One lovely, sunny Wednesday morning, I was hard at work when suddenly I found myself toying with a scammer. You may be saying to yourself “How random Kelvin, how did this come about?” Well, in this article I will bare all and tell you exactly how I thwarted a scammer’s attempt to steal my money and the process that they use to try and do just that.
The Short Version (if you can’t be bothered reading the long version)
Scammers are using the Facebook marketplace to convince sellers that they are interested in what they have for sale. The scammer will usually start by asking about the condition of the item and the price before they say they want the item. They will then say that they cannot pick it up in person and so they will send a courier to pick it up and the courier will give you the cash for the item. However, the scammer will then ask the seller to pay for insurance just in case the item is damaged in transit and says that the courier will give you the money back for the insurance fee. If the seller agrees to this, the scammer will then send a link that appears to be from a courier company called Chronopost to pay for the insurance. Proceeding with the instructions, the seller is then directed to a legitimate website whereby they will be expected to purchase “insurance” via pre-paid cards. Assuming that the seller proceeds, they will receive codes for their pre-paid cards to which the scammer will then ask for those codes. If the seller gives the scammer those codes, the seller has just lost their money and has been scammed.
The Detailed Version
At this point, I assume you are still reading because you’ve read the short version and are interested in hearing more…excellent!
From the top! My conversation with the scammer started because I have an item for sale on the Facebook marketplace. Below is a snippet of the start of the conversation.
In the screenshot above, we can see a “lovely lady” called Anja asking if my item is in good condition and asking for the price of the item. Automatically, I proceed to check the profile of this person and straight away I get a few red flags. The profile looks like it has been hacked and possibly sat dormant for a while before being used by the scammers. Furthermore, the person is asking for the price of the item when it’s clearly listed in the ad. Anyway, I proceed by letting them know that the item is brand new and almost instantly, I receive a response to let me know that the price is ok with them and that they would like to collect the item the following day but due to work they can’t and so would like to arrange for a “Chronopost postman” to come and collect the item instead. That same “Chronopost postman” would also give me the cash for the item.
There are a few things I noticed at this point:
- I never responded to the scammer with a price but nevertheless, they said the price is good anyway. At this point, this tells me that they’re either using a script and they’re stupid enough to just copy and paste or they’ve gone back on the ad to look at the price; I think it’s the latter!
- What the hell is a “Chronopost postman?” To be honest I haven’t looked into if this is even a thing somewhere in the world but I know it’s NOT a thing in the UK. Furthermore, Chronopost is the French version of DPD and they don’t operate in the UK.
At this point, I am 100% convinced that someone is on a hacked account and they are trying to scam me. As a cyber security professional, I hate scammers and unfortunately for this idiot, he’s not going to be successful this time around. Nevertheless, I’ve been distracted from more important things, so I think it’s time I have some fun with this scammer. So, I decide to continue the conversation so that I could understand the scammer’s process before exposing them.
After responding to the scammer to let him know that Chronopost is French, the scammer responds and attempts to reassure me that someone will come and collect the item and hand me the cash directly. They then proceed to push the conversation on by asking if I am available tomorrow to complete this handover.
Onto the next screenshot of the conversation…
I respond back to the scammer and ask them what they need from me. They quickly respond (obviously copy & paste) asking for my Name, Address, item price and email address. I proceed to craft a response to his ask, and I decide to take the piss to see how stupid they really are. Let’s take a closer look at the details I provided back to the scammer.
Now if you’ve still not worked it out, let me break the above screenshot down:
- Name: What I’m really saying here is: You Think (Yutink) Im Daft (Imdaft) 🤣
- Address: This is just a random string with “LOL” thrown in. I did, however, include a random postcode in Devon to make it at least look a little legit
- They asked for the price again – WTF! do they know it or not? Anyway, I just mentioned that the price is in the ad because I couldn’t be bothered looking at the actual price
- Email: I just used a temporary email as I knew I was going to receive an email with instructions at some point
I must admit, I thought that the scammer might have realised that the name I gave was different to the name on my Facebook account, however, I was wrong; they must be really stupid!
The scammer then proceeds to tell me that I would need to pay for insurance for the item but reassures me that they will actually pay for the insurance. They said that they would add it to the amount of the item and although not explicitly called out, I assume that they are saying that they will give this “Chronopost postman” the money that I have to pay for the insurance.
Proceeding with the next set of messages…
I wanted to make the scammer think that I was bought into his “insurance” idea and so I respond by letting him know that it’s not a problem as I don’t want the item to get lost.
The scammer then asks for the price of the item…AGAIN! At this point, I just make the scammer assume that I will let them have it for a random price.
The price must not be an issue clearly because they respond almost immediately with a copy and paste to let me know that they’ve sorted everything on their side through Chronopost and that Chronopost has sent me an email. They have the cheek to ask me to check my spam – knowing that there is a possibility that their fake email posing as though it’s from Chronopost will be flagged as spam. He also asks me to confirm that I have received the email by sending a screenshot and also says that he will explain the email. At this point, I’m having too much fun here and want to spend a moment exploring the email and so I refrain from sending any screenshots.
I let the scammer know that I have received the email and I will go through the steps of the email. I also attempt to keep them sweet by sending a little “Thank you” 😇.
When I’ve explored the email briefly and worked out the rest of the process, I want to confirm my thought process and so I ask the scammer what to do next.
Onto the next part of the conversation…
The scammer proceeds to ask for a screenshot again so that they can help me. However, I don’t want to send a screenshot and so I make them think that I have completed the necessary steps.
We will return to the conversation in the above screenshot in a moment but for now, I want to give you some context on the scam so that you can understand the remainder of the conversation.
