Online classified advertising site scams are typically conducted by scammers in countries such as Ghana, Nigeria, Romania, Korea, Israel, Columbia, Argentina, the Philippines, or Malaysia, who spend their days targeting consumers in the developed world.
Scammer grammar and general awkwardness make these scams relatively easy to detect. But when a scammer is local, the ruse becomes more insidious and effective.
The Toronto Sun reports that a man in Hamilton, Ontario faces “60 charges for allegedly selling thousands of dollars worth of non-existent tickets to concerts and sporting events, mostly at venues in Toronto.” The suspect “allegedly used Craigslist to sell tickets to pop concerts like Lady Gaga, Taylor Swift and Justin Bieber, or sporting events like Wrestlemania.”
As in most Craigslist scams, the perpetrator had the victims wire money to him, and in this case it was to a local account, which reduced suspicions. He told victims they would get a shipping confirmation number once the money was received, but of course, this was entirely bogus.
At the top of every post, Craigslist reminds you, “Avoid scams and fraud by dealing locally!” But they may not consider that scammers can deal locally, too. My suggestion is to always meet the seller with cash in hand, or simply buy tickets directly from the venue or venue’s website.
Craigslist and auction sites could better protect end users and prevent the majority of these scams by using readily available and proven fraud detection tools on the market. They could easily round up accounts opened by scammers by tracking them back to the computers, tablets and smart phones that opened them up in the first place by using device reputation management. And when those computers try to open more accounts under more stolen identities, the accounts are automatically denied upfront—at the “account creation” stage.
Craigslist could easily employ customized business rules to identify high-risk activity such as those offered by iovation’s ReputationManager 360 anti-fraud service. For example, if someone posted a local offer, iovation could expose to the business when users are hiding behind proxies to make them appear as if they were in the local region. If they are selling a used car supposedly in Irvine, California and they are going through the work to mask their IP and make it “look” like they are in Irvine, but their real IP is exposing that they are in Ghana, wouldn’t that be a red…