If you do any form of communication over the Internet, online frauds and scams are something you always have to be wary of. I have been fortunate enough to avoid such scams as I keep my email reasonably locked down, have a relatively good “BS detector” and am overall a tad bit on the cynical side (only slightly though!… maybe…). That said, I have never been an actual singled out target for a scammer until recently.
I thought it would be fun to do a writeup dissecting exactly how the scam worked (in a both a real world/average user approach as well as in a technical sense) and also point out how, with a careful eye alone, you can spot a fake (or spoofed) email. Sit back and enjoy.
The Scam – A Real World Perspective
A couple of months ago I decided to post a couple of old laptops (one of which was advertised for parts only) I had laying around the house on eBay. I go through the usual motions, of taking a picture, setting a price, etc. One of the stipulations I clearly put in my terms of sale was I would only ship to the United States. So the week of the auction goes by and my “for parts” laptop sells, but of course to someone in Nigeria.
The “buyer” (interpreted loosely in this case) in Nigeria sends me an eBay request for an invoice, to which I reply with an eBay message telling them:
I’m sorry, but as stated in my auction, I only ship to the United States.
Of course, the buyer sends me a few more messages as they must have been checking their email at the same time as me, one of which says (none of the emails are edited):
Have already transfer the moeny..so i have paid the sum of $100.00 for the shipment fof the item through USPS Global express mail…so i want you to get the item posted as sson as possible..
Now, from the email image above, my item sold for $56 with a $10 shipping fee, so the buyer was going to “pay” me $100 to ship a for parts only laptop to them overseas. I was scratching my head at this point and then I receive an email from eBay:
No sooner did I finish reading this, I received “another” email from “eBay” contradicting what the previous message said. I only had to read first paragraph to tell this second email was a fake. I took a look at the email headers which clearly proved this was a fraudulent email. I have highlighted everything in the email below which is evidence support the email is garbage.
Reading the text is actually quite humorous as the text is so poorly written. Combine that with the fact of the reply to addressing being an @instruction.com email.
It doesn’t stop there, about 45 minutes later I get a “payment confirmation” from “Paypal”. Not only had payment been made, but this this generous individual “payed” a total of $300 for a $66 item. They must have really wanted the parts. Of course, the Paypal email was a fake in the same fashion as the eBay spoofs.
I will say this for fake emails sent, at a quick glance they do appear legit. A respectable job was done in replicating the fine print at the bottom (not showing in the “Paypal” email). All the images (when shown) resemble their authentic counterparts and (most of the) links in the emails took you to the correct locations.
After I received the first fake eBay email telling me the item was reinstated “and you can go ahead with the transaction”, I did not send a another email to the scammer. Here are all the emails they sent me after this, each getting a bit more threatening:
2 days later:
Payment made for your ebay item.
i have transfered the payment for your item and the money for your item as been deducted from my paypal account.and i have not head anything from you since then.so i want you to get the item shipped to my store’s address and send the shipment tracking number to paypal at their customer care link given to you in order for the money i transfered to be credited to your account.
get back to me as soon as possible so that we can dialog and complete this transaction.
1 day later (this one from “Paypal”):
PayPal Shipment Reminder for Transaction ID: 92S849286985130M
PayPal Postage Verification Center is using this message to remind you of the transaction between you and [fake name] about an eBay item paid for by the Buyer who also is our Client .We are yet to receive the shipment details of the transaction,the buyer has paid and your money is still in our Account Database ready to be credited into your account once we verify the shipment of the item.
The buyers shipping address has been confirmed by us:[... address information ...]
This PayPal payment has been Confirmed and Approved by us,but due to that its International Transaction all we need from you is the shipment proof for the verification of your money.Once this as been received and verify by us,You will receive a CONFIRMATION E-MAIL from us informing you that the money transfered to your account as been credited.
1 day later:
Why can’t you just reply !!!!!!!!!!!
I have transfred the payment for your ebay item and the money for the item as been deducted from my account.and i receive a mail from paypal informing me that to protect bot parties that you need to send to the the shipment deatils for the item so that thye can creditmthe money to your acount so i want you to get the item shipped and get back to paypal at thier customer care link given to you….
N:B :
I want you to get back to me or else i will report….!!!!
