> I know how this is done. It is the best way to launder bitcoin revenue generated from all kinds of illegal activities. They go to Giftly or Gyft and by Amazon gift cards for the bitcoin. Then they just pay themselves. That is the only way to not get your account closed. It is not credit card fraud!!! Gift cards are always under the radar on Amazon.
Defrauding a seller with stolen credit cards is despicable. I know someone who had an online startup selling tickets and was massively defrauded by foreign hackers with stolen credit cards. He was personally liable for the losses and it ended up bankrupting him. His life was a downward spiral after that, resulting in divorce, losing his home, and ultimately committing suicide.
I suspect its because he won't have setup the company as one with limited liability: https://en.wikipedia.org/wiki/Limited_liability the result being that when people sued, they sued him personally rather than the company.
or he had it as an LLC, but made a mistake along the way that pierced the corporate veil. Or as a small business, he was just straight-up forced to pierce the corporate veil. (banks do this to small biz all the time).
It's not always so simple when you're a small company owned by one person. Even if you have an LLC, if you run into significant money problems someone with enough resources WILL come after you personally.
If you are a small business with no significant assets or revenue - say you are plugging away making $4k/mo scraping by - you will likely not be getting a merchant account without a personal financial guarantee.
The corporate veil is mostly a fiction for small bootstrapped startups without initial seed capital.
What's crazy is it only takes one bad actor to cause problems like this. Often fraudsters will just use one website to "test" if a card is good, by using it to make a small purchase. If it goes through, the card is good. One fraudster might do this 100 times on a small site. The merchant is liable for the chargebacks that will come within 30 days, and each chargeback typically costs $15. Additionally, if the percent of chargebacks as a total of all transactions goes over 2%, the merchant account provider will likely close the account due to risk.
Gyft appears to me to be a legit business (I only had a short look at their website). Buying gift cards at regular prices and then selling them with a small markup while providing anonymity for your customers seems plausible.
Unless I'm missing something this doesn't really seem to launder the money. Sure you have converted bitcoin to cash but the cash still doesn't look like legitimate income if you don't sell the books under your own name (which they clearly don't).
So wouldn't it be easier to just sell bitcoin on exchanges like localbitcoin?
> the cash still doesn't look like legitimate income
It would if you used your real identity for the "book" sales instead of fraudulent id. Then the proceeds are legitimate. Govt would have to prove you faked the sales, which is easy to hide.
It also doesn't seem that far fetched to actually write a 60 page book. One topic per book (civil war, computers, carbons, whatever) copy and paste wikipedia articles on various points related to the topic, some crappy pics, and bam, one day of work and you've got something you could claim to be a real book if anyone started investigating.
I don't think it would be that easy to hide. It would be easy to dragnet and find suspects by getting Amazon to report % of purchases by gift card by author, and then following up manually with a few customers should be enough to filter out any false positives and snare the scammers.
But what are you going to charge them with? Where is the evidence? The wrongdoing is hidden in the gift card purchases which you can't actually tie to the faker seller.
If you live in a western country it isn't a very smart way to launder the money as you will eventually get caught. If you live in other places it is a way to move the money without it getting flagged. I'm guessing that local bitcoin probably isn't popular in N. Korea or China.
Am I correct in the understanding that in the US, lots of institutions/services/utility's ask for your SSN so it's common to be passing it across to folks, yet with this information someone could very easily take over your identity and cause much legal issues?
Yes. Every company that uses it treats it like some kind of super secret password. Which is obviously BS, because you've already given it out to a bunch of other companies.
And there are very strict rules on the limited number of things you can use it for and one large UK company I worked at we got read the riot act that it was instant dismissal (gross misconduct) to break the rules.
That's what the SSN was supposed to be. But then banks and other non-government institutions started using it for identity verfication. Tragedy of the commons, basically.
> (...) he’d never given Amazon his Social Security number. But the fraudster evidently had, and that was apparently enough to convince Amazon that the imposter was him.
How come having someone's SSN is still enough to do stuff like this? It's not a secret number.
