I have had the dubious expertise of selling a lot of stuff via Craigslist, both here in St. Louis and also in Los Angeles. Over the past couple of years, I have come across some interesting scam artists who are fairly easy to spot. But today’s email arrived with a new exploit.
Usually, we are selling furniture. My wife is an interior decorator, and we have been through a few decorating changes. Now, when you sell a bed or some other large piece, you are not going to get too many people from out of town who are interested, unless they are moving into town. So the first tip off that something is amiss is when someone from overseas responds to the ad and says that they will pay for it sight unseen, matching your price. This violates three principles right off the bat:
- People like to negotiate prices, no matter how good a deal you are giving them. Anyone who is paying your price is suspect right there.
- People want to kick the tires and make sure that your item exists. Doesn’t matter what it is, but especially for furniture, because no photo can do any piece justice.
- Craigslist is hyper-local. Someone from out of town is suspect.
The legit customer is also going to want to think about his impending purchase, even for a few hours. And they will also pay cash, if you ask. (And you should demand cash, just because checks are so easily forged. Remember Frank Abagnale?) The con men are going to try to send you some kind of check, and mention that right off the bat in their initial email.
So my wife and I have developed our own parsing filter for these email responses, to separate the real offers from the fakers. All well and good, until we began advertising our apartment for rent this week. Today’s email brought the following:
I am highly impressed with the information in the listing. I don’t have any question at the moment. I wanna go ahead in renting the place from you. I’ll be the only person in the property. I work as a Researcher for my company (GLOBAL LINK) and I am coming to the area to carry out some research. They will be responsible for the first month rent and security deposit. I wish to sign the lease agreement in person and will be signing a year lease as soon as i get to the States. I’ll be moving to the States on March the 30th and i want the lease to start same date because I will be moving into the property directly. Kindly get the ad off from all listing because am taking the property for sure.
In the main time, I will like to secure the property asap so that i can attend to other important things for my move to the Country.
In order to proceed with payment, I will need the following information so that we can continue from there.
(1) FULL NAME AS IT WILL BE ON CHECK,
(2) MAILING ADDRESS,
(3) CELL NUMBER AND ALTERNATIVE NUMBER.
Kindly get back to me with the above information and in case of any query, please contact me on my phone number 0044XXXXXXX. Await your response asap.
A few things struck me about this email. First, why is he so eager? Second, why would someone from the UK (based on his phone number) in a financial services firm, move to St. Louis? Granted, we are becoming a bigger banking center with Wachovia buying AG Edwards, but still. Third, why is he using kindly so much? There is nothing kind about this, it is a business transaction. Fourth, the ALL CAPS is another tip-off. Fifth, the email came from Yahoo.com, rather than a corporate email account. Finally, why ask to remove the ad from Craigslist? Something didn’t add up.
A quick check online found the managing director of GlobalLink.com in the UK, and about an hour later he was kindly replying with the fact that the gent didn’t exist in his office. So case closed. But I just wonder how many people are less suspicious, or who don’t check out their potential buyers, fall into his trap?
Craigslist is a great site, and we have sold lots of stuff over the years on it. And they do a fairly good job of warning you about the con artists. But this just shows you that the bad guys are getting smarter all the time, which means you have to, too.
David – Hmm, speaking of feeling suspect, I was notified of your latest post by email. The “Beware of online scams” subject line smelled like many of the precautionary emails forwarded to me by well intentioned relatives who don’t recognize urban legends. Ah, the irony.
You’ve shared good advice about selling via craigslist. My friends recommend moving furniture and such to the garage or front yard when selling online to prevent strangers from looking at all that isn’t for sale inside your house.
One reader writes in:
I kindly enjoyed this piece.
I wanted to share my experience with you. My wife is shopping for a car
and she spotted one she liked at a pretty aggressive price. The first
time it was listed it a had a stream of “tag words” trailing the
article. That was a clue that someone beat me to and flagged the ad.
But he posted it again without the tail and it stayed. He said that it
was in San Jose, and I work all over the city, so I thought I’d set up a
junk email address and nibble the bait.
I got a similar response to the one you did, he “got a promotion and
changed jobs to on in England, the car was parked in San Jose in a company parking lot
and that they would be handling the transaction for him.” What he
didn’t know is that I’m a contractor and I work for the very same company sometimes. It didn’t take very long to confirm that there’s never been a car of this description anywhere on their property
and that they’d never handle anything like this. I handed the whole
thing off to their security people. I’m not sure if they pursued it, but I’ve been
impressed with the way they’ve handled other similar issues.
In the meantime, check out the fun at http://thescambaiter.com/forum/
Pretty funny pictures. I was trying to find the story someone wrote
about their experiences tracking down the scammers by carefully taking
the bait. They said it got pretty dicey and they actually met people.
Another reader writes:
Check out this story on “scamming a scammer” that ran in the SF Chronicle last week:
He bit into some Nigerian spam – to fight it
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/03/13/MNTTVEAI9.DTL
And some readers responses with their own stories:
Readers’ Platform: Scam, counter-scam
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/03/17/BU16VJAMM.DTL
Another reader writes: Good topic, David.
Your article reminded me of an unfortunate credit card incident that
happened to me recently…first time of unauthorized charges. I purchased
some tickets to a music concert online with TicketMaster a couple months
ago. I wanted to pay for it using some American Express Rewards points, so
I used an AmEx card that I hadn’t charged anything to for more than 1-1/2
years but still holding a sizable balance of Reward points associated with
it (had to do the AmEx charge first before going to the AmEx Rewards site to
transfer points to that AmEx account). Within 12 hours, I was receiving a
phone call from AmEx to verify some charges being made to this exact same
AmEx account that looked suspicious to them. Sure enough, the additional
charges weren’t made by me or my wife, the only authorized people with the
info to make such charges and with the only hard-copies of the cards. The
fact that this particular AmEx account had not been used in so long pretty
much clinched my belief that Ticket Master had somehow leaked my info to the
criminal who used it. I always look to insure that such purchase sessions
are SSL encrypted, plus I sit behind two firewalls with
anti-virus/anti-malware software on my machine, so I think I’m safe from
criminals on the client side.
I also had made a separate purchase at TicketMaster online that same evening
for a different event, but using a Visa debit/bankcard. It was processed as
a Visa transaction. Although I had not received any calls from my issuing
bank’s security department on that, I decided to check my account anyway.
Sure enough, that one also had unauthorized purchases made shortly after my
purchase. In the case of both the AmEx and Visa-bank accounts, the
unauthorized charges were removed, credit card account numbers canceled and
new cards issued with different numbers.
Just in case, I first ran a full system scan on my machine, which found
nothing. Then, I called Ticket Master. Their customer service rep had to
consult with someone while I was on hold, and then was a bit defensive when
she came back to me. She said that she couldn’t resolve or take action on
my report, as they only do that when contacted by the police or FTC, and
that there is a special phone number known only to law enforcement that’s
used for their reports & investigations (!).
Since then, I’ve taken steps to file a police report with local authorities
here, and read up on a resolution process spelled out on the Federal Trade
Commission (FTC) website. I’m afraid this may not be the end of this story.
The world’s becoming a dangerous place, as cyber-criminals become more
sophisticated. Plus, you’d think that large & prominent consumer
transaction sites like TicketMaster would have the most robust information
security possible (okay, that may be a little delusional).