an illustration of two phones connected to each other with a globe in the background

The Anatomy of FTID Fraud: A Step-by-Step Breakdown

a man in a suit and glasses is talking on a cell phone .
Amanda Martin

The Anatomy of FTID Fraud: A Step-by-Step Breakdown

In the ever-evolving landscape of e-commerce, a new and insidious form of fraud has emerged, threatening the financial stability of online retailers worldwide. Known as Fake Tracking ID (FTID) fraud, this sophisticated scheme has quickly become one of the most expensive and pervasive forms of return fraud plaguing the industry today. As e-commerce continues to grow, understanding the mechanics of FTID fraud has become crucial for prevention and protection.

Setting the Stage: The Fraud Ecosystem

Before delving into the step-by-step process of FTID fraud, it's essential to understand the ecosystem that enables it. At the heart of this fraudulent activity is the concept of "refund-fraud-as-a-service" (RFaaS). This criminal business model has transformed what was once isolated incidents of fraud into a large-scale operation, driven by organized crime rings.

The fraud ecosystem primarily operates on encrypted messaging platforms, with Telegram being the platform of choice for many fraudsters. These platforms provide a secure environment for sharing information, coordinating activities, and evading law enforcement.

Within this ecosystem, several key players emerge:

  1. Refunding Services: These groups offer complete solutions for individuals seeking fraudulent refunds. They handle everything from manipulating return labels to social engineering customer service representatives.
  2. Boxing Services: These specialized services focus on manipulating return shipping labels, a critical component of FTID fraud.
  3. Cashout Groups: Operating as seemingly legitimate entities, these groups purchase fraudulently obtained merchandise in bulk and resell it on platforms like Amazon, further damaging the original brand's sales and reputation.

Now that we understand the backdrop, let's break down the FTID fraud process step by step.

Step 1: Identifying the Target

The first stage of FTID fraud involves selecting a vulnerable retailer. Fraudsters typically target rising direct-to-consumer (D2C) brands, especially those that automate their return processes. These brands often lack the resources for sophisticated fraud detection and rely heavily on third-party logistics providers, making them prime targets.

Fraudsters conduct surveillance by placing small "test orders" to assess a brand's refund policies and susceptibility to social engineering. Once a retailer is identified as an easy target, this information quickly spreads through fraud communities on platforms like Telegram.

Step 2: Placing the Order

With a target identified, the fraudster places an order. To avoid suspicion, they may use tactics such as:

  • Utilizing VPNs to mask their true location
  • Creating new email addresses for each order
  • Slightly altering shipping addresses (known as "jigging")
  • Keeping order values below certain thresholds to avoid triggering fraud alerts

These techniques help bypass many existing fraud detection tools, which often rely on simple checks like email or shipping address matching.

Step 3: Initiating the Return

Once the fraudster receives the merchandise, they initiate the return process. This typically involves requesting a return label from the retailer. The ease of this process, especially with automated return systems, is a critical vulnerability that fraudsters exploit.

Step 4: Label Manipulation

This step is where the "fake" in Fake Tracking ID comes into play. The fraudster, often utilizing a boxing service, systematically alters the barcode and/or QR code on the return label. They change the shipment's destination address in the barcode metadata and on the label itself to a random address near—but not at—the original delivery address.

This manipulation is a highly technical process, requiring specialized skills and tools. Boxing services have emerged to provide this expertise, charging anywhere from $20 to $50 per edited label.

Step 5: Shipping the "Return"

With the manipulated label in hand, the fraudster ships an empty package or one containing low-value items. The altered label ensures the package is delivered to the fake address, usually a nearby business or public location where incorrectly delivered packages are likely to be discarded.

When dropped off at this random address, the parcel receives a "Delivered" scan from the carrier. Since tracking data typically only shows the zip code, it's impossible to tell that the return has been sent to the wrong address.

Step 6: Exploiting the Refund Process

The final step of the fraud occurs when the refund is processed. This happens in one of two ways:

  1. Automated Refunds: For retailers that process refunds based on "delivered" or "in-transit" tracking events, fraudsters have a frictionless environment they can exploit repeatedly without detection.
  2. Manual Refunds: When retailers manually process refunds upon receipt and inspection, fraudsters contact customer service, citing the tracking details that show "delivered" as proof when demanding a refund.

In both cases, the end result is the same: the brand has paid return postage and issued a refund for an item they never received, the fraudster has kept the merchandise, and any involved third-party (like a boxing service) has pocketed their fee.

The Aftermath and Impact

The impact of FTID fraud extends far beyond the immediate financial loss of the refunded amount and shipping costs. Successful fraud creates a positive feedback loop within refunding communities, leading to more attempts against the same retailer. This can quickly spiral into significant losses; some brands report losing millions of dollars to FTID fraud.

Moreover, the resale of fraudulently obtained goods by cashout groups can undermine a brand's pricing strategies, marketing efforts, and overall brand integrity.

Detection and Prevention

Detecting FTID fraud can be challenging, but there are several key indicators that retailers should watch for:

  • Receiving empty bubble mailers with manipulated return labels
  • High-value orders that are subsequently returned, especially if split into multiple smaller shipments
  • Repeated orders from new emails with slightly altered ("jigged") addresses

However, the absence of these signs doesn't necessarily mean FTID fraud isn't occurring. Many existing fraud detection tools fall short in identifying FTID fraud, often misclassifying fraudulent returns as "low risk."

To combat FTID fraud effectively, retailers need to implement more sophisticated fraud prevention measures. This may include:

  • Real-time monitoring of return transactions
  • Advanced identity linking to connect seemingly disparate fraudulent attempts
  • Machine learning algorithms to detect subtle patterns indicative of fraud
  • Partnerships with specialized fraud prevention services that stay ahead of evolving tactics

FTID fraud represents a significant and growing threat to e-commerce businesses, particularly rising D2C brands. By understanding the intricate process behind this fraud, retailers can better equip themselves to detect and prevent it.

However, as fraud tactics continue to evolve, it's crucial for businesses to stay vigilant and adaptable. Regular reassessment of return policies, investment in advanced fraud detection technologies, and collaboration with fraud prevention experts are all essential steps in the ongoing battle against FTID fraud.

The future of e-commerce depends on creating a secure environment for both businesses and consumers. By shining a light on the anatomy of FTID fraud, we take an important step toward that goal.

Fraudsters are profiting
while you wait

Let's Talk