3 days later:
Confirmation of payment…get item shipped!!!!!!!!!!
i have Already contacted pay pal on your behalf about your fund and the explain that they are taking new procedure for international transaction in order to secure but buyer and seller against fraud and they just introduce the new system for international transaction only and your have been deducted from my account already and i await you to complete the transaction.I hope you would have been contacted by pay pal now for confirmation of payment.
thank you and pls reply if you have any question
3 hours later (this one from “Paypal”):
*** Message From PayPal Postage Verification Department ***
Dear Customer,
PayPal is using this time to remind you about the transaction between you and [fake name]. The money transfered to your paypal account by [fake name] for your ebay item as been deducted from her account and its here in our Data Base side for security purpose. so we want you to get the item shipped to the buyers address and get back to us for verification of your money to your account once we have the shipment details for the items from you, your money will get credited to your paypal account immediately. Now get this done as soon as possible and get back to us with the shipment details so that your money been PENDING days ago can be release and credited to your paypal acount.Thanks for contacting us.
We hope to serve you better till Future.
After the last reminder from “Paypal” I didn’t hear anything else. The timing was such that they waited a week with no response from me before giving up and moving on. This having been the first scam I was singled out on and looking at it from an average user’s perspective, I can understand how someone would fall for this scam. In general the emails are convincing enough (although, the scammers spending 30 seconds to spell check and proof read their emails would make it more convincing) to lure in someone who is relatively new to eBay or somewhat naive/trusting. It is a real shame these are the ones which get taken advantage of.
The Anatomy – Breaking Down The Scam Technically
In this section, I am going to do a quick breakdown of some of the technical elements which definitely prove the emails are fake. You do not have to be a “geek” to follow as I will explain in plain English.
Since the scammer sent me several fraudulent emails, they must have gotten my email somewhere. My eBay user name is not my email address and I have nothing in my eBay profile to indicate my email. So the first place I started looking was in the emails eBay sent to me and, indeed, they got it on the invoice request email.
As you can see, the email was sent to me but additionally to the scammer via the carbon copy (the scammer’s email is blurred out). I can only guess when the scammer was sending the email through the eBay system, they selected the option to have a copy of the email sent to them. If this is the case, I cannot believe eBay would be so careless as to let this happen as they are adamant about warning you to only send and respond to messages using the eBay system. Supplying such a simple vehicle for unscrupulous people to subvert this safety measure is a big time failure on eBay’s part. Again, I stress the emphasized “if this is the case” above.
So once they had my email address, the barrage of spoofed emails ensued. From here, producing their cleverly replicated eBay and Paypal emails was, probably, just a matter of copying and pasting a template email where the scammers reproduced a legit email, modified the text and “filled in the blanks” with my information. In the case of this scam, the email format was replicated reasonably well, but the wording of their text was so poor you could recognize the email as a fake right away.
Suppose the scammers did take a few minutes to actually read their email before sending it and the result was an email which is the spitting image of a legit message with flawlessly worded text. How do you recognize it then? You have to use the full email headers to find out where the message originated. To demonstrate the dissection of the headers, take a look at the image below where I have headers from a legit email sent from eBay on top of the headers from a fake email.
When you take a look at the information indicating where the email was sent from (look at the “Received:” values above), you can immediately see the domain name for valid emails end with “ebay.com” where the fake ones end with “yahoo.com”. Why would eBay send messages from Yahoo’s servers? They wouldn’t. The scammer was clearly using Yahoo Mail to send their fake emails.
By doing simple things like changing the ‘friendly name’ on their Yahoo Mail preferences to something like “service@ebay.com” or “notification@paypal.com” in place of where you would usually put your actual name and changing the ’send replies to’ setting to an equally crafty email address can make an email appear to be legit when only quickly glanced at.
Taking Action: Protecting Yourself And Reporting Scams
The most effective weapon you have for protecting yourself against scammers is common sense. Scammers make a living by playing to people’s naivety, trust, greed, ego or all of these. In my case, why would someone voluntarily pay me $300 for an item which went for $66 total? This is way to good to be true as nobody is that generous. Combine this with the incessant fraudulent emails calling for immediate action “or else”, the scammer was counting on me being naive, trusting or greedy. Another interesting observation is they used a female name, for all of their correspondence. Perhaps there is more perceived trust when you are dealing with a woman? I have no evidence to support this, just a thought I am throwing out.
As an extra measure, and to help others thwart these types of scams in the future, pretty much all major online sites have methods to report suspected fake emails. In the case of eBay and Paypal, this involved just forwarding the unmodified email to “spoof@ebay.com” or “spoof@paypal.com”. I did this for each of the fake messages and got a response back in no later than 30 minutes. Any time you suspect a email to be fraudulent but are not totally sure, be sure to do this before responding to the suspect email.
