Federal agents raided the home of two Vietnamese exchange students suspected of being mules for an online scam that used stolen credit card information and bogus PayPal accounts to sell products on eBay.
Two foreign exchange students from Vietnam
are accused of being mules for an international identity theft ring believed to
have stolen millions of dollars from online merchants, according to an
affidavit filed by federal investigators in Minnesota
The Dec. 29 affidavit sought a search warrant to raid the home of two
Vietnamese exchange students attending Minnesota's
University. During the resulting
raid, federal agents from the Department of Homeland Security's Immigration and
Customs Enforcement unit seized documents and computer equipment, according to
of Homeland Security affidavit, signed by Daniel Schwarz
, claimed the students,
Tram Vo and Khoi Van, were money transfer mules and made more than $1.2 million
using eBay to sell products purchased with stolen credit card numbers. The
affidavit laid out the case for wire fraud, identity theft and money laundering
against the students, who have not yet been formally charged, according to
public records. The third person living at the house, Vinh Dong, was not named
as part of the cyber-crime ring.
DHS' Cyber Crimes Center was already investigating the "underground
economy" involving criminal rings based in Vietnam that were committing
Internet financial fraud, said Schwarz. The amount of money stolen in this
criminal enterprise is "estimated to exceed hundreds of millions of
dollars," Schwarz said in the filing.
Agents have been investigating the online scam, dubbed "Operation eMule,"
since September 2009, according to the affidavit. The swindle involved
criminals setting up eBay and PayPal accounts under other people's names and
offering popular, expensive products at discounted prices, such as $400 Rosetta
Stone software and iTunes gift cards.
When legitimate buyers bought the products using PayPal, the scammers
ordered the items using the stolen credit card numbers directly from the
manufacturer and shipped them. By the time the original credit card owner finds
and reports the fraudulent transactions, it is already too late as the money
has already left PayPal and moved into another bank account, and then is sent
offshore to Canada
according to the affidavit.
"The criminal ring makes online purchases from e-commerce merchants
using stolen credit card information and then utilizes an elaborate network of
mules based in the United States,"
The legitimate buyer would receive the product they ordered, but online
merchants would lose the money and the credit card owner is left to resolve the
credit card fraud and accounts at eBay and PayPal, according to the document.
The affidavit named several major companies that have been hit by this scam,
including eBay, PayPal, Amazon, Apple, Dell and Verizon Wireless.
The cyber-criminals relied heavily on the Internet to perpetuate this fraud,
said Schwarz, noting that all the accounts were opened online, often using
proxy IP addresses to hide the user's origin. The personal information used to
open up the accounts was obtained by hacking into people's computers or
merchant databases, he said. In some cases, the credit card numbers were
purchased from underground online marketplaces.
Investigators found 56 PayPal accounts that were opened under various
individuals' names located through the United
States with Vo's name and address listed,
and 24 eBay accounts linked to those accounts, the affidavit said. More than $247,000
passed through those accounts. PayPal records also linked Van to 310 accounts
that handled approximately $1 million and were linked to 157 eBay accounts.
They were also linked to bank accounts at Wells Fargo, Capital One, Eastwood
and HSBC, with deposits totaling approximately $900,000, of which approximately
$680,000 were wired overseas, the investigators found.
When PayPal froze some accounts "due to suspected fraudulent
activity," Vo and Van generated copies of fake passports, utility bills
and bank statements using a software called GFI FAXmaker to get the funds released,
according to the affidavit.