“They say all they can do at this point is send me a letter acknowledging than I’m disputing ever having received the funds, because they said they couldn’t prove I didn’t receive the funds. So I told them, ‘If you’re saying you can’t say whether I did receive the funds, tell me where they went?’ And they said, “Oh, no, we can’t do that.’ So I can’t clear myself and they won’t clear me.”
If they are impersonating him, I see no reason why Amazon couldn't let him know where "his" money was sent.
Because giving out bank account information to strangers who are known not to own the account is a bad idea. Just because it's a suspected scammer doesn't mean that it's suddenly okay for Amazon to out his bank account info and leave themselves liable in case this guy (Reames) counter-steals the thief's identity.
I see where I made the error assuming the person had control of the account, but just for reference, it is not possible to steal someone's identity using their bank account number. This is just an identifier of an account.
In my country bank account transfers are the most common way to transfer money. I do it for random transactions, repaying people who bought me lunch, and all sorts of things. Anyone will give you their bank account number if you ask for it, and most people have theirs memorized.
The only thing someone could do if they got a hold of your account number would be that they can now send you money.
> but they can't walk into a bank and withdraw money.
Depends on how you define withdraw. If you define it as filling out a withdrawal slip and giving to a teller, then probably correct. If you however mean in a generic sense taking the money from your account, then no, it’s certainly possible and not very hard, and all you need is account number.
It's not "his" money. The money belongs to someone else with the same name, and the same SSN, which is rather suspicious, but in general a company can't go around giving personal information about one client to another client even when those clients have the same name (and the same SSN). In some countries they would be breaking the law if they did that.
If someone uses "my" name (which is not actually "owned" by me; there is no law to prevent other people from using that name) to commit fraud then that is a matter for the people being defrauded and for the police. I can't expect to magically acquire police powers in order to investigate it myself.
I have the same mental reaction every time I read about someone trying to investigate a so-called "identity theft" in which their name was used. The whole concept of "identity theft" is extremely dodgy. From a practical point of view, I don't know what to advise.
Yeah we should really stop using the term identity theft as it's not correct. Someone isn't stealing my identity. It's bank fraud where the bank failed to validate someone's identity good enough and try make it out to be your fault by saying identity theft.
Attempts to combat identity theft / money laundering seem to be aimed specifically at making it easier for someone to get hold of someone elses' personal details.
I'm currently in the process of trying to buy a house. In order to prevent money laundering my lawyer must verify original ID documents and take copies of these. The bank also needed similar. Those I can kind of understand, if you can't trust the lawyer or the bank who can you trust right?
But it doesn't end there. The estate agent dealing with the sale of the house also needed copies. That is 3 copies of our personal details (passport and bank statements) floating around on how many different computer systems? How safe are the access controls on those systems? How many people require access to those systems as part of their day to day work? More than I'd like.
I don't see your issue. The lawyers and banks are/should be trustable. A dodgy lawyer/bank soon loses their license.
Your lawyer knows you because he met you and can see the details you provided do match you because of the photo and signature. The bank the same.
So if someone else had your details it shouldn't matter. If they go to a lawyer or bank to try and get them to verify the documents, the lawyer or bank should be doing due diligence to verify the documents. The lawyer should verify the passport is real, not forged, and the photo and signature matches the person, and done face to face. Same with the bank.
So it really shouldn't matter how many copies of your personal details are out there.
The issue is that when a bank doesn't do it's due diligence and barely verifies the documents (or doesn't verify at all). They didn't check the person opening the account is the same one as the personal details provided. That is the bank's mistake not yours. But the banks have to gall to say it's identity theft. As if it was your fault they didn't do their due diligence.
It's the pressure from marketing/corporate to increase sales/accounts. Often the more accounts opened mean more bonuses. So the incentive is to not reject. They don't get bonuses for doing due diligence and rejecting fake applications. They put that work on you once someone has frauded them.
Really any bank that says you've been identity theft it's their fault they didn't have the right due diligence in place.
Sorry, I didn't see this comment until now. I agree that the bank and the lawyers as a whole are trustworthy. That is not the same as each individual within those banks and lawyers office being trustworthy. And the one I particularly dislike is the real estate agent who I didn't even get to chose as they are an agent for the seller.
