Refund fraud schemes promoted on TikTok, Telegram are costing Amazon and other retailers billions of dollars
A UPS seasonal worker delivers packages on Cyber Monday in New York on Nov. 27, 2023.
Stephanie Keith | Bloomberg | Getty Images
Just before midnight on May 4, 2023, police were called to an Amazon warehouse in Chattanooga, Tennessee, to investigate a reported theft.
They were met by a loss prevention employee, who directed them to a warehouse worker named Noah Page, the suspected culprit, according to a police report of the incident that was obtained by CNBC.
When confronted by police, according to the report, Page admitted that he’d marked a customer’s order in Amazon’s internal system as returned even though the products were never actually sent back to the company. Page received $3,500 for his part in the scheme, the report said.
Page didn’t know the customer but had chosen to call him “Ralph,” the report said. Ralph, it turned out, was part of a group named Rekk, an expansive refund fraud organization that targeted major retailers and recruited company employees by promising them a cut of the profits, Amazon alleged in a lawsuit.
Refund fraud, which involves tricking retailers into refunding a customer for a purchase without an item being physically returned, has become so pervasive that groups now market their services on Reddit, TikTok and Telegram. Type in “refund method” — or “r3fund,” to skirt content moderators — on TikTok and videos will pop up of users showing off piles of cash, sneakers and iPhones. One video has the caption, “me after realizing you can get a refund on any Rick Owens if the ‘package never came,'” referring to the minimalist fashion brand. The clip shows a hand endlessly tossing shoes to the ground.
Fraud groups are taking advantage of retailers’ lenient return policies, experts told CNBC, which often include unlimited free returns and sometimes even a preference that customers keep the items. It’s ballooned into a massive problem for retailers, costing them more than $101 billion last year, according to a survey by the National Retail Federation and Appriss Retail. The figure includes multiple forms of fraud, such as sending back clothing after it’s been worn, known as “wardrobing,” and returning shoplifted merchandise, the survey said.
In December, Amazon filed a lawsuit against Page and 47 other people across the globe with alleged ties to Rekk, accusing them of conspiring to steal millions of dollars worth of products in a refund fraud operation. Amazon described these services as “illegitimate ‘businesses'” that look to “exploit the refund process for their own financial gain to the detriment of honest consumers and retailers who must bear the brunt of increased costs, decreased inventory, and service disruption that impacts genuine customers.”
Amazon also suffered more than $700,000 in losses at the hands of another alleged fraud ring in which 10 people were indicted last year, according to documents from a suit filed in 2023.
Robots transport goods to the employees in warehouse at Amazon fulfillment center in Eastvale on Tuesday, Aug. 31, 2021.
the Riverside Press-enterprise | Medianews Group | Getty Images
An Amazon spokesperson said the company is addressing the issue “head on” through specialized teams and machine learning tools that detect and prevent refund fraud. Amazon says its work with law enforcement has led to arrests, the dismantling of organized retail crime groups and civil lawsuits.
“We continue to make progress in identifying and stopping fraud before it happens, as well as dismantling the groups that attempt to damage the integrity of our store and the stores of retailers across the retail industry,” the spokesperson said in a statement.
Here’s how it works: A shopper buys a product online and sends the order information to a group such as Rekk, which then poses as the customer in requesting a refund. Amazon refunds the money to the customer, who then pays the fraud group usually between 15% and 30% of the refund amount, often via PayPal or with bitcoin. That means the customer ends up buying the product for what amounts to a huge discount.
The fraud group then pays the conspiring employee at the retailer, typically a certain amount for a batch of packages the employee scans as returned.
Retailers and law enforcement agencies are catching onto the trend. In September, a 25-year-old man in Michigan, Sajed Al-Maarej, was arrested and charged with conspiracy, wire fraud and mail fraud after he allegedly ran a return fraud service called Simple Refunds that targeted more than 50 retailers. The following month, 10 men were indicted in Oklahoma, charged with conspiracy to commit wire fraud for allegedly operating a refund fraud service named Artemis Refund Group. And a 24-year-old U.K. man was convicted of fraud in December after running the KeptSecrets refund service, which targeted retailers including Amazon, Walmart and Wayfair, according to court documents.
