Just five gangs in Nigeria are behind most Craigslist buyer scams

They've recruited US-based accomplices to make their scams look less suspicious

Nigerian gangs are using professional check-writing software to dupe sellers on Craigslist, sending those checks from U.S. addresses to not raise suspicion.

Nigerian gangs are using professional check-writing software to dupe sellers on Craigslist, sending those checks from U.S. addresses to not raise suspicion.

Five Nigerian criminal gangs are behind most scams targeting sellers on Craigslist, and they've taken new measures to make their swindles appear legitimate, according to a new study.

In a new innovation, they're using professional check-writing equipment plus U.S.-based accomplices to not raise suspicions among their victims.

"I think the most surprising thing was the number of people in the U.S. participating in this scam," said Damon McCoy, an assistant professor in the computer science department at George Mason University, in a phone interview.

McCoy and colleague Jackie Jones, of George Mason's information technology department, seeded Craigslist with advertisements for laptops to see if they could attract scammers who target sellers.

Craigslist has many protections to weed out fraudulent product listings, "but little effort has been made to protect legitimate users receiving responses from fraudulent buyers," according to their paper, due to be presented on Sept. 24 at the IEEE eCrime Research Summit in Birmingham, Alabama.

They priced the laptops at a 10 percent premium over similar goods listed on Amazon, which deterred all but one legitimate buyer.

The bogus buyers got in touch over email. To track where the scammers were based, Jones and McCoy responded with emails containing images of the products offered for sale. When the link was clicked on, the scammers real IP address was revealed.

Invariably, the senders were based in Nigeria. More than half of bogus payments received were linked to just five Nigeria-based groups, showing how buyer scams originate from a fairly small circle.

Surprisingly, the most profitable buying-related fraud didn't involve spoofing fake payments from PayPal.

It works like this: The buyer tells the seller they can pay for an item with a certified check. The buyer says, however, that he can't pick up the item and needs to user a "mover" agent.

The seller is quickly sent a check by FedEx or UPS from a U.S. address that is printed with professional check-writing equipment for well over the amount of the laptop, averaging about $1,500.

The seller is supposed to cash the check, keep the amount for the laptop and send the rest by Western Union to a mover agent, who is based in the U.S. The victims are also asked to ship the item.

Some U.S. banks will still "float" funds from a check before it has cleared, McCoy said. But the fake check will be discovered eventually, and the bank will try to recover the funds.

What was particularly interesting about this scam is that the checks were all sent from within the U.S., indicating that the groups in Nigeria recruited local help. That is a potential choke point for law enforcement trying to deal with the problem, the researchers wrote.

The checks were good enough to fool banks, which would begin processing them. McCoy said several banks thought the checks looked fine at first sight, with the correct routing numbers for the banks. Some of the phony checks were generated using VersaCheck software on legitimate check paper, with watermarks and other security features.

Most of the checks listed real businesses that were geographically close to the bank listed on the check.

The strong U.S. hook makes it unlikely that a victim would ever even know they were dealing with someone in Nigeria, McCoy said.

The fake check scam is much more profitable than PayPal scams that try to dupe the person into thinking they will be paid from an escrow account when an item is shipped.

In those cases, the scammer only gets an item, while in the check fraud, they will get cash and possibly an item as well.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the CSO newsletter!

Error: Please check your email address.

Tags no companysecurity

More about FedExIEEEPayPalWestern Union

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts