Insider Insights

R. Paul Wilson On: Nespresso Money Mules

R. Paul Wilson On: Nespresso Money Mules
By R. Paul Wilson September 30, 2020
5 minute read

I recently wrote a short series of blogs on the topic of credit card theft, security and protection.

There are many potential problems for travellers and gamblers both online and in the real world and I encourage you to read those as a reminder of what’s out there.

After writing those articles, I wondered how difficult it was to use a stolen card and how scammers might monetise the card details they buy online.

The “Pump And Dump” Method

Years ago, I used to eat at a restaurant in Los Angeles that had the best steaks I’d ever tasted yet were far cheaper than the big steak houses.

It later turned out that the beef was being provided by dubious sources who were somehow selling the very best dry-aged slabs for a fraction of their normal value.

Sometime later, this caught up with the manager and I was sad to hear he got into trouble – I really liked the guy (and his steaks).

As it turned out, this restaurant might have been at the end of a classic “pump and dump” scam that was illustrated perfectly in one of my favourite movies, Goodfellas.

Goodfellas movie poster
Image: Wikipedia

In a classic scene, mobster Henry Hill introduces the owner of a popular restaurant to his mob boss, Paulie.

After Joe Pesci’s character Tommy beat the owner up for demanding payment of his tab, the owner wanted to protect himself by partnering with Tommy’s boss.

In that beautifully measured scene, Paulie seems reluctant to take part-ownership of the restaurant since he knows nothing about that business, but Ray Liotta’s Henry offers to help and a deal is struck.

The truth is that Paulie always wanted to take the restaurant and Tommy and Henry were simply working a con to force the owner into a corner where Paulie seemed like his best and only way out.

In fact, the mob boss was a shortcut to arson and an insurance claim.

So, what does this have to do with your stolen credit card?

While researching current scams that use stolen credit cards, I stumbled onto a variation of Paulie’s method for using the restaurant in Goodfellas to steal large sums of money from a line of credit.

The restaurant in Henry Hill’s story was a huge success and already had a good reputation with providers of food, alcohol, furnishings, clothes, or anything the owner might order, then pay for via an invoice.

Once Paulie was the owner’s supposed “partner” Henry stepped in, took the reigns and started ordering everything he could under the restaurant’s name – from cases of booze and boxes of prime steaks to airplane tickets and Italian suits – whatever the restaurant’s previously good credit would allow him to buy.

All of this stuff was delivered through the front door then straight out the back door to be resold for a fraction of its value, but an enormous profit to Paulie and his crew.

The restaurant owner kept signing these crooked orders until the only thing left to sign was another insurance policy before Henry and Tommy firebombed the joint.

It’s a terrific illustration of mob mentality and ingenuity and, as it turns out, the inspiration for modern credit card thieves.

How Scammers Used eBay To Turn Nespresso Fans Into Money Mules

Nespresso machine
Image: Shutterstock

At last year’s DEFCON in Las Vegas, Professor Nina Kollars gave a clear illustration of how credit card scammers use eBay to create a simple buying triangle that turns stolen card details into hard cash.

After Ms Kollars bought herself a Nespresso machine, she decided to try buying coffee pods online since buying direct from Nespresso can be quite expensive depending on your coffee drinking habits.

Sure enough, she found a couple of hundred pods at an excellent price, paid the seller and waited for her purchase to arrive.

When the package landed, she was shocked to find double the number of pods plus another brand-new machine that was not on the eBay auction!

Naturally, she contacted the seller, but they had vanished so being a professor at the US Navy’s war college, she decided to dig a little deeper.

What she found was a scam she calls “triangulation fraud”, though it’s really just a variation on the Mob’s “pump and dump”.

Kollars began by contacting Nespresso who had shipped the pods and machine to her and tried to return the items, but Nespresso didn’t want them since they had already been paid for at their end.

This forced the question: if Nina only paid half price for 200 pods but received 400 and a brand-new machine, which had all been paid for and shipped by the manufacturer – where is the scam?

Nina Kollars already had an idea so decided to try and prove her theory.

Theorising that scammers tend to be lazy, she searched eBay for new and current auctions that used the same text or photographs as her original Nespresso bonanza.

Sure enough, she found a few and repeated the process of buying pods for a bargain price and just like before, received double what she paid for and more.

Again, the product came directly from Nespresso who played no part in anything illegal but thanks to the wonders of drop shipping, might have been used to help fraudsters turn stolen credit cards into real money.

How The Nespresso Scam Worked

As Kollars discovered, the system is simple but effective.

The fraudsters advertise something on eBay or any other auction site and wait for a buyer who sends them money via an online or electronic payment method.

To ensure that payment is not later reclaimed, the scammers then use a stolen credit card to buy the items they were selling from an online manufacturer or provider and ship directly to the buyer.

So the triangle works like this:

1. The buyer orders something at a bargain price.

2. The seller receives the buyer’s cash then uses a stolen card to buy the advertised items directly from a provider who will then ship directly to the buyer.

3. The provider receives an order, which has been paid in full and ships the product to the address given.

In order to make absolutely sure that the buyer is happy (and won’t quibble or cancel payment), the scammer may double the order or add a coffee machine to the deal; something I like to call “greed by proxy”.

Theoretically, most buyers will be delighted by the additional items and may stay quiet for fear of having to return the extra items (for shame!) but Nina Kollars wanted to figure out exactly what was going on and did so.

In her talk at DEFCON, she accurately surmised that this seemingly victimless crime was anything but.

Most likely, those cards belonged to people who had no idea their details were compromised and if they were to report the crime, Nespresso would most likely point investigators to the shipping address given for whatever was sold.

This method therefore allowed the sellers to remain hidden behind constantly changing auction accounts, bank details and fake IDs while the innocent buyer might have some explaining to do but has technically done nothing wrong (unless they knowingly work this system to get more free stuff).

The Con Must Go On

Just like Henry Hill and Paulie, these fraudsters abuse someone’s line of credit until the well runs dry then burn the store down (ditch the stolen identity) only to repeat the whole deal with another victim.

So if you wake up one morning and find you’ve unexpectedly bought an enormous flat-screen television that was shipped to Alaska or Idaho, don’t be surprised if the recipient is completely unaware that they’re part of a con game.

The real scammers are elsewhere, hiding (and operating) in plain sight.

If you’re interested in reading the other credit card scam articles, check out the four-part series below:

  • Part 1 for not-so-secure ATMs and Lebanese Loop devices.
  • Part 2 for how people can steal your details from contactless cards.
  • Part 3 for more direct methods on how people can steal your details.
  • Part 4 for a story about when R. Paul Wilson’s accounts were compromised.