August 03, 2021

The Anatomy of a Scam Ring

By Robert Ellenhorn, Payment Risk Specialist


For the past few months, we have been seeing an alarming trend of “scam rings” that hide illicit activity through online transaction laundering, utilizing fake charities, and front companies. It is an alarming realization that major credit card networks and online payment companies either haven’t discovered this trend themselves, or have and done nothing about it, or otherwise likely have weak fraud controls in place to catch this type of criminal activity.  


The Anatomy of a Scam Ring 

Last week, EverC’s Professional Services team detected a large ring of websites selling IP Rights Infringing products and utilizing front companies to conduct transaction laundering. The instance below sheds light on how fraudsters carry out a textbook example of transaction laundering, and can help you identify what signs to look for if you come across one of these scam rings. 


Sign #1: The “non-profit” front website with a heavily discounted item. 

We detected an advertisement for knock off Adidas Yeezy shoes on Facebook. The ad offers IP Rights Infringing products despite being placed by a supposed non-profit organization – “National Commision for Human Development”.   

Note that “commission” is misspelled. Spelling mistakes and other signs of carelessness are often an indicator of a front or false entity. 


Despite being a supposed human development non-profit, we detected that the only active ad campaign for the “non-profit” was the one advertising cheap replica shoes: 


The advertisement linked to the website which sells Adidas Yeezy shoes at steeply discounted prices, using the official branding and logo of the products. Such characteristics are common of IP Rights Infringing websites which attempt to trick unsuspecting consumers into believing they are transacting with an official entity: 




Sign #2: The checkout process and visible transaction laundering scam. 

When checking out, we detected that the website is using a prominent online payment company to collect payment and process the transaction. During the actual checkout process, users are ultimately directed to the aforementioned prominent online payments portal to make their payments. However, a step occurs in the background which allows our fraudulent merchant to cover their tracks.  

Before being routed through to the payment page, the user’s web browser is re-directed through an intermediate URL for approximately 1 second. Unless the user is paying close attention, they are not likely to even notice this small URL re-route.  

As we can see, the user is quickly redirected through a link on the website 


Sign #3: The fake front website has no affiliation with the product. 

When examining the website through which we were redirected before payment, we uncovered that sells several types of oil paintings, with no connection to the counterfeit shoes: 


Sign #4: The front company is registered as someone entirely different. 

In addition to routing the buyer through the front website which sells oil paintings, EverC also was able to uncover that the merchant is registered with its payment provider as “Luohe Shengwang Trading Company” which is another fake name. Fraudulent merchants often use fictitious company names supposedly located in jurisdictions for which it may be hard to verify the existence of the company.  In this case, no indications that such a company exists were found.  


Transaction-Laundering--6Sign #5: Uncovering hidden connections in the merchant’s ecosystem through our network. 

Using a combination of our expert proactive web-intelligence and MerchantView technology, we were able to detect over 90 more sites abusing a prominent online payments player in this same manner and selling IP Rights Infringing products of various brands. In addition, we uncovered at least 6 additional front companies which were registered as approved merchants and were being used to conduct transaction laundering in the same manner.  


 As a result of discovering this singular instance, we were able to map the entire ecosystem of this particular scam ring, including all affiliated sites and connections and offer our clients protection.  

It’s imperative that online payment companies realize that these scam operations are never a “one off” website, and the way to fight them quickly is to have the technology in place that can not only enable swift remediation but also uncover all hidden affiliations.  


To talk to us more about these scam rings or other trends in transaction laundering, please reach out to us at and we’re happy to help.