Crossing over from an Online to a Physical Investigation

While many investigations today are started online, there is almost always a crossover to a physical investigation, unless your intent is to simply take down the site or the post. And that crossover can sometimes take a bit of creativity and planning.

 

One of our clients reported a target offering counterfeit products on a popular e-commerce website. The website proved responsive to take-down notices sent by our client, but every time they shut down the account, it would pop up again a few days later under a different name and format, and offering the same counterfeit products. The seller also ignored cease-and-desist messages. The cycle had repeated more than a dozen times before the client contacted us.

 

We began by making a test purchase from the target, an action which confirmed that the products delivered were counterfeit. The seller provided a bogus address, free delivery service and a telephone number that we discov- ered had been assigned to a prepaid, unregistered cell phone – though the area code was for the vicinity of the city posted on the site.

 

We then contacted the seller directly, offering to purchase 100 products that were bulky in size, explaining that we needed them delivered within 24 hours. We further offered to retrieve the products from the seller directly if they would provide us with an address, but they refused. They did state, however, that it would take the full 24 hours to deliver the products because they would be shipped from a city approximately 400 kilometers from our delivery location. They further stated that, due to the quantity, they would be sending a truck with the products instead of their normal courier service. Given that we were already customers, they waived the 50% advance fee, stating that they expected a cash payment in full upon delivery.

 

When the delivery date arrived, we set up surveillance at the delivery address with two cars and a motorcycle, fully expecting to follow the delivery truck the 400 km back to its origin. The truck arrived and we immediately noticed it displayed a local license plate. It was possible that the truck had originated in our city, driven to retrieve the counterfeit products, and then returned another 400 km to make the delivery, but the hours just didn’t add up. In addition, the delivery truck was in such bad condition it probably could not have endured the roundtrip.

 

After offloading and paying for the merchandise, our surveillance team followed the truck to a small shop sitting in front of a warehouse approximately 20 blocks from the delivery address. The driver exited the vehicle and was seen handing over the funds to an individual within the shop. The team also observed several of our client’s products displayed in the shop window.

 

A few days later, in coordination with the police, we visited the shop and purchased two samples of our client’s products, which we handed over to the police as evidence. The following day, officers executed a search warrant on the shop and adjoining warehouse. They seized several thousand counterfeit products and discovered a fully functional manufacturing facility for the counterfeits within the warehouse.

 

The initial online investigation was key to identifying the target and repeatedly taking down their site on the marketplace, but the organization would have continued to thrive had it not been for the actions we conducted on the ground.

Leave a comment

Your email address will not be published. Required fields are marked *