SYLVIE DOUGLIS, BYLINE: This is PLANET MONEY from NPR.
I'm going to go out on a limb here and say there are two kinds of people in the world - the ones who, when they find a $20 bill on the street, are like, yes. They put it in their pocket, maybe get themselves a little treat. Then there are the people who get hung up wondering, where did this money come from? Should I try to figure out who dropped it?
Nina Kollars is definitely in the second camp, and a version of that little dilemma happened to her not too long ago when she bought a coffee machine.
NINA KOLLARS: Are we plugging for Nespresso? Can I say Nespresso?
FOUNTAIN: We can totally say Nespresso. I actually think it's a great product.
KOLLARS: I'm literally drinking my Nespresso coffee right now.
FOUNTAIN: Nespresso is Nestle's version of a coffee maker that uses those little coffee pods - big in Europe, kind of aimed at people who like fancy espresso but don't have time to go to the cafe and don't mind burning through a bunch of pods.
HOROWITZ-GHAZI: The pods come in these different blends and intensities, and so Nina's like, I'm going to get a sampler pack, a bunch of different pods. But instead of buying them on Nespresso's website, she starts looking for a deal on eBay. Sure enough, she finds a sampler pack for half off.
FOUNTAIN: What was your theory of how they were selling it for half the price?
KOLLARS: I didn't know. So either the coffee is getting close to expiring, or somebody had gone in and purchased a whole bunch. And when you purchase a whole bunch, sometimes you get extra for free. And they were, you know, trying to make a dollar off of it.
HOROWITZ-GHAZI: Right. So people trying to sell off the perks they get for being part of a loyalty program or something.
KOLLARS: But, you know, the third thing that goes through your mind is, did this fall off the back of a truck - wink, wink - right?
HOROWITZ-GHAZI: But she decides the probability that it's stolen is low.
FOUNTAIN: So she makes the order, and she's keeping an eye out for a box. A few days later comes home, and this is when the weirdness starts.
KOLLARS: And there's too many boxes in front of my door.
FOUNTAIN: Two boxes to be specific, which is one more than she was expecting.
KOLLARS: And I know I'm waiting for the coffee, right? I know. But like, what is this other stuff?
HOROWITZ-GHAZI: And it's not just the number of boxes.
KOLLARS: I thought I was going to get, you know, a janky box sent by somebody who packed it personally from eBay.
FOUNTAIN: Classic eBay from B package.
KOLLARS: ...You know? And it's not. It's a legit Nespresso box packed beautifully.
KOLLARS: And I'm thinking to myself, um, this is a little weird, right?
FOUNTAIN: She opens the first box, and sure enough, there are the coffee pods she ordered, which makes the extra box even more mysterious.
KOLLARS: So I open up the other box, and there's this Nespresso machine. And I was like, this is - there's definitely something wrong.
HOROWITZ-GHAZI: Because she's just received a fancy coffee machine worth about 200 bucks directly from Nespresso that she definitely hadn't ordered, she checks her credit card to see if she got charged for it. But no, there's just her payment to some seller on eBay.
FOUNTAIN: And most of us at this point would be kind of psyched - free coffee machine? Great. Carry on. But Nina is different than most of us. She's highly suspicious, very skilled, and there's nothing she loves more than an internet mystery.
(SOUNDBITE OF JOHN PICKUP'S "THE CRYPTO HEIST")
KOLLARS: I want to know. I want to know what's going on. I want to know what is going on - that I ordered something from eBay. It came from Nespresso. There's this beautiful little puzzle, and it's sitting there on my counter giving me caffeine. It's fantastic. And so this is what I'm doing this evening.
HOROWITZ-GHAZI: Nina wouldn't just spend one overcaffeinated evening. She would spend whole days, overcaffeinated weeks trying to crack the case of the extra Nespresso machine.
Hello and welcome to PLANET MONEY. I'm Alexi Horowitz-Ghazi.
FOUNTAIN: And I'm Nick Fountain. Nina Kollars was pretty sure she'd stumbled onto some sort of internet scam, and she was right. She was onto something big. But unlike in most scams, she seemed to have come out ahead. What sort of scam gives you free stuff?
HOROWITZ-GHAZI: Today on the show, a particularly crafty internet crime, a crime perfectly engineered to avoid detection from law enforcement and play off one of our basest instincts - the desire for killer deals.
