Re-investigation of information leakage in express delivery industry： on the day of placing an order, your information may have been sold to fraudsters.

　　"You should not be sent by the public security bureau ‘ Spy ’ Right? " Zhou Chen, who claimed to be engaged in telecommunication network fraud in northern Myanmar, tried many times and told reporters that he could buy real-time express noodles at the price of 4 yuan, but the goods on the list must be "mother and baby".

　　Similarly, Zhuyi, who claimed to be in charge of "receiving materials" in the "studio" of electronic fraud, bought "mother and baby" express noodles at the price of 5 yuan. He explained that in the express delivery list of shoes, bags, liquor, clothing, cosmetics, mother and baby, the "conversion rate" of mother and baby is high, which is "easy to cheat" in common parlance.

　　Double Eleven is approaching, is your express parcel information safe? From late September to mid-October, 2021, after several days of unannounced visits, The Paper reporters found that the courier sheets printed with personal information such as name, telephone number and address were sold in batches with clear price tag, involving Shentong Express, Best Express, ZTO Express, YTO Express and other enterprises. These express orders are classified into "historical" and "real-time (sent on the same day)", and they are accurately classified and sold according to the type of goods, the price of goods, and the gender of express users. According to whether it is real-time information and different commodity prices, the price varies, forming a set of "rules".

　　Real-time express bill is the information document of the package sent by the user after placing the order on the same day. After the user often places an odd number of hours, the personal information is priced for sale. Some buyers said that most people in the "circle" claimed to be used to "accurately market and drain" businesses, but in fact many of them flowed into the hands of telecom network fraudsters at home and abroad. The above-mentioned two people who claimed to engage in telecom fraud told reporters that they had been collecting materials in the "studio" engaged in fraud for a long time, and the "studio" had a clear division of labor, and someone called for fraud.

　　Obtaining personal express information through illegal channels is often the first step of telecommunication network fraud. After obtaining personal courier information, fraudsters will pretend to be "customer service" or "courier brother" and "fish" in different ways. Common things such as "lost package, claim by courier company", "damaged goods, contact for refund", "sending a return link, and taking personal information".

A user who received the express "material" posted a net post to find a seller.

　　In fact, information leakage in the express delivery industry is not uncommon in recent years. For example, last year, "Yuantong ‘ The mole ’ The incident involving the disclosure of 400,000 express customer information has aroused widespread concern. However, despite the constant crackdown, the phenomenon of information leakage has not been eradicated.

　　Underground market: Real-time and accurate express information is more expensive.

　　"Express bill" refers to the bill used by the express delivery industry to record the sender, consignee, product weight, price and other related information during the delivery of goods, which needs to be affixed to the package. A courier list contains the recipient’s name, telephone number, home address and other private information.

　　"Face-to-face list, find a courier brother, and cooperate with Yuncang. The main collection list is cosmetic and skin care products, children’s clothes on the car, and maternal and child products … "

　　In Baidu Post Bar "Express Bar", "Electronic Face Sheet Bar", "Yuantong Bar" and "Courier Bar" and other communities, online posts selling and buying user express face sheets abound. In the "circle", the express information is called "material", and the face sheet is mostly replaced by abbreviations such as "KD" and "MD". Under a net post for discharging materials, there will be multiple recipients leaving messages or private letters for inquiry.

　　Buyers often require "real-time" face sheets, that is, express delivery sent on the same day, as well as summarized historical express delivery information, which are mostly organized in the form of documents. In the underground market, there is no fixed price for this information, but the real-time face sheet is more expensive, and the average market price is around 4 yuan and 1 yuan for historical information. From the afternoon of September 24th to the noon of September 25th, Gong Junshan, the seller of "materials", packaged and sold more than 500 Baishi Express noodle orders to reporters at the price of each 4 yuan. These express orders contain the names, telephone numbers, addresses and other detailed personal information of the recipients and senders, showing that the goods are clothing, and they were sent from an international trade city on September 24th.

On the afternoon of September 24th, according to the price of each 4 yuan, Gong Junshan, the seller of "materials", packaged and sold more than 500 BES express face sheets to reporters.

　　For the source of the express delivery list for sale, Gong Junshan kept his mouth shut. He claimed that there were a number of "agents" under him, who were responsible for taking materials from the staff of the courier outlets who took photos to ensure the first-hand supply. Every day, he has hundreds to thousands of face sheets, most of which are Baishi Express, and there are also real-time express face sheets from Shentong, Zhongtong, Yunda, Postal Service and Polar Rabbit.

　　The reporter noticed that most of the above-mentioned pictures of express delivery sheets sent to reporters by Gong Junshan were photos of express parcels posted with express delivery sheets, or photos of even sheets printed by the sheet printer.

YTO Express noodle list sold.

　　On October 2nd, Gong Junshan claimed to have 343 real-time ZTO Express noodles in his hand, and sold 50 noodles to reporters at the price of each 4 yuan, among which there were many round noodles. The face sheet information shows that a merchant in Guicheng Street, Nanhai District, Foshan, Guangdong sent different clothes to buyers all over the country, and the face sheet clearly marked the personal information of the buyers.