Copies of these verification documents are hugely valuable to someone trying to carry out "identity theft". They could for example forge an 'originals seen' stamp from a lawyer or bank teller. At that point they are as good as an original as far as banks are concerned.
I have heard it before, probably a few times. But that said I have watched Mitchell and Webb and forgot it was on there too. Thanks for the reminder and link!
That's a good argument, but in this case they did send him a 1099.
So it seems like either the options are they sent him a 1099 by mistake, or they didn't, and they should therefore be able to say where the money was sent or help him access the account.
This is 100% correct. My wife got a notification from the IRS that someone else has been using her identity. Therefore, get this, IRS had issued both of them two separate secure PIN numbers which they have to use to file their taxes. IRS is refusing to deal with the fact that one of the "tax payers" is committing both identify theft and tax fraud. It is pretty funny, actually. This has been going on for 8 years by now.
Ebay/Paypal used sending 1c to a back account to verify your identity. Amazon never did, they happily take money from any account entered in their system with public data.
So what? Those scammers will just take chapters from multiple different books slap them together and there you go, same auto generated book but with non-gibberish text.
This, in my opinion, would be even easier for Amazon to detect than gibberish sentences pieced together. There are plenty of companies that specialize in plagiarism detection (i.e. TurnItIn, VeriCite) that would be able to detect copied text quickly and efficiently. Amazon already has easy access to thousands of books that detecting copies of chapters would be a no-brainer for them.
I find Amazon’s response to being informed about this “incident” particularly shocking.
Based on the information presented on Krebs’ blog, it should be obvious to Amazon that this is not just a case of a client dispute, but a situation involving a number of serious crimes. Considering how Amazon’s own platform facilitates these crimes, should their reluctance to assist this particular victim not open them up for a liability claims, maybe even for complicity in illegal conduct?
Taking it one step further, Amazon appears to have gained, and still gain a significant percentage from each of these transaction. In plain words: Amazon itself gained profits from criminal proceeds. It also appears to not be bothered all that much with structurally eliminating this practice. Doesn't that make Amazon itself a criminal organization, by definition?
Unless Amazon puts an immediate stop to all this, and distance itself from all profits so far made on it, why would it not be branded a criminal organization? Because they provide jobs? Because they provide innovative new business opportunities? Because they also gain profits though legal ways? Those same things can be argued for many criminal organizations, even including the Italian mafia.
Indeed. It looks like pretty cut-and-dry failure of KYC compliance. When acting as a marketplace, Amazon is a money transmitter and needs to follow KYC procedure for all sellers receiving funds. It seems like their KYC is very loose, to say the least.
Unfortunately as I age and gain experience in this industry, I've come to the conclusion rules like that do not apply to companies the size and breadth of Amazon.
They may get a slap on the wrist, but if a small company did this the principles involved would be in prison.
Perhaps a day in jail would make Bezos care. Money laundering is currently a big deal. Using Amazon to launder money is no different than selling stolen merchandise to a pawn shop.
In order to get a money transmitter license, Amazon must comply with KYC regulations, which are at best minimal protection against fraud. By failing to even meet such a minimum, Amazon may be demonstrating willful negligence.
When you forcibly enter a building with dozens of firearms, put people at gunpoint, and order them about/to the ground, that's, at minimum, approaching violence.
That is why money launderers do it right? They get a cut of the money laundered, and in this case that is 30%.
When I read the Krebs article I was struck by how similar it was to the way in which World of Warcraft Gold sellers would "launder" their gold by sending it through the auction house. In that case they would have their customers put up a specific worthless item for a high fee on the AH and then one of the gold farmer accounts would come along and buy it. As a 'legit' transaction it was hard for Blizzard to catch.
No doubt this is a pretty ancient scheme, you could use a swap meet for example to launder a lot of cash this way as well. Amazon just makes it easier. Of course it would be easier still if Amazon accepted blockchain currencies. Then you could create your own mixer without any work at all. :-) That makes me wonder if there were people selling silly things on Silk Road back in the day for large amounts of coin.
Amazon is in a difficult position. If their response to being informed was, instead, to re-issue the IRS form with a declaration that the account owner did NOT receive the money as income, then they have instead invented a way for people to dodge taxes by fraudulently claiming they are a victim of a money laundering scheme.
