Old Articles About Me
ALAN ZISMAN ON TECHNOLOGY
Yet another Craigslist scam...
By Alan Zisman © 8 August 2013
Like a lot of you, I've got stuff I don't use any longer. And like a lot of you, I've posted some of it for sale on my local Craigslist.
And yes, I've read the notices that Craigslist posts on all its listings reading "Avoid scams, deal locally! Do NOT wire funds (Western Union, Moneygram). Beware cashier checks, money orders, shipping, non-local buyers/sellers."
Nevertheless, I have had several successful sales that involved shipping an item to a 'non-local' buyer. In fact, for relatively expensive items with few potential local purchasers, a non-local buyer may be the only option.
I've gotten obvious scam replies to Craigslist ads in the past - typically the item had an asking price over $1000 or so and the 'buyer' had a convoluted story - they were in one (non-local) location and wanted the item shipped to a different (non-local) location and offered to pay the asking price plus shipping, putting the funds in an escrow service.
This week, I was almost taken by a different, smoother operation.
I had a digital camera posted. Asking price, $150. The ad had been up for a while with minimal responses - my price may be too high. So I was interested when I got an email asking if I was prepared to ship it to California. No complex scheme involving shipping to a third country, no escrow payment. A straightforward deal with payment to my Paypal account.
So I took the camera to the post office and got a quote with a variety of shipping options, ranging from about $18 to $60 and let the buyer choose. The potential buyer, Vikki Lowry, opted for the cheapest shipping that included a tracking number and insurance, and promised that as soon as she received a Paypal invoice she would pay my asking price plus the quoted shipping cost.
After using Paypal to send the requested invoice and getting an email back from her that she'd made the payment, I almost drove back to the post office. But I checked my Paypal account - no payment was listed.
Poking around my email folders, I found a Paypal notice of payment - in the Spam box. Gmail noted that it was listed as spam because it had characteristics in common with other spam or fraudulent messages.
At first glance, it appeared legitimate, with a Paypal logo and appearance, and claiming to be from Paypal Customer Service. But the email address beside this sender name was email@example.com, not anything from paypal.com.
It stated that I had received payment from Vikki Lowry, 'a Verified Buyer'. Further down, though, it got odder. It appeared to explain why I wasn't seeing the payment added to my account: "This PayPal® payment has been deducted from the buyer's account and has been "APPROVED" but will not be credited to your account until the Reference/Tracking number is sent to us for verification. Below are the necessary information requested before your account will be credited. Send tracking/reference number to our customer care firstname.lastname@example.org and we will attend to you. As soon as you send us the shipping tracking number for security purposes, the funds will be credited to your account."
Hmmm.... why would Paypal want the tracking number? What if the buyer had opted for the less expensive shipping without a tracking number? And asking me to email the tracking number to 'email@example.com' - again, not a Paypal address???
I emailed the buyer, pointing out these oddities. Perhaps not surprisingly, I haven't heard back.
Instead of sending off the camera, I contacted Paypal, using the support number on the Contact Us section of their Help webpage. At the suggestion of their customer support person, I forwarded the 'Payment Received' email to firstname.lastname@example.org.
Both the phone support person and their email reply verified that what I'd received was not from Paypal, and that there was no record of the promised payment being made. They confirmed that "It is true that every time a payment is sent to your confirmed PayPal email address, PayPal will send a notification to you." But asking for a tracking number while holding back the payment? No.
Their advice: "For your security, always make it a point to verify every payment notification message by logging in to your PayPal account and locating the corresponding transaction. We always discourage sending a product until the seller has confirmed that the payment has posted to their PayPal account balance. Even if the funds are on hold due to some of our security initiatives, you should still continue to see the details on the transaction in your account history page."
They went on to note that: "A PayPal email will never ask you for any of the following:
o Bank account numbers
o Debit and Credit Card numbers
o Email addresses
o your full name
o Check for attachments. We will never send an attachment or software updates to install on your computer."
