So I just caught a scam that I mentioned a few months ago to our security dept, who shot it down as being impossible or that nobody would ever try it.
Many businesses set up accounts for their clients which may be orginized by many things, including credit cards, phone #s, addresses, etc, etc.
Someone could set up two accounts for said business under different names, addresses, phone numbers, etc.
Scammer in question had one at two different addresses and two different phone numbers. He paid for everything by Western Union in cash, so there's no cc records to cross reference him by. He has two different ship to addresses, as well, which is important.
On acct 1, he places a regular order, with several expensive itms.
On acct 2, he orders a bunch of really cheap stuff in varying sizes.
Cust calls, saying that his ord from acct 1 had wrong itms in it. He details the itms recieved, which were for acct 2. He sends said itms back with his info for acct 1, requesting a refund for those itms.
Ex: Buys a pair of Jordan basketball shoes for 130 dollars and says he recieved a pair of 19.99 shoes. He returns the 19.99 shoes and gets a refund for 130 dollars. So he not only made 110 dollars, but still has his shoes.
The scammer in question had over 8 accts and had been doing this every month or two, always switching between them. He probably grossed, on average, $400 a month from us between all his fictitious claims.
How did he slip up? He forgot his cust #, and idiotically had all his accts set up with the same phone #. Pulled up every single one. Several of them even went to the same address, but had indications like "do not mail" and "do not phone", so our administrative support dept wouldn't notice the extra accts when we go to mail out monthly catalogs.
Jackass. I have to say though, it's a pretty brilliant idea, and an easy way to make some extra money. I'm pissed, though, because our company isn't pressing charges.
