A Scam To Watch Out For

Most SPAM emails are so transparent, so riddled with grammatical errors and unlikely usage, you wonder why anyone would fall for them. In fact, researchers have found this to be by design. Spammers are happy to have the alert and educated see through them–those are the people who make trouble.

So today, when this message arrived in my mailbox, it got my attention:

Seems reasonable enough, right? How can this be a scam if they are going to give me money, right? Of course, I don’t actually sell anything directly through my website, but people are people. They ask for weird things and misunderstand right? Well, yes, but no.

IP addresses are easily looked up. This one is in Nigeria.

Ms. Susan Williams, purchasing agent for a store in the Netherlands, using an IP address in the cybersafe commerce capital of the world, Nigeria? The country whose unofficial tourist slogan is “hardly any American’s have been kidnapped this year?”

I think not.

Actually, this is actually a scam well known to those in the cyber security business, but it’s not as well known as it ought to be to the general public. That’s why I’m writing this.

Here’s how it works. The scammer contacts the owner of a small business via email, often targeting artists and craft businesses with a small web presence. They use a short, vague hook like the one above and employ polite, grammatically correct (or at least cogent) language in order to pose as a legitimate customer. If you contact them, they will indeed agree to a large order–ten or twenty thousand dollars or more, often asking for extra services to jack up the bill. They will have no problem say, paying the exorbitant cost of shipping books from the US to the Netherlands, though they may ask to use a specific third party to carry out delivery and provide insurance and other services. And, they will indeed pay by credit card.

Then, after you’ve been paid, the deal will fall through. They will provide some pretext to cancel the order and request a refund.

The best you can hope for is that you return funds received from stolen credit cards and unwittingly participate in money laundering. In some cases, though, they will have so convoluted the arrangements as to have you prepaying certain fees to a third party–the spammer by another name–and those funds will be gone forever. So you’ll pay out of your own pocket to help them launder money.

But like they say, if it looks too good to be true, it probably is.

So how do you protect yourself (and the rest of the economy)?

  1. Check that the IP address matched the location of the customer. If it doesn’t, something’s wrong. If you don’t have the IP address, you need to be using a different forms tool.
  2. Stop and think. Does this message really make sense? Would a serious customer really be so vague? Wouldn’t a real customer, making such an odd request, think to give the name of the store?
  3. If in doubt, check it out. If you aren’t sure whether a request is legit, you could always use a throw away email account to contact the “customer” and ask for the name of the supposed store. If it’s a real store, you could contact them directly–and ask about the email.

But when you spot a scam, there’s one more thing worth doing: visit the FTC’s website and report it, at https://www.ftccomplaintassistant.gov.

Be careful out there.