Refund fraud schemes promoted on TikTok, Telegram are costing Amazon and other retailers billions of dollars
A UPS seasonal worker delivers packages on Cyber Monday in New York on Nov. 27, 2023.
Stephanie Keith | Bloomberg | Getty Images
Just before midnight on May 4, 2023, police were called to an Amazon warehouse in Chattanooga, Tennessee, to investigate a reported theft.
They were met by a loss prevention employee, who directed them to a warehouse worker named Noah Page, the suspected culprit, according to a police report of the incident that was obtained by CNBC.
When confronted by police, according to the report, Page admitted that he’d marked a customer’s order in Amazon’s internal system as returned even though the products were never actually sent back to the company. Page received $3,500 for his part in the scheme, the report said.
Page didn’t know the customer but had chosen to call him “Ralph,” the report said. Ralph, it turned out, was part of a group named Rekk, an expansive refund fraud organization that targeted major retailers and recruited company employees by promising them a cut of the profits, Amazon alleged in a lawsuit.
Refund fraud, which involves tricking retailers into refunding a customer for a purchase without an item being physically returned, has become so pervasive that groups now market their services on Reddit, TikTok and Telegram. Type in “refund method” — or “r3fund,” to skirt content moderators — on TikTok and videos will pop up of users showing off piles of cash, sneakers and iPhones. One video has the caption, “me after realizing you can get a refund on any Rick Owens if the ‘package never came,'” referring to the minimalist fashion brand. The clip shows a hand endlessly tossing shoes to the ground.
Fraud groups are taking advantage of retailers’ lenient return policies, experts told CNBC, which often include unlimited free returns and sometimes even a preference that customers keep the items. It’s ballooned into a massive problem for retailers, costing them more than $101 billion last year, according to a survey by the National Retail Federation and Appriss Retail. The figure includes multiple forms of fraud, such as sending back clothing after it’s been worn, known as “wardrobing,” and returning shoplifted merchandise, the survey said.
In December, Amazon filed a lawsuit against Page and 47 other people across the globe with alleged ties to Rekk, accusing them of conspiring to steal millions of dollars worth of products in a refund fraud operation. Amazon described these services as “illegitimate ‘businesses'” that look to “exploit the refund process for their own financial gain to the detriment of honest consumers and retailers who must bear the brunt of increased costs, decreased inventory, and service disruption that impacts genuine customers.”
Amazon also suffered more than $700,000 in losses at the hands of another alleged fraud ring in which 10 people were indicted last year, according to documents from a suit filed in 2023.
Robots transport goods to the employees in warehouse at Amazon fulfillment center in Eastvale on Tuesday, Aug. 31, 2021.
the Riverside Press-enterprise | Medianews Group | Getty Images
An Amazon spokesperson said the company is addressing the issue “head on” through specialized teams and machine learning tools that detect and prevent refund fraud. Amazon says its work with law enforcement has led to arrests, the dismantling of organized retail crime groups and civil lawsuits.
“We continue to make progress in identifying and stopping fraud before it happens, as well as dismantling the groups that attempt to damage the integrity of our store and the stores of retailers across the retail industry,” the spokesperson said in a statement.
Here’s how it works: A shopper buys a product online and sends the order information to a group such as Rekk, which then poses as the customer in requesting a refund. Amazon refunds the money to the customer, who then pays the fraud group usually between 15% and 30% of the refund amount, often via PayPal or with bitcoin. That means the customer ends up buying the product for what amounts to a huge discount.
The fraud group then pays the conspiring employee at the retailer, typically a certain amount for a batch of packages the employee scans as returned.
Retailers and law enforcement agencies are catching onto the trend. In September, a 25-year-old man in Michigan, Sajed Al-Maarej, was arrested and charged with conspiracy, wire fraud and mail fraud after he allegedly ran a return fraud service called Simple Refunds that targeted more than 50 retailers. The following month, 10 men were indicted in Oklahoma, charged with conspiracy to commit wire fraud for allegedly operating a refund fraud service named Artemis Refund Group. And a 24-year-old U.K. man was convicted of fraud in December after running the KeptSecrets refund service, which targeted retailers including Amazon, Walmart and Wayfair, according to court documents.
Following the Rekk scheme, Page was arrested when police showed up at the Chattanooga warehouse in May, and he was charged with theft of property worth more than $60,000. He pleaded guilty and was sentenced in November to three years of probation, as well as ordered to pay Amazon $5,000.
Page didn’t respond to requests for comment.