If you have already fallen victim to a scam or want to report the attempt, you can report them to the Internet Crime Complaint Center. Here you fill out a somewhat detailed form regarding the scam (i.e. how did they solicit you?, how did they want you to send money to them?, where did they want you to send money?, etc.). I filled out one to report this scam attempt. Every little bit helps.
Stay smart.
Jason Faulkner is the man who brings you our daily tips. He is based in Atlanta, Georgia.
It happened to me for over a month thru hotmail but I reported it to MS and it stopped. These were notices that I had won a lottery I never entered and that I was a confirmed winner. Just sent sveral thousand to expidit my millions. These were supposed to be from the UK but I traced them down to Nigeria. I also did some other things I will not discuss but they won’t bother anyone for a while. These people have to be stopped, they give the internet a bad name.
Nice one matey, as a security student, this is one of the hot topics we are dealing with, how a hacker could send a fake bank website and let you enter your credentials for verification purpose, then use them to empty your account, it’s common and this is done without notification, I am aware how many of us are victims of such theft, hopefully everybody will be smart enough to fall into such traps.
Tanks a lot and i like your comments on pcmech
Been following your blog for some time. Most posts are interesting enough reads… but this one was quite enlightening. Thanks for the info.
Good point! I cannot post anything on craigslist without a scammer trying to get to me, They are pretty obvious because of the bad spelling. Just imagine what could happen if they get a little more advanced along with spell check. Scary thought, be careful and I would recommend checking all items being sold before I make a transaction, time well spent!
This blog is totally worth reading. Actually something similar happened to me and my dad. Their was a email sent by paypal to update my account. It email was so poorly done me and my dad just started to laugh. The spelling was really bad. I had reported the email to paypal! Plus the funny thing was that me and my dad don’t even have a paypal account. It’s Pretty stupid of scammers. And man i thought phone calls were bad enough
I have been burned twice on Ebay…once with a monitor that did not work and then with a product that did not show up. I also know a number of others who have been burned as well. I simply will not buy from an individual on Ebay ever again which is too bad because Ebay itself is a great idea.
Its amazing the efforts put forth to rip people off. It must me a nightmare for Ebay and cost Ebay millions of dollars in administrative costs each year to stay on top of the criminals that are using Ebay to rip off regular people.
I won’t do it. I guess I am not savvy enough to use Ebay and don’t want to have to become savvy enough to stay ahead of the criminals.
This is happening to me right now! The same guy from nigeria is sending me the same emails that you received with the subject title, PAYMENT HAS BEEN SENT****SHIP OUT IMMEDIATELY. What shot up a red flag was when he sent me an email pretending to be from paypal (return email was —-@gmail.com on behalf of service@paypal.com) The email had atleast ten spelling mistakes and if it really were from paypal, there would not be any! so i googled part of the email and found your site.
Thank-you so much for posting this blog, it totally saved me.
I had the exact thing happen today when an auction on an item I had listed ended. Guess I can look forward to more fake emails over the next week.
I used Ebay quite a lot a few years back and had zero problems, but I haven’t bought or sold anything on it for a coupla years, until now. Is it worth the trouble of re-listing my item, or is this what Ebay has come to now…nothing but scammers winning auctions??
The simple rule in all these cases is
“If it looks too good to be true, it most probably is”
I cannot believe the number of people who fall for the lottery scam, or the money transfer scam.
Good article. I admire your patience.
I like the detail you gave. I wondered how they went about it, though it is pretty recognizable.
I got a scammer on Craig’s list, but didn’t reply at all, since it was out of the country. Never heard from them again. Craig’s list sends you the email, but if you respond directly, the scammer has your email address. I use a special email address just for Craig’s list, so I know where they got my email address.
I never buy from eBay, because who knows who any of those people are. However, my brother bought a car on eBay and picked it up out of state and was very happy with the deal. Many years ago, though. From what you said, it looks as if eBay is alert to the problem, since they notified you right away, but their email didn’t look much better than the scammers. It was unclear and confusing.
I got a phishing message, claiming to be my bank; sent it to earthlink
I got an email begging for money to help this “poor” guys’ “poor” mother to get out of her country illegally. (Does this really work?) I don’t know where these last two got my email address.
Someone is using my web-site address to spam people in my mailbox. I’d like to know how they are doing that. Yahoo hasn’t been any help.
I think if everyone just deleted all these bogus messages without responding, they would stop. No need for policing them, if they don’t work. It’s the same as: if nobody buys stolen goods, nobody will steal it.
[...] Additionally, for those interested, I have written an article on this site which really gets down to the nuts and bolts of some fake emails in an eBay scam I was the target of. [...]