Smart octogenarian foils scammer who said he would buy item via PayPal

Filed Under: SophosLabs

Elderly fingers typing. Image from ShutterstockRecently an elderly member of my family asked for some help with an online service. Dave (name changed to protect the innocent) is in his eighties and uses his PC for email and browsing but little else.

This is a pretty normal situation for anyone working in IT or even familiar with computers, you quickly become the go-to helper for any and all computer problems.

The request was a simple one: help set up a PayPal account. But there was more below the surface of the apparently simple request.

Dave was helping a friend sell a used household generator. He had found a buyer for the generator and agreed a price. But the buyer wanted to use PayPal for the payment, claiming he'd been scammed using other methods in the past.

Here's the email that the prospective buyer sent Dave:

[Dave], I won't do what you will be requesting for the payment because have been scammed in such a way in 2 months ago but the main problem now is that I can't have a state to state transaction that will not include adequate security level, I can't send any form of cash via western union or Cashier/Certified Check or bank payment for payment to anyone even money order or Debit Card just because have been scammed in such a way in 2 months ago, could you believe the same thing happened to my Cousin in Texas last 3 weeks and is getting too much.Please do think of giving a trial to PayPal to see how it works they are well secured with their services, I assured you will be highly surprised with how everything will work out fine so you can open PayPal account it's free no charges for opening even is very easy to operate well secured.

Expecting your opinion on this. Thanks

Using an online payment system that includes dispute resolution sounds like a reasonable precaution, although a close reading of the PayPal user agreement indicates that their dispute resolution may not cover personal payments.

The language in the email snippet above is similar to that used in various online scams - but Dave doesn't spend all day reading scams on the internet so he took it at face value.

Dave's PayPal account would only be used to receive payment so when setting it up we did not attach a payment method to the account. That way if the account is ever compromised no-one can use it to drain Dave's bank account or make charges to his credit cards.

Once the account was set up Dave contacted the buyer with his PayPal details. That's when things started to look a little fishy.

Within a few minutes Dave received three emails that claimed to be from PayPal. Fortunately, for the purposes of this blog entry, Dave made print-outs of the emails he received (redacted versions of which are reproduced below):

1) Notification that $1,750.00 had been credited to his PayPal account. $1,200 for the generator and $550 for shipping and handling.

mail1-big

2) Notification that a temporary hold has been placed on the payment until a portion of the payment is forwarded to a shipping agent.

mail2-big

3) Instructions for paying the shipping agent.

Email

Dave found this to be confusing but also suspicious and asked me for more advice.

At this point the scam is clear.

Dave is being asked to send $500 by Western Union before the payment for the generator is released to his account. Instead of receiving money he must first make a payment.

This is known as 'advance fee fraud'. The scammer will disappear with Dave's payment and instead of selling a generator he'll be $500 poorer.

There are plenty of clues in these emails to indicate that a scam is in progress, both for the technically proficient user and for the Daves among us.

Let's look at the last of the three emails - the instructions for paying the shipping agent:

From: "service@paypal.intl" <customers.representativecenter@accountant.com>

To: <Dave>

Subject: Payment Assurance: Please Read This And Follow Instructions *** Western Union Scan Receipt Needed For Verification ***

Dear <Dave>,

This message is originated from PayPal Company. The payment we received from has been made successfully and the money has been credited into you PayPal account but it will not show in your PayPal account. However, since this money is meant for a purchase or a service that involve a Shipping Company.We have to receive a confirmation that you have sent the pick up agent fee to <name of shipping company> before the money will be available in your PayPal account for spending. This is due to the large increase in the rate of the online scams recorded few year. We have changed some of our rules and regulation to make sure our clients, are safe from scam, PayPal in conjunction with The FBI and The IFCC has invented certain preventive measure to endure the safety of our customers. As part of our security measures, we regularly screen activity in the our system and discovered that the transaction ID 4WR6072127779652U is legitimate and confirmed. So we will require you to send us the Reference Number as requested and as soon as we have confirmed it,your money will be automatically transfer into your account immediately. Please understand that this is a security measure intended to help protect you and the buyer. We apologize for any inconvenience.

