Amazon sues REKK fraud gang that stole millions in illicit refunds

Amazon's Customer Protection and Enforcement team has taken legal action against an underground store refund scheme that has resulted in the theft of millions of dollars worth of products from Amazon's online platforms.

This lawsuit targets 20 members of an international fraudulent organization known as REKK, as well as seven former Amazon employees who acted as malicious insiders, according to the complaint.

Operating as an Organized Retail Crime (ORC) gang across online forums and social media, this fraud service provider provides illicit refunds for individuals in exchange for a fee.

Individuals seeking free items, like iPads or MacBooks, purchase an item and then pay REKK a fee, usually a percentage (e.g., 30%) of the product's cost, to secure a deceptive refund. The 'customers' placed an order through Amazon’s online retail platform and then provided the order details to the fraudulent refund service. 

REKK then requested a refund, manipulating Amazon’s support representatives through social engineering tactics, unauthorized access to Amazon systems, and bribing insiders to secure a refund without returning the purchased product. After a successful refund, the ‘customers’ gave REKK their cut.

As a refund fraud gang, REKK stands among the larger entities in an underground industry offering fraudulent refund services.

In November 2019, REKK claimed on Nulled to have fraudulently refunded over 100,000 orders across various retailers (e.g., LuLu Lemon, bol., Samsung, ASOS, Nike, and Home Depot) to more than 30,000 customers worldwide, not solely limited to Amazon.

REKK's Nulled account (BleepingComputer)



​REKK's members are targeting Amazon online marketplaces across the United States, Canada, and Europe, and they use various Telegram accounts such as "@refundingclub," "@rekks," "@rekksupport," and "@rekkvouches" to promote their services and engage with individuals seeking illegitimate refunds from Amazon.

Additionally, they promote their services and engage with refund-seeking individuals on platforms like Nulled (using the username "rekk"), Reddit (operating under the username "rekksalt" and within the subreddit "r/REKKRefundService"), and Discord (with the username "rekk#5319").

Notably, the group's main Telegram channel @refundingclub had over 35,000 subscribers on December 5 and openly advertised refund services they acknowledged as fraud.

REKK Telegram channel for sale (BleepingComputer)



"In November alone, Amazon supported law enforcement agencies across three continents to take action against multiple refund groups, resulting in arrests and the disruption of organizations responsible for millions of dollars in fraud," said Amazon cybercrime attorney Jamie Wendell.

"Users of illicit refund services should know this is not a victimless crime and real consequences exist for this activity. Amazon remains steadfast in our commitment to pursue ORC bad actors to stop these schemes."

The Refund-as-a-Service operation commonly shares screenshots of illicit Amazon refunds to their Telegram channel as proof that their service works.

REKK proof of refund (BleepingComputer)