Wednesday, August 25, 2010

Anatomy of a Paypal Scam

Over the course of the last few days I have been the target of a PayPal scam. This was one involving a car I have for sale online. The gist of the scam is detailed here.

The first part that threw me was the perpetrator was claiming to be on a oil rig, having no phone access but working Internet access.
"thanks for mailing back,i am a petroleum engineer and i am on rig right now.i am buying this as a birthday gift for my dad,i've been trying to reach you but i discovered that our  phone is currently scrambled due to the bad weather please bear with me .I can only pay through paypal at the moment as i dont have access to my bank account online,but i have it attached to my paypal account and this is why i insisted on using paypal,i will like you to send me your paypal email so i can deposited the money."

I gather this was a ploy so that I could only contact him via the Internet and not speak to him in person. The mobile number he gave just rang out with no voice mail.

The next step was that the car had to go to Darwin which is a long way from where I am and that he couldn't pay for the pickup agent from his location.

He offered extra money above the price of the car to cover this if I could just wire the extra money to his pickup agent in the UK (never mind the issue of using a pickup agent in the UK to move a car in Australia).

The clincher came the next morning when a fake PayPal email came saying money had been transferred into my account (it hadn't) but to release the total value I had to prove that I had sent the money to the pickup agent.

The email looked fake. Checking the headers (View Original in gmail) gives:
Received: by 10.216.15.8 with SMTP id e8mr41876wee.59.1282688603259; Tue, 24
 Aug 2010 15:23:23 -0700 (PDT)
Sender: mark.markspencer.spencer8@gmail.com
Received: by 10.216.170.140 with HTTP; Tue, 24 Aug 2010 15:23:23 -0700 (PDT)
Date: Wed, 25 Aug 2010 00:23:23 +0200
X-Google-Sender-Auth: ovZN1dj6pw_bFlMm7Z5wEsKi3LQ
Message-ID: 
Subject: ****Regarding Your Payment****
From: "service@paypal.com" 
If you have dealt with Paypal before you know that notifications for instant payments
come from the person doing the payment, not from PayPal. I did a search for Mark Spencer  and variations on that name appear with many scams. If they were smart it would be an alias but lets not presume too much here.


During my long conversation with the scammer (yes he wanted to chat too) it was
evident that he didn't understand English that well and didn't get that he'd been sprung.
me: I should tell you I work in IT. This sounds too much like a scam to be 
anything 
but.
Jayceon: but?

I sent the original email on to the advertising agency who confirmed it was definitely a scam. I also forwarded the fake PayPal emails to PayPal so that they can investigate. I don't expect anything to come from this but it was an interesting experience nonetheless.

I have a full chat log plus all the original emails if anyone is interested.