Published: April 13, 2017
Reading time: 3 minute read
Written by: Forter Team

“My name is Daria and I run my business from Kiev airport. Well, to be more accurate, I run the real part of my business online. But the airport is the best part of my day, not just because this is where I get paid, but it’s also where I get to see the face of the families I helped.

I’m not ashamed to admit that I use stolen credit cards to buy flights for people who desperately need to get out of Syria. Yes, they pay me when they arrive at Kiev airport. They pay with cash and I get a small commission. Very small. It’s almost charity. Anyway, the flights are so cheap that I bet the real cardholders hardly notice them, most of the time. What’s the crime in that?”  


No, that’s not a paragraph taken from the diary of a fraudster who was forcibly removed by law enforcement. It’s not a bragging post from a criminal to their Facebook friends (the good ones are too good to brag under their own name anyway). It’s a fictional introduction to a very real kind of fraud.

While the expression we’re giving to this ecommerce fraud MO is imaginative, to give you a sense of what’s involved, the details are all too true. This flight of fancy reflects true details of a fraud pattern Forter’s system really has been detecting (and blocking) over the last year or so.

The Extra Victims in the Fraud Chain

In general, when we talk about a victim of online fraud, we mean someone whose account or payment details were hacked or stolen and used to purchase something they never ordered or intended. If you look a bit further, in practical terms the final victim usually ends up being the merchant, who is ultimately liable for the cost (unless their ecommerce fraud protection provider offers a full fraud chargeback guarantee).

Sometimes, though, there’s another victim as well. This generally doesn’t apply to physical goods, but rather to tickets or services. If you’re booking a flight, getting a concert ticket or paying for a hotel room and you’re not buying from the original provider, you’re vulnerable here.

If the price was a little too good to be true, or you were just unlucky and picked a fraudulent middleman, you might arrive on the day to find your ticket/order is no longer valid, or worse that there’s official interest being taken in “your” purchase. The person who really owned the stolen card or account noticed the order they’d never made and charged it back. Your money, however, is gone – into the pocket of the fraudster.

The Refugee Fraud Phenomena

Always with an eye on the main chance, fraudsters are alive to the possibilities presented by current events. You can see this in their response to the current refugee crisis. While others might read about the refugee crisis from a political or humanitarian perspective, fraudsters view it as a business opportunity.

If people are desperate to move from country to country, they’re willing to pay for it. They probably have to be careful about how they spend their limited store of money, so they’re on the lookout for deals. And in today’s connected world the communities at risk due to the uncertain situations of their homelands stay in touch and share tips – including where you can find the best flights.

In short, there’s a market for cheap flights from and to specific destinations. Fraudsters are happy to serve that market. They’ll use stolen card details or hacked accounts to purchase a flight or flights, and sell those flights to someone who needs it for somewhat less than they originally “paid.” Sometimes it works the other way round, and they first sell and then steal to match the sale.

A Robin Hood Effect

The secondary victim may or may not be able to redeem the ticket – it all depends on whether the card/account holder caught on in time. In the refugee case in particular, they often do make it onto the flight, because they’re often buying flights in the near future, before a chargeback is likely to have occurred.

So the fraudster, who doesn’t care about the cost to the online merchant, even gets to feel good about themselves, in a Robin Hood kind of way. We see this self image reflected from time to time on underground forums and on social media.

To read more about this and other current trends in the fraudster ecosystem, check out this fraudster wishlist. To see how travel fraud developed over 2016, download the Fraud Attack Index, in conjunction with MRC.

3 minute read