Sophisticated Fraud Scheme May 2020 (Shopify / eCommerce)

Yesterday our eCommerce site, Innerstate Shop, tracked down the origin of a series of suspicious orders dating back to May 13th. It appears criminals are using stolen credit card information and Shopify fraud checks did not catch any issues.

Key details:

• Shopify fraud checks did not catch any issues with the orders. This was a sophisticated bypassing of the 12+ fraud checks Shopify runs with every order.
• Orders used real card info, real billing information, and real names. The shipping address and email addresses were fake.
• Orders came from direct traffic to the site (they were targeting our store URL, and didn’t come through search or a paid ad).
• If you’ve experienced a similar scheme, or if you have advice on what we should do with this case, please email innerstateshop@gmail.com

Fraudulent email accounts associated with the orders used the following domains: trustpack.us, crystallfax.info, shippackage.info, goldwarehouse.us, loanandersen.us

All of the domains above are registered with Namecheap. We have opened a case with Namecheap to review.

Shipping addresses, presumably for receiving delivery of our packages (water filtration machines, supplements, and other HealthTech biohacking devices), were located around:

• San Antonio, Texas
• Chicago, Illinois
• Adelanto, Texas
• Greensboro, North Carolina
• Houston, Texas
• Augusta, Texas

We have installed a third-party app on Shopify called Fraud Killer to increase the number of fraud checks on every incoming order. We’ve also required a phone number with every order.

If you have other tips, please let us know (innerstateshop@gmail.com). We are going to share with our eCommerce clients, partners, and peers.

Updated May 28, 2020