Sophos Cloud Optix
George Mason University researchers Damon McCoy and Jackie Jones have found that the majority of Craigslist buyer scams originate from one of only 5 Nigerian gangs – with substantial help from US-based accomplices.
The researchers posted “honeypot” ads for laptops – priced, on average, at a 10% premium over Amazon in order to weed out most legitimate buyers. In fact, only one non-scammer tried to purchase an overpriced gadget.
The honeypot started attracting flies and the ‘buyers’ got in touch via email. The researchers responded by sending images of the products.
When the scammers clicked on the image link, their IP addresses, and therefore their location, were revealed. More than half of the scam emails were sent from Nigeria, and from just five groups of scammers.
The researchers were looking to attract people trying a so-called advance fee fraud scam, also known as Nigerian 419 scams.
The Craigslist spin on the 419 scam is that the “buyer” of whatever you’ve listed to sell says he wants to pay for the item with a certified check but that he can’t pick up the goods himself and needs to use a “mover” agent.
So the buyer sends a check for substantially more than the purchase price, with instructions to send the difference to the mover agent and maybe pocket a bit extra for the additional running around.
This is very similar to other overpayment scams, described by Paul Ducklin in anatomy of a scam as:
The fraudster sends you a cheque for more than the correct amount. Rather than cancelling and reissuing the cheque – since the scammer trusts you – you are asked to bank the cheque and simply to refund the difference. Except, of course, the cheque is fraudulent and ends up dishonoured. You are left out of pocket.
The researchers told PCWorld’s Jeremy Kirk that this is the most profitable buying fraud, and unlike many other 419 frauds, it has nothing to do with bogus PayPal payments.
From the researchers’ paper, which, according to PCWorld, they plan to present on 24 September at the IEEE eCrime Research Summit in Birmingham, Alabama:
Of all the checks received, only one was written by hand, all other checks were printed using check writing software, such as VersaCheck, using legitimate check paper, based on the [existence] of watermarks and other security features.
Most were business checks, and, based on internet searches, 90% of those businesses were legitimate.
Beyond the look and feel of the checks, the researchers found that the bank routing numbers were, also, all legitimate.
When they could identify the banks, the researchers found that 73% were located within or near the city of the check’s business address.
When the researchers took some of the checks to the banks upon which they were drawn, to gauge how authentic the checks appeared, each bank said that the checks looked legitimate and would likely be cashed.
The two elements the cashing bank couldn’t verify, because of privacy rules, were the account numbers and the signatures.
Depending on the issuing bank’s policy, the full or partial amount of funds may be floated while the check clears – or, in this case, while it doesn’t clear.
The bank may, of course, try to claw that money back, either in full or partially.
The researchers were taken aback by how many US-based accomplices are supporting the scam, McCoy told PCWorld:
I think the most surprising thing was the number of people in the U.S. participating in this scam.
All of the checks were mailed within the US, indicating that the Nigerian gangs had recruited local help.
The researchers also identified mover agents from 26 states, with most used only once, for the receipt of money.
Texas showed up at the top of the list, with 63% of the state’s scammers identified acting as both the mailer of the bogus checks and the mover agent/mule.
As far as the businesses from which the checks were purportedly written, the researchers didn’t ascertain whether or not they were in on the fraud.
They spanned businesses both large and small, including auto parts stores, gas stations, universities, churches, and city government offices.
Such a strong tie-in to the US is an effective way to cover the fact that the scam originates in Nigeria, McCoy told PCWorld.
The researchers used a variety of methods to determine that only a few groups were responsible for most of the fraud.
Beyond IP addresses, the methods included analysis of the return addresses used on the payment-carrying envelopes and the signatures on the checks themselves.
Because so few groups make up so much of the bogosity, they said, focusing on disrupting the top groups should have a sizable impact on the overall scammer community.
Image of check courtesy of Shutterstock.
This is why I stick with eBay. eBay has better security.
Pretty easy to discern the difference between a legitimate Craigslist buyer and a fraud. I usually play the fraudster along a bit, exchanging emails to get him excited, before I cuss him out.
This scam extends into real estate as well. We recently were taken trying to rent a house in Virginia Beach. The CL ad mirrored the legit listing from a real estate agency and even used their documents with letterhead. The price was slightly inflated and we actully did believe that added legitimacy. Of course, payment was requested by check to an address in the US. Lots of red flags in hindsight, but unfortunately they didn’t add up at the time. When we arrived at the property weeks later the real estate agency had no record of our reservations. When we filed the police report they said that they believed it was originating in Nigeria and frequently get reports related to it. But considering the payment went to somewhere in the US, there must be some way to pursue the individuals intercepting the payments.
I used to regularly get ‘job offer’ e-mails asking me to help an international company do business locally for a cut of the total profits, I thought it was a bit dodgy and the Australian Federal Police put out a warning about these ‘jobs’ being part of criminal enterprises, resulting in all monies often being clawed back during investigations.
You are missing a part of the scam. The mules/movers are often dupes themselves – often they are the ones who responded to the work at home email scams. You only see them once or twice as noted in this story because they too are ripped off.
I was scammed but fortunately I knew it was a scam. It orginated from an ad I put on AL.com selling a musical instrument. Then within the same day someone tried to hack a gmail account. I will never sell anything online again as a result. The only thing I did was respond to email saying item was available. Then, I received an email saying that the buyer was from Canada and wanted to transport Item and would send a carrier. I knew then it was a scam. I specifically said in the ad local buyers only. It still makes me worry.
I like getting things off Craigslist, but I always treat the transaction like a hostage exchange. I don’t trust them, they shouldn’t trust me, cash only, no intermediaries, meet in public neutral territory if possible.
Better to trust only insofar as you can actively verify someone’s trustworthiness, and mitigate the potential for harm.
Why can’t these clowns use their brains for good. Some of them are so smart, they could have all the money they need(honestly) and find the joy in “helping” people as well. They don’t realize God is watching them and they will reap the bitter harvest from cheating their fellowman.
We should do something to truly help African countries become economically strong. Our wealth is based on the poverty of other countries. NOT in favor of scams and stealing, but the best solution is to help poor countries build their own economic self-sufficiency. If these talented individuals were able to obtain viable IT jobs in their home-country, most probably would.