We also want you to understand that we have choose this customer care email address as to monitor the transaction between you and and we want you to know that we have to receive the Western Union Scan Receipt so that we can have your account credited with the fund pending. We want you to know that we have many people on our desk that we attend to and many may not understand the new safety policy that is why we have choose to use email to monitor some transaction... So we will greatly appreciate if you could get back to us here so that we can process and credit your account fully.

Be informed that this transaction is only available and can only be tracked and traced via email,so do reply back to us if you have any question about the transaction and not via phone call.

There is a laundry list of clues here telling us that the email is not
legitimate:

  1. The email addresses in the From: field do not match. Furthermore, the email attempts to explain away the suspiciously non-PayPal-looking email address, but is a little too eager to convince us.
  2. There is poor grammar throughout the email. While we might accept this in the earlier personal communications it is unlikely in an official form communication.
  3. The email has been sent to confirm that the transaction is legitimate. Most fraud detection systems warn you when fraud is occurring, they don't bother to issue reassurance when nothing is wrong.
  4. The payment has been made but will not show in Dave's PayPal account. A perfect way to explain away a payment that never existed.
  5. Any further communication must be by email because PayPal's phone support personnel won't understand the anti-fraud program. We can safely assume that's because the anti-fraud program does not actually exist.
  6. It is odd that PayPal, a company whose sole purpose is the transfer of funds would require a customer to use Western Union to transfer funds.

The contents of the other two emails also show some suspicious features:

  1. Although a shipping company is named the Western Union payment is to be sent to a private individual at a residential address.
  2. The PayPal images that are included to make the email appear legitimate are actually from third party image hosting sites, not from PayPal.

Paypal

All of these can tip you off that the scheme is a fraud. Dave, however, used the most powerful anti-fraud tool: common sense.

He realized that the agreed price for the used generator plus the supposed shipping fee was actually more than the cost of a new generator. Why would anyone pay more for an old generator than a new one?

Remember, there are many fraudsters out there but you don't have to be an IT security guru to protect yourself. Just pay attention to what you're doing. If something seems too good to be true or just doesn't make sense then you should keep your money well away from it.

Elderly typing fingers image from Shutterstock.

, ,

You might like

19 Responses to Smart octogenarian foils scammer who said he would buy item via PayPal

  1. Nigel · 618 days ago

    I'm not sure which is more scary (and sick) -- the fact that such stupid, illiterate scams exist, or the possibility that there are people who are stupid enough to fall for such frauds. Kudos to "Dave" for not being one of them.

  2. Roger · 618 days ago

    The style of English used has the unmistakeable odour not of Chanel no. 5 but of Nigerian no. 419! There's a style of writing which they invariably use, involving amongst other things great detail about how they (allegedly!) go about their business and I presume can't alter. Wrong use of capital letters in mid-sentence and strange syntax are other common markers. A pox on their houses!

    • David Gillett · 617 days ago

      As to "Nigerian 419 style": My wife (a linguist) and I (a CISSP) attended a fascinating session at the 2010 RSA Conference. The speaker was a linguist specialized in forensic linguistics amongst Africans -- that is, in part, on how the errors African speakers make in English offer clues to identify their native language. In the months before the conference, she had been analyzing a corpus of collected "419 scam" emails.
      Her findings were slightly surprising. Broadly speaking, the "419 style" of broken grammar did NOT match the typical error patterns of real Nigerians. But it DID match the way non-specialist AMERICANS typically expect Africans to fail at English grammar.
      That is, the internal linguistic style strongly suggested that many/most 419 emails -- at least in the examined corpus -- were actually composed by Americans posing as Nigerians -- more likely than that they were composed by genuine Nigerians....
      Scams within scams!

