Malicious Merchants: the Evolution of the Chargeback Scam

An Investigative Report – March 2023

Nisos researchers identified a network operating thousands of fraudulent online storefronts laundering stolen credit cards to steal money appearing as purchases. Individuals recruited into a multi-level marketing (MLM) scheme register shell companies that are used to establish these storefronts. The MLM promises no upfront costs to individuals who register one or more shell companies. These are then associated with multiple fraudulent online storefronts by the MLM network operators. Although credit card transactions are processed in the name of the shell companies, the storefront websites are incapable of accepting orders or processing credit card transactions. The scamming network manages all aspects of the fraudulent online storefronts and pays the recruits monthly for use of the shell company.

The scamming network establishes its fraudulent online storefronts with similar formats and advertised products. These storefronts mainly claim virtual mailboxes as their addresses — in line with instructions from the network — although some of the shell companies, and therefore their subsequent websites, are associated with a registrant’s home address.

We assess that the scamming network uses stolen or illegitimately acquired credit cards to make purchases that appear associated with these fraudulent online storefronts. In the instances when a victim identifies and disputes the fraudulent charges, the websites and shell companies serve as evidence of the store’s ‘legitimacy’ during arbitration by financial institutions. These storefronts lack the infrastructure to actually complete any type of online purchase and exist solely to serve as adequate backstopping during investigations.

Nisos began its investigation following interactions with a victim who had lost hundreds of dollars in multiple “transactions” in less than a week to fraudulent charges. We quickly recognized that the scam had established a significant network of fraudulent online storefronts associated with shell companies registered by numerous recruits. We assess that there is a significant number of victims associated with this scam — whose actual number is unknown — as victims of fraudulent charges only become aware of the scam through a diligent review of their credit card transaction history. If a similar amount of money is removed from most of all scam victims, the impact to individuals — particularly elders who may be on a limited income — can be devastating.

An anonymous source with insight into the organizational structure of the network identified M2 Nikn and its CEO, Natasha Mini, as the overseer for many — if not most or all — of the associated shell companies and online storefronts. In October 2022, Mini publicly referred to M2 Nikn’s business operation as an opportunity for individuals to make residual income through their involvement in affiliate marketing. Mini claims to have been involved in affiliate marketing for over 15 years and to have helped more than 15,000 members. It is unknown if Mini was referring to recruited individuals, total shell companies, total fraudulent online storefronts, or if this number was an exaggeration.

However, if these 15,000 members represent all who have been involved throughout the extended process of this scam, and numbers are averaged to incorporate 1,000 recruits a year in building shell companies, the company would need to bring in over $6 million annually just to pay its recruits and therefore likely makes a significantly higher income. We base this number on confirmation from one shell company owner that they received $500 a month for their involvement.

Discussions with victims demonstrated that the presence of the website and shell company were enough for victims to lose their disputes, even when the evidence provided by the shell companies was incomplete and inadequate to verify that an actual purchase had taken place. Many financial institutions are under-equipped, facing deluges of charge disputes, or require only minimal and easily forged evidence to prove a transaction. This could limit the amount of time, resources, and due diligence that they are able to devote to a single chargeback claim. Scamming networks are successfully taking advantage of financial institutions’ limited vetting practices and minimal regulation requirements through this process, which is costing them and the victims of fraudulent transactions significant sums of money.

To learn more, download the complete Nisos Research report.

About Nisos®

Nisos is The Managed Intelligence Company™. Our services enable security, intelligence, and trust and safety teams to leverage a world-class intelligence capability tailored to their needs. We fuse robust data collection with a deep understanding of the adversarial mindset delivering smarter defense and more effective response against advanced cyber attacks, disinformation, and abuse of digital platforms.