Following the Rekk scheme, Page was arrested when police showed up at the Chattanooga warehouse in May, and he was charged with theft of property worth more than $60,000. He pleaded guilty and was sentenced in November to three years of probation, as well as ordered to pay Amazon $5,000.
Page didn’t respond to requests for comment.
A thriving refund fraud market
For every refund fraud service shut down by law enforcement, swarms of similar groups remain open for business.
CNBC viewed several active refund fraud services on encrypted messaging app Telegram, each with thousands of followers. Updates are posted almost daily of new stores on their services, or new retailers that have been successfully targeted. Amazon and Apple are frequently hit, along with Nike, eBay, Saks Fifth Avenue and Ralph Lauren. Some groups even offer their services for DoorDash and Uber Eats orders, claiming users can “eat for free.”
The groups are highly organized and run like businesses, providing customer service, cataloging orders and creating fake shipping labels. Some sell how-to guides.
A Google form from an active refund fraud service explaining which stores it targets and how much it charges customers.
Source: Google
Fraudsters employ multiple strategies. A common one is to claim a package never arrived so that the retailer issues a refund. According to Amazon’s lawsuit, a Rekk user received a full refund for two MacBook Air laptops after filing a police report falsely claiming the products never arrived.
Mail-in fraud involves a user filling out a company’s return form, but instead of sending back the purchased product, users will mail an empty box or a package filled with junk. In the case of Simple Refunds, Al-Maarej, the man who allegedly operated the group, sent an unnamed retailer “an envelope filled with plastic toy frogs” instead of the tools he claimed he was returning, prosecutors said.
Al-Maarej also recruited employees at UPS and the U.S. Postal Service who either manipulated a package’s tracking history or input false “return to sender” notices to fool the retailer into thinking an item couldn’t be delivered or that it was sent to the wrong address, according to court documents.
Chris Black, an attorney for Al-Maarej, declined to comment. Amazon said its own internal investigation identified Al-Maarej’s scheme and contributed to the eventual indictment.
The company didn’t respond to questions specifically about how it monitors and handles bribery of its employees by ORC and refund fraud groups.
Rekk allegedly used bribes, offering Amazon staffers thousands of dollars a day to approve customer returns for products that were never sent back.
In a text message last year to Page, a Rekk representative said they’d been working with two other Amazon employees for about two months and offered them $4,000 for 30 orders marked as returned, according to court documents.
“They usually do 30 scans per day per shift,” the Rekk user wrote. “Sometimes they choose to do more. So at least 12k a week.”
According to the complaint, Rekk also recruited one of Page’s colleagues at CHA1, Amazon’s name for the Chattanooga facility. Between February 2023 and May 2023, the CHA1 employee allegedly approved product returns for 76 orders at Rekk’s request, causing Amazon to refund over $100,000 to customers, and netting $3,500 from the scheme.
A refund fraud service claims to have access to Amazon insiders in a Telegram post.
Source: Telegram
Amazon said it has tried to address the bribery problem. In its lawsuit against Rekk, the company said it has an internal customer protection and enforcement team made up of attorneys, former prosecutors, and analysts investigating organized crime schemes such as refund fraud. The company has also reportedly fired employees who were allegedly bribed to leak confidential data on third-party sellers.
Cyril Noel-Tagoe, a cybersecurity expert who has studied refund fraud extensively, said the economic incentive for low-wage workers to get involved with these schemes creates a perpetual challenge for retailers.
“If you’re offering an employee much more than they’re getting paid, then it’s quite hard to combat that,” Noel-Tagoe, who works as a principal security researcher at bot detection software company Netacea, told CNBC.
‘All you need is a phone’
Those on the lookout for moneymaking opportunities will find no shortage of promotional videos across social media. For a fee, you can learn how to play the game.
One TikTok video on the topic shows bags of Louis Vuitton, Gucci and Apple products and reads, “[Point of view]: You mastered the art of r3funding and started to teach others.” TikTok clips often serve as advertisements for a user’s Telegram channel that’s linked in the bio of their account.
Similar tactics are used on Reddit.
