by George Taniwaki
I recently became the target of a Craigslist check fraud scam. I was cautious, so I caught it before I lost any money. However, the scam was cleverly designed. A careless or more trusting person could easily be fooled and lose money.
There were a few surprising lessons from my experience. First, my interaction with the criminal didn’t raise any flags until very late in the process. The emails I received were a lot less obviously fraudulent than the offers of money in Nigerian widow emails.
Second, a regular Craigslist user may become complacent about the chances of becoming a victim of fraud. Because I am remodeling my house, I use Craigslist frequently both as a buyer of tools and supplies and as a seller of used kitchen appliances, fixtures, and furniture. I also buy and sell used cars this way. I haven’t bought a new car from a dealer in over 30 years. (Yes, I know this is way before the inception of Craigslist.) In all, I’ve never had a problem with any transaction, until this incident.
Further, in order to use Craigslist you need to have some trust in the other party, or you can’t complete a transaction. Thus, a potential victim is primed to be taken advantage of through emails in the context of a Craigslist transaction that does not occur when receiving an unsolicited email offer from a stranger.
Finally, even though I have kept detailed evidence of this attempted fraud, including names and addresses, and reported my incident to a variety of law enforcement groups, I believe it is unlikely that any of the criminals involved will be caught or prosecuted. More on the reasons why I believe this later in this blog post.
Description of events
On May 31, I posted an antique cupboard (shown below) on seattle.craigslist.org.
Figure 1. The Craigslist posting that attracted a criminal’s attention
Within a few hours I received an email inquiry. It was from a woman named Alex who said she was in the Marines and temporarily stationed in Georgia.
This seemed odd, but not suspicious. There are lots of military families in the Seattle area.
I did a web search for the woman’s name and found that she had profiles on LinkedIn and Facebook. Both indicated she lived in Shoreline, a suburb of Seattle. Both said she was employed as an instructor at a local beauty school. Neither profile mentioned the Marines, but I reasoned if she was in the reserves, perhaps she wouldn’t mention it.
Alex asked some basic questions about the cupboard, which I answered. The questions were oddly generic and most of the answers were already in my ad. We settled on a price. On Monday, she wrote that she would mail me a cashier’s check and that someone would pick up the cupboard and hold it until she got back. She asked for my full name, address, and phone number.
This seemed odd and a bit suspicious. But I agreed since the risk seemed low.
On Tuesday, she sent another email saying that she had sent the check via USPS priority mail. The tracking number was 9405501699320004099027. I went to the USPS website and found the tracking information.
It looked legitimate to me.
On Thursday I received the package. The return address was for a TRH Construction of Brunswick, GA. This seemed odd, but not entirely suspicious. Maybe Alex was busy and had a friend mail it for her.
Inside was a company check (not cashier check) for $1,850.00 with payor name of Commercial Truck Sales & Export of Sanford, FL drawn from RBC Centura Bank of Lake Mary, FL. There is an illegible signature printed on it.
Figure 2. A suspected counterfeit check, the account number and ABA routing numbers have been obfuscated
OK, now I was finally suspicious. The check appeared to be real. It was printed on one of those check forms you can buy mail order and run through your inkjet printer. I did web searches for both the payor name and the bank name. Both seemed to be legitimate. But it was pretty obvious that these firms had no connection to this woman. The check was very likely a forged counterfeit.
I received another email from Alex. She wrote that the check amount included our agreed upon price plus an extra $30 for me for my troubles to cash the check and do her a favor. Because I was a trustworthy seller, she wanted me to send the remaining amount of money to her moving company via MoneyGram. She provided the contact name and address where the MoneyGram should be sent. It was a woman named Ychantiz of Rock Hill, SC. Once the money was sent, Alex wanted me to reply back with the MoneyGram reference number, date, address, and dollar amount sent, which she would forward to the movers.
Aha. Here is the scam. I receive a counterfeit check (the bad money) from a forger and deposit it. The check is drawn from a real account at a bank, so it clears. I feel confident and send a MoneyGram (the good money) to the forger’s confederate. Later, the payor on the check discovers money has been stolen from their checking account. Their bank reverses the transaction. My bank also reverses the transaction. I now have lost money and cannot get it back from the forger who is now long gone.
In fact, if I deposit the check now, I could be charged with bank fraud by the local police. It would be the ultimate indignity, the victim accused of being a criminal.