I will now present to you the email that the scammer sent as well as the website I am redirected to when I click on the link in the email. We will then return to the conversation with the scammer before analysing the scam process and the email further.
The Website I am Redirected To
At this point, I received the email as shown above and I’ve clicked on the link to pay for the “Insurance” which takes me to a legitimate website called recharge. This website allows you to purchase pre-paid cards and they are instantly delivered via email. I’ve not looked too much further than that into the company.
The intention of the scammer is to get you to purchase these cards at the cost of the “insurance” and then provide them with the code/s. Assuming that the codes are provided to the scammers, the victim loses their money and the scammer makes use of the code/s provided.
Now that you have the background, let’s go back to the conversation before we analyse the scam as a whole.
I now make the scammer think that his scam has almost come to fruition by telling them that I have done it and now just need to wait for the code. To confirm that the scammer wants me to send the code, I ask them if that is it once I have the code. Like clockwork, they respond and ask for a screenshot of the code. Almost immediately after their last message, they send another message “So?” It’s clear that they’re getting giddy at this point thinking that their scam has worked.
Now that I’ve understood the scam, I’m almost ready to expose them but before I do, I want to see how they respond when I tell them that the website tells me not to share my code. So I message them back telling them exactly that and ask them what to do next. They respond with common tactics used by scammers and hackers by trying to lure me into a false sense of urgency. They tell me that the codes are needed by “the service” to validate the transaction because all of a sudden the “Chronopost postman” can come to my home on the same day… Good luck finding that address! 🤣. They also tell me that my codes are only valid for five minutes and therefore should send them immediately.
At this point, I’m now bored and need to get back to more interesting things and so I decide to expose their little scam and see how they respond. A make up a little fib and tell them I have found their location and let them know that I know the account that they are using has been hacked.
Onto the next set of messages…
Unbelieveaby, the scammers have the audacity to continue to try and convince me that this is a legitimate method and also call me “Madam” 🤣…they clearly haven’t read my Facebook profile name.
I continue to expose them and ask them again why they are trying to scam people. To which they proceed to tell me its my first time using Chronopost and therefore they understand and again try to reassure me that everything is legitimate..the audacity! I’ve had enough at this point, so I ask them the same question again to see whether they will come clean (knowing it’s unlikely).
Failing to get a response, I ask the same question AGAIN! However, it looks like the scammers no longer want to talk to me now that they know they’ve been exposed. Shortly after, the scammers using the Facebook profile of “Anja Jaspers” leaves the group and blocks me as expected.
And there you have it…a Facebook marketplace scam trying to take advantage of legitimate companies while stealing from unsuspecting victims trying to sell their goods. Unfortunately, the scammers behind this profile will likely continue trying to exploit innocent people using the Facebook marketplace using different tactics but the more we do to expose them, the harder we make it for them.
I have since reported this to Facebook but I haven’t received any response as of yet! Unfortunately, that means the scammers could’ve been successful by this point if Facebook hasn’t taken action. With that in mind, I want to provide some insight into what to look out for so that you or your family and friends don’t become a victim to this scam.
In the following section, I will highlight some things to look out for.
A few tips to stay safe and protect yourself against scams like this
- Scammers using the Facebook marketplace will often tell you that they cannot collect in person and therefore want you to send your item to them. This is okay in some instances but you must be aware of the following:
- If they ask you to pay for anything upfront its most probably a scam so don’t proceed with the conversation
- If they say that they have paid for postage/insurance for the item without even seeing it then its most likely a scam
- If they say that they’ve paid and send you an email to confirm this but they haven’t even seen the item then its most likely a scam and the email that you’ve received is most likely fake too
- Take a look at the Facebook profile for any red flags. This is often difficult if you don’t know what you’re looking for and especially if profile information is hidden
- Don’t click on any links from the buyer
- If you’re unsure about the buyer don’t provide any of your personal information to them
- If you are willing to ship your item using the Facebook marketplace then ensure that your listing is set up with a delivery option. This usually includes things like payment protection and a secure method of payment, you can find more information here
Lastly, I want to show you how to identify fake emails by taking a look at the email that I received from these scammers. It’s important to note that not all emails will look like this and some fake emails are harder to spot than others but you can use the following analysis to draw up your own conclusion. However, the general saying is “If you’re unsure an email is legitimate, make sure you don’t click any links and check directly with the company it appears to be from”.
Analysis of the Email
The email has red flags all over it…literally (as shown below). Let me explain a couple of these briefly.
- The email address is a dead giveaway. Why would Chronopost be using a @gmail.com address? If the email address looks strange, it likely is so always check and confirm with the company by calling them directly or visiting their website.
- The subject says that this package is scheduled for delivery tomorrow but the email tells me that the package arrives today. These are signs of a poorly crafted email
- Ummm…I didn’t realise I was talking to “Sigigetha Hambergeversen” on Facebook chat. Here is another sign of a poorly crafted email. It appears that they are using an email template that is used for all victims and all they will do is change the name, address and monetary value
- “Name and First Name:”…wait…is my name something different to my first name?…another telltale sign
- The address that I gave the scammer is obviously fake so how has it been confirmed?
- They’ve included a tracking number… which means I should be able to check the tracking number by visiting the real Chronopost website. Don’t be surprised if you don’t get the result you expected.
- Just the whole text included in this email is ridiculously poor and not what you’d expect from a professional company
- “Click here to pay!” contains a link to another website. Never click any links on emails that you haven’t validated; always confirm with the company first. You can often hover over links contained in an email to expose the website too.
- Lastly, the ridiculous text contained towards the end of the email. Again, they’re trying to create a false sense of urgency by forcing you to proceed
Thank you for sticking with me and I hope that you have found this information useful. If you have friends and family using the Facebook marketplace, please share this post with them to raise awareness.