Also, fairly obviously, Amazon is not criminally liable because when the transactions happened they were, as far as they knew, simply selling books legally. Amazon had no criminal intent. This is the big difference.
Money laundering is also a difficult thing to deal with, since there are 'tipping off' crimes a lot of places, so you are not allowed to reveal that you are investigating.
Seems to be both identity theft and money laundering going on. Identity theft is a crime, but idk how much liability Amazon has. At least, I don't think there are specific/explicit rules about how this works. There probably is some case, referencing general laws about assisting or not preventing crimes or whatnot. ...I think.
Money laundering, OTOH... There is lots of legislation, regulation, enforcement... 99% of what falls under these is not money laundering, the plain English kind. It's measures to prevent tax avoidance, funding unsavouries and such. I imagine that bonafide laundering would be treated very seriously by authorities, but also banks and financial institutions Amazon work with.
We are not given enough details to know what the criminal’s intent was.
It does look more like a card cashout method than a laundering method, two very different things.
A common cashout pairing is Payoneer + Amazon/Fiverr/Upwork/etc. Payoneer allows almost anyone around the world to get a debit card which can be ACH loaded with proceeds of many marketplace partners including Amazon. You can walk up to an ATM and withdraw cash quickly after selling to “yourself” on Amazon. Their AML/KYC methods are a joke.
All it takes is one weak link in the AML chain for identity thieves to succeed, and due to the unstandardized and nebulous nature of current AML laws, there will always be a weak link especially as companies struggle to scale quickly.
SSNs and easily-photoshopped ID scans as primary verification methods are the two biggest weak links in the ecosystem right now IMO.
SSNs as passwords should be illegal at this point. Homework: go see how long it takes you to buy your own SSN on the darknet.
> Homework: go see how long it takes you to buy your own SSN on the darknet.
Heck, you don't even need to do that. Plenty of perfectly legal services you can sign up for as a PI, debt collector, whatever. You don't even need an information leak to have hit you. If you've participated in the modern economy, your SSN is trivially available for less than $30 via (arguably) legal means.
Anyone that doesn't treat their SSN as public information these days is living in a fantasy world. It's been this way for quite a long time, and I've never been too worried about my info floating around on the darkweb - the scammers weren't using those sources for the most part anyways.
The only leak I really thought was a big deal in recent times is Equifax - since that leak very likely was the whole burrito. That very likely escalated the "identity theft" war quite a bit.
Amazon is rapidly turning into eBay at its worst. It's very hard to buy things there. I used to send my 85 year old mom to Amazon to buy things, but she has trouble distinguishing name-brand items sold and fulfilled by Amazon from scammy clones. (And those pop-ups for extended warranties aren't good either.)
The fact that they let fake customer support numbers appear in Amazon hosted forums is reprehensible. And facilitating identity theft and money laundering seems downright criminal. I hope this victim can get the attention of a prosecutor.
It's worse than that, the authentic name-brand listing can still ship scammy clones instead because Amazon aggregates the listing from multiple sellers and pretends they're all the same thing
> It's worse than that, the authentic name-brand listing can still ship scammy clones instead because Amazon aggregates the listing from multiple sellers and pretends they're all the same thing
It's called fraud. Some people here call it "scaling" but it's just good old fraud at scale.
Yep. Just a couple weeks ago we bought Chemex coffee filters - the "Amazon's Choice" ones! We got a counterfeit that didn't even try to replicate the actual product (it was just sheets of tissue paper in the completely wrong shape). Looking at the reviews, we weren't the only ones who got these either.
I know i dont trust Amazon. I go to the product website if I can then Newegg then Walmart.com - Amazon is last. Newegg is actually a great place for lots of different stuff. Amazon is ikky Because of what you say its not worth it. - But my dad loves it because he lives in a rural area and has free shipping and reads his kindle and has lots and lots of money - not me I need to look after my resources and I have not had a wonderful experience with Amazon - I mean why get a board game from Amazon if you can get it from the publisher or another site that is not as creepy. There are amazing German web sites. it really is a crappy USA company.. There are less crappy companies
It’s really terrible lately. When Wal-Mart has better quality products you know something’s up.