(SOUNDBITE OF JOHN PICKUP'S "THE CRYPTO HEIST")
HOROWITZ-GHAZI: Say you are an internet criminal. Maybe the last person you want to accidentally draw into your deceptively cheap coffee scheme is someone like Nina Kollars.
FOUNTAIN: I just want to confirm you just came here from the Pentagon.
FOUNTAIN: You work for a four-star general or the equivalent of four...
KOLLARS: The equivalent, that's right.
FOUNTAIN: Nina's military job is so fancy and important that it comes with this kind of long mandatory disclosure.
KOLLARS: Nothing that I say here today necessarily represents the opinions of the Department of Defense. I'm here in my personal capacity, in part as a hacker.
HOROWITZ-GHAZI: Before Nina was a cyberwarfare nerd in the Pentagon, she was what's called a white hat hacker. That is a person who looks for vulnerabilities on the internet and fixes them before the bad guys can exploit them.
FOUNTAIN: So to Nina, this awesomely free Nespresso machine sitting on her counter seemed less like a lucky accident and more like a tell, a sign that something was not right.
HOROWITZ-GHAZI: And Nina starts her detective work like any grizzled hacker would, by submitting a ticket to eBay's customer service portal. But she knows that's not going to do much.
KOLLARS: So I call Nespresso, and it is almost impossible to explain to them what is going on (laughter).
HOROWITZ-GHAZI: She lays out the whole situation, how she'd ordered some coffee pods on eBay. The package came from Nespresso - the extra coffee machine.
FOUNTAIN: And the customer service rep's like, yeah, I can look at that. Yeah, no. Everything looks good.
KOLLARS: Everything's paid for. You got this espresso machine and this coffee.
HOROWITZ-GHAZI: Nina knows that she made her order on eBay. But the Nespresso rep is telling her that they have an order in their system in her name for both the coffee pods and the machine, fully paid for at full price.
KOLLARS: And I said, oh, so problem one is - I didn't buy it from you. I bought it on eBay. And yet you sent it to me. And so she's very kind about it, right? She says, no, no, no, everything is fine. And at this point, this is where my inner something-is-wrong-on-the-internet starts to flare. And I said, everything's not fine. I not only have not paid the amount of money that's listed on this invoice, but I have only paid for roughly a third of the value of any of this.
FOUNTAIN: Nina keeps trying, but the situation is confusing enough that she cannot get it across to the customer service rep.
KOLLARS: She either hears, I want to send this back somehow or I never got my order. And I'm saying, I have an order that doesn't belong to me - how do I give it back to you?
FOUNTAIN: It like - it doesn't fit in the decision tree of the call center
KOLLARS: Does not fit - and it's - and so I'm on hold a lot. Hold, please.
FOUNTAIN: Hey, somebody here is complaining about getting too much stuff.
HOROWITZ-GHAZI: Nina realizes there is another bit of information that could be useful.
KOLLARS: And I said, well, hold on a second. Can you, maybe, just confirm to me the credit card that was charged?
HOROWITZ-GHAZI: And the customer service rep is like, well, I can't give you the number, but I can give you the name. In fact, it's probably right there on the invoice you got with the packages.
FOUNTAIN: Nina looks. Sure enough, there's a name. We'll call him George from Poughkeepsie.
HOROWITZ-GHAZI: Nina gets off the phone and thinks through what she's got. OK, I ordered coffee pods from some generic seller on eBay, but the shipment I got came directly from Nespresso. When I called up Nespresso, my name was in their system, but they don't have my credit card on file. They have this guy George in Poughkeepsie's credit card. So is George running some sort of scheme, or is he caught up in something much bigger?
FOUNTAIN: To answer those questions, Nina is going to have to do some digging. First up, she needs to establish a pattern. If she orders again and George pays, then he is the primary suspect. But if it comes from a different cardholder, then George is probably just a bit player. She looks on eBay, and there are a ton of listings for discount pods - very similar postings, but from different sellers.
KOLLARS: I start doing all the data capture I can...
KOLLARS: ...Every step of the way, snapshots...
FOUNTAIN: You make a spreadsheet?
KOLLARS: I make a spreadsheet (laughing).
FOUNTAIN: Oh, I love it. I love it.
KOLLARS: I set up an automated search on eBay to coordinate it to try and neck down - there's a lot of folks just selling capsules on eBay, you know, perfectly legitimately, frankly. I try to neck it down to indicators of fraud - so way too cheap, brand-new account, no established history of successful sale.