In the “Illegal Life Pro Tips” forum on Reddit, which is no longer active but counts 1.1 million members, refund scammers shared their tips and tricks. In recent days, Reddit banned an offshoot of that subreddit, called “illegallifeprotips2,” saying it violates the site’s rules “against transactions involving prohibited goods or services.” Users quickly resurfaced on a new subreddit, “ELegalLifeProTips.” After CNBC flagged “ELegalLifeProTips,” Reddit took down the subreddit for violating its ban evasion policy.
In the past, such illicit behavior ran rampant on the dark web and required VPNs and a special browser, said Brittany Allen, a trust and safety architect at fraud detection software company Sift. These days the perpetrators regularly discuss their activities openly on forums and in messaging apps, which Allen described as the “democratization of fraud.”
“You don’t need to be that specialist that can figure out how to find these deep web groups,” Allen said. “All you need is to have a phone that can go to Reddit, or a TikTok account you’re already on, and you’ll potentially be exposed to fraud that doesn’t take as much uplift to participate in.”
Remi Vaughn, a spokesperson for Telegram, told CNBC in an email that the company moderates “harmful content” on its platform, including posts that promote fraud. “Moderators use a combination of proactive moderation on public parts of the platform and accept user reports in order to remove content which breaches Telegram’s terms,” Vaughn added.
A Reddit spokesperson said it uses a combination of automated tooling and human moderators to enforce its content policies, which prohibit users from soliciting or facilitating any transaction that involves fraudulent services.
After CNBC provided TikTok with examples of videos about refund fraud, the company said it removed them for violating its community guidelines. It said it also blocked hashtags that were used to promote refund fraud.
The use of mainstream apps in these schemes has made it easier for investigators to do their work. Noel-Tagoe referenced a case in which a retailer was able to track down an individual whose email address was in an Instagram post.
Allen said she’s been able to identify fraudsters through “vouches,” or screenshots of successful fraudulent returns. Some of the images show order numbers, store pickup locations or cart items, according to Allen, all useful intel for retailers investigating return fraud.
David Johnston, vice president of asset protection and retail operations at the National Retail Federation, said an increasing number of companies are “tightening up their return policies” in response to customer abuse and fraudulent activity.
Delivery workers, for example, are encouraged to photograph a package once it reaches its destination, and retailers are looking more closely for suspicious behavior in analyzing returns.
“There are some retailers that monitor the number of returns you make in-store, and if you return too much too frequently, they might put you on pause,” Johnston said. “We’re starting to see more of that now on the e-commerce side.”
WATCH: The ‘shopping journey will drastically look different’
Palantir co-founder and CEO Alex Karp attends meetings at the U.S. Capitol in Washington on Oct. 18, 2023.
Jonathan Ernst | Reuters
With Palantir’s stock plummeting more than 11% this week despite a better-than-expected earnings report, CEO Alex Karp took aim at investors betting against the software company.
Karp, who co-founded Palantir in 2003, went after short sellers in two separate interviews on CNBC this week. After “Big Short” investor Michael Burry revealed bets against Palantir and Nvidia, Karp on Tuesday accused short sellers of “market manipulation.”
He repeated that message on Friday in an interview with CNBC’s Sara Eisen, again knocking Burry’s wager against the stock.
“To get out of his position, he had to screw the whole economy by besmirching the best financials ever … that are helping the average person as investors [and] on the battlefield,” Karp said.
Even with Palantir’s slide this week, the stock is up 135% in 2025 and has multiplied 25-fold in the past three years, an extended rally that’s lifted the company’s market cap to over $420 billion. While revenue and profit are growing rapidly, the multiples have shot up much faster, and the stock now trades for about 220 times forward earnings, a ratio that rivals Tesla’s.
Nvidia and Meta, by contrast, have forward price-to-earnings ratios of about 33 and 22, respectively.
In August, Citron Research’s Andrew Left, a noted short seller, called Palantir “detached from fundamentals and analysis” and said shares should be priced at $40. It closed on Friday at $177.93 after late-day gains pushed the stock into the green.
Palantir, which builds analytics tools for large companies and government agencies, reported earnings and revenue on Monday that topped analysts’ estimates and issued a forecast that was also ahead of Wall Street projections.