      • Chris · 616 days ago

        This is either very illogical or very stupid behaviour. It's clearly counterproductive for a scammer to use a linguistic style which is a readily identifiable flag for fraudulent intent when they attempt to defraud someone. Surely if they wanted to increase the probabilty of success, they'd use perfect American?

        • Actually no. This helps to select out the more skeptical mark. They will see it as a scam and not bother. If it looked overly legit they may engage a little more with the scammer until they realize it is a scam and then stop. Wasting time the scammer could spend on more profitable marks.

  3. yep-if you fall for an official email written by an apparent third grader you deserve to get ripped.

  4. schmunzelmonster · 618 days ago

    I have often wondered why so many 419 scams use such similar odd language. Long may it continue. It makes the scams so much easier to spot. If you would enjoy taking these folk on, or simply having a laugh at their expense, I recommend [redacted]

    • Paul Ducklin · 618 days ago

      I approved this comment, but [redacted] the URL of the "bait the scammers" site that was recommended here.

      I urge you all NOT to participate in scambaiting, for three primary reasons:

      1. Baiting people who are baiting you is lowering yourself to their level. Some scambaiters seem to derive an infantile enjoyment from persuading 419ers to be photographed putting themselves into demeaning situations or behaving in humiliating ways. Two wrongs don't make a right. Never did. Never will. Stick to the standards you wish they'd adhere to themselves.

      2. Talking scammers into doing time-wasting or pointless tasks - examples include carving replica PCs out of wood - isn't fair. Do you think for a moment that the scammers themselves - at least, those getting rich from the schemes - do those pitiful tasks themselves? Or do you accept that they most likely force reluctant minions (perhaps "turned" victims who owe them money) to do the dirty work?

      3. These guys are crooks. Some of them are almost certainly in a position to take drastic retaliatory action against those they can identify who cross their path. So why bait them, when all you know is that they already have your worst interests at heart?

      Delete. Don't buy, don't try, don't reply.

      • Revenge is a fool's weapon, but boy does it feel good :D. Since when should crooks be treated with respect? This is exactly what they they don't do :-).

      • Nigel · 617 days ago

        Paul:

        Thanks for your well-reasoned (as usual) reply. You're right, of course; baiting the scammers is nothing if not futile (and potentially dangerous) immature emotionalism. Revenge might "feel good", but that kind of epidemic concession to knee-jerk emotional reaction lies at the root of so much of the conflict in the marketplace of human interaction. It solves nothing.

        If the concept of "evolution" --- not in the biological sense, but in the sense of increasingly rational and moral behavior of humanoids toward one another --- is ever going to take measurable form in the real world, I suspect that this business of "revenge" isn't going to be part of it.

        Stated more succinctly, people need to grow the hell up, and LIVE the maxim, "Do not do unto others as you would not have them do unto you."

  5. Tom · 617 days ago

    On the issue of scam baiting. DON'T BOTHER! Yes, it can become exhilarating when you feel like you have your hooks into them, instead of them having their hooks into you. You may even think you are teaching them a lesson. No, you are simply wasting your time and possibly risking danger to yourself and to the poor "minions" who are driven by poverty to work for the masters of such schemes. Having your email address, they can enroll you in sleazy social networks and cause a lot of mischief that you will have to clean up. My advice, back out of the transaction as cleanly as possible and thank your lucky stars you didn't fall for their scheme. American citizens can find excellent information about protection from fraud at http://www.fbi.gov/scams-safety/fraud. Other nations have their own information centers, search and you'll find it.

  6. Robin Davies · 617 days ago

    I got three scamming attempts like this ten years ago when selling a Grand Piano on the web. They were all made pretty obvious by their illiteracy and the inevitable "send me your money first" inducement. My problem was that when a buyer said he had a collection of 24 grand pianos and would like to add another Erard to the four he already had, I needed to pinch myself several times before I decided that he just might be genuine: his story was so much more unlikely than those invented by any of the scammers. But he was indeed real, he paid my price, and he sent two movers and a van all the way from Germany to England to get it. Happy ending!