HOROWITZ-GHAZI: Pretty quickly, she finds about 50 listings like that, just like her first purchase - a sampler pack of Nespresso pods at half the usual price. She picks two and buys them.
FOUNTAIN: So for science and for research and for posterity, you got a sweet, sweet deal on some Nespresso pods.
KOLLARS: (Laughter) That is correct.
KOLLARS: I am - meanwhile, I am taking screenshots and snapshots and recording all of my transactions.
FOUNTAIN: When the first box arrives, sure enough, just like the first time, it comes straight from Nespresso. And again, there's a freebie. This time, a really nice milk frother.
HOROWITZ-GHAZI: She's got a whole home barista set at this point.
FOUNTAIN: She looks at the packing slip for who paid, and it is not George from Poughkeepsie. He seems to be off the hook.
HOROWITZ-GHAZI: Then, she gets the next box in the mail, also from Nespresso, also not paid for by George. And this time, there's double the coffee that she ordered. So there is definitely a pattern here.
FOUNTAIN: And yes, Nina is going through a lot of effort to try to unmask a scam that, so far, she's only benefitting from. But remember, she's slamming, like, six cups of Nespresso a day. And with each order, she's getting closer and closer to an answer.
KOLLARS: I go ahead and make another additional purchase.
KOLLARS: And when I did that, the coolest thing happened.
KOLLARS: The fraudster couldn't fulfill the order and decides to write me a note. And let's see if I have the - it says, hello, friend, which was - I think, was a very kind thing to say.
KOLLARS: First, thanks a lot, because you choose my listing to buy. Then it says, my mom has sick on hospital now.
KOLLARS: So I can find any other item in best condition to ship to you. And I have to go to the hospital with her now. So I hope that you can understand for me and let me cancel odor. Thank you and God bless you.
FOUNTAIN: Nina writes back, says, really sorry to hear that about your mom but no response. And the account is shut down a few days later.
HOROWITZ-GHAZI: And this letter does have all the telltale signs of an internet grift - the grammatical mistakes, the tragic tale. But remember, so far, nothing bad has happened to Nina. She's gotten some free stuff and great, albeit heartbreaking, customer service.
FOUNTAIN: Those things - the freebies, the letter - Nina knows they must be clues, clues to how the scam works.
HOROWITZ-GHAZI: Is it a scam?
FOUNTAIN: Yeah, come on. It is definitely a scam.
HOROWITZ-GHAZI: OK, OK. It's a scam. But then who is making the money? And who exactly is getting hurt? That's coming up after the break.
(SOUNDBITE OF AARON FREDERICK LAZLO WHEELER'S "YOUR MOVE NEXT")
HOROWITZ-GHAZI: Fundamentally, the case of the extra Nespresso machine is a credit card scam, a way to turn stolen credit card numbers into clean money in a fraudster's bank account, all while everyone who's drawn into the scam feels like they're coming out ahead.
FOUNTAIN: To explain how it works, we're going to need some reinforcements. So we called up a kind of historian of internet fraud. His name is Patrick McKenzie.
PATRICK MCKENZIE: But I try to stay anonymous in the sketchy parts of the internet.
FOUNTAIN: Patrick works for Stripe, a payments processing company, which mostly means they handle credit card payments for online businesses.
HOROWITZ-GHAZI: And as part of his job, Patrick lurks around the sketchy parts of the internet, trying to glean whatever he can about fraudsters who deal with stolen credit cards. He says, surprisingly, their world isn't all that different from ours.
MCKENZIE: They have forums. They have conferences. They have starred reviews for people who are better or worse actors in the industries. It is fascinating.
FOUNTAIN: How are there conferences for fraudsters? That can't be true.
MCKENZIE: It happens to be true. As you can imagine, this is more of a by-invite-only thing so that they don't accidentally invite the authorities.
FOUNTAIN: Patrick says to figure out what happened to Nina, it's helpful to look at how the structure of credit card scamming has changed over the years.
MCKENZIE: Like every other industry, the credit card fraud industry has a supply chain associated with it and a division of labor among that supply chain.
HOROWITZ-GHAZI: A division of labor - like, credit card fraudsters are specialized. Different people are best at different parts of the chain. So the person who steals your card isn't the person who figures out how to get money out of it.