The fraudsters most likely were not interested in my $150 digital camera. Instead, I suspect this was a scheme to get my Paypal log-in credentials: user name - which they got, and password - which they didn't. With that information, they could have helped themselves to any funds in the account.
It's not clear to me exactly how that would have happened. I suspect that if I'd emailed the tracking number as requested, I would have gotten a reply saying that there was a problem and including a link - appearing to be to Paypal - for me to click to login and resolve the issue. I don't know for sure since I didn't let the scheme go that far.
Paypal correctly points out: "Before clicking a link in an email, put your cursor over the link and look at the web address. If it doesn't start with https://www.paypal.com, don't click it."
I would take it one step further - when hovering my mouse cursor over a link in a suspicious message, I'm starting to see some very long links that start with correct-seeming text - www.paypal.com - but went on and on, leading to certinews.it (and then a slash and even more). A server in '.it' - Italy.
None of this is to blame Craigslist or Paypal - neither of them did anything wrong and both are appropriately concerned with these sorts of scams trying to steal money from legitimate users of their services. And if there is a Vikki Lowry living in Upper Lake, California, she probably would have been surprised at receiving a package from me.
If I get another email from an out-of-town potential buyer responding to a Craigslist ad I've posted, I'll still follow up - if it's not immediately scammy. After all, hope springs eternal, and all that.
But I've had one more lesson in the need to be careful. Check links - and make sure payment has been received before sending anything off.
15 August 2013:
David Roth writes:
I wanted to thank you for posting your note about "Vikki Lowry". I received a similar email the other day and was about to go through the process of sending the item (a camera) when something made me check on- line and I came across your blog. Turns out there are other reports of scams by this person (s) on the internet. In case you were wondering if Vikki exists, I believe so:
Looks she she has been perfecting her craft for sometime now. Good luck selling your camera.
20 August 2013:
Another Craigslist posting, another (possible) scam. This time around, I've got a 2011 Macbook Air advertised. The would-be buyer started out asking 'if it was still available' then about its condition and about my 'best price'. All sounding pretty legit.
'Gary' noted, though: "I want to buy the laptop for a friend's studio..." Hmmm.
I followed through, though, and eventually we came to agreement on the price. But - "Unfortunately we won't be able to meet because i recently lost my grandfather and i am presently in the US for his burial, so i'll want you to help me send the laptop to my friend's studio while i'll be paying you $750 for the laptop and extra $150 for the shipping making $900 in total. However, i'll be paying you upfront through PayPal and i do believe you have a PayPal account for the payment to be made right ?. Let me know please."
Sorry, I don't think so! We've already seen how this works out.
A little later, Gary commented on this blog posting:
"Hey !, are you stupid ?. Why will you do such ?. The fact that i want you to help me ship a laptop doesn't mean i am a scammer , afterall i've not made payment to you and i'll never tell you to ship the laptop unless you receive the payment first which is the actual reason i wrote that i'll be paying you upfront. To be honest, you must be pretty mad and sick in the head thinking i am trying to scam you for a laptop of just $750 because i would rather rob a bank for millions of dollars if i am interested in stealing instead of $750 laptop. Stupid idiot."
I told him: "Apologies if I'm slandering an honest guy - but frankly, your story has all the earmarks of CL-scams. (Note that I did not give either your last name or contact info, giving you a bit of benefit of the doubt).
I'd be happy to sell to you - just get a local friend to show up on your behalf with cash, saving you the $150 shipping. And in that case I'll happily either remove the blog posting or publicly apologize - your choice."
He got the last word:
"I am buying the MacBook when i return but it will never be from you. Between, I don't want any stupid apology from you and please i urge you to to just remove everything about me from that fag blog of yours. Finally, i pray god judge you and forgive you for your bad mind towards me.
Do have a nice day
Maybe I am slandering an honest guy - you decide.
27 August, 2013:
More scamy-seeming emails today:
The first one was brief, asking for my phone # - I sent that out, in case it was a local person... a while later I got a call with no name on call display and a 313 area code (Detroit). The sound quality was horrible - metallic sounding with an echo of my voice a second or two later, suggesting it was being done using some sort of Voice Over Internet Protocol (VoIP) service. I explained to the caller that I wasn't prepared to do business with someone who wasn't local to me.