  7. Thegreenwizard · 617 days ago

    Once I received a similar offer, I just sais to send the money to an address who was the one of the sherrif of my town, addressed to Mr. X (name of the capitain of the office). Never heard back from them.

  8. SpamIsLame · 617 days ago

    Additional info:

    - The accountant.com domain is one of hundreds used by mail.com, another free-email provider (like Gmail, Yahoo and Hotmail.) That should be an immediate tip that this moron doesn't represent PayPal (among the other very obvious tips, like the ridiculously poor English language skills.) Mail.com react extremely quickly to reports of scams which abuse their services. You can report them to customercare@corp.mail.com. They will respond when action has been taken.
    - Unfortunately, there are many, MANY people who do fall for this.
    - Scammers like this actually are targeting the absolute dumbest of the dumb. We may all laugh at how obviously bad the writing of this stupid message it, but there are very ignorant people who just won't know any better, and they are the ones who are most likely to respond to such a ridiculous message.

    Fortunately this guy is smarter than that. Well done.

    SiL / IKS / concerned citizen

  9. My advice to anybody/everybody who asks about things they receive in their email from Facebook notifications to PayPal notices: __"Always, always, always open a browser and go to the site in question that way. Never, never, never click an embedded link in an email. Once the site is opened and you're logged in, check if the contents of the notice are there as well. If it ain't on the site. it ain't. Period. You have been served a lie"

  10. My favorite part is
    "...preventive measure to endure the safety of our customers"
    ROFL...
    At first I was concerned that there was some actual danger with using PayPal, which I thought was secure. But happily, PayPal is still (relatively) safe, used as its designed to work.

    I read some people's comments on the 'net that understanding/reading/writing correct English "really isn't all that important these days"- well clearly it is, because these scams might not be be so laughingly easy to avoid without a firm grasp of English grammar (and spelling).

    • You are absolutely correct. It isn't just spelling but the way the words are used with errors in singularity/plurality, incorrect verb tense, and a host of other giveaways.

      One of my personal favorites to date was from the FBI@yahoo.com where a crate addressed to me with some hundreds of thousands of dollars had been cleared and was waiting for me to come and get it. There was an explanation that the FBI's computer system had been infected with a virus so the agency was using yahoo temporarily..

  11. Sootie · 617 days ago

    I remember reading something a while back (might have even been on NS) that the use of this bad grammar and somewhat broken english was actually on purpose on the part of the scammer. The reasoning was people who were smart enough to know that it was a scam were not part of the intended audience for the scam, they were trying to target the emails at people who might have been silly enough to fall for the scam, hence those who might not have seen any issues with the spelling or grammar would be more likely to fall for the whole scam.

    • Paul Ducklin · 617 days ago

      I don't think we've written about "spamguistics" here on Naked Security, but I have definitely read the same thing...that the flavourful, rather archaic (to regular Anglo or Yankee ears) and mildly illiterate ramblings of the 419ers are actually cleverly, deliberately and subtly chosen by people capable of composing English in any sociolect they chose.

      But I don't recall the article actually presenting any credible evidence or justification for this conclusion. I think it was just a sociological hypothesis.

      For all we know, the spammers' boiler rooms are packed with underpaid cut-and-paste jockeys from the ranks of the under-educated and the chronically unemployed, who continue to churn out this sort of stuff because that's the boilerplate text they were given, and because it's all about quantity, not quality. So why bother with a copywriter if what you're doing works well enough to keep the phone lines busy with enough on-the-hook victims (mugus) to bleed?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Richard manages SophosLabs' operations in the United States. His principal security interests are endpoint security and user education. When he's not worrying about digital perils he enjoys singing, much to the distress of his cat, whose name does not feature in any of his passwords.