A thriving refund fraud market
For every refund fraud service shut down by law enforcement, swarms of similar groups remain open for business.
CNBC viewed several active refund fraud services on encrypted messaging app Telegram, each with thousands of followers. Updates are posted almost daily of new stores on their services, or new retailers that have been successfully targeted. Amazon and Apple are frequently hit, along with Nike, eBay, Saks Fifth Avenue and Ralph Lauren. Some groups even offer their services for DoorDash and Uber Eats orders, claiming users can “eat for free.”
The groups are highly organized and run like businesses, providing customer service, cataloging orders and creating fake shipping labels. Some sell how-to guides.
A Google form from an active refund fraud service explaining which stores it targets and how much it charges customers.
Source: Google
Fraudsters employ multiple strategies. A common one is to claim a package never arrived so that the retailer issues a refund. According to Amazon’s lawsuit, a Rekk user received a full refund for two MacBook Air laptops after filing a police report falsely claiming the products never arrived.
Mail-in fraud involves a user filling out a company’s return form, but instead of sending back the purchased product, users will mail an empty box or a package filled with junk. In the case of Simple Refunds, Al-Maarej, the man who allegedly operated the group, sent an unnamed retailer “an envelope filled with plastic toy frogs” instead of the tools he claimed he was returning, prosecutors said.
Al-Maarej also recruited employees at UPS and the U.S. Postal Service who either manipulated a package’s tracking history or input false “return to sender” notices to fool the retailer into thinking an item couldn’t be delivered or that it was sent to the wrong address, according to court documents.
Chris Black, an attorney for Al-Maarej, declined to comment. Amazon said its own internal investigation identified Al-Maarej’s scheme and contributed to the eventual indictment.
The company didn’t respond to questions specifically about how it monitors and handles bribery of its employees by ORC and refund fraud groups.
Rekk allegedly used bribes, offering Amazon staffers thousands of dollars a day to approve customer returns for products that were never sent back.
In a text message last year to Page, a Rekk representative said they’d been working with two other Amazon employees for about two months and offered them $4,000 for 30 orders marked as returned, according to court documents.
“They usually do 30 scans per day per shift,” the Rekk user wrote. “Sometimes they choose to do more. So at least 12k a week.”
According to the complaint, Rekk also recruited one of Page’s colleagues at CHA1, Amazon’s name for the Chattanooga facility. Between February 2023 and May 2023, the CHA1 employee allegedly approved product returns for 76 orders at Rekk’s request, causing Amazon to refund over $100,000 to customers, and netting $3,500 from the scheme.
A refund fraud service claims to have access to Amazon insiders in a Telegram post.
Source: Telegram
Amazon said it has tried to address the bribery problem. In its lawsuit against Rekk, the company said it has an internal customer protection and enforcement team made up of attorneys, former prosecutors, and analysts investigating organized crime schemes such as refund fraud. The company has also reportedly fired employees who were allegedly bribed to leak confidential data on third-party sellers.
Cyril Noel-Tagoe, a cybersecurity expert who has studied refund fraud extensively, said the economic incentive for low-wage workers to get involved with these schemes creates a perpetual challenge for retailers.
“If you’re offering an employee much more than they’re getting paid, then it’s quite hard to combat that,” Noel-Tagoe, who works as a principal security researcher at bot detection software company Netacea, told CNBC.
‘All you need is a phone’
Those on the lookout for moneymaking opportunities will find no shortage of promotional videos across social media. For a fee, you can learn how to play the game.
One TikTok video on the topic shows bags of Louis Vuitton, Gucci and Apple products and reads, “[Point of view]: You mastered the art of r3funding and started to teach others.” TikTok clips often serve as advertisements for a user’s Telegram channel that’s linked in the bio of their account.
Similar tactics are used on Reddit.
In the “Illegal Life Pro Tips” forum on Reddit, which is no longer active but counts 1.1 million members, refund scammers shared their tips and tricks. In recent days, Reddit banned an offshoot of that subreddit, called “illegallifeprotips2,” saying it violates the site’s rules “against transactions involving prohibited goods or services.” Users quickly resurfaced on a new subreddit, “ELegalLifeProTips.” After CNBC flagged “ELegalLifeProTips,” Reddit took down the subreddit for violating its ban evasion policy.
In the past, such illicit behavior ran rampant on the dark web and required VPNs and a special browser, said Brittany Allen, a trust and safety architect at fraud detection software company Sift. These days the perpetrators regularly discuss their activities openly on forums and in messaging apps, which Allen described as the “democratization of fraud.”
