An underground fraud ring has been hacking and bribing Amazon employees to get refunds on products that won’t actually be returned.
The scheme came to light on Thursday when Amazon sued the scammers, who go by the name “REKK.” According to the complaint, the group has been advertising the refund scheme on the chat app Telegram and Reddit while amassing over 30,000 followers.
“In this scheme, bad actors who want a free product (like an iPad) pay REKK a fee (such as 30% of the product’s cost) to obtain a fraudulent refund. REKK uses sophisticated methods to obtain the refund, including socially engineering Amazon customer service, phishing Amazon employees, manipulating Amazon’s systems through unauthorized access, and bribing Amazon insiders to grant refunds,” the complaint says.
REKK ad (Credit: Amazon)
In return, users receive a refund and keep the product. According to the complaint, REKK has bragged about initiating fraudulent refunds for over 100,000 orders from various retailers, including Amazon’s online stores in the US, Canada, and Europe. The group also claims to have served over 33,000 customers after it began advertising its services in January 2021.
REKK payment list (Credit: Amazon)
The e-commerce company didn’t detail REKK’s hacking activities. But in some cases, they involved sending phishing messages to Amazon employees with the goal of stealing their login credentials for internal company systems. In other instances, REKK simply contacted Amazon customer service and provided “false information to manipulate the customer service associate to grant their users a refund.” This could include claiming the product was never received and falsifying a police report as a proof.
At other times, REKK resorted to bribing Amazon employees with thousands of dollars to facilitate refunds for orders valued at $75,000 to $100,000.
Recommended by Our Editors
The company wasn’t able to uncover the operators of REKK. As a result, the lawsuit names one to 20 defendants as John Does. However, the company did identify 20 people who allegedly bought services from REKK. Amazon also named seven former employees who were complicit in the scheme and cleared “over $500,000 worth of fraudulent returns.”
Amazon is now demanding the named defendants pay restitution and other damages for the “unjust enrichment.” It’s also urging the court to ban the REKK group from using services, such as Amazon, Telegram, Reddit and Discord, ever again. Following the lawsuit, the Telegram accounts and Reddit forum for REKK appear to have since been shut down or erased.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.