I’ve been using Fake Spot to get any non name brand item[1]. The only issue is now there are straight counterfeits instead of reply cheap knock offs. I recently learned of the all the counterfeit SD cards when I bought some for my Pis. A google search brings up examples on many forums and blogs.
Me and the wife had this conversation last night about whether or not buying things online is really saving time since the means of evaluation is all mental/reading. Confronted with a product in the physical world one can mobilize all sorts of senses at once to evaluate quality simultaneously. Online we're stuck reading reviews and gauging authenticity/quality. The sad part that's become the reality too is that once the thing arrives we're spending extra time scrutinizing the product for signs of being a counterfeit, even when sold directly from Amazon.
It depends, amazon quality is still good when compared to third world.
I travel frequntly to China/Philippines/SG and you need to go in person to buy random crap. I hate it. Lazada is the Asian Amazon and it is a total crapshoot.
I never complained about Amazon, whenever I have a issue it's always remedied correctly, returns are absolute and money is refunded.
Lazada tries to play games, tries to say "change of mind is not a valid reason of excuse" or worse it's bait and switch. A picture of a bookshelf with pictures by a palm tree, what's delivered is a doll house toy.
I hate online shopping in Asia. Japan is the only exception because of Amazon and Japan commitment to customer service.
Yeah, I've drastically scaled back my Amazon shopping and scaled up my shopping at physical retailers like Best Buy and Barnes and Noble or specialized competitors like Newegg. My reasoning is:
1. Amazon Logistics delivery sucks and I hate them so much.
2. When you actually look, Amazon is no longer price competitive with big box retailers on a lot of products in a lot of areas.
3. I can get my stuff today rather than in ??? + 2 days.
4. I can actually see the stuff in person, and assess quality and size.
5. Much smaller counterfeit problem.
6. I'm afraid of Amazon getting too dominant in the retail space, so I feel good about sending business to its competitors.
I try to only go to Amazon when I'm buying something weird that I don't know how to buy elsewhere.
Interestingly enough, I find Amazon often has worse prices for the relatively-niche books I used to swear by Amazon for - art and critical theory, mainly. They used to have the convenience aspect as well, but now I generally feel like I can get better service by buying from the publisher and I feel better about it for the anti-monopoly reason you touched on
Check out this solution from Bosch, I always wondered about generating unique codes per product instance. It would need to be a subset of a very large space, in this case 3418
One thing I've not seen mentioned here is how Amazon created an opportunity for fraud by making their customer support number harder to find.
This is a common tactic - heck, some sites require you to do a knowledge base search before giving you any means to do direct contact. Keeping humans around to answer calls is expensive so companies nudge customers towards passive support.
All of which creates an opportunity for fraudsters to make their fake contact info easier to find. I wonder how many fraudulent numbers for Google support exist...
I suspect many people deal with potential customer service numbers the way I do: don't even bother. Even if you can find it, you have to fight through 5-6 layers of menus, only to be connected with some low-paid contractor trying to read a script. I haven't tried to contact Amazon's customer service, and can't even imagine trying. Basically, if your problem is bad enough, try to make it a PR problem online. If it's not, too bad.
Why do you need to use someone else's social if you're using it for money laundering? Can't you just sell a book under your own social for that much? Or hell, sell a used copy of an actual book for $2,000 or something?
I don't understand how the received money is clean if it's attached to someone else's social. If the thief is audited they can't show legitimacy of that cash, can they?
Seems like if Amazon won't issue a corrected 1099, the victim's next stops should be his state AG, the IRS, FBI, and/or similar. A crime's been committed, Amazon is getting 40% and refusing to do anything about it.
Currently working with a guy that has a React book on Amazon. 0$ on Kindle, 22.50$ paperback so at least you can see for yourself what quality it is.
The book is artificially elongated and full of advise scraped from tutorials. The code snippets are pretty much non-existent. Overall garbage.
Recruiters don't read through the bullshit so it's a good sell "This guy wrote a book on the thing!". Doesn't matter that the guy produces spaghetti garbage with complexity of 36. Contracting high-life. As the old saying goes "Worse is better".
