THE DARK WEB has become notorious for the sale of drugs, stolen financial data, and even guns, but in their latest crackdown, the feds are dragging another unlikely cash cow of the contraband underground into the spotlight: counterfeit coupons. For one fraudster, those fakes were good for tens of millions of dollars worth of every consumer product from kitty litter to Clif bars to condoms.
On Thursday, the FBI indicted 30-year old Beauregard Wattigney, a Louisiana-based technician for ITT Technical Institute, on charges of wire fraud and trademark counterfeiting on the Dark Web marketplaces Silk Road and Silk Road 2. More specifically, Wattigney is accused of being the online coupon kingpin known as ThePurpleLotus or TheGoldenLotus, a figure who sold packages of coupons for virtually every consumer product imaginable including alcohol, cigarettes, cleaning supplies, beauty products, video games, and consumer electronics. The spoofed coupons—in most cases offering discounts just as effective as the real thing—were offered in packages that cost customers around $25 in bitcoin, but offered hundreds of dollars in total fraudulent discounts.
The FBI accuses Wattigney of doing $1 million in total damage to the affected companies—which range from Sony to Crest to Kraft. But Jane Beauchamp, president of the fraud consultancy Brand Technologies, says she’s been tracking ThePurpleLotus for more than a year on the Dark Web, and assesses the damages to be “significantly” higher. “I’d estimate that the consumer packaged goods industry experienced tens of millions of dollars of counterfeit coupon damages,” from just ThePurpleLotus’s sales, Beauchamp says.
“We have the best, most consistent, most precise, most scannable, most accepted, most diverse collection of coupons anywhere. They are not on anyone’s ban list. They are not blacklisted anywhere,” reads PurpleLotus’s vendor profile on Agora, the largest currently active black market on the Dark Web. “They will save you a ton of money…If you use the coupons for the everyday things that you normally buy, the golden goose will continue to lay golden eggs.”
In addition to those packages of pre-made coupons, ThePurpleLotus also offered a $200 package of “coupon-making lessons.” That digital guide to counterfeiting included a powerpoint presentation showing the step-by-step process of coupon fraud, from generating bar codes to copying legitimate-looking logos and watermarks. In an accompanying video, set to a tasteful soundtrack of Bach piano compositions, he demonstrates the technique on screen.
In his tutorials, ThePurpleLotus explained the simple breakdown of barcode creation using the increasingly universal GS1 standard: GS1 codes begin with a “company prefix” that can be copied from any of the company’s products. The next six digits are the “offer code,” which can be any random number for a counterfeit coupon, followed by the savings amount listed in cents and the required number of item purchases necessary to receive the discount. “You can be up and running and making coupons in an hour,” PurpleLotus’s guide reads. “The more you make the faster you get…You are a coupon ninja if you can make one in under two minutes.”
In messages on Silk Road 2 forums last year, ThePurpleLotus boasted of launching a new automatic coupon-generating service so that customers could pay a fee to generate a custom coupon for the product of their choice, rather than having to learn his counterfeiting tricks or choose from his existing stock of fraudulent files. The service even offered a free preview of the counterfeit image, but required a fee to remove ThePurpleLotus’s own watermark from it. “Can you think of five items that I do not offer coupons for but that you or your family use on a regular basis? Pay a small fee, have a beautiful looking coupon, and then go save hundreds stocking up on that one item,” ThePurpleLotus wrote. “Now 100% of every item you ever wanted can have it’s own coupon!”
Just one of ThePurpleLotus’s counterfeit coupons, copied and shared endlessly around the internet, can lead to enormous financial losses for the retail companies affected, says Brand Technology’s Jane Beauchamp. She says two individual counterfeit coupons targeting her clients—one giving $7 off and another offering a $9 discount on common household products—led to close to $2 million each in fraudulent discounts. “From windshield wipers to toilet paper, this included virtually every item for sale in a grocery store,” says Beauchamp.
In fact, ThePurpleLotus’s schemes demonstrate how absurdly easy coupon fraud remains, she argues. Beauchamp points to the insecure method of coupon verification that major retailers like Target, Walmart, and many others use—which essentially amounts to no authentication, only a blacklists of known fraudulent coupons like one maintained by an industry group known as the Coupon Information Center. A coupon fraudster can merely use the publicly available GS1 barcode algorithm to encode whatever discount they want into a new fake coupon. If it’s not yet on that blacklist and looks realistic to the cashier, it’s accepted, says Beauchamp. “Usually the cashiers don’t even take the time to question it. If it ‘beeps,’ it’s good,” she says.
Beauchamp notes that when a counterfeit coupon is spotted at the register, consumers often say they were given the coupon by a friend or “found it on the internet” and face no consequences. Other coupon fraudsters are careful to use self checkout at large stores, as Wattigney advised one customer in a message included in the indictment.
“Every day new codes get added to the blacklist,” says Beauchamp. But new fraudulent coupons are being created at a faster rate than ever, she says. “The problem is that it’s a blacklist, not a whitelist. And that affects the whole industry.”
The Coupon Information Corporation, which maintains one list of known fraudulent coupons on behalf of the retail industry, counters that other security measures beyond a blacklist exist to combat coupon fraud. But Bud Miller, the president of the CIC, declined to comment on those security measures for fear of helping criminals to circumvent them. “If you make a high quality counterfeit coupon, from time to time it can be passed at the cash register,” Miller told WIRED. “The industry is working on a number of solutions, from better identification, to what we’ve done, to prosecutions.”
If Wattigney is in fact proven to be ThePurpleLotus, he won’t be the first to be caught spoofing coupons en masse. Just over two years ago, 25-year-old Lucas Henderson was sentenced to three years of supervised release and forced to pay $900,000 in restitution for his own massive coupon fraud scheme, which he ran under the pseudonym “The Coupon Guy.” Henderson, a Lubbock, Texas college student, had distributed his self-made coupons through Web forums including 4Chan.
Nor was the PurpleLotus the last to try the coupon scheme. Though ThePurpleLotus and TheGoldenLotus accounts have been inactive for months—and at one point last year the ThePurpleLotus announced his “retirement” on the Silk Road 2 forums—other coupon counterfeiters like a group calling itself Team Lotus have taken his place on dark web markets like Agora.
ThePurpleLotus was perhaps the first to move the coupon fraud economy under the cover of the Dark Web’s anonymity. Given those protections, including the anonymity software Tor and the crypotocurrency bitcoin, it’s still not clear exactly how Wattigney was even identified. His indictment only alludes to the FBI recovering “transaction histories and private message communications” from the Silk Road when it was taken down and its administrator Ross Ulbricht arrested in the fall of 2013.
Unlike other Silk Road sellers, who shipping physical contraband ranging from heroin to cocaine to guns, Wattigney’s transactions may seem relatively benign: mere counterfeit images and software tools. But he nonetheless enabled a gargantuan series of petty thefts, argues Brand Technologies’ Beauchamp. “You don’t go into a grocery store and fill up your arms with stuff,” she says. “He’s given people a tool to shoplift high value products. Whether it’s under their coat or with sophisticated software, it’s a crime.”