“You don’t need to be that specialist that can figure out how to find these deep web groups,” Allen said. “All you need is to have a phone that can go to Reddit, or a TikTok account you’re already on, and you’ll potentially be exposed to fraud that doesn’t take as much uplift to participate in.”
Remi Vaughn, a spokesperson for Telegram, told CNBC in an email that the company moderates “harmful content” on its platform, including posts that promote fraud. “Moderators use a combination of proactive moderation on public parts of the platform and accept user reports in order to remove content which breaches Telegram’s terms,” Vaughn added.
A Reddit spokesperson said it uses a combination of automated tooling and human moderators to enforce its content policies, which prohibit users from soliciting or facilitating any transaction that involves fraudulent services.
After CNBC provided TikTok with examples of videos about refund fraud, the company said it removed them for violating its community guidelines. It said it also blocked hashtags that were used to promote refund fraud.
The use of mainstream apps in these schemes has made it easier for investigators to do their work. Noel-Tagoe referenced a case in which a retailer was able to track down an individual whose email address was in an Instagram post.
Allen said she’s been able to identify fraudsters through “vouches,” or screenshots of successful fraudulent returns. Some of the images show order numbers, store pickup locations or cart items, according to Allen, all useful intel for retailers investigating return fraud.
David Johnston, vice president of asset protection and retail operations at the National Retail Federation, said an increasing number of companies are “tightening up their return policies” in response to customer abuse and fraudulent activity.
Delivery workers, for example, are encouraged to photograph a package once it reaches its destination, and retailers are looking more closely for suspicious behavior in analyzing returns.
“There are some retailers that monitor the number of returns you make in-store, and if you return too much too frequently, they might put you on pause,” Johnston said. “We’re starting to see more of that now on the e-commerce side.”
WATCH: The ‘shopping journey will drastically look different’
Peter Thiel, co-founder of PayPal, Palantir Technologies, and Founders Fund, holds hundred dollar bills as he speaks during the Bitcoin 2022 Conference at Miami Beach Convention Center on April 7, 2022 in Miami, Florida.
Marco Bello | Getty Images
The Peter Thiel-backed cryptocurrency exchange Bullish filed for an IPO on Friday, the latest digital asset firm to head for the public market.
The company, led by CEO Tom Farley, a veteran of the finance industry and former president of the New York Stock Exchange, said it plans to trade on the NYSE under the ticker symbol “BLSH.”
A spinout of Block.one, Bullish started with an initial investment from backers including Thiel’s Founders Fund and Thiel Capital, along with Nomura, Mike Novogratz and others. Bullish acquired crypto news site CoinDesk in 2023.
“In the first quarter of 2025, Bullish exchange executed over $2.5 billion in average daily volume, ranking in the top five exchanges by spot volume for Bitcoin and Ether,” the company said on its website. The prospectus listed top competitors as Binance, Coinbase and Kraken.
The IPO filing says that as of March 31, the total trading volume since launch has exceeded $1.25 trillion.
The filing is another significant step for the cryptocurrency industry, which has fought for years to convince institutions to embrace digital assets as legitimate investments.
It’s already been a big year on the market for crypto offerings, highlighted by stablecoin issuer Circle, which has jumped more than sevenfold since its IPO in June. Etoro, an online trading platform that includes services for crypto investors, debuted in May.
Novogratz‘s crypto firm Galaxy Digital started trading on the Nasdaq in May, moving its listing from the Toronto Stock Exchange. And in June, Gemini, the cryptocurrency exchange and custodian founded by Cameron and Tyler Winklevoss, confidentially filed for an IPO in the U.S.
Meanwhile, investors continue to flock to bitcoin. The digital currency is trading at over $117,000, up from about $94,000 at the start of the year.
President Donald Trump, on Friday, signed the GENIUS Act into law — a set of regulations that establish some initial consumer protections around stablecoins, which are tied to assets like the U.S. dollar with the intent of reducing price volatility associated with many cryptocurrencies.
In its filing with the SEC, Bullish says its mission is partly to “drive the adoption of stablecoins, digital assets, and blockchain technology.”
Crypto industry players, including Thiel, Elon Musk, and President Trump’s AI and Crypto czar David Sacks spent heavily to re-elect Trump and have pushed for legislation that legitimizes digital assets and exchanges.
WATCH: Trump’s crypto plan
Microsoft Chairman and Chief Executive Officer Satya Nadella (L) returns to the stage after a pre-recorded interview during the Microsoft Build conference opening keynote in Seattle, Washington on May 19, 2025.
