In today's digital marketplace, deception has scaled just as fast as innovation. At Black Hat Asia 2025, we presented Fake Deals and Real Steals: The Art of E-Commerce Fraud, and explored the sophisticated, coordinated, and evolving world of online fraud.

Our findings are based on firsthand investigations, including undercover warehouse visits, reverse-engineering of fraud toolkits, and threat intelligence collected from dark web markets and Telegram fraud channels. What we uncovered wasn't a series of isolated scams—it was an entire industrial ecosystem of fraud. A supply chain of bad actors, operating with alarming efficiency.

Recognizing the signs and why they matter

We started our session with a few familiar questions:

• Why are some items always out of stock?
• Was that price mistake really a mistake?
• Why do so many deliveries go wrong?
• Is this influencer account even real?

If you've asked yourself these while shopping online, you're not alone. These aren't random bugs—they're often the result of fraudulent coordination behind the scenes, where bad actors exploit every link in the e-commerce chain.

The inverted commerce model

Traditional commerce flows from manufacturers → distributors → sellers → buyers.

Fraudsters, however, flip this logic. They prioritize low risk and high scalability over user satisfaction or brand integrity. Their operation is driven by three roles:

• Inventory coordinators: Manage seller networks, suppliers, and fake logistics. Many run multiple storefronts to test and scale profitable schemes quickly.
• Manufacturers: Rapidly replicate trending products, often sacrificing quality. One product can have vastly different ingredients depending on target profit margins.
• Warehouses: Some are legitimate, others are “garage warehouses” with no certifications, traceability, or security.

Real example

We visited a coordinator's office. Sample goods sat on display racks. One banner read: "Do foreign trade without going abroad." They had mock-ups ready for testing popularity, and often partnered with unverified warehouses they had never seen in person.

Logistics fraud: forging the shipping system

Tracking manipulation sits at the core of many e-commerce scams. The two main types are:

Complete forgery

Fraudsters use recycled or stolen tracking numbers scraped from public APIs or bought in bulk. These are tied to fake orders. To the platform, everything appears shipped or delivered.

Tracking forgery

A shipping label is created before the product leaves the warehouse. The barcode is scanned to trigger the "in-transit" status, even though nothing has moved.

In both cases, the system marks the order as fulfilled. Then:

• The seller claims a delivery error.
• The buyer is refunded automatically (thanks to buyer protection policies).
• The fraudster keeps the payment.

There are even marketplaces for these tracking numbers—complete with filters by ZIP code, date, and carrier. Telegram channels even offer tools to generate "non-manifested" labels on demand.

Fraud-as-a-service (FaaS): Industrializing deception

What shocked us most was the professionalism. These operations include:

• Startups offering "e-commerce optimization"
• Offices with clean desks and dashboards
• SaaS-like tools to automate store creation, content generation, SEO, and even customer support

Business model

Investors fund these operations (as if they're real startups). Fraud companies offer monthly dividends and charge ~$13,000/year for onboarding. They typically retain 20-30% of profits from the shops they manage.

Some operations are so popular that investor spots are fully booked months in advance.

Tech stack

We acquired some hardware used in device farms:

• ARM-based mini computers
• Dockerized Android environments
• Container orchestration to simulate hundreds of devices with no x86 fingerprint

These setups bypass traditional emulator detection, so the automation looks like it's being done by a real person.

Buyer-seller collusion: Two sides of the same coin

Fraudulent sellers don’t act alone. They often collaborate with buyers using tactics like:

• Device farms: Automated fake engagement
• Crowdsourcing: Real people simulating purchases and reviews
• Refund collusion: Timed refunds after sellers cash out

Real case

In Indonesia, reseller rings ("jockeys") manipulate promo campaigns by embedding special codes in delivery addresses. Logistics workers recognize these codes and reroute packages to predetermined collection points, where they're resold at a markup.

Payment fraud: Credit card carnival

Stolen credit cards fuel large-scale fraud. Why does it thrive?

• Cross-jurisdictional opacity: Fraudsters operate internationally where laws don't apply.
• Weak AML protocols: Platforms don't have banking-level controls.
• Low cost, high reward: Instant payout from gift cards or burner merchant accounts.
• High-velocity monetization: Attackers move fast before they're caught.

These aren't lone actors. There are entire underground supply chains:

• Data phishers → card generators → laundering-as-a-service

Backstabbing in the fraud ecosystem

Despite the seemingly seamless coordination, this underground industry is full of deception within itself:

• Warehouses lie about certifications
• Manufacturers ship defective or counterfeit goods
• Identity theft rings sell pre-blocklisted IDs
• Fake order syndicates overcharge their buyers or send bad data

Trust is scarce—and often the first thing lost in this dark economy.

Fighting back: Strategies that work

Policy-backed enforcement

Fraud defense must be grounded in approved, fast-moving policies. If banning a seller takes 3 months of legal review, fraud wins. Platforms need scalable, responsive enforcement mechanisms.

Detecting bad traffic

• Monitor automation continuously
• Rate-limit high-risk behavior
• Use behavioral analysis
• Apply targeted friction (not blanket CAPTCHAs)

Friction isn't just a defense—it's also a signal collector.

ATO defense

Creator and seller accounts pose greater risks:

• High visibility = high abuse potential
• ATOs often start from phishing or combo list abuse
• Detect unusual login behavior, IPs, device types

Validating sellers

• Automate junk detection (blurry or doctored ID images)
• Use regional government tools for deeper checks
• Monitor in real time for unusual behavior: listing spikes, category switches, volume surges

The final word

E-commerce fraud is no longer a side hustle—it's a professionalized industry. Today's fraudsters aren't just scammers; they're investors, developers, and logisticians.

To fight back, we need:

• Threat intelligence as a core function
• Alignment on policy, legal, and compliance
• Automation that adapts
• Behavioral signals that learn

Fraud will evolve—but with visibility across the full lifecycle, from fake factory to fake review, we can respond with intelligence, speed, and structure.

Every dollar lost to fraud weakens user trust. Every insight gained through strategic detection helps us build a safer internet.