ZTO Express noodle list sold.

　　In order to find more customers, Gong Junshan also joined a "bat group" with over 500 people. App(BatChat, an app named Bat, was developed and operated by Chengdu Feibat Technology Co., Ltd., claiming to be a private chat communication tool based on "end-to-end encryption".

　　The reporter observed in the group that the group took the first letter of "Express" and named it "KD- Face-to-Face Communication", which lurked a large number of users who sold and purchased various personal express information. The group owner even put the message on the top: "Receive the materials, and you can leave the group owner if you have the materials."

　　"Women’s shoes, mostly with high heels, are priced in the range of 200 to 600, with a guaranteed price of 4 …" Buyers and sellers who "receive materials" in the group accurately classify transactions according to real-time and historical express information, types of express goods, prices of purchased goods, gender of express users and other conditions. For example, some specialize in receiving express information such as mother and baby, vehicle equipment, women’s shoes, food, clothing and perfume, while others specialize in receiving all male express information.

Chang Jingshan sold 10 samples to reporters at the price of 2 yuan per order, showing the user information of Shentong Express sent to buyers all over the country when he placed an order in Tik Tok store of a cosmetics company in Guangzhou, Guangdong on September 8.

　　On the day of placing the order, your courier information may have been leaked.

　　Another seller, Chang Jingshan, claimed to have a lot of historical and real-time express information in his hand. He sold 10 samples to reporters at the price of 2 yuan per order, showing the information of Shentong Express sent by a cosmetics company in Tik Tok on September 8 to buyers all over the country, including the name of the buyer, the type of goods purchased, the price of the goods, the express delivery number, the mobile phone number and the receiving address.

　　In order to further fix the evidence, the reporter bought from Chang Jingshan again on the grounds that he needed clothes express information, and the other party immediately sent 10 Shentong express samples of down vest products placed in Tik Tok, which also included the above detailed personal information of the buyer.

In addition to selling express orders, there are also sellers who specialize in selling express orders. On the afternoon of September 29th, Sun Yiwei sold 100 samples of Shentong Express at the price of each 0.8 yuan, of which the first 50 were historical express data and the last 50 were express information sent on September 29th.

　　The inquiry found that these numbers of Shentong Express were all valid, and most of them passed through Shentong Express "Jiangsu Suqian Center" and "Jiangsu Huai ‘an Transfer Center", which was suspected to be leaked in this circulation link. "It’s all 55 thousand, and there are historical single numbers within half a year." Sun Yiwei said.

　　The reporter’s investigation found that sellers who sell real-time express orders tend to trade actively after 5 pm, when couriers usually start to collect pieces, and the information of electronic orders is stored in the work computer or printed and posted on the package, and the leaked user information also begins to flow in the underground market. At the same time, this means that express users often sell their sensitive information at a price after an odd number of hours.

　　In order to further verify the authenticity of the courier information sold by the above-mentioned sellers, the reporter dialed the user’s phone number in the above-mentioned courier list and historical document one by one to confirm that the information was accurate, and the sellers did not know that the information had been leaked.

　　In this black market, transactions are conducted in secret, and many sellers and buyers send reporters a virtual currency link, allowing reporters to pay with "U" or recharge on their behalf. The full name of "U" is Teda Coin (USDT), which is a virtual currency that links cryptocurrency with the US dollar.

　　A buyer who received materials asked the reporter to download a "Huobi" App that can trade different virtual currencies, saying that this line is risky and all transactions are made in virtual currencies.

Active in the express delivery market in Bat App.

　　"I handle tens of thousands of real-time express messages every day."

　　Gong Junshan told reporters that people in the circle understand what buyers use to do, saying that it is "marketing drainage" for e-commerce businesses, but in fact it is "telecom network fraud". The reporter’s investigation also confirmed that many courier information circulating in the market was suspected to be used by criminals engaged in telecommunication network fraud.

　　According to the aforementioned ZTO Express single number sold by Gong Junshan, the reporter contacted Lu Yi who was almost defrauded.

　　Lu Yi, from Hangzhou, Zhejiang, told reporters that after shopping, she received a phone call claiming to be "ZTO Express", and the other party said that the loss of express delivery required her to apply for compensation through the claims channel. After scanning the QR code, the page jumped to the Alipay interface. After opening the payment step by step according to the requirements, she was told that due to excessive application for payment, the credit problem of Alipay account would be caused, and I need to go to Hangzhou West Lake Building to handle it. If I don’t go, I will bear the consequences.

　　At this time, Lu Yi suspected that the other party might be a liar, and she lived in Hangzhou. She was not afraid to go to the West Lake Building to handle the relevant formalities if there was a credit problem, so she stopped the dialogue with ZTO Express. A few days later, she received the "lost" courier.

