[IP] "419" Scammers and eBay
Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
Date: Sun, 01 Feb 2004 10:39:30 -0800 (PST)
From: Lauren Weinstein <lauren@xxxxxxxxxx>
Subject: "419" Scammers and eBay
To: dave@xxxxxxxxxx
Cc: lauren@xxxxxxxxxx
Dave,
Most Internet users now know to ignore (or report to authorities) the
multitude of Nigerian "419" scam spams that purport to offer millions of
dollars from various obviously questionable sources. But it's important to
realize that 419 frauds can also be highly-targeted one-to-one attacks, that
don't appear to be spams at all, and that even can play on people's faith in
eBay as a means of finding potential marks.
An elderly couple that I know was almost ripped off for thousands
of dollars this way just a few days ago. Some details might
be instructive.
Very recently, this couple (who do a lot of eBay transactions related
to collectibles) had an expensive item for sale that did not sell
before the eBay auction termination. Immediately upon the end
of the auction period, they received an e-mail (via a Hotmail
address - warning #1) from a party claiming to be in England (out
of country buyer - warning #2) who wanted to purchase the item
directly.
While in retrospect minor warnings were already starting to appear, the
couple had done business with folks in England before, and neither the
non-domestic buyer nor Hotmail address triggered any obvious concerns.
Now comes the first of the major warnings that they missed. The buyer
wanted to pay with a Fedex'd cashier's check, but due to what he claimed
were "complexities" of duty charges and such, wanted to send them a check for
an amount three times the value of the mechandise, and have them wire back
the difference. Now the alarm bells should be ringing loudly, but since the
couple thought cashier's checks were always good they didn't see what could
go wrong, and missed the basic rule that any transaction that asks you to
send someone money in order to receive money is almost certainly a fraud.
The "cashier's check" arrives via Fedex. It's drawn on an odd bank
name without any geographic reference. They take it to their bank
and deposit it without difficulty. The bank says they'll have
access to the funds in 24 hours. The couple doesn't realize that
this means the check could still be bad -- in their minds a cashier's
check is always good. They hadn't noticed where the Fedex package
had been sent from. The airbill shows the scribbled source:
Lagos, Nigeria! The alarm bells are now a deafening roar.
The couple go to Western Union to wire thousands of dollars in funds back as
instructed, since the party at the other end insists that time is of the
essence or the purchase will fall apart. Not a minute to lose! The couple
failed to question why the buyer wanted to use a cashier's check in one
direction but a wire transfer in the other.
They wire the funds.
Now something interesting happens. They get a call from Western Union.
WU has blocked completion of the transfer as possibly being related to a
scam, and in the process saved the day (the exact metrics that WU used to
make this determination are unclear at this time).
The couple gets their money back. They inform the bank to stop processing
on the "cashier's check" and of course no funds result from that check. The
party at the Hotmail account no longer responds to e-mail and vanishes back
into the ether from which he came.
Bottom line: no financial loss to the couple -- by the skin of their teeth.
What's crucial to note about this story is that the couple who almost
got scammed are experienced users of eBay and are well aware of
the spam e-mail scams like the typical Nigerian pitches, which they get
in their e-mail like everyone else and of course just throw away.
But in this case, the highly *individualized* and *personalized* nature of
the crook's attack, combined with the implicit tie-in with eBay, caused the
couple to drop their guard and not connect the dots to see the shape of the
fraud being perpetuated against them. If Western Union hadn't been on the
ball (kudos to them for this case!) the results would have been very dark
indeed.
--Lauren--
Lauren Weinstein
lauren@xxxxxxxx or lauren@xxxxxxxxxx or lauren@xxxxxxxxxxxxxxxx
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org
Co-Founder, Fact Squad - http://www.factsquad.org
Co-Founder, URIICA - Union for Representative International Internet
Cooperation and Analysis - http://www.uriica.org
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/