Later in the day I got two three emails with identical, slangy-sounding language:
'Macey' and 'Rufus' and 'Zella' each wrote:
"Fcking retards are bombarding my inbox! Ahhhhhhh! I am wanting to buy yours so let me know. Reach me back so we can get this going, that would be greatly appreciated.
Thank you so much hope to hear from you today
Wiill pay." Each suggested I reply to a (different) email address on live.com.
And an email from 'Jesse Curran' promised $100 over my asking price to pay for me to ship to NYC. As always, I promised I would ship when I received verification of payment - in my PayPal account, not just as an easily falsified email claiming to be from PayPal. Nevertheless, the next morning, there was the faux-PayPal email. Check it out - note how the name it wants it shipped to is different from the buyer, how the sender's address is not a PayPal address and how it says the funds won't be visible in my PayPal account until I send verification of shipment to - again - a non-PayPal link. Also note that the item listed, a 'Professional AVCHD handheld camcorder' is not what I had for sale.
When I went to PayPal Help's Community Discussion forum and searched for discussions using the keyword 'scam', the first one listed was about an email from 'Jesse Curran'. The boy's been busy!
(Hope springs eternal - I have actually sold a few expensive things successfully to folks who replied to a local Craigslist ad of mine and required shipment elsewhere. So I now reply to emails telling them that if they're not local I will need verification of payment in my PayPal account... so far, the scammers don't seem to bother responding to that).
29 August 2013:
More from Jesse - this time, a message titled "PayPal Legal Action Follows" claiming to be from the FBI and stating:
We received complaint over the money sent into your PayPal account by Jesse Curran. We have rigorously cross checked the money sent to you and was confirmed and intact but pending. We need to verify and to be sure that you have sent the package out via DHL or FEDEX before your money can be funded into your PayPal account. This measure is taken for online security check for both the buyer/seller and we will like you to abide by all PayPal rules as regards this payment. Send the package out as soon as you see this email and get back to us with the receipt of the Tracking Number , so that we can verify it and credit your account with immediate effect.
We need to prove beyond all reasonable doubts that you are legitimate and that's why we need you to send us a proof of this transaction in order to secure the buyer from fraud.Here's the email address that the Tracking Number details should be sent to: email@example.com
Note: Failure to abide by this specified instruction may lead to your name and address being forwarded to the law enforcement agency in your state to have you arrested because you are practicing scam. Your account with PayPal will be blocked. In order to avoid this, send the excess funds within 24 hours and send details to PayPal customer service department for verification. Do not hesitate to contact us if you have any comment on this issue at (firstname.lastname@example.org).
Gmail had no hesitation in filtering this to my spam folder and noting: "Be careful with this message. Similar messages were used to steal people's personal information."
31 August 2013:
Since August 29, I've received a total of 9 'replies' to my Craigslist for sale ad similar to the following:
There are a few different texts, and each comes with two attached photos of young, barely-clad women. Again, Gmail does a good job of sending them all straight to the spam folder.
Anyone else getting this sort of thing?
7 September 2013:
A reader (who asked that I not publish his name) commented:
Earlier today I received a suspicious email reply from a person claiming he was interested in purchasing my VW Golf on Craigslist. This person, Jesse Curran. After an initial reply to his email I received the following message:
I really appreciate your response to my previous mail,I'm buying the item form you and i will be the one responsible for the pick up and delivery stuff.Kindly get back to me with your full name and address so that i can forward it to the pick up agent to calculate the pick up cost for me. Thanks. Jesse Curran
Email at email@example.com
Call or Text : 323-364-6414
Naturally I was really suspicious and decided to google his email address. Sure enough, the pdf doc from your blog was the only result.
After reading your blog post I opted to cease engaging with this scammer.
Also - Also, if you want to get back at some of those email spanners our people harassing you via email, I found this cool little tool.
Thanks for writing!