But the stock fell about 8% after the report and then slid almost 7% on Thursday. Karp told Eisen that the recent boom in Palantir’s share price isn’t just for Wall Street.
“We’re delivering venture results for retail investors,” he said.
While Palantir has in the past faced a fairly heft dose of short interest, there are currently relatively few investors placing big bets against it. The short interest ratio, or the percentage of outstanding shares being sold short, peaked at over 9% in September and is now at a little over 2%, which is about as low as its been since the company went public in 2020.
Still, calling out the doubters is a common occurrence for Karp, who has previously said on CNBC that people should “exit” if they “don’t like the price.”
In May, after the stock plummeted following earnings, Karp said ,”You don’t have to buy our shares.”
“We’re happy,” he said. “We’re going to partner with the world’s best people and we’re going to dominate. You can be along for the ride or you don’t have to be.”
The company has also faced backlash over its work with government agencies like U.S. Immigration and Customs Enforcement, and Karp has admitted that his strong pro-Israel stance led some people to leave the company.
The boisterous CEO has been particularly vocal this week. On Monday’s earnings call, he questioned how happy the people are who didn’t invest in the company, and told them to “get some popcorn.”
And on CNBC he aimed much of his ire at Burry after the investor revealed his short positions in Palantir and Nvidia.
“The two companies he’s shorting are the ones making all the money, which is super weird,” Karp told CNBC’s “Squawk Box” on Tuesday. “The idea that chips and ontology is what you want to short is bats— crazy.”
Affirm CEO Max Levchin said Friday that while the buy now, pay later firm isn’t seeing credit stress among federally employed borrowers due to the government shutdown, there are signs of a change in shopping habits.
“We are seeing a very subtle loss of interest in shopping just for that group, and a couple of basis points,” Levchin told CNBC’s “Squawk on the Street.”
At least 670,000 federal employees have been furloughed in the shutdown, and about 730,000 are working without pay, the Bipartisan Policy Center said this week.
Levchin said he’s closely watching employment data for signs of major disruptions, but the company is “capable” of adjusting credit standards when needed.
“Right now, things are just fine,” he said. “We’re not seeing any major disturbances at all.”
The federal funding lapse, which began Oct. 1, is the longest in U.S. history and has halted work across agencies with an impact beyond those who are government employees. The SNAP food benefit program, which serves 42 million Americans, has also been cut off.
The comments from Levchin followed a fiscal first-quarter earnings report that blew past Wall Street’s estimates. Affirm posted earnings of 23 cents per share on $933 million in revenue. Analysts polled by LSEG expected earnings of 11 cents per share on $883 million in sales.
Revenues climbed 34% from a year ago, while gross merchandise volumes jumped 42% to $10.8 billion from $7.6 billion a year ago. That surpassed Wall Street’s $10.38 billion estimate.
The fintech company, which went public in 2021, also lifted its full-year outlook, saying it now expects gross merchandise volume to hit $47.5 billion, versus prior guidance of $46 billion.
Affirm also said it renewed its partnership with Amazon through 2031. The company has also inked deals with the likes of Shopify and Apple in a competitive e-commerce landscape.
Long-time partner Walmart recently ditched Affirm for Swedish buy now, pay later firm Klarna, which went public in September after delaying its public offering due to market uncertainty caused by President Donald Trump‘s tariff plans. Worries of a pullback in discretionary spending due to tariffs ignited fears across the fintech sector.
Levchin said categories such as ticketing and travel have seen an uptick in interest, and consumer shopping remains strong. Active consumers grew to 24.1 million from 19.5 million a year ago.
“We’re every single day out there preaching the gospel of buy now, pay later being the better way to buy, and consumers are obviously responding,” he said.
-
Sports2 years agoStory injured on diving stop, exits Red Sox game
-
Sports3 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports2 years agoGame 1 of WS least-watched in recorded history
-
Sports3 years agoButton battles heat exhaustion in NASCAR debut
-
Sports3 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports4 years ago
Team Europe easily wins 4th straight Laver Cup
-
Environment2 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Environment1 year agoHere are the best electric bikes you can buy at every price level in October 2024