Tuesday, July 21, 2009

A Bad Name

image

Someone here Tried to Take Me for a Ride.

I have to admit it. The scam was smooth, simple and elegant. It probably relies on well iterated social engineering factors. A novice eBay seller. A hot item. The desire for quick turn around. Maybe even a location or origin flag. Many people have probably been caught out by it. I nearly was.

I had a couple of items to sell. I was in a country, the UK, where it was easy to ship items for minimal costs.  So I post the item for sale. I put the minimum bid at 200 GBP and a buy it now price of 400 GBP. Maximum shipping cost that eBay allows is 7 GBP  so I reasonably expect to sell it in the range of 407 GBP. I have had an eBay account for years, but I have never bought or sold anything on eBay so I am a novice on this thing.

The very same day I post the item, I get a hit. An interested buyer sends me a message in the the system asking about the item. I have reproduced the series of conversations below:

image

I respond that it is still available and “gerald9698” replies:

image

Thinking quite innocently that this complicates things a bit, I send a return message suggesting that we follow the approved eBay process . I point out that he would save himself money on following that process, but he answers:

image

He then sends another message saying

image

So I send it to him. I want to make a quick sale, I owe eBay no loyalty since they have charged me upfront anyway for posting. The same day I get the message below.

image

Truly I get the message below from “service@paypal.co.uk

image

Now I don’t notice that the email address isn’t actually service@paypal.co.uk. It is actually “pay.paypa_uk@consultant.comservice@paypal.co.uk is just the name associated with the address, not the address itself. However certain other things set my warning bells ringing. First, my original offer was 407 GBP, the person had said he would pay 430, yet here he “pays” 480.

Secondly and more tellingly, both eBay and PayPal have internal messaging systems on their sites that inform me of any transactions and neither system has any record of a payment whatsoever. The scam artist, for that is exactly what this person is, tries to run-around this with the official sounding text below. However it is complete rubbish. Every true transaction, pending or otherwise would be recorded in the PayPal messaging system. Secondly, even though he wanted this to be a non-eBay transaction the email message contained text that could only be have been part of the message if it had been an eBay transaction.

image

With this and a little bit more research, it was quite obvious that this was a simple yet well planned internet scam. I certainly intend to try and get eBay to discontinue this user’s account, though it is trivial to open one.

The lessons in summary are as follows. First use a system that has a good reputation, is known and has in-built protections such a comprehensive internal system for messaging, payment, verification and so on. Secondly, Don’t let impatience, a quest for simplicity or for extra money make you circumvent the system. Third be careful what information you give out online to strangers. Lastly, check and double check everything you can check before making any form of exchange.

I’m glad I was able to escape this pretty much unscathed. Nevertheless, it a pretty run of the mill, rather mundane story. What makes it worth blogging about (other than it being my first experience of this type) and both infuriates and saddens me. is the origin of this scam. Observe the name of the supposed buyer and his delivery address:

image

That’s right boys and girls, a Nigerian scam. The very first time I try to use eBay, a fellow Nigerian tries to take me for a ride. It shocks me. It embarrasses me. It saddens me.Is it any surprise that we Nigerians have a bad name on the world wide web?

Dej.