Jason Redmond | AFP | Getty Images
Microsoft on Friday revised its practices to ensure that engineers in China no longer provide technical support to U.S. defense clients using the company’s cloud services.
The company implemented the changes in an effort to reduce national security and cybersecurity risks stemming from its cloud work with a major customer. The announcement came days after ProPublica published an extensive report describing the Defense Department’s dependence on Microsoft software engineers in China.
“In response to concerns raised earlier this week about US-supervised foreign engineers, Microsoft has made changes to our support for US Government customers to assure that no China-based engineering teams are providing technical assistance for DoD Government cloud and related services,” Frank Shaw, the Microsoft’s chief communications officer, wrote in a Friday X post.
The change impacts the work of Microsoft’s Azure cloud services division, which analysts estimate now generates more than 25% of the company’s revenue. That makes Azure bigger than Google Cloud but smaller than Amazon Web Services. Microsoft receives “substantial revenue from government contracts,” according to its most recent quarterly earnings statement, and more than half of the company’s $70 billion in first-quarter revenue came from customers based in the U.S.
In 2019, Microsoft won a $10 billion cloud-related defense contract, but the Pentagon wound up canceling it in 2021 after a legal battle. In 2022, the department gave cloud contracts worth up to $9 billion in total to Amazon, Google, Oracle and Microsoft.
ProPublica reported that the work of Microsoft’s Chinese Azure engineers is overseen by “digital escorts” in the U.S., who typically have less technical prowess than the employees they manage overseas. The report detailed how the “digital escort” arrangement might leave the U.S. vulnerable to a cyberattack from China.
“This is obviously unacceptable, especially in today’s digital threat environment,” Defense Secretary Pete Hegseth said in a video posted to X on Friday. He described the architecture as “a legacy system created over a decade ago, during the Obama administration.” The Defense Department will review its systems in search for similar activity, Hegseth said.
Microsoft originally told ProPublica that its employees and contractors were adhering to U.S. government rules.
“We remain committed to providing the most secure services possible to the US government, including working with our national security partners to evaluate and adjust our security protocols as needed,” Shaw wrote.
WATCH: Microsoft Security VP Vasu Jakkal talks cybersecurity with Jim Cramer
Courtesy: Opendoor
On June 6, online real estate service Opendoor was so desperate to get its beaten-down stock price back over $1 and stay listed on the Nasdaq that management proposed a reverse split, potentially lifting the price of each share by as much as 50 times.
The stock inched its way up over the next five weeks.
Then Eric Jackson started cheerleading.
Jackson, a hedge fund manager who was bullish on Opendoor years earlier when the company appeared to be thriving and was worth roughly $20 billion, wrote on X on Monday that his firm, EMJ Capital, was back in the stock.
“@EMJCapital has taken a position in $OPEN — and we believe it could be a 100-bagger over the next few years,” Jackson wrote. He added later in the thread that the stock could get to $82.
It’s a long, long way from that mark.
Opendoor shares soared 189% this week, by far their best weekly performance since the company’s public market debut in late 2020. The stock closed on Friday at $2.25. The stock’s highest-volume trading days on record were Wednesday, Thursday and Friday of this week.
Jackson said in an interview on Thursday that the bulk of his firm’s Opendoor purchases came when the stock was in the 70s and 80s, meaning cents, and he’s bought options as well for his portfolio.
Nothing has fundamentally improved for the company since Jackson’s purchases. Opendoor remains a cash-burning, low-margin business with meager near-term growth prospects.
What has changed dramatically is Jackson’s online influence and the size of his following. The more he posts, the higher the stock goes.
“There’s a real hunger for buying the next big thing,” Jackson told CNBC, adding that investors like to find the “downtrodden.”
It’s something Jackson’s firm, based in Toronto, has in common with Opendoor.
When Opendoor went public through a special purpose acquisition company in 2020, it was riding a SPAC wave and broader gains driven by low interest rates and Covid-era market euphoria. Investors pumped money into the riskiest assets, lifting money-losing tech upstarts to astronomical valuations.
Opendoor’s business involved using technology to buy and sell homes, pocketing the gains. Zillow tried and failed to compete.
Opendoor shares peaked at over $39 in Feb. 2021 for a market cap just above $22.5 billion. But by the end of that year, the shares were trading below $15, before collapsing 92% in 2022 to end the year at $1.16.
Rising interest rates hammered the whole tech sector, hitting Opendoor particularly hard as increased borrowing costs reduced demand for homes.
