PayPal, eBay Targeted in Web Theft Scam That Stole Millions

Federal agents raided the home of two Vietnamese exchange students suspected of being mules for an online scam that used stolen credit card information and bogus PayPal accounts to sell products on eBay.

Two foreign exchange students from Vietnam are accused of being mules for an international identity theft ring believed to have stolen millions of dollars from online merchants, according to an affidavit filed by federal investigators in Minnesota district court.

The Dec. 29 affidavit sought a search warrant to raid the home of two Vietnamese exchange students attending Minnesota's Winona State University. During the resulting raid, federal agents from the Department of Homeland Security's Immigration and Customs Enforcement unit seized documents and computer equipment, according to the Minnesota Star Tribune.

The Department of Homeland Security affidavit, signed by Daniel Schwarz, claimed the students, Tram Vo and Khoi Van, were money transfer mules and made more than $1.2 million using eBay to sell products purchased with stolen credit card numbers. The affidavit laid out the case for wire fraud, identity theft and money laundering against the students, who have not yet been formally charged, according to public records. The third person living at the house, Vinh Dong, was not named as part of the cyber-crime ring.

DHS' Cyber Crimes Center was already investigating the "underground economy" involving criminal rings based in Vietnam that were committing Internet financial fraud, said Schwarz. The amount of money stolen in this criminal enterprise is "estimated to exceed hundreds of millions of dollars," Schwarz said in the filing.

Agents have been investigating the online scam, dubbed "Operation eMule," since September 2009, according to the affidavit. The swindle involved criminals setting up eBay and PayPal accounts under other people's names and offering popular, expensive products at discounted prices, such as $400 Rosetta Stone software and iTunes gift cards.

When legitimate buyers bought the products using PayPal, the scammers ordered the items using the stolen credit card numbers directly from the manufacturer and shipped them. By the time the original credit card owner finds and reports the fraudulent transactions, it is already too late as the money has already left PayPal and moved into another bank account, and then is sent offshore to Canada or Vietnam, according to the affidavit.

"The criminal ring makes online purchases from e-commerce merchants using stolen credit card information and then utilizes an elaborate network of mules based in the United States," wrote Schwarz.

The legitimate buyer would receive the product they ordered, but online merchants would lose the money and the credit card owner is left to resolve the credit card fraud and accounts at eBay and PayPal, according to the document. The affidavit named several major companies that have been hit by this scam, including eBay, PayPal, Amazon, Apple, Dell and Verizon Wireless.

The cyber-criminals relied heavily on the Internet to perpetuate this fraud, said Schwarz, noting that all the accounts were opened online, often using proxy IP addresses to hide the user's origin. The personal information used to open up the accounts was obtained by hacking into people's computers or merchant databases, he said. In some cases, the credit card numbers were purchased from underground online marketplaces.

Investigators found 56 PayPal accounts that were opened under various individuals' names located through the United States with Vo's name and address listed, and 24 eBay accounts linked to those accounts, the affidavit said. More than $247,000 passed through those accounts. PayPal records also linked Van to 310 accounts that handled approximately $1 million and were linked to 157 eBay accounts. They were also linked to bank accounts at Wells Fargo, Capital One, Eastwood and HSBC, with deposits totaling approximately $900,000, of which approximately $680,000 were wired overseas, the investigators found.

When PayPal froze some accounts "due to suspected fraudulent activity," Vo and Van generated copies of fake passports, utility bills and bank statements using a software called GFI FAXmaker to get the funds released, according to the affidavit.