Criminals recently put a new spin on an old scam, convincing U.S. consumers they were conducting “secret shopper” research when really they were buying goods using stolen credit cards and then sending goods to fraudsters abroad. Here’s what online retailers need to know about this scam.

Ping Li, head of risk operations, Signifyd

Ping Li, head of risk operations, Signifyd

Like any ambitious entrepreneur, ecommerce fraudsters are constantly innovating and iterating to double down on what works and walk away from what’s no longer effective.

The latest dramatic example? The changing face of mule fraud, an old scam in which fraudsters trick or entice individuals to help them steal goods from retailers by making purchases with stolen or fake credit cards.

We detected the latest variation earlier this year. A fraud ring or rings had created a phony business that supposedly conducted secret shopping excursions on retail sites to evaluate the customer experience the retailer was providing.

International fraudsters rely on shoppers living in the U.S. to provide a profile of a typical consumer.

The business, calling itself “the premier intelligence shopping company,” launched a website to recruit workers who would make purchases, send the goods to addresses on pre-printed shipping labels and fill out a survey evaluating their online shopping experience.


In return, the “employee” would be paid or allowed to keep some of the merchandise.

The website promised flexible hours, a meal allowance and transportation reimbursement in some cases. It’s a classic work-from-home scam: You shop. You get paid or you get free stuff. What’s not to like?

Avoids raising a red flag about known fraud hot spots

In reality, the employees, or mules in this case, were helping to conceal the illegal activity going on behind the scene. International fraudsters rely on shoppers living in the U.S. to provide a profile of a typical consumer.

By furnishing mules in the U.S. with stolen credit card accounts, fraud rings avoid having to list their own addresses in Russia, Nigeria, Malaysia or other fraud hot zones as a delivery destination. Working with mules also makes it harder for merchants to identify and detect fraud because the transactions are made by established shoppers.

In this case, the promise of free goods for the work the mules put in was honored, though that’s not always true. In the end, it’s a small investment for fraud rings (giving away items they got for free) to keep a workforce at the ready.


The secret shopper scam is another reminder of how resourceful, organized and difficult the fraud rings of 2020 are. While mule fraud is well established in the fraud playbook, by changing the shape of the deception, criminals can pull it out year after year.

In fact, this latest variation appeared shortly after we had successfully blocked a romance fraud attack that involved fraudsters in Nigeria and Malaysia who’d create profiles on dating sites to woo older women. Once they’d established an online relationship, they’d exploit the women by asking them to send money. Once their savings were exhausted, the fraudsters turned to asking the women to purchase items for them using credit accounts the fraudsters furnished.

Think of the different variations of mule fraud as elements in a fraud ring’s portfolio.

Old scams, new scams

Fraud rings know they must continually adjust to the market to strike quickly. Fraud prevention experts and law enforcement agencies disrupt fraud attacks as they become known and so fraudsters need to remain nimble to remain in business.

Once a scam gets uncovered, the fraudsters are quick to tweak their approach and test out something new. And because they’re involved in a cat-and-mouse game to avoid detection, they’ve become incredibly innovative when it comes to finding new ways to recruit mules.


Consider the romance fraud rings we disrupted last year. These romance scams are cultivated over long periods of time. The key is patience on the part of scammers. In our research, we encountered long-running relationships—many even lasting for years. The idea is to gain the victim’s trust and bring them to the point where they are ready to do anything for the fraudsters.

The romance fraud schemes come with elaborate stories and profiles. The con artists masquerade as American service members or U.S. businessmen living abroad with backstories about how the purchases will help an orphanage or hospital.

How the mule scheme worked

Earlier this year, leveraging AI technology, we began to notice some unusual purchasing patterns on different merchant sites in our Commerce Network. The scenarios pointed to a mule fraud scheme, but not the one we’d recently stymied.

The mules’ demographics and buying behavior had changed. The fraud attack had shifted from romance fraud to secret shopper fraud. These shoppers were not making purchases out of love and loyalty, but supposedly because it was their job to act as secret shoppers and help build better experiences for their customers.

The fraud rings are creatively diabolical in crafting stories to entice mules into new schemes. One of the mules told us she made the purchases on behalf of her “boss” after landing a job with the secret shopper company. Like the best scams, the secret shopper scheme played to the mules’ emotions. Yes, the work was a paying gig, but at least some of the mules were also told that the goods they were purchasing would be donated to an orphanage or some other social-service organization. So, the secret shoppers were doing well by doing good.


Mule fraud goes global

There are ways merchants can mitigate their risk in the escalating battle against mule fraud. Signifyd’s network of merchants allows us to see patterns in fraudulent behavior across thousands of retailers, such as whether the same buyer is purchasing various high-priced items around the same time or the same day.

What’s important to recognize is the growing seriousness of the threat posed by this cohort of fraudsters. When it comes to mule fraud, increasingly, we’re seeing the fingerprints of organized criminal groups that operate overseas. For instance, mules who we’ve interviewed have reported receiving shipping labels for addresses in Nigeria, Russia and Malaysia. That activity suggests the presence of international rings working systemically to target merchants.

For retailers, the uptick in mule fraud activity is a further reminder of the importance of data in the battle against the bad guys. To combat mule fraud schemes, retailers should:

  • Turn to fraud defenses that rely on vast data and intelligent machines to spot anomalous purchasing patterns instantly and determine whether the orders are legitimate or fraudulent.
  • Understand that the strongest defense combines machines that can identify new suspicious behavior and human fraud and data experts, who can dig into what’s behind the anomalous behavior.
  • Up-level the fraud domain expertise they have available to investigate new fraud patterns in order to establish the social engineering behind them and to draw connections among fraud rings that are deploying similar tactics.
  • Contemplate ways to expand beyond their own transaction data when assessing the legitimacy of any given order. Fraud rings strike quickly and move from one target, as it blocks transactions, to the next target that is still vulnerable. Sharing data with a broader pool of retailers can provide advanced notice of coming attacks.

Bottom line: Fraudsters will try to do whatever they can to remain undetected. They can hide for a while. But merchants who have support from sophisticated systems that can parse large amounts of information will ultimately be able to determine whether particular purchasing patterns signal legitimate activity or that of fraudsters at work.

Signifyd provides commerce protection services to online retailers.