As someone involved in both banking and the internet, I am probably more attuned to cybercrime and fraud than most people. For this reason, I was able to realize very quickly when someone was trying to steal from me. Here’s how the scam occurred:
I have a limited edition Takamine Guitar that I don’t play, so I decided to see if I could sell it on Craig’s List. I had never sold anything on Craig’s List, but I thought it would be better than eBay since someone could pick up the guitar rather than have it shipped; and it was simple and free to post the ad. Within an hour I received an email wanting to know if the guitar was available and if so, they would take it. I was thrilled with the results. The “lady” was named “Anita Ford Jnr” but the email came from a different name, so my radar went up.
The next email I received asked me to take the ad down, that she was going to send someone to look at the guitar, but that she would go ahead and pay right now so she “wouldn’t lose it”. She said she wanted to use PayPal and extolled the virtues of using this great service. She recommended that I open a PayPal account and send her the account information so that she could send me the money. At this point I was nearly certain that it was a scam, but having attended seminars on cyber fraud, I decided that I would watch this unfold to see how people work a scam.
I contacted PayPal and asked them to put a fraud alert on my account so that if anyone tried to pose as me that they would not under any circumstances change my account information to a new address or email address. They assured me that no one could pose as me and change my account; only I could do that with my private information. PayPal then emailed me a record of our conversation for my assurance.
About that time, I got another email from Anita Jnr telling me that she was stationed with the coast guard in Bend, OR so she wanted her “friend” to come inspect the guitar to see if it was as advertised. In the meantime she would arrange for UPS to pick it up. She again asked me for all my PayPal account so that she could send me the money.
Here’s the thing you should know. PayPal is incredibly safe. If you have a PayPal account and you want to collect money from or send money to someone else, all you need is their email address. You DO NOT need their account information. You simply enter their email address and PayPal takes care of the rest. The other party authorizes the payment through PayPal, but you certainly do not see their account information.
Because I already have PayPal and have her email address, I simply sent a money request to her email. If she did in fact have a PayPal account, all she would have to do is log in to her account and hit send, and I would receive the money instantly.
Right after sending her a money request, I got an email back from “PayPal” stating that she had paid me $900 more than I requested. But again, the email from PayPal came from Paypalpayment@gmail.com, rather than service@paypal.com. Don’t get me wrong, the email looked very legit. It had their logo and same fonts. It looked exactly like a normal payment confirmation, but I knew it was fake. Two reasons – one, PayPal doesn’t use a gmail account to send its email. And no one sends more money than is requested (especially since the “friend” had still not even come to look at the guitar).
This took all of 10 seconds to prove. I went onto PayPal and lo and behold my request for money still showed “pending”. In other words, PayPal sent her the money request but she had not paid it regardless of what email I had received.
The scammer had no way of knowing that I simply checked my PayPal account and verified that the statement was a scam. It was at this point that I got another email from Anita Jnr stating that she included extra money for the shipping and for the trouble of her friend coming to inspect the guitar. Would I kindly just wire the extra $900 to the friend?
I would have happily strung this ne’er–do-well along, but I figured I now had enough information that I could turn over to the authorities, so I got on the FBI Cyber Crime reporting web site. They had this super easy step-by-step form to fill out to report exactly what happened. Here I had the goods on this person, and I was still interacting with them that could allow the authorities to try to trace the IP address that was trying to steal $900 – a scam that I’m sure they’ve done to tons of other less internet savvy people.
Here is the response from the FBI’s Internet Crime Complaint Center:
“The IC3 receives thousands of complaints each month and does not have the resources to respond”.
What?!?
It went on to say that they would pass the complaint on to local authorities who may contact me. This incident occurred over a month ago, and to this minute, I have never heard from anyone. I am a huge fan of our local authorities, but if I thought they were well equipped to handle international cybercrime, I would have contacted them first.
On the bright side, the FBI did include this in their automated email response:
“To learn more about Internet schemes and ways to protect yourself, please visit www.lookstoogoodtobetrue.com.”
Go to the website at your convenience, but the real bottom line is the first clause of that sentence, “protect yourself”, because no one is doing it for you.
________________________________________________________________________________________
Greg Wilson is the founding partner of Hometown Web Media (the parent company of eParis Extra!). Greg also heads up business development for Lamar National Bank.
eParisExtra
follow: RSS