MCKENZIE: Broadly, that supply chain is differentiated between carders (ph) and cashers (ph).
MCKENZIE: Yes. Carders steal payment credentials, and cashers turn payment credentials into money.
FOUNTAIN: Patrick says Nina's story is a clear case of cashing - people trying to make a buck from stolen credentials, mostly credit card numbers.
HOROWITZ-GHAZI: And the way they make money has changed a lot over the past couple of decades, mostly because there's this ongoing cat-and-mouse game with the cashers constantly trying to stay one step ahead of more and more sophisticated fraud detection techniques.
FOUNTAIN: To solve the case of the extra Nespresso machine, it's helpful to know just how we arrived at credit card scams so sophisticated that on the surface they look like they're benefiting everyone they touch. So indulge us real quick for a journey through the evolution of credit card cashing.
FOUNTAIN: Alexi, let's say it's 2003, and you and I are living in Topeka, Kan.
FOUNTAIN: Exactly - yes and - we decide not only are we best buds and roommates...
FOUNTAIN: ...We are going to become business partners, embarking on a life of cashing.
HOROWITZ-GHAZI: All right. Life of crime, let's go. First thing we're going to have to do is find ourselves some stolen credit card numbers, which we can buy in bulk off any number of sketchy websites. And then we get to work.
MCKENZIE: Way back in the day, the easiest way to get money out of purloined credentials was to buy valuable things, ship them to yourself, sell them to a flea market, and then you have money.
HOROWITZ-GHAZI: So we use our purloined credentials to start buying, you know, the latest Nokia brick phones and DVD players and Linkin Park CDs, maybe. But this is all risky because all of this stuff is still showing up on our doorstep.
MCKENZIE: And so law enforcement or industry could realize that - hmm, it seems like we've been defrauded 473 times by the folks at 123 Main Street.
MCKENZIE: Maybe someone should look into that.
HOROWITZ-GHAZI: So Sketchy Nick, we get out of selling our ill-begotten goods at flea markets or on Craigslist, and there ends phase one of our cashing career.
FOUNTAIN: Time to pivot to phase two. Alexi?
FOUNTAIN: How about instead of swiping the stolen cards at other people's stores, we swipe them at our store?
HOROWITZ-GHAZI: We have a store?
FOUNTAIN: We're going to start a new business.
MCKENZIE: You as the fraudster at 123 Main Street could sign up for an account to do lawn care services.
FOUNTAIN: Yeah, we can lawn mow.
HOROWITZ-GHAZI: I've been - I've whacked a weed in my day.
FOUNTAIN: What we're going to do is call up a credit card processing company and say, hey, would you help our small business, Planet Money Lawndering (ph), take credit card payments from our customers?
HOROWITZ-GHAZI: And when they say yes, congratulations on your new enterprise - bingo. We take all of our stolen credit cards and swipe to our heart's content.
FOUNTAIN: Oh, yeah - one problem.
MCKENZIE: Sorry, if you as a lawn care business have run up 100 credit cards from South Africa, China, Nevada, New York and California while your business is physically present in Kansas, that looks a little bit suspicious to those of us in the industry.
HOROWITZ-GHAZI: Also a little suspicious.
FOUNTAIN: We've been swiping credit cards - I mean, mowing lawns - in the middle of the night.
HOROWITZ-GHAZI: Which is, admittedly, a pretty inconvenient time to mow.
FOUNTAIN: Patrick says it's not just addresses and times of swipes. There are a ton of other signals of fraud that the credit card processors can use to find and shut down fraudulent businesses, like suspicious amounts. Say we were to swipe 420 over and over and over again.
HOROWITZ-GHAZI: Which we definitely would.
FOUNTAIN: Yes, that would be a problem. Or say we keep swiping cards from the same elite rewards program. That would be a sign of bulk theft.
HOROWITZ-GHAZI: And so ends phase two of our cashing career and our life of crime.
HOROWITZ-GHAZI: I know, sad. But it does bring us to the latest innovation in credit card cashing and the exciting conclusion to the case of the extra Nespresso machine.
FOUNTAIN: Its name - triangulation fraud. And it is far harder to detect than any of those previous forms of credit card cashing.
MCKENZIE: And that's why it is the new hotness in fraud circles.
FOUNTAIN: The new hotness - triangular fraud - is what Nina came across.
MCKENZIE: That was a classic example of it.