I noticed that my name was misspelled on the check. So to stall for time while I contacted law enforcement groups, I sent Alex an email stating that I received her check, but my name was misspelled and that the bank would not cash it. I asked her to mail me another check.
A day passed without any response. Then on Saturday she replied that she would send a replacement check on Monday. On Tuesday, I sent a follow-up email to Alex to see if she was still interested in the antique cupboard, but she didn’t respond.
Unexpectedly, I received a replacement check on Thursday. It was also sent via priority mail, tracking number 9405501699320004370294. The return address was Waddell Realty of Columbus, GA. The check was for the amount of $2,500.00. (Apparently, the larger amount will compensate the scammer for the additional effort my transaction is taking.) The payor on the check is A Mar Group (sic) of Masfield (sic), TX and drawn from Regions Bank, of Mansfield, TX. The check has the same signature as the first one. At this point, I decided I have collected enough evidence and stopped my conversations with Alex.
As shown in the Bing map, if a single scammer is involved, she is doing a lot of driving. The towns of Brunswick, Columbus, and Rock Hill form a triangle over 200 miles to a side. However, if the criminal organization is sophisticated, there may be a person in each city whose activities are overseen by a single mastermind. More on that next.
Figure 3. Map showing physical locations of the scammer(s)
Anatomy of a criminal enterprise
There are two roles being played by the criminal(s) involved in this scam. The mastermind and the dummy. Both roles can be played by the same person, but I suspect they are separate. The mastermind gains access to checking account information for businesses in order to create the phony checks. Perhaps she buys a list off the internet. Or she compiles the list themselves by bribing people who provide services to businesses, such as janitorial service providers, lawn maintenance companies, office suppliers, caterers, etc. to provide copies of checks from clients. Or since this is all about scams, the mastermind approaches a small janitorial business and says she is from the bank investigating fraud and ask for copies of all checks received from businesses. It may not be a coincidence that the two checks I received both have auto dealerships as the payor.
The mastermind also finds the names of innocent people with unique names, like Alexis of Shoreline, and creates fake gmail accounts with those names. The mastermind also has a computer program designed to quickly find new Craigslist postings and automatically send inquiries to the seller with generic questions about the product (e.g., how old is this antique, who was the manufacturer, where was it made, what kind of wood is used, has it been refinished, etc.).
I believe my email communications have been with this mastermind. For all I know, this person actually is the woman named Alexis who lives in Shoreline. But more likely, this person is a man, doesn’t live in the U.S. at all, and can’t be located, much less arrested and prosecuted.
I went back and found one of the emails I received from Alex. Her email address is firstname.lastname@example.org. I opened up the header information and noted her email IP address was 184.108.40.206. A whois search locates the IP address in Mountain View, CA and lists the owner as Google. That’s not very helpful.
The dummy in this fraud scheme does the grunt work. This person may actually have been duped into participating and doesn’t even realize she is a criminal. This is similar to my belief that many of the scam artists I encountered in Paris (blog post Mar 2011) may be criminals but are also victims.
One task of the dummy is to forge checks. Forgery does not take special skills like you see in the movies. It simply requires the person to own a computer with an inkjet printer. Whenever the mastermind gets a live lead she tells the forger to print a check and mail it to the address requested. The forger gets paid (or is promised to be paid) a piecemeal rate for doing this work. But perhaps she is told to pay the priority mail postage out of her own pocket and doesn’t gets reimbursed (if at all) until the victim’s MoneyGram arrives. The use of priority mail allows the mastermind to monitor the work activity of the forger over the internet. If the forger takes too long to mail out checks or makes mistakes like misspelling the victim’s name, she is fired.
The other task of the dummy is to act as a drop box for receiving the MoneyGram payments and deposit them into the mastermind’s bank account, probably outside the U.S. She is also probably paid piecemeal (or told she will be). Her work activity is monitored by the mastermind using the MoneyGram reference number and dollar amount data that the scam victim kindly provides. If the dummy steals any of the money, the mastermind turns her over to the police. Since this person uses her real name and address for the drop box, she is also likely to get arrested if any of the victims pursue a case. She may also be sued by victims to recover funds. She is in a really high risk, low payout position.
(This arrangement seems similar to that between the mortgage brokers in boiler rooms selling zero money down home loans to unqualified buyers and the investment bankers on Wall Street selling the resulting CMOs to pension funds. Guess which ones got caught and went to jail.)
