Can somebody help me understand the motive behind this fraud?

Maybe this is the wrong forum - actually I’m pretty sure this is off-topic for this forum - but I don’t know where else to ask. TOF doesn’t seem like the most hospitable place for this type of topic.

In the past week I have had two purchases that follow a similar pattern. I’m usually really good at understanding the goal behind a scam, but this has me scratching my head. In both cases, the purchase is made with an email address that does not exist. Then in 24 to 48 hours I get an email, all lower case, from that same address wondering why they never got their email. Of course, since the address does not exist I cannot reply. So I’ve gone digging into the purchase information. In both cases the address is real, and in the first, the cardholder name matches that of the owner of the address. In the second, they don’t match at all.

Best I can tell, the cards and addresses are purchased by scammers and these transactions are designed to test the validity of the card. But… why follow up with an email that I can’t reply to? In the case of the first transaction, the email address looks crafted to match the cardholder name. But in the second case, the email address includes my product name and even the game my product works with, demonstrating a clear understanding of the product which doesn’t make sense for scammer.

I’d like to believe these transactions are just inattentive customers, but the second address is clearly setup exclusively for my product. It’s not like that somebody would use to differentiate, but a very distinct address. It doesn’t make sense. But nor does the fraud possibility really.

I’ve refunded both the transactions as fraudulent. But I can’t really wrap my head around what the goal is. If you’re testing the card, why follow up with a support ticket? Nothing about this makes sense to me, and I’m wondering if anybody has any ideas.


I read your email a couple of times…looking for anything obvious.

In my experience scams usually have one of three motives:

  1. financial advantage
  2. identity theft
  3. reputational damage

I usually check them off in that order.

If on the surface you cannot see a financial angle, then explore the identity theft and reputational damage angles. If the purchaser knows enough about your product and its purpose to craft a distinct email address then that alone is reason for suspicion.

A colleague of mine had a sudden burst of new users, followed by burst of one-star reviews (for an app that normally rated highly), followed by a burst of refund requests. I don’t recall whether reviews stick around or disappear for refunded users, but in the meantime the negative reviews did plenty of damage to his revenue stream. He never really got to the bottom of it - but to him it felt orchestrated, and he had to lobby to have some reviews removed.

Anyway, my intent was just to give you a heads up for the non obvious play.

Kind regards, Andrew

It’s a decent theory, but in my case probably not the right one. My app is not on any of the app stores, and marketing is 100% word of mouth. While people could make some bad comments on various forums, I monitor those and have seen nothing, and wouldn’t require a purchase either.

This one has me perplexed. There’s so little motive that it makes me think these are legit purchases, except even Stripe suspects fraud. In the case of the first one, the purchase was made from an IP address 250 miles from the billing address and they have 40 different emails associated with that IP address. They don’t tell me all the emails, that would be a privacy nightmare, just that there are 40 of them. Stripe wasn’t confident enough to block the purchase, but there’s enough there to convince me. The second looks more normal regarding those stats, but is also the one with the product-specific email that I can’t imagine a real user would setup.

I dunno. I have to stop pondering this I guess. Fraud or not fraud, these purchases don’t make sense.

Okay: they paid with card or PayPal with card? While if there is a service between the model can be that they transfer directly the money after payback from the card company . The money they pays is blocked the money they get back not

Credit card only, I don’t take PayPal because there is too much fraud from them and they treat their merchants like dirt. Anyway, one is a prepaid visa, the other a debit visa.

For the record, fraudulent transactions are exceptionally rare for me. In the 2.5 years I’ve been selling, I’ve had maybe 12 disputed transactions from hundreds per month. So two in one week is highly unusual. Not impossible of course, but unusual.

The point is that they do that trick. When paying with the card the money is short for both sites blocked. And they can not use their payment addresses they have while they are abroad. After they bought from you they where waiting that you paying back. After getting the money back they had money they could easily immediately transfer without any questions from the card company to the owner. Extreme.

I guess. But it’s a $15 sale. Not exactly a great amount for that purpose.

So thousand of them. In Africa 30 bucks is Money

With the increasing focus on security and privacy more people use throw away email addresses that they set up just for that transaction and disable again later. My wife has a separate email for competitions and surveys, and I have used custom email addresses too (including the company or product name in the address)

Absolutely, I do this myself. I have a whole domain that I use for this purpose. I’m aware that many providers can use user+alias@domain format. In this case, it’s not a simple +alias, it’s a whole different user. It seems like they setup an explicit forwarder at the very least, or a whole new mailbox. Just seems like overkill when +aliases exist, and this provider definitely supports them.

I think you look at it from “too experienced a perspective”. When I started using it I just added a new mail address on my IPs website. I never even looked at the popup that allowed me to turn it into a forwarding address. Even if I had known about forwarding I would not have wanted spam to pop up among my other mail. I simply WANTED it completely separate.

Yeah that’s fair.