We were scammed out of a few thousand dollars last month by a fake “affiliate”. Here’s how.
Like many other sites, we have an affiliate program that offers a 20% commission on any purchases done by customer’s referred by the affiliate. One fake “affiliate” has used stolen credit cards to buy our SQL Server backup software and we have sent real money to him as a commission.
In Sep 2017 LUIS COLMENARES ANGEL (probably not a real name) with email firstname.lastname@example.org has signed up as our affiliate. In the period from 9/22/2017 to 10/27/2017, we had 27 purchases made by people that we thought he has refereed. We have transferred him a few thousand dollars as commission through PayPal when we started noticing that a few of his clients filed chargebacks claiming “Unauthorized transaction”. We took a closer look at his account and became quite certain that all of these transactions were fraudulent and have used stolen credit cards. So basically all of the money we have received were fake, but we have paid him real money that we have little hope of getting back from PayPal.
What we did
People and banks are protected and it is usually a merchant like us who takes a loss on stolen credit cards. Without waiting for chargebacks we have refunded all the money for these 27 purchases. We have sent an urgent email about this fraud to PayPal. (And in their usual speedy manner they have replied that they will get back to us in 9 days). We have added a CVV code to the page where we accept credit cards. We will be monitoring our affiliates much closer to make sure that they are real people and we won’t fall for this again. And we are writing this article to make other companies aware of this fraud.