A good mastermind could probably manage a dozen dummies scattered around the country. So, how does the mastermind find these gullible underlings to do the dirty work and take enormous risk in getting caught in the scam? My guess is by running ads in Craigslist! The ad may have looked something like this:
NOW HIRING! WORK FROM HOME
Great opportunity as a document expeditor.
• Prepare and print checks, invoices, other shipping documents
• Package and ship completed documents
• Accept payments from customers and make deposit to bank accounts
• Track packages and payments and issue reports
• Perform other office tasks as assigned
• Must have own computer and color inkjet printer
• Must have own car for trips to post offices and banks
• Proficient in Microsoft Office, Word, Excel, Outlook
Yes, Craigslist is a wonderful tool for recruiting victims for criminal enterprises.
Contacting law enforcement
Had I fallen prey to this scam, I would have been out about $1600. This is a felony, so I want to report this crime. But to whom? The local Bellevue police can’t do anything about this crime. Even the Washington state attorney’s office can’t do anything. The scope of this crime is national or international.
I look for information on check fraud scams. There’s a lot. There is even a blog dedicated specifically to Craigslist scams, though it hasn’t been updated in a long time. Going to the Craigslist site, there is some advice on how to avoid scams and who to report them to.
Following craigslist’s advice, I report my incident to the Federal Trade Commission (FTC) using its online complaint form at https://www.ftccomplaintassistant.gov/
I also report it to the FBI’s Internet Fraud Complaint Center using its online complaint form at http://complaint.ic3.gov/update
Then I call RBC Centura Bank, the bank that the first check I received was drawn against. I explain to a bank employee that I have a counterfeit check and want to report it. She thanks me and says the bank is already aware of the problem. She notes that it is impossible for them to stop this type of criminal activity. (If you think about it, you can see why. The checks are being deposited by innocent victims all around the country. As long as the payor’s account is still open, the depositing banks have no way to know that the checks are counterfeit. Even after the check is returned to the payor bank, it has no way to recognize the check as counterfeit. It isn’t until the payor complains that the fraud is discovered and the bank account is closed. By this time the forger, directed by the mastermind, is writing checks from a different account.)
The bank employee asks me if I received the check by mail. I reply yes, and she tells me to report it to the post office as mail and wire fraud. I report the incident to the US Postal Inspection Services using its online complaint form at http://ehome.uspis.gov/fcsexternal/default.aspx
As a last step, I report the email fraud to Google phishing incident report at https://support.google.com/mail/contact/abuse?hl=en&rd=1. This wasn’t really a phishing scam, but there are not other methods of contacting the gmail team. Hopefully, if the police serve Google with a search warrant, the company can identify the location of the miscreant posing as Alex.
After filing these reports, I don’t have much confidence that anything will be done. Catching Ychantiz, the woman running the drop box, should be easy. She willingly provided her name and address. But she probably doesn’t know she is a criminal. Same thing for the person who is mailing out the checks, if it is a different person. She probably shows up at the post office every day with priority mail packages. The time stamps on the packages can easily be compared with video surveillance footage to identify her. But it is doubtful that either of these people has ever met the mastermind or know that person’s real name or location. Once caught or tired of the scam, these underlings are on their own. The mastermind will just find new underlings, find new checking account data, create new email addresses, and find new Craigslist sellers to target.
Why Craigslist is hard to use
The fine folks at Craigslist is very aware of the problem of scams. Their website strongly urges sellers to only deal with local buyers and to not send money by wire or by mail.
In order to make it difficult for buyers and sellers who are not local to meet, the Craigslist database is filtered by location. There is no easy way for a seller in one city to let buyers nationwide see their wares. Similarly, there is no easy way for a buyer in a city to see all the sellers of a particular trinket across the U.S. One can only do this by running a query on each local Craigslist site.
The best way of running multiple queries to use a computer program and display the results in your own custom web page, a process called a mashup. Lots of websites encourage this and publish an application programming interface (API) that helps developers to automate the query and populate their own database.
However, to deter criminal programmers, Craigslist does not publish an API. Most craigslist mashups are created using screenscraping. That is, a programmer has to tediously hardcode the requests to the Craigslist database and then figure out how to extract the data they want from the web page that is returned. It is easy for a human to read a webpage, but It’s a lot of work to program a computer to do it. Yet some honest people have done this. And apparently some criminals have found the effort worthwhile too.