Of course laying off the guy would not pass. What would the client say!? Let's make him the lead on the front-end part and eventually push the blame on him once the client realizes what a steaming pile of bullshit they've got on their hands.
As a cherry on top there's managerial padding between US and EMEA departments of the client so probably they'll go off to the sunset with another bullshit entry on their LinkedIn profiles.
Handcrafted bespoke user interfaces - seriously, who unironically puts this on their contracting business LinkedIn profile? Who buys this babble (besides the technically oblivious managers)?
95 comments
[ 4.0 ms ] story [ 182 ms ] thread> I know how this is done. It is the best way to launder bitcoin revenue generated from all kinds of illegal activities. They go to Giftly or Gyft and by Amazon gift cards for the bitcoin. Then they just pay themselves. That is the only way to not get your account closed. It is not credit card fraud!!! Gift cards are always under the radar on Amazon.
The corporate veil is mostly a fiction for small bootstrapped startups without initial seed capital.
[0]: https://www.candyjapan.com/behind-the-scenes/candy-japan-hit... / https://news.ycombinator.com/item?id=10237697
It would if you used your real identity for the "book" sales instead of fraudulent id. Then the proceeds are legitimate. Govt would have to prove you faked the sales, which is easy to hide.
https://en.wikibooks.org/wiki/Guitar
https://upload.wikimedia.org/wikipedia/commons/7/74/Guitar.p...
your "identity" is nothing more than your SSN/TIN, which is already on a thousand lists for sale on the dark web, and forever will be
there is literally no way to secure your identity if you've ever used a service requiring your SSN
Often your date of birth is also needed but, of course, that's not hard to acquire either.
We have something similar over here, an National Insurance number but it's only needed for employers or claiming benefits.
How come having someone's SSN is still enough to do stuff like this? It's not a secret number.
“They say all they can do at this point is send me a letter acknowledging than I’m disputing ever having received the funds, because they said they couldn’t prove I didn’t receive the funds. So I told them, ‘If you’re saying you can’t say whether I did receive the funds, tell me where they went?’ And they said, “Oh, no, we can’t do that.’ So I can’t clear myself and they won’t clear me.”
If they are impersonating him, I see no reason why Amazon couldn't let him know where "his" money was sent.
In my country bank account transfers are the most common way to transfer money. I do it for random transactions, repaying people who bought me lunch, and all sorts of things. Anyone will give you their bank account number if you ask for it, and most people have theirs memorized.
The only thing someone could do if they got a hold of your account number would be that they can now send you money.
Or withdraw all your money, if your account is drawn on a US (and many other countries) bank.
Depends on how you define withdraw. If you define it as filling out a withdrawal slip and giving to a teller, then probably correct. If you however mean in a generic sense taking the money from your account, then no, it’s certainly possible and not very hard, and all you need is account number.
If someone uses "my" name (which is not actually "owned" by me; there is no law to prevent other people from using that name) to commit fraud then that is a matter for the people being defrauded and for the police. I can't expect to magically acquire police powers in order to investigate it myself.
I have the same mental reaction every time I read about someone trying to investigate a so-called "identity theft" in which their name was used. The whole concept of "identity theft" is extremely dodgy. From a practical point of view, I don't know what to advise.
I'm currently in the process of trying to buy a house. In order to prevent money laundering my lawyer must verify original ID documents and take copies of these. The bank also needed similar. Those I can kind of understand, if you can't trust the lawyer or the bank who can you trust right?
But it doesn't end there. The estate agent dealing with the sale of the house also needed copies. That is 3 copies of our personal details (passport and bank statements) floating around on how many different computer systems? How safe are the access controls on those systems? How many people require access to those systems as part of their day to day work? More than I'd like.
Your lawyer knows you because he met you and can see the details you provided do match you because of the photo and signature. The bank the same.
So if someone else had your details it shouldn't matter. If they go to a lawyer or bank to try and get them to verify the documents, the lawyer or bank should be doing due diligence to verify the documents. The lawyer should verify the passport is real, not forged, and the photo and signature matches the person, and done face to face. Same with the bank.
So it really shouldn't matter how many copies of your personal details are out there.
