Dealing with a Craig’s List Scammer

I kept this clown on the hook for nearly 45 minutes by pretending I didn’t understand his instructions.

I use Craig’s List extensively when I need to get rid of things. I’ve found that if something has any value at all and you put it on Craig’s List for free, you can get rid of it quickly — often the same day.

Yesterday, I placed an ad to get rid of the dozen or so wooden pallets I’d collected over the years. I used to build things with them, but I’ve since found alternative building materials. I’d like to get rid of these and I’d prefer not to burn them (although I will if they’re not gone by next week).

Pallets, All Different Sizes (Malaga)

I have about a dozen pallets in all different sizes that I no longer need. Come and take them away. Bring a truck and a friend to help you move them. Text me for the address and availability. I cannot hold any pallets so please do not text until you are ready to come.

Pallets for Sale
Here are two of the pallets that have to go this spring. I saved the rotor blades to use as a decoration but they’re so damn heavy I can’t work with them alone. For the right price, they could be yours!

I included photos of a bunch of pallets, including the one my old rotor blades are lying across. I used that as the primary image, figuring it would get people’s attention. (And maybe someone would be interested in buying those old blades.)

Scammer 2
This is my entire conversation with the second scammer. He caught on when either I didn’t ask any questions or he couldn’t send the code.

The scam texts began within 15 minutes. There were two scammers on this one, but the second one gave up pretty quick. The first one, however, really thought he had a live one on the line and was very persistent. He kept at it until he finally figured it out — after about 40 minutes of texting back and forth with me.

Sample Link
Here’s an example of a “verification” text I got from a scammer last month. I’ve since blocked that source number. Do not try to open that link.

Let me start by explaining the scam. The scammer poses as a buyer who really wants the merchandise but needs to “verify” me. He does this by sending me a code that looks like it’s coming from Google. It comes from a different phone number and has two parts: a six digit number and a shortened link. Although they usually ask for the code — which is right there — what they seem to really want is for you to click the link. I can only assume it does something nefarious, like install malware on your device. I’m not dumb enough to click links from strangers (and you shouldn’t be, either).

Apparently, last month after dealing with a few of these, I blocked the number that sends the link. This makes it impossible for the scammers to send me that text message. The first guy, as you’ll read below, tried hard to get another phone number from me to send that code to. I played him as long as I could. The first guy gave up right away, as you can see in the screen shot above.

For your reading pleasure, here’s the complete exchange between Scammer #1 and me. I have not masked his phone number because it’s likely spoofed or from a burn phone anyway. I wouldn’t call it if I were you. Note that every time he sends a question mark by itself (?), it’s because I’m taking too long to reply.

5035062063:
I want to buy ”Pallets, all different sizes ” Is it available?

Maria Langer:
They’re free. Come get them.

5035062063:
Ok, right now I will send a verification code. The code proves that you are real person and your post is real.Now I send the code?

Maria Langer:
Sure. Go ahead.

5035062063:
Opps.Your number is not accepted this code.Do you have another cell phone number?

Maria Langer:
Nope.

5035062063:
Please try to give me another cell phone number.

Maria Langer:
Nope.

5035062063:
You can use your anyone cell phone number for this verification.
??
Please try to give me another cell phone number.Because I want to try again.

Maria Langer:
I don’t have another number.

5035062063:
So give me another cell phone number of those who around you.

Maria Langer:
There’s nobody around me. We are social distancing here.

5035062063:
So contact someone then send me their number.

Maria Langer:
Why would I do that?

5035062063:
Because The verification code is very important for our safety.

Maria Langer:
I won’t hurt you. In fact, I’ll stay inside while you pick them up.

5035062063:
Its ok, Now try to send give me a cell phone number
You can use anyone cell phone number for this verification.

Maria Langer:
I told you I don’t have another cell phone number.

5035062063:
You can use your family members phone number.

Maria Langer:
You mean like my sister’s?

5035062063:
Yeah, Anyone.

Maria Langer:
But my sister lives in Kansas. How will that help me here? [Note: My sister does not live in Kansas.]

5035062063:
I will send a code to her number. Then send me back the code. Its very simple.
?

Maria Langer:
But she’s at work. I don’t wanna bother her.

5035062063:
You can use your friends phone number.

