Reg comments27

5 Nigerian gangs dominate Craigslist buyer scams

Likely Lads from Lagos still skilled at parting fools from money

Clay in ZipLoc bag masquerading as an iPad 2

Just five Nigerian criminal gangs are behind a widespread type of fraud targeting sellers on Craigslist.

The Lads from Lagos are going to considerable lengths of investing time and money in order to make their scams more plausible, according to a study by George Mason University researchers Damon McCoy and Jackie Jones.

The researchers discovered that Nigerian scammers have enlisted the help of US-based accomplices as well as getting their hands on professional cheque-creating kit.

The two researchers put up "honeypot" ads for laptops priced, on average, at a 10 per cent premium over similar kit on Amazon in a bid to discourage legitimate buyers. Only one legitimate purchaser tried to purchase the overpriced equipment.

Many less savoury buyers approached the researchers by email. In response, the researchers sent images of the products. Opening these images revealed info on the IP addresses of scammers. More than half came from Nigeria from what the researchers identified as just five groups of fraudsters.

The Craigslist scam kicks into effect when these "buyers" offer to pay for the advertised kit with a certified cheque. The scammers further claim that they couldn't pick up the goods in person and are using a US-based "mover agent". The "cheque" is higher than the purchase price and intended marks are asked to send the difference - minus their expenses for shipping the kit - via Western Union.

This overpayment scam works because banks are likely to initially accept the cheque and might even "float" funds from a cheque before it has cleared. Once the cheque is discovered to be fraudulent, banks attempt to claw funds back as well as imposing a surcharge, levying even more pain on defrauded sellers.

If successful, sellers will not only fail to receive any money for the goods that they were intending to sell, but will be even further out of pocket because of the money they have transferred under false pretence. In this way the scam is even more lucrative than listing frauds, which attempt to trick sellers into thinking they will be paid from an escrow account held by PayPal once they ship their computer kit.

Analysis of the return addresses on envelopes used to send out the fraudulent cheques as well as the signatures on the cheques were used to categorise the originators of frauds.

Overpayment scams have been around for years and are not particular to Craiglist. The listings site has a variety of defences against fraudulent sellers but bogus buyers remain a problem. Work by the two researchers show that these scams are getting more sophisticated.

"Some of the phoney checks were generated using VersaCheck software on legitimate check paper, with watermarks and other security features," IT World reports. "Most of the checks listed real businesses that were geographically close to the bank".

Bank routing numbers used in the scam are legitimate.

Victims may well not know that the "buyer" of the kit is actually located in Nigeria thanks, in part, to the use of a US-based middleman.

McCoy and Jones are due to present their research (PDF) at the IEEE-backed APWG Symposium on Electronic Crime Research in Birmingham, Alabama later this month (24 September). An abstract for their paper, entitled The Check is in the Mail: Monetization of Craigslist Buyer Scams, (PDF) explains that a better understanding of how the scam worked gives the potential for law enforcement on others to crack down on the scam, in particular by identifying and targeting US-based affiliates.

To grow our understanding of scammer methods and how they monetize these scams, we utilize a data collection system posting ”honeypot advertisements” on Craigslist offering products for sale and interact with scammers gathering information on their payment methods. We then conduct an analysis of 75 days worth of data to better understand the scammer’s patterns, supporting agents, geolocations, and methods used to perpetuate fraudulent payments.

Our analysis shows that five groups are responsible for over 50 per cent of the scam payments received. These groups operate primarily out of Nigeria, but use the services of agents within the United States to facilitate the sending and receiving of payments and shipping of products to addresses both in Nigeria and the United States.

This small number of scammer organizations combined with the necessity of support agents within the United States indicate areas for potential targeting and disruption of the key scammer groups.

More comment on the ins and outs of the Craiglist scam and overpayment scams in general can be found in a blog post on Sophos's Naked Security blog here. ®


Biting the hand that feeds IT © 1998–2017