked in the bio of their account.
Similar tactics are used on Reddit.
In the “Illegal Life Pro Tips” forum on Reddit, which is no longer active but counts 1.1 million members, refund scammers shared their tips and tricks. In recent days, Reddit banned an offshoot of that subreddit, called “illegallifeprotips2,” saying it violates the site’s rules “against transactions involving prohibited goods or services.” Users quickly resurfaced on a new subreddit, “ELegalLifeProTips.” After CNBC flagged “ELegalLifeProTips,” Reddit took down the subreddit for violating its ban evasion policy.
In the past, such illicit behavior ran rampant on the dark web and required VPNs and a special browser, said Brittany Allen, a trust and safety architect at fraud detection software company Sift. These days the perpetrators regularly discuss their activities openly on forums and in messaging apps, which Allen described as the “democratization of fraud.”
“You don’t need to be that specialist that can figure out how to find these deep web groups,” Allen said. “All you need is to have a phone that can go to Reddit, or a TikTok account you’re already on, and you’ll potentially be exposed to fraud that doesn’t take as much uplift to participate in.”
Remi Vaughn, a spokesperson for Telegram, told CNBC in an email that the company moderates “harmful content” on its platform, including posts that promote fraud. “Moderators use a combination of proactive moderation on public parts of the platform and accept user reports in order to remove content which breaches Telegram’s terms,” Vaughn added.
A Reddit spokesperson said it uses a combination of automated tooling and human moderators to enforce its content policies, which prohibit users from soliciting or facilitating any transaction that involves fraudulent services.
After CNBC provided TikTok with examples of videos about refund fraud, the company said it removed them for violating its community guidelines. It said it also blocked hashtags that were used to promote refund fraud.
The use of mainstream apps in these schemes has made it easier for investigators to do their work. Noel-Tagoe referenced a case in which a retailer was able to track down an individual whose email address was in an Instagram post.
Allen said she’s been able to identify fraudsters through “vouches,” or screenshots of successful fraudulent returns. Some of the images show order numbers, store pickup locations or cart items, according to Allen, all useful intel for retailers investigating return fraud.
David Johnston, vice president of asset protection and retail operations at the National Retail Federation, said an increasing number of companies are “tightening up their return policies” in response to customer abuse and fraudulent activity.
Delivery workers, for example, are encouraged to photograph a package once it reaches its destination, and retailers are looking more closely for suspicious behavior in analyzing returns.
“There are some retailers that monitor the number of returns you make in-store, and if you return too much too frequently, they might put you on pause,” Johnston said. “We’re starting to see more of that now on the e-commerce side.”
WATCH: The ‘shopping journey will drastically look different’
Technology
Disney and Universal sue AI image company Midjourney for unlicensed use of Star Wars, The Simpsons and more
The Walt Disney logo is displayed on screen during the Walt Disney Studios presentation at The Colosseum at Caesars Palace at CinemaCon 2025 in Las Vegas, Nevada, on April 3, 2025.
Valerie Macon | AFP | Getty Images
Disney and Universal joined forces in a lawsuit against artificial intelligence image creator Midjourney, alleging copyright infringement.
It is the first AI copyright lawsuit from Hollywood giants.
The lawsuit claims that the company used and distributed AI-generated characters from the movie studios like Star Wars, The Simpsons and other films and alleges that Midjourney disregarded requests to stop.
The studios included numerous examples in the suit of AI-generated images of characters from Cars, Toy Story, Shrek, The Avengers and the minions from Despicable Me.
Disney and Universal are demanding a jury trial, arguing that the actions threaten to “upend the bedrock incentives of U.S. copyright law.”
“Midjourney is the quintessential copyright free-rider and a bottomless pit of plagiarism,” the movie studios said, calling the actions “calculated and willful.”
Both companies said they sent letters to Midjourney’s counsel to prevent further copyright infringement, but the company continued to release new iterations of its image generator.
“Midjourney, which has attracted millions of subscribers and made $300 million last year alone, is focused on its own bottom line and ignored Plaintiffs’ demands,” the suit says.
CNBC has reached out to Midjourney for comment on the case.
The rise of AI has raised the stakes in the media industry, and sparked concerns over how to protect content from illegal copyrighting. This is one of the most significant copyright legal battles to date involving AI.
“Creativity is the cornerstone of our business,” said Kimberley Harris, executive vice president and general counsel of NBCUniversal, in a statement. “We are bringing this action today to protect the hard work of all the artists whose work entertains and inspires us and the significant investment we make in our content.”
Midjourney told Disney it was reviewing the letter but never responded, according to the suit. Universal said Midjourney did not respond to its letter.
“We are bullish on the promise of AI technology and optimistic about how it can be used responsibly as a tool to further human creativity,” said Horacio Gutierrez, senior executive vice president and chief legal and compliance officer of The Walt Disney Company, in a statement. “But piracy is piracy, and the fact that it’s done by an AI company does not make it any less infringing.”
The lawsuit was filed in the United States District Court Central District of California.
WATCH: Disney, Universal file complaint against AI company Midjourney alleging copyright
Disclosure: Universal is owned by NBCUniversal, the parent company of CNBC. Comcast owns NBCUniversal.
Tesla CEO Elon Musk walks to board Air Force One with U.S. President Donald Trump (not pictured) as they depart for Philadelphia, Pennsylvania, from Morristown Municipal Airport in Morristown, New Jersey, U.S., March 22, 2025.
Nathan Howard | Reuters
Tesla rallied for a fourth straight session as the spat between CEO Elon Musk and President Donald Trump showed further signs of a cooldown.
Shares rose about 2% Wednesday and were up more than 12% this week.
Tesla investors also caught a spark of hope for the company’s robotaxi strategy after Musk said the service will “tentatively” launch in Austin, Texas on June 22. In a post on X, Musk said the first driverless robotaxi will travel from the factory to a customer’s house on his June 28 birthday.
Overnight, the Tesla CEO said in a post on social media platform X that he regrets some of his recent social media posts about Trump and that they “went too far.”
Tesla year-to-date stock chart.
Last week, a public feud between the two erupted, dissolving a tight-knit partnership that included hefty donations to Trump’s re-election campaign and a leadership role for Musk in slashing budgets at the newly created Department of Government Efficiency, known as DOGE.
Musk’s attacks on the Trump-backed massive tax and spending bill initially sparked the feud.
Musk blasted the plan on X, calling it a “disgusting abomination” that would hike the current deficit.
That escalated a tit-for-tat social media battle that resulted in Trump hinting at cutting government contracts with Musk’s companies and led to Tesla’s biggest-ever market cap loss.
— CNBC’s Lora Kolodny contributed reporting
-
Sports3 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports1 year agoStory injured on diving stop, exits Red Sox game
-
Sports2 years agoGame 1 of WS least-watched in recorded history
-
Sports2 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports4 years ago
Team Europe easily wins 4th straight Laver Cup
-
Environment2 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Environment2 years agoGame-changing Lectric XPedition launched as affordable electric cargo bike
-
Sports2 years agoButton battles heat exhaustion in NASCAR debut