In the summer of 2023, a refund fraud threat actor attempted to recruit a SHEIN customer service employee to facilitate large amounts of refund requests. SHEIN CTI assumed the identity of the targeted employee, and conducted a month-long operation to gather information from the threat actor. During this investigation, the innerworkings of an international refund fraud operation were uncovered, as well as active operations targeting additional retail organizations. This presentation will focus on how the investigation was planned, and conducted, what intelligence was gathered, and mitigation strategies to prevent groups likes these from conducting future operations against the company.
