A nonchalant fraudster's behaviour, which most people don’t expect, is to contact merchants to get additional information about the order. During this contact, a criminal may not commit any visible fraud. At this point, they are just claiming to be the account owner or cardholder of the stolen credit card. Imitating another person is a core feature of many crimes, but at this stage, nothing is done to extort anything during contact with the merchant’s customer services. This is a warm-up method that uses social engineering tricks to set a bond between a fraudster and a merchant employee who will think that this is a routine engagement with a customer. It will be easier to pass a verification process in future when merchant employees already know a fraudster-client who has contacted them.
During an apparently regular customer enquiry, a fraudster can ask many questions about products they intend to order. Questions can be asked about product details, shipment safety precautions, how long the package will take to be delivered, payment details etc. The idea is to imitate a real customer who wants to buy in a targeted shop.
This is a warm-up method that uses social engineering tricks to create a bond between a fraudster and a merchant worker who will think that he is in contact with a regular customer. Fraudsters can, for example, pretend to use an e-commerce website for shopping for the first time, so it is likely they would make some mistakes during the ordering process. It will be easier to pass verification during future transactions as the merchants' employees already know a fraudster-client who has contacted them and interprets this as a friendly customer who only wants to purchase their package.
Fraudsters can make contact both by phone or by email. The first method requires more preparation from fraudsters because spoofing a phone conversation is more troublesome than spoofing email interaction. The criminal has to possess tools to spoof the victim's phone number and incorporate a convincing method for changing their voice. It is more difficult if they have to imitate the opposite gender, different age and accent. Fraudsters have to speak their victim’s language (remember, fraud is an international type of crime; often the criminal is located in another country than the victim). The preferred and simpler method is to spoof a victim's email, mostly because the fraudster doesn’t have to communicate by voice. In writing an email, anyone can imitate any gender, age and other personal aspects. Furthermore, using email, fraudsters can send scans of forged documents to further legitimize their fraudulent attempt. Usually, customer service has no way of checking if screenshots haven’t been photoshopped.