New details on the 2019 Xbox gift card fraud case have been released. The case involved a Microsoft employee responsible for testing the company's marketplace, specifically its gift cards. The perpetrator found a flaw in the system but chose to use it for his own benefit rather than report it. The result was a scheme worth $10 million.
Gift cards work by generating a code, typically a 25 letter-and-digit string known as a 5x5 code. Each 5x5 is attached to a certain dollar amount, like $15 or $50. The code is then printed on a physical gift card or sent via email to the buyer. If the code is unused - as many are - it's pure profit for the company. For this reason, it's not unreasonable to consider gift cards a kind of virtual currency, similar to Bitcoin. However, both systems have their flaws, which one Microsoft employee was more than happy to abuse.
Volodymyr Kvashuk is the man behind the $10 million Xbox gift card fraud case. He was found guilty of fraud, identity theft, and money laundering in February 2020 and was sentenced to nine years in prison. A new report published by Bloomberg details how he pulled it off. Kvashuk was hired by Microsoft to test the online marketplace for flaws and bugs, using fake credit card accounts supplied by the company. However, though the accounts were programmed so Microsoft would not ship out the physical products he ordered during tests, the Xbox gift card codes generated with the test accounts were real.
By logging into his coworkers' accounts, which was possible due to weak, guessable passwords, Kvashuk was able to obtain thousands of codes essentially for free. He then sold them online to other scammers for Bitcoin. With Bitcoin's fluctuating value, Kvashuk was able to rake in cash with minimal effort. He even purchased a Tesla and lakeside property with fraudulent funds. Meanwhile, his coworkers reportedly thought him a pleasant enough guy. He was a good collaborator and never acted rich. But his buyers were not as unaware.
More than a few of Kvashuk's customers were given bad codes, causing them to report the issue to Microsoft. This included Kvashuk's biggest buyer, a trader from China named Makoo. Microsoft was already spearheading an internal investigation after a spike in gift card purchases and usage. Two employee test accounts were locked after the investigation, but a third account quickly replaced them. It too was shut down. The perpetrator was obviously an employee with access to the other logins, and some irregular activity and careless mistakes in the scheme pointed to Kvashuk. He was confronted, fired, and federal agents raided his home on July 16, 2019. The agents found USBs loaded with 5x5 codes, bank account information, an abundance of cash, and even a "wish list" of future "investments." The evidence was damning.
While Kvashuk was eventually found, tried, and sentenced, his story is still a reminder to both companies and individuals. Virtual currencies like gift cards and Bitcoin are easier to launder and abuse than cash. Real money should not be used in a test environment, and strong passwords are a bigger obstacle for scammers than many realize. Kvashuk may have been caught, but his scam exposed a greater problem in online marketplaces. There are still plenty of scammers prepared to fill the void he left, but they are unlikely to be as careless as Kvashuk was.
Source: Bloomberg
from ScreenRant - Feed https://ift.tt/3AhFvoX
No comments: