Online classified advertising site scams are typically conducted by scammers in countries such as Ghana, Nigeria, Romania, Korea, Israel, Columbia, Argentina, the Philippines, or Malaysia, who spend their days targeting consumers in the developed world.
Scammer grammar and general awkwardness make these scams relatively easy to detect. But when a scammer is local, the ruse becomes more insidious and effective.
The Toronto Sun reports that a man in Hamilton, Ontario faces “60 charges for allegedly selling thousands of dollars worth of non-existent tickets to concerts and sporting events, mostly at venues in Toronto.” The suspect “allegedly used Craigslist to sell tickets to pop concerts like Lady Gaga, Taylor Swift and Justin Bieber, or sporting events like Wrestlemania.”
As in most Craigslist scams, the perpetrator had the victims wire money to him, and in this case it was to a local account, which reduced suspicions. He told victims they would get a shipping confirmation number once the money was received, but of course, this was entirely bogus.
At the top of every post, Craigslist reminds you, “Avoid scams and fraud by dealing locally!” But they may not consider that scammers can deal locally, too. My suggestion is to always meet the seller with cash in hand, or simply buy tickets directly from the venue or venue’s website.
Craigslist and auction sites could better protect end users and prevent the majority of these scams by using readily available and proven fraud detection tools on the market. They could easily round up accounts opened by scammers by tracking them back to the computers, tablets and smart phones that opened them up in the first place by using device reputation management. And when those computers try to open more accounts under more stolen identities, the accounts are automatically denied upfront—at the “account creation” stage.
Craigslist could easily employ customized business rules to identify high-risk activity such as those offered by iovation’s ReputationManager 360 anti-fraud service. For example, if someone posted a local offer, iovation could expose to the business when users are hiding behind proxies to make them appear as if they were in the local region. If they are selling a used car supposedly in Irvine, California and they are going through the work to mask their IP and make it “look” like they are in Irvine, but their real IP is exposing that they are in Ghana, wouldn’t that be a red flag? When this happens, the business could automatically deny the attempt in a fraction of a second, or at a minimum send it to a review queue so that fraud analysts can take a closer look before exposing a scammers’ offer to the public.
In general, with today’s sophisticated fraud prevention technologies and techniques, scammer accounts could and should easily be stopped at the front door (while attempting to set up a new account) — before ads are placed, before ads are read by the public, and before tens to hundreds of visitors act on the ad by engaging in conversation with a cyber criminal who wants to steal their money.
Imagine the scale of bad accounts that could be shut down instantly. Sophisticated fraud rings could be identified within the business’s network and thousands of fraudulent accounts shut down, making Craigslist and other auction sites a much safer place for the public to look for desired products and services.