Good start for intel, needs to be spun and original, need links to official FATF site:
Would you believe me if I told you that when you can save a vulnerable Australian from unwittingly committing a crime that carries a sentence of up to 10-years in prison?
So, when you receive a private message from a scammer in Gumtree, or anywhere else, don’t ignore them, don’t insult them. Instead, play along and help PICDO.org.au disrupt the cybercrime networks that are using Australian residents as financial mules for the evil schemes.
How The Gumtree Scam Works
As a Gumtree User you might post a vehicle, computer, or other high value item for sale.
The scammer sends a private message like this:
“My brother would like to buy your car, please email him directly at John.email@example.com”
NOTE: Gumtree administrators will delete a user account as soon as they recognise scammers. So the scammer needs to communicate with the seller directly by email outside Gumtree. After that Gumtree ADMIN cannot interfere with the scam.
Play along with a Gumtree Scam
We do not recommend ever sharing your real email address with a scammer, it will cause problems in the long-term. Instead, set up a dedicated email address just for your cybercrime disruption activities, will refer to this as your “PICDO-Email”. But make sure you check it regularly to ensure the valuable evidence you gather does not perish. Consider automatically forwarding all incoming messages to your regular email address.
Set up a new email address with one of the free email providers, such as Gmail.com, hotmail.com, or one of the anonymous free services like yandex.com or protonmail.com. It is possible that your existing email provider allows you to have free “alias” email addresses. This allows you to use a different email user address than your regular account, and yet still receive the messages in your inbox.
Make sure the email username email looks natural, but use a fake name that cannot be confused with someone else if possible.
from your new PICDO-EMAIL, send an email to the scammer’s email address that says something like:
“Thanks for your message on Gumtree, yes it is still for sale, would you like to buy it?”
The scammer will respond, and will probably even negotiate the price down a little so as not to seem too eager or suspicious.
Accept their offer, and ask them how they would like to pay.
The scammer will probably claim to be traveling overseas, or working in the outback in the mining industry, or some other situation, where he or she cannot come and pick up the item personally. He will claim that a friend or “pickup agent” will help.
The scammer will offer to pay by bank transfer, PayPal or some other electronic method.
If the scammer is offering to pay by PayPal, give him or her your PICDO-EMAIL address. As long as this is not connected to a real PayPal account, he can do no harm.
After 30 minutes or so, you will receive a forged PayPal transaction notification to your PICDO-EMAIL. The amount of the PayPal transaction will most likely be more than the asking price for your item, this is part of the scam. There will also be a message, allegedly from PayPal, advising that the funds will not be released to you until you have undertaken certain tasks.
After receiving the forged PayPal transaction, respond to the scammer confirming that you have received the funds. Tell him or her that they overpaid, and ask what you should do with the extra funds, offer to send it back to them.
The scammer will tell you some stories, most likely that the extra payment is for you to pay the pickup agent, the tow truck driver who will pick up the car, or some other creative lie.
The scammer will possibly ask you to convert the overpayment into bitcoin, and send it to the scammers bitcoin wallet. Naturally, you will never do that. Instead do the following:
Don’t use the exact words, you just copy and paste what we’re saying here the scammers will start to recognise patterns, just re-write it in your own words.
“Sorry, I don’t know anything about bitcoin. Can’t I just send the money to a bank account?”
(He will try and convince you to do bit coin, but play dumb, stand firm).
It’s important that you try to persuade the scammer to provide you a bank account. The reason is, the bank account they will provide actually be another victim, who does not yet know they are a victim will most likely be the victim of a romance scam who has been persuaded by a beautiful foreign woman or man, to provide the bank account details so some of their friends can send money to the foreign lover. There are many of these romance scam victims, and each time they receive money thinking it is from a friend, they are really receiving the proceeds of scams, such as the one described in this article. The very moment this romance scam victim receives the money, and then converted to bitcoin or otherwise send it on to the scammers, he or she has committed the crime of money laundering. In many states that carries up to 10 years in prison as a penalty.
ACS Threat Report 2017
The AFP continues to focus on key criminal services and enablers
within the cybercrime business model, including ‘cashout’ strategies
and services designed to transfer illicit funds from Australia to
overseas locations. This has included a specific project between the
AFP, AUSTRAC, the ACIC and the Australian Border Force with the
aim of identifying methodology and disrupting money-muling as a
key enabler of cybercrime in Australia. This initiative has identified
various methods of transferring funds that are used to facilitate the
cashout of cybercrime proceeds.
In one particular investigation, the AFP identified a United Kingdom (UK) national who had opened bank accounts with multiple Australia based financial institutions shortly after arriving in Australia. After returning to the UK, this individual received A$711,000 into one of those accounts as a result of funds diverted from an Australia company that had been compromised by malware. The matter was referred to the City of London Police and the offender arrested. He was found guilty and sentenced to two years and eight months in prison.
Read the full report.