FOUNTAIN: Yes. So here, finally, is the big reveal. We are going to walk you through exactly what was happening with Nina and the free coffee machine. Remember when Nina went to eBay, found those discount pods and pressed purchase? Her money went to the fraudster through the account that they had set up on eBay.
HOROWITZ-GHAZI: Meanwhile, the fraudster used stolen credit card info to make the purchase at Nespresso's web site and send Nina her order, plus a little bonus.
FOUNTAIN: And if the buyer had been anyone other than Nina, it would have worked out beautifully because the thing about triangulation fraud is that everyone in the triangle comes out ahead. Nina gets a great deal on coffee pods. eBay gets their commission. And Nespresso gets a sale. So when Nina tries to sound the alarm with Nespresso or eBay, they have no idea why she's complaining. Everyone's doing great.
HOROWITZ-GHAZI: It is brilliant. The fraudster acts as a secret middleman, using George from Poughkeepsie's stolen credit card number to buy Nina exactly what she wants while depositing her clean money into a bank account somewhere. The only person who's lost out is George, and that is where the scam starts to unravel.
MCKENZIE: The fraud will initially be detected by the people whose credit cards they've stolen.
HOROWITZ-GHAZI: Eventually, George might notice an unfamiliar charge, but his bank will make him whole. Even George isn't on the hook in the end. So who does pay?
FOUNTAIN: When I first started working on this story, I thought that Nina's coffee and her extra Nespresso maker all ultimately got paid for by the banks. But Patrick told me no. The banks also have a way of passing on the cost of the fraud. It's called a chargeback. They call up the business that made the sale, in this case Nespresso, and say, hey.
MCKENZIE: The customer says they didn't authorize what happened, and the business will look at their records and say, well, shoot; we just got defrauded for one case of Nespresso pods, but this is the business we have chosen. OK, we're going to write that off to fraud losses and go about our merry way.
HOROWITZ-GHAZI: Patrick says this is the final, tricky detail working in favor of the fraudster. They are spreading these chargebacks across tons of different online retailers. They're using stolen credit cards to ship sneakers and tote bags and podcaster microphones. And each time, a retailer is losing some amount of money, but not enough to take action on it.
MCKENZIE: I think one of the reasons that triangular fraud has succeeded so much is that it distributes the cost of the fraud over a variety of different businesses, and so no individual business and no individual actor has both enough of the economic skin in the game and the data to just shut down the fraudulent operation.
FOUNTAIN: But it seems like Nina did manage to shut down her particular case of triangulation fraud. She compiled all her documentation and sent it to the FBI, and then she kept an eye on the eBay listings. A few months later, the discount pods pretty much vanished from the site.
HOROWITZ-GHAZI: The funny thing about this whole story is if the fraudster had never sent Nina that extra stuff, if they just sent her the things she ordered, she would never have gotten suspicious in the first place. So why send that extra coffee machine?
FOUNTAIN: Nina thinks the little bonuses were a way to buy her love - to get good eBay reviews, to keep her coming back as a customer, keep their eBay accounts alive. So it was meant to be a bribe. But for Nina, it was something else. It was the clue.
It's a very peculiar type of person who's like - sees this and is like, I want to know more. Like, I feel like I find a deal on the internet and I want to know less, and I just want to keep getting that deal. You know what I'm saying?
KOLLARS: (Laughter) I think most people are very happy to think that there are victimless crimes. But it's - if you're getting something for free on the internet, somebody somewhere is paying for it. And that's - you know, you should know that, and you should...
KOLLARS: ...Probably think about that.
FOUNTAIN: Ooh. That - I - ooh, that makes me feel personally...
These days, Nina says she doesn't play the discount coffee game. When she needs the re-up her coffee pods, she pays full price.
(SOUNDBITE OF DEREK LONG, ET AL. SONG, "ICY BOY")
HOROWITZ-GHAZI: Speaking of e-commerce, you can get some PLANET MONEY gear at shop.npr.org/planetmoney. We've got hats. We've got T-shirts. But please, if you are a cybercriminal, leave our swag out of your triangulation schemes.
FOUNTAIN: This show was produced by Emma Peaslee and engineered by Gilly Moon. It was edited by Molly Messick, and our executive producer is Alex Goldmark. I'm Nick Fountain.
HOROWITZ-GHAZI: And I'm Alexi Horowitz-Ghazi. This is NPR. Thanks for listening.
Copyright © 2022 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.
NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.