The issue is that when a bank doesn't do it's due diligence and barely verifies the documents (or doesn't verify at all). They didn't check the person opening the account is the same one as the personal details provided. That is the bank's mistake not yours. But the banks have to gall to say it's identity theft. As if it was your fault they didn't do their due diligence.
It's the pressure from marketing/corporate to increase sales/accounts. Often the more accounts opened mean more bonuses. So the incentive is to not reject. They don't get bonuses for doing due diligence and rejecting fake applications. They put that work on you once someone has frauded them.
Really any bank that says you've been identity theft it's their fault they didn't have the right due diligence in place.
Copies of these verification documents are hugely valuable to someone trying to carry out "identity theft". They could for example forge an 'originals seen' stamp from a lawyer or bank teller. At that point they are as good as an original as far as banks are concerned.
Are you referencing Mitchell and Webb? Because you're practically quoting one of my favorite sketches:
https://www.youtube.com/watch?v=oOQBpHN_kS0
So it seems like either the options are they sent him a 1099 by mistake, or they didn't, and they should therefore be able to say where the money was sent or help him access the account.
Turn it over to the police immediatly.
It is probably a problem of incentive because they are still making these sales.
Based on the information presented on Krebs’ blog, it should be obvious to Amazon that this is not just a case of a client dispute, but a situation involving a number of serious crimes. Considering how Amazon’s own platform facilitates these crimes, should their reluctance to assist this particular victim not open them up for a liability claims, maybe even for complicity in illegal conduct?
Taking it one step further, Amazon appears to have gained, and still gain a significant percentage from each of these transaction. In plain words: Amazon itself gained profits from criminal proceeds. It also appears to not be bothered all that much with structurally eliminating this practice. Doesn't that make Amazon itself a criminal organization, by definition?
Unless Amazon puts an immediate stop to all this, and distance itself from all profits so far made on it, why would it not be branded a criminal organization? Because they provide jobs? Because they provide innovative new business opportunities? Because they also gain profits though legal ways? Those same things can be argued for many criminal organizations, even including the Italian mafia.
They may get a slap on the wrist, but if a small company did this the principles involved would be in prison.
Just do it to the HQ on a day when Jeff is in the office - they will get the message
I'm more surprised I don't disagree.
When I read the Krebs article I was struck by how similar it was to the way in which World of Warcraft Gold sellers would "launder" their gold by sending it through the auction house. In that case they would have their customers put up a specific worthless item for a high fee on the AH and then one of the gold farmer accounts would come along and buy it. As a 'legit' transaction it was hard for Blizzard to catch.
No doubt this is a pretty ancient scheme, you could use a swap meet for example to launder a lot of cash this way as well. Amazon just makes it easier. Of course it would be easier still if Amazon accepted blockchain currencies. Then you could create your own mixer without any work at all. :-) That makes me wonder if there were people selling silly things on Silk Road back in the day for large amounts of coin.
Also, fairly obviously, Amazon is not criminally liable because when the transactions happened they were, as far as they knew, simply selling books legally. Amazon had no criminal intent. This is the big difference.
Money laundering is also a difficult thing to deal with, since there are 'tipping off' crimes a lot of places, so you are not allowed to reveal that you are investigating.
Money laundering, OTOH... There is lots of legislation, regulation, enforcement... 99% of what falls under these is not money laundering, the plain English kind. It's measures to prevent tax avoidance, funding unsavouries and such. I imagine that bonafide laundering would be treated very seriously by authorities, but also banks and financial institutions Amazon work with.
It does look more like a card cashout method than a laundering method, two very different things.
A common cashout pairing is Payoneer + Amazon/Fiverr/Upwork/etc. Payoneer allows almost anyone around the world to get a debit card which can be ACH loaded with proceeds of many marketplace partners including Amazon. You can walk up to an ATM and withdraw cash quickly after selling to “yourself” on Amazon. Their AML/KYC methods are a joke.
All it takes is one weak link in the AML chain for identity thieves to succeed, and due to the unstandardized and nebulous nature of current AML laws, there will always be a weak link especially as companies struggle to scale quickly.
SSNs and easily-photoshopped ID scans as primary verification methods are the two biggest weak links in the ecosystem right now IMO.