　　Xia Hang is a middleman who specializes in collecting materials for express delivery. He told reporters that there are tens of thousands of real-time express messages delivered by him every day, which are basically collected from couriers and staff of express delivery companies at the price of each 4 yuan, and then sold to the "studio" at home. He said that most of the online acquisition of express delivery "materials" are middlemen, which supply materials for "studios". These "studios" are not studios in the traditional sense, but gangs specializing in telecommunication network fraud. When purchasing express delivery information, the next family claimed to use it for telemarketing, which drained the marketing of e-commerce platform, and some directly said that it was telecom network fraud.

　　Zhu Yi, who claimed to be engaged in telecommunication network fraud, told reporters that the so-called "studio" is a gang specializing in telecommunication network fraud. The "studio" has people in charge of finance, people who make phone calls, and people who dock resources (receive express delivery materials). He is the person who "receives materials" in China. At noon or afternoon the next day after receiving the goods, the "studio" will pay the money after checking the goods and confirming that the information is correct. He also told reporters that we should communicate and chat on "Bat", trade with "U", and delete the chat messages after the chat.

　　I wish the first generation told reporters that the breakdown of express delivery "materials" according to the purchased goods can improve the success rate of fraud. They are generally called "conversion rate". Among the goods such as shoes, bags, liquor, clothing, cosmetics, and mothers and babies, mothers and babies are "easy to use", which means "easy to cheat" in common parlance. People who receive "materials" in the market prefer maternal and infant express information, and the price is higher. He can buy the express delivery information of maternal and infant products, and 4 yuan one of clothing, shoes and bags at the price of 5 yuan one.

　　"You should not be sent by the public security bureau ‘ Spy ’ Right? " Zhou Chen, who claimed to be engaged in telecommunication network fraud in northern Myanmar, told reporters after repeated probing that as long as the information is authentic, the low "conversion rate" is fine.

　　"I was cheated of 160,000 yuan in 30 minutes."

　　The reporter’s investigation found that obtaining personal express information through illegal channels is often the first step of telecommunication network fraud. After obtaining personal courier information, fraudsters will pretend to be "courier company customer service" or "courier brother" and "fish" in different ways. Common things such as "lost package, claim by courier company", "damaged goods, contact for refund", "sending a return link, and taking personal information".

　　Among the different fraud methods, the fraud methods of "lost courier" and "customer service initiative refund" are mostly used.

　　According to the information reported by the police in the past, most of these cases are fraudsters who obtain the online shopping information of the victims through illegal channels and pretend to be customer service to call the victims, claiming that their online shopping goods were lost or had quality problems during transportation, which can help the victims to handle multiple refunds. When the victim believes the scammer lightly, the scammer will send a phishing website link to the victim to trick the victim into entering identity information, bank card information and verification code on the webpage and transfer the money in the victim’s bank card.

　　On September 23rd, a video released by Weibo user "Yang Keai Ukulele" attracted attention. In the video, she claimed that she had been cheated by telecom and was induced by a swindler to transfer 160,000 yuan to the other party within 30 minutes. The swindler falsely claimed that "the lost courier should be given to double indemnity" and accurately reported her name and courier number on the courier list on the phone, which made her relax her vigilance.

　　In an interview with The Paper, Yang Keai recalled in detail the process of being cheated.

　　She said that on September 17th, she received a phone call from a landline that showed Hong Kong. On the phone, the other party claimed to be the "customer service" of Shentong Express. A courier she bought at Tmall Import Supermarket was accidentally lost, and the courier company would double indemnity her. Then the other party told her a courier number and the pseudonym she left on the courier.

　　She said that after verifying that the information was correct, she trusted the other party and began to apply for 180 yuan Express claims in Alipay’s "petty cash" under the guidance of "customer service". The other party said that due to operational errors, the petty cash application became 500 yuan, which led to a loan relationship with Alipay. In order to cancel the loan relationship, the express "customer service" asked her to download an App called "Yilian Meeting" to join the meeting and contact a staff member who claimed to be the official customer service of Alipay. The "official customer service" said that her Alipay Sesame credit score was insufficient and she needed to transfer 180,000 yuan to the designated account for credit guarantee, so she transferred a total of 160,000 yuan from several bank cards under her name to the designated account under the guidance of the customer service. "Customer Service" asked her to continue to borrow 20,000 yuan from her friend to make up the credit line of 180,000 yuan. At this time, her friend found that she was cheated and accompanied her to the public security bureau to report the case.

　　Yang Keai recalled afterwards that during the fraud, she received three different phone calls from scammers, all of which were shown as landline calls from Hong Kong, but she did not find anything unusual at that time. Two days later, she received this "lost piece" courier, and the courier status was normal. In this regard, she complained to Tmall’s official customer service and Shentong Express respectively. Tmall responded that the matter was not handled by it. After contacting it, Shentong Express staff said that they needed to ask for instructions from their superiors and had not received the latest reply.

　　She said that in September this year, the police had issued a notice of filing the case and filed a case for investigation.

　　(Gong Junshan, Chang Jingshan, Sun Yiwei, Xia Hang, Zhu Yidai and Zhou Chen are pseudonyms)