A member on a Russian cybercrime forum shared details of a rarely discussed closed loop PayPal cashout scheme enabling fraudsters to earn an almost guaranteed significant profit.
The scheme involves multiple steps. Initially, the fraudster creates a new PayPal account using compromised bank account information as a funding method along with a full set of personal identifiable information–all of which can be easily obtained in advance at one of the Dark Web marketplaces. The fraudster uses a VoIP calling services to create a number that can be linked to PayPal account. After a couple of days, a payment of approximately $1,500 is made to any of the popular non-profit organizations. Once the payment is cleared, the fraudster contacts the receiving non-profit organization and asks for a partial refund of $1,350 under the pretense of accidentally entering an incorrect amount of $1,500 instead of $150.
In the next step, the fraudster closes down a sending account and waits for an email from PayPal indicating a payment has been received from the non-profit (PayPal allows users to make payments using an email address only, requiring the receiver to create a new account afterwards). The actor makes arrangements for the withdrawal of funds and cashes it out immediately following the transaction. Incorporating a step with a closed and newly opened account allows the criminal to buy additional time before the fraudulent nature of the transaction is discovered, enabling him to successfully complete the loop.
Using a non-profit organization as a target makes it easier for the actor, as it doesn’t require the movement of any physical goods. The unique twist of requesting a partial refund based on a credible story (accidentally entering an incorrect amount) raises much less suspicion than requesting a full refund.