Man went on online shopping spree with stolen details

Data included card info and PayPal log-in credentials; he gets three years' jail

When Mohammad Adam Mohamed Rashid, 29, learnt how to exploit loopholes in the PayPal payment system, he taught others around the world, and was paid US$100 (S$135) in bitcoin equivalent for such "tutorials". He also went onto the "dark Web".

According to online sources, special software is required to access the dark Web, and once inside, those browsing can access "darknet markets" where they can purchase illegal products. It was in the darknet markets that Adam bought credit and debit card details, as well as PayPal log-in credentials, as part of a scheme to commit cheating using his laptop and mobile phone.

In one instance, the former airline cabin crew member paid US$30 for a file containing information on numerous credit and debit cards. Armed with such details, he went on an online shopping spree.

He also bought a software program through the dark Web, designed to wipe his laptop's memory once he switched it off.

Deputy Public Prosecutor Stephanie Chew revealed this yesterday after Adam had admitted to 15 of 96 charges, including cheating and computer misuse. He was sentenced to three years' jail.

Adam's crime spree started some time in April last year, when he purchased the log-in credentials for numerous PayPal accounts belonging to other users via the dark Web.

He then used these to log in to the PayPal accounts and accessed the information stored in them. The information comprised the last four digits and expiry dates of the credit cards linked to the accounts, owners' e-mail addresses, last transactions and last log-ins to PayPal.

Adam would then change the log-in credentials to prevent the legitimate owners from accessing the accounts, and use them to make online purchases before closing them.

He performed the sequence of events rapidly, usually within about five minutes. Items were either delivered to his home address or via a third party that would not require him to produce his identity card when collecting them.

About five months later, he accessed an illicit online marketplace via the dark Web and bought the file with the credit and debit card details. He then used the stolen information of various victims to make numerous purchases, including for electronic items, on a website called Station Go. He generally bought mobile phones, GoPro cameras and related accessories, and would resell them.

He was arrested on July 11 last year but while on court bail, he reoffended. Adam was arrested again on Nov 29. Before his second arrest, he threw away the cellphone he had used to make fraudulent purchases.

DPP Chew said the proceeded charges involved $7,754 of the total $24,560 Adam took or attempted to take through cheating.

Adam's lawyer Gino Hardial Singh said his client was remorseful but unable to recall why and how he committed these offences due to "dissociative amnesia". Adam had suffered a loss of memory after he fell from a flight of stairs while in police custody last December, he added.

District Judge Chay Yuen Fatt, who said he had not come across such a case, noted that it was rather "unsettling" for most people who shop online. "That's a factor I would consider very seriously. I think a deterrent sentence has to be imposed to deter this sort of offences."

A version of this article appeared in the print edition of The Straits Times on November 03, 2017, with the headline 'Man went on online shopping spree with stolen details'. Print Edition | Subscribe