Evidence to Collect and Preserve
When you report a cybercrime, it is important to keep any evidence that supports your complaint. The more evidence you have, the better the chance at solving your case. Keep evidence items in a safe location where they can not be damaged. Keep a back up of digital evidence at all times, so that in case you lose the items you still have it stored somewhere else.
Evidence may include, but is not limited to, the following:
- Canceled checks
- Certified or other mail receipts
- Chatroom or newsgroup text
- Credit card receipts
- Envelopes (if you received items per mail)
- Log files, if available, with IP Address, Port Number, date, time and time zone
- Social media messages
- Money order receipts
- Bitcoin transfer receipts
- Pamphlets or brochures
- Phone bills
- Printed or preferably electronic copies of emails (if printed, include full email header information)
- Printed or preferably electronic copies of web pages
- Wire receipts
Scammers are getting progressively innovative in their efforts to get your money or private information. Be watchful and protect yourself from online scams by using our pointers.
Ways to protect yourself from online scams
Be alert to the fact that scams happen. When dealing with unknown contacts from people or companies, always take into consideration the likelihood that the approach may be a scam. Regardless of the communication being over the phone, by post, email, in person or on a social networking site. Remember, if it looks too good to be true, it most likely is.
Understand who you’re talking to. If you’ve just ever met a person online or are unsure of the legitimacy of service, take some time to do a more investigation. Carry out a Google image search on photos or search the web for others who may have ventured with them. If a message or email comes from an acquaintance and it seems unusual or out of character for them, get in touch with your friend immediately to check if it was really them that sent it.
Do not open questionable content such as texts, pop-up windows or click on links or attachments in emails– delete them: If uncertain, confirm the identity of the contact through an independent source such as a phone book or online research. Don’t utilize the contact details supplied in the message sent to you.
Don’t react to phone calls where your computer system asks for remote access— hang up. Even if they speak of a well-known business such as Telstra. Fraudsters will commonly ask you to switch on your pc to repair a problem or install a free upgrade. By doing so, they add a virus which will present them your security passwords and personal information.
Keep your personal information secure. Put a lock on your email and shred your bills and other valuable files before throwing them out. Keep your security passwords and PINs in a secure place. Be very mindful about how much personal data you share on social media. Scammers can use your info and pictures to create a fake identity or to target you with a scam.
Always keep your mobile devices and computer systems secure. Always make use of password protection. Never share access with others (including remotely). Update security programs and back up your material.
Protect your WiFi network with a password and prevent using public computers or WiFi hotspots to gain access to online banking or supply personal data.
Select your passwords thoroughly. Opt for passwords that would be challenging for other people to guess and update them regularly. A powerful password should include a mix of upper and lower case letters, numbers and symbols. Don’t use the identical password for every account/profile, and don’t share your passwords with anyone.
Review your privacy and security setups on social media. If you use social media, such as Facebook, be cautious who you connect with. Learn how to apply privacy and security settings to ensure you stay safe. If you notice suspicious behaviour, clicked on spam or have been scammed online, take action to secure your account and report the cybercrime.
Beware of any inquiries for your details or money. Never send money or provide online account details, credit card details or copies of personal documents to someone you don’t know or trust. Don’t consent to transfer money or goods for someone else: money laundering is a criminal offence.
Be wary of unusual payment requests. Fraudsters will often ask you to use an unusual payment method. Think of preloaded debit cards, gift cards, iTunes cards or virtual currency such as Bitcoin.
Be cautious when shopping on the internet. Online shopping scams are very common. Stay clear of offers that seem too good to be true. Always work with an online shopping service that you know and trust. Think again before making use of virtual currencies (like Bitcoin). They do not have the same safeguards as other transaction solutions, which means you can’t get your money back once you send it.
How to spot a scam artist
Signs of a fake document
Documents are easily faked. Some may look just like the real thing. However, many might have warning signs, such as:
- Generic rather than a personal greeting.
- Names of companies that don’t exist.
- Poorer quality appearance.
- Mediocre quality grammar and spelling.
- Extremely formal or pressured language.
Files like flight itineraries and bank statements have basic, hassle-free layouts even when they are valid. These layouts are simple because such services allow their customers to print online reports. For scammers, it’s easy to create fake documents by using data available online such as company logos and graphics from websites.
Signs of a phony email
Scammers can easily fake an official-looking email, working with the same logo and layout as the real company.
Often your guard is down when you obtain an email from a company you’ve worked with before, such as an online shopping site you use. If you’re not anticipating an email, always be watchful to a fake before clicking on any links or opening any attachments.
Signs of a fake dating profile
Romance scams are one of the most commons scams. When looking at a new dating profile, watch for anything abnormal about their choice of:
- Profile photo – Scammers often use fake photos they’ve found online.
- Language skills matched to their background.
Tip: Do an image search of the person to help figure out if they are who they say they are. You can use reverse image search services on Google.