Meanwhile, the soft-porn replies continue to pile up (all in my Spam folder - thanks, Gmail!). Currently, I've gotten 40 (!) of them.
And today a couple that went like this:
this is mine. Q8sv@hotmail.com
so you can either reach me on there if this is still available because i really want it now.
gonna be out all day today.i will check for your reply often, answer me within timely
manner before sunday.
are u real? MacBook Air 11" 2011 ultralight and portable Mac notebook with 4 GB memory (RAM) and 256 GB SSD drive.
Both with identical wording (and identically shift-key challenged) but different email addresses.
10 June 2014:
Reader Renee wrote:
Thanks for the blog. It came in handy when I myself was attempted to be scammed by a Pamelaford664@gmail.com
and the partner in the deal was a
112 127th Street S Apartment 13
Tacoma, Washington 98444
Feel free to blog these folks or look them up and advise of their other criminal deceit. I have sent my correspondence to firstname.lastname@example.org
Thank you Thank you.
When I asked if I could post her comment, she replied:
I am so mad I just want to send them a box of dog shit in the mail as this would be the only punishment they would receive since I wasn't so stupid as to believe this was real especially when I got the fake pay pal messages. I took a picture and sent it to them as proof I knew what was up.
Look how brazen they were into thinking I believed them.
21 July, 2014
Reader Joe wrote:
I'm actually in the middle of trying to sell my iPhone 5, and a "Robert Miles" is trying to pull the 'Gary' from last summer. He's operating from the email "email@example.com", and when first looked his alias up, I couldn't find anything. So I proceeded honestly enough, and eventually (after a couple back-and-forths about the condition and price of the phone) he dropped this:
Alright Joe, we've got a deal for $450 but unfortunately we won't be able to meet for the deal because i recently lost my grandfather and i am presently out of Oshawa for his burial in the US, so i want you to help me mail the phone to my friend while i'll include $100 for the shipping making $550 in total.
However, i urge you to be honest in mailing the phone to him after receiving your payment while i'll pay you upfront through PayPal since its the only access to money i have right now, so i hope you have a PayPal account for the payment to be made to your account ?. Let me know please.
Waiting to read from you again,
Newly-armed with such glaring keywords, I doubled my scam-search efforts, and found your blog. I replied to Robert with my "sympathies", asked where he was in the States and when he'd be back. I told him I was an honest guy, so we could wait and do the exchange in cash upon his return and he'd save on shipping costs.
Unfortunately, i won't be back until August 10th while the purpose of buying the phone for my friend will be held on July 31st and i want it to get to him on due day or before so waiting till i return won't be an idea. Besides, how will it save me on shipping cost ?. Will Canada post allow me ship it for free when sending it to my friend ?
So, either that Gary guy is full of it, or scammers are visiting your site and using his story nearly-verbatim. Going to lean toward the former.
Joe in Toronto
(later that day...)
All done with Robert Miles. After responding like clockwork every 20 minutes throughout the day, he hadn't responded to my most recent bait for over 40 minutes, so I sent a string of e-mails meant to lure him back in and give me a few more company lines, which included asking him where his grandfather was being buried and what the man's name was, as I felt we were now on friendly terms, knowing so much about each other's families and friends, and I wanted to send flowers for his relative. Little morbid, I know, but I just kind of wanted to screw with him at this point for wasting my time.
Joe !, i won't want to be rude at you and i wouldn't appreciate using my situation to mock me. I never begged you for a flower so keep your flower and FYI, i just bought from a potential seller who has believed that he cannot meet unfaithful people in life simply because he is faithful himself. However, seize your mailing me i urge you in the name of god !. Good day !.
So, yeah. Looks like once it's clear to these guys that they're not going to make any money off you they pretend to get offended, religious, and strangely medieval in their exit interview. Oh well! Least I got a "Good day!"
8 September 2014 - Here's a behind-the-scenes look at the Nigerian gangs that do most of the Craigslist scams: http://www.itworld.com/security/435001/just-five-gangs-nigeria-are-behind-most-craigslist-buyer-scams
Older blog postings....