SSNs as passwords should be illegal at this point. Homework: go see how long it takes you to buy your own SSN on the darknet.
Heck, you don't even need to do that. Plenty of perfectly legal services you can sign up for as a PI, debt collector, whatever. You don't even need an information leak to have hit you. If you've participated in the modern economy, your SSN is trivially available for less than $30 via (arguably) legal means.
Anyone that doesn't treat their SSN as public information these days is living in a fantasy world. It's been this way for quite a long time, and I've never been too worried about my info floating around on the darkweb - the scammers weren't using those sources for the most part anyways.
The only leak I really thought was a big deal in recent times is Equifax - since that leak very likely was the whole burrito. That very likely escalated the "identity theft" war quite a bit.
The fact that they let fake customer support numbers appear in Amazon hosted forums is reprehensible. And facilitating identity theft and money laundering seems downright criminal. I hope this victim can get the attention of a prosecutor.
Previous discussion including some firsthand experience from sellers: https://news.ycombinator.com/item?id=13926015
It's called fraud. Some people here call it "scaling" but it's just good old fraud at scale.
https://www.amazon.com/dp/B017OFOP68/ref=cm_sw_r_em_api_c_Yo...
They've apparently since taken off the "Amazon's Choice" label here.
I’ve been using Fake Spot to get any non name brand item[1]. The only issue is now there are straight counterfeits instead of reply cheap knock offs. I recently learned of the all the counterfeit SD cards when I bought some for my Pis. A google search brings up examples on many forums and blogs.
[1]https://www.fakespot.com
When there's something I want, I might research it on Amazon, then I go to the manufacturer's site and find an authorized reseller to buy it from.
I travel frequntly to China/Philippines/SG and you need to go in person to buy random crap. I hate it. Lazada is the Asian Amazon and it is a total crapshoot.
I never complained about Amazon, whenever I have a issue it's always remedied correctly, returns are absolute and money is refunded.
Lazada tries to play games, tries to say "change of mind is not a valid reason of excuse" or worse it's bait and switch. A picture of a bookshelf with pictures by a palm tree, what's delivered is a doll house toy.
I hate online shopping in Asia. Japan is the only exception because of Amazon and Japan commitment to customer service.
1. Amazon Logistics delivery sucks and I hate them so much.
2. When you actually look, Amazon is no longer price competitive with big box retailers on a lot of products in a lot of areas.
3. I can get my stuff today rather than in ??? + 2 days.
4. I can actually see the stuff in person, and assess quality and size.
5. Much smaller counterfeit problem.
6. I'm afraid of Amazon getting too dominant in the retail space, so I feel good about sending business to its competitors.
I try to only go to Amazon when I'm buying something weird that I don't know how to buy elsewhere.
http://www.protect.bosch.com
This is a common tactic - heck, some sites require you to do a knowledge base search before giving you any means to do direct contact. Keeping humans around to answer calls is expensive so companies nudge customers towards passive support.
All of which creates an opportunity for fraudsters to make their fake contact info easier to find. I wonder how many fraudulent numbers for Google support exist...
I don't understand how the received money is clean if it's attached to someone else's social. If the thief is audited they can't show legitimacy of that cash, can they?
Currently working with a guy that has a React book on Amazon. 0$ on Kindle, 22.50$ paperback so at least you can see for yourself what quality it is.
The book is artificially elongated and full of advise scraped from tutorials. The code snippets are pretty much non-existent. Overall garbage.
Recruiters don't read through the bullshit so it's a good sell "This guy wrote a book on the thing!". Doesn't matter that the guy produces spaghetti garbage with complexity of 36. Contracting high-life. As the old saying goes "Worse is better".
Of course laying off the guy would not pass. What would the client say!? Let's make him the lead on the front-end part and eventually push the blame on him once the client realizes what a steaming pile of bullshit they've got on their hands.
As a cherry on top there's managerial padding between US and EMEA departments of the client so probably they'll go off to the sunset with another bullshit entry on their LinkedIn profiles.
Handcrafted bespoke user interfaces - seriously, who unironically puts this on their contracting business LinkedIn profile? Who buys this babble (besides the technically oblivious managers)?