Jackson, similarly, had a miserable 2022, coinciding with the worst year for the Nasdaq since 2008. Jackson said his key client withdrew its money at the end of the year, and “I’ve been small ever since.”
‘Epic comeback’
While his assets under management remain minimal, Jackson’s reputation for getting in early to a rebound story was burnished by the performance of Carvana.
The automotive e-commerce platform lost 98% of its value in 2022 as investors weighed the likelihood of bankruptcy. In the middle of that year, with Carvana still far from bottoming out, Jackson expressed his bullishness. He told CNBC that April that he liked the stock, and then promoted its recovery on a podcast in June. He also said he liked Opendoor at the time.
Investors willing to stomach further losses in 2022 were rewarded with a 1,000% gain in 2023, and a lot more upside from there. The stock closed on Friday at $347.52, up from a low of $3.72 in Dec. 2022, and almost triple its price at the time of Jackson’s appearance on CNBC in April of that year.
After Carvana’s 2022 slide, “then obviously began an epic comeback,” Jackson said. Opendoor, meanwhile, “continued to roll down the mountain,” he said.
Jackson said that the fallout of 2022 led him to pursue a different method of stockpicking. He started hiring a small team of developers, which is now four people, to build out artificial intelligence models. The firm has experimented with several models —some have worked and some haven’t — but he said the focus now is using what he’s learned from Carvana to find “100x” opportunities.
In addition to Opendoor, Jackson has been promoting IREN, a provider of power for bitcoin mining and AI workloads, and Cipher Mining, which is in a similar space. He’s seen his following on Elon Musk‘s social media site X, which he said was stuck for years between 32,000 and 34,000, swell to almost 50,000. And after a lengthy lull, investors are reaching out to him to try and put money into his fund, he said.
Jackson has a lot riding on Opendoor, a company that saw revenue and number of homes sold slip in the first quarter from a year earlier, and racked up almost $370 million in losses over the past four quarters.
In early June, Opendoor announced plans for a reverse split — ranging from 1 for 10 to 1 for 50 — to “give us optionality in preserving our listing on Nasdaq.” With the stock now well over $1, such a move appears less necessary, as shareholders prepare to vote on the proposal on July 28.
“I think it’s a terrible idea,” said Jackson. “Those things usually further cement a company’s move into oblivion rather than hail some big revival.”
Opendoor didn’t respond to a request for comment.
Banking on growth
Analysts are projecting a more than 5% drop in revenue this year, followed by 20% growth in 2026 and 12% expansion in 2017, according to LSEG. Losses are expected to narrow over that stretch.
Jackson said his analysis factors in projections of $11.5 billion in revenue for 2029, which would be well over double the company’s expected sales for this year. He looked at the multiples of companies like Zillow and Carvana, which he said trade for 4 to 7 times forward revenue. Opendoor’s forward price-to-sales ratio is currently well below 1.
With Zillow and Redfin having exited the instant-buying home market, Opendoor faces little competition in allowing homeowners to sell their property online for cash, rather than going through an extended bidding, sales and closing process.
Jackson is banking on revenue growth and increased market share to lead to a profitable business that will push investors to value the company with a multiple somewhere between Zillow and Carvana. At $82, Opendoor would be worth about $60 billion, which is roughly 5 times projected 2029 revenue.
Jackson said his model assumes that “like Carvana, Opendoor can prove that it can permanently turn the tide and get to sustained profitability” so that the “market multiple would get reassessed.”
In the meantime, he’ll keep posting on X.
On Friday, Jackson wrote a thread consisting of 11 posts, recounting the challenge of having “99.5% of my AUM” disappear overnight after his primary investor pulled out in 2022.
“Translation: he fired me for losing him too much money,” Jackson wrote. He said he almost shut down the fund, and was even encouraged to do so by his wife and accountant.
Now, Jackson is using his recent momentum on social media to try and attract investor money, while still reminding prospects that he could lose it.
“All I have is my reputation,” he wrote, “and, unless I keep picking good stocks, it will be gone.”
-
Sports3 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports1 year agoStory injured on diving stop, exits Red Sox game
-
Sports2 years agoGame 1 of WS least-watched in recorded history
-
Sports2 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports4 years ago
Team Europe easily wins 4th straight Laver Cup
-
Sports2 years agoButton battles heat exhaustion in NASCAR debut
-
Environment2 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Environment2 years agoGame-changing Lectric XPedition launched as affordable electric cargo bike