This is my one hundredth Article for those nice people at Information Security Buzz (hence the title), and whilst I was pondering on which topic to write on next, along came a subject falling directly into my lap in the form of a blatant scam – followed by others – which I felt was of high value for purpose of security awareness educational value to share with our community, but above all the great unwashed public at large – please read on:

Over the years, I seem to have gathered so much stuff, which is now unused and unwanted, and felt it was time to clear the attic, make some space, and let my no longer loved, unwanted items go on to a good home – enter the worlds of On-Line Selling Apps and my experiences of weekend period 14 May 2022.

The URL Hook: Experience number one was, on the Facebook Market Place where I started receiving many messages, with embed URL’s saying – ‘Is what you are offering anything like this on the link’. My response, and recommendation here was (is) ‘what is being offered is as shown’, and the sender simply seemed to then disappear as quick as they had arrived. My thoughts on this approach with the URL are, this is a blunt technique to drive the unwitting seller onward to some form of entity which may prove averse to my (your) digital health – so tip here is, don’t fall for clicking an unknown unknown!

No FIXED Abode: The next attempted scam started to flow with the communication shown below at Fig 1 from Rohda Mountain. Note, here we encounter indications of a scammer in operation who would seem to be just a tad on the grey side of the intellectual curve:

  • Bad grammar etc
  • Offering full asking price – no haggle!
  • They are busy – not around
  • They wish to use a Pick-Up Agent (Mover) – so no delivery address
  • Presentation of all the ‘thing’ necessary to collect – whatever that/they are!
  • No call – job is so busy they are not contactable
  • Their Satellite Server is down – hmmmm – funky, must get one of those
  • Has a WiFi Laptop – but for some reason, can’t use that – maybe that is also using the said funky Satellite Server?
  • Insists on PayPal
  • Helpful – will advise on how to set up a PayPal account – nice people, are they not?

See below – the as is email as sent from my new, good friend Rohda:

Fig 1 – Scam Commences

So here is the rub – and what you may expect – the PayPal security loop here being leveraged by our scammer – sorry, Rohda is, the goods will be collected by an ‘Agent (AKA Mover)’ for the buyer, and thus, the buyer is in a position of the goods with no proof of delivery to an address – so, given the way PayPal lean toward the buyer to protect them from rip-offs, our buyer in this instance is actually using the Fraud Prevention mechanisms to, well commit fraud. – The conclusion to this multi-faceted fraud is, post the transaction, as the buyer (Rohda) has not received the goods to an address (which they have had collected) the honest, trusting seller may expect that the funds in their PayPal account will be quickly clawed back by our new pal, Rohda as the goods will be claimed not to have been received!

Strangely enough after that attempt failed, I had another communication drop in, this time from a very polite person going by the name of Felicia Alvarez – see Fig 2 below – as you may note, a very similar style in use here, as with Scam attempt number 1:

Fig 2 – Scam Attempt 2

As you can imagine, I saw this one off – but I have made use of their information – and did some lookups on their email and cell phone number – and as you would expect, no trace on the email, and as for the cell phone – looked like it has a very suspicious profile – see Fig 3.

 Fig 3 – Suspect Cell Phone Number

At this juncture, I am getting really interested in this new game I have discovered, so time to extend the playground – enter Gumtree. Post setting up the account and placing the add, it wasn’t long before I had a knock on the electronic trading door from my new interested buyer, on WhatsApp from cell number +44 7796 906438.

Fig 4 – Buyer +44 7796 906438

Now this time, to trade securely and to avoid any fraud of course, the seller wishes to use the suggested inter-Gumtree system – which allows the buyer to set up a secure transaction line J to make a payment into the sellers account – with me so far? This time our buyer is playing the not sure card as to how this works – but seems to be very accomplished and quick on the uptake. Now to be clear here, I am using a FinTech Bank Account which has very little in the way of funds in the account!

Next step, link arrives, and I click on it – and now the interesting part – I get a communication from the buyer informing me that something has gone wrong, and they send me the image show at Fig 4:

Fig 4 – Server Error

All seems very straight forward, the funds seem to have got locked in the system but are not in the sellers (my) account – so all the seller (me) needs to do, is pay funds into their account and click the said link and all is well – right! Here I advised the Buyer that this would not be happening (I kept it polite somehow), and that they should contact Gumtree to resolve the issue – then I waited and nothing.

No contact or comment came back, and all was silent – that was until my FinTech Bank app pinged up an alert to notify someone from another FinTech Bank was attempting to withdraw Î60+ – which having set controls on the account to require an authorisation, I of course rejected. Clearly the URL I clicked did a little more than just paying over funds in a one-way direction, here the constructed protocol was very much aligned to a bidirectional transaction post acquisition of the sellers Bank Account details.

Conclusion

It is simply unfair that the value and use of the Internet, and such services as on-line selling have become so plagued by criminality, and to be frank, low life scum. What is even of more concern is the way in which, some anti-fraud controls employed by the likes of PayPal and Gumtree and others have become the facilitators to assist criminals to leverage the anti-fraud controls to their own use, AKA to commit FRAUD. What I also find very worrying is, the speed and ease at which anyone can set up one, or many FinTech bank accounts and start trading for good purpose or evil – maybe this area of Account Enrolment needs to have another close look at how the world of FinTech can better controlled in the interest of legitimate account holder security.

One final note to all who wish to use such on-line selling app and services:

  • Look out for the indications of fraudulent activity – see above
  • Ensure you fully understand the site T&Cs of the service to keep within the systems boundaries of security
  • Keep a watchful eye on the Internet for notifications of Fraud/Scam Alerts
  • If you are scammed and defrauded – report it to the Police and/or Action fraud – not saying you should not expect much from them, but nevertheless report it all the same

An remember – if it looks too good to be true, it probably is – stay safe out there.

Professor John Walker
Visiting Professor
NTU
Expert Comments : 3
Security Articles : 101

John is the Principle at Shadow-Intelligence (Si), partnering with PALISCOPE, BreachAware and iStorage. He is a Visiting Professor at the School of Science and Technology, Nottingham, Trent University (NTU) and holds the appointment of Editor in Chie ...Read more