Maria Langer:
But my friends aren’t here.
Why can’t you just use my number? It works fine! You’re using it now.

5035062063:
No problem call him,

Maria Langer:
Call who?

5035062063:
Call your friend and send me number

Maria Langer:
What number? Do you know my friend?

5035062063:
No. I just use for verification,

Maria Langer:
I don’t understand. You sent a verification code to my friend? How do you know his number? I thought you were going to send it to my sister?

5035062063:
OK give me any number

Maria Langer:
But you have my number.

5035062063:
Your number is not working. So give me your friend or sisters number.
Your number is not working. So give me your friend or sisters number.

Maria Langer:
My number works fine. We’ve been texting on it this whole time!

5035062063:
But not working for code

Maria Langer:
Maybe the code is broken.
?
Did you try again?
Oh, come on! Let’s keep playing! My twitter friends are really enjoying this! 🤣

5035062063:
fuck off

Maria Langer:
lol! Wasted 45 minutes of your day. Sucker!!!

I should mention here that while this was going on, I was working in my yard. I did some weeding and hedge trimming and spread some weed and feed on my lawn. He waited while I did these things, responding almost immediately each time I texted him back — like he was waiting for me. So it didn’t take up much of my time but did take up 45 minutes of his.

As Bugs Bunny would say, “What a maroon.” (Google it.)

Bluehost Domain Deactivated Scam

Another day, another phishing attempt.

This morning, I got an email like this for three of the domains I host at Bluehost.

Bluehost Scam
I found one of these in my email inbox for three of my domain names this morning. I added the red underline; I explain why below.

Here’s the text, in case you can’t read it:

MARIA LANGER

Your web hosting account for flyingmair.com has been deactivated (reason: site causing performance problems).
Although your web site has been disabled, your data may still be available for
up to 15 days, after which it will be deleted.

If you feel this deactivation is in error, please contact customer support via:
http://my.bluehost.com.[redacted].piknini.org/account/8236/reactivation.html

Thank you,
BlueHost.Com Support
http://www.bluehost.com
For support go to http://helpdesk.bluehost.com/
Toll-Free: (888) 401-4678

I have to say that it looked very real. Simple, to the point. From “admin@bluehost.com”. All the links I pointed to actually went to where they said they were.

What really made me almost believe they were real was the fact that I’d made some changes to my domain setup a few weeks ago to lower my hosting costs with a slight hit to performance (which I hoped to be able to minimize with a new cache plugin). So the fact that performance might be causing issues just happened to make sense in my world.

Except, not for the domains it reported: flyingmair.com, flyingmproductions.com, and gilesrd.com. You see, none of those sites get any significant traffic. The only one of my sites that does get significant traffic is the one you’re reading this on right now, and I didn’t get an email message for it.

And then I took a closer look at the link I was supposed to click to resolve the issue. It started off fine: http://my.bluehost.com. But instead of a slash (/) after the domain, there was a dot and an alphanumeric string followed by the real domain I’d be going to if I clicked.

I switched to my browser and manually typed in www.flyingmair.com. The site came right up. It sure didn’t look deactivated to me.

I went up to my loft-based office where I could look at the email on a real computer (rather than an iOS device). I didn’t learn anything new, but by this time I was convinced it was another scam.

It bothered me that I’d almost been fooled. I called Bluehost and was told that they were already aware of the problem. Jeez. You think they’d send out an email warning us about it.

In any case, what I’ve always said about these things still applies: never click a link in an email message you were not expecting. If you think there’s any truth to a reported problem like this, manually type in the domain name of the site you can use to check — in this case, bluehost.com — and log in the usual way to follow up. Or just use the tech support number you should already have on hand to get more information.

Don’t get scammed.

And, for the record, I’d much rather blog about the things going on in my life that aren’t related to someone trying to rip me off than crap like this.

Apple ID Scam

Yet another scam for people dumb enough to click before they check.

Got this email today from “App Service”:

App Service Scam Email
Point to the link to see where it goes BEFORE you click it. In this case, the link does not go to Apple’s website or anything related to Apple.

Pointing to the link makes it pretty obvious that this is a scam. The bubble that pops up does not show a URL shown in the link, or to any other destination on Apple’s website. Clicking this link will likely install malware on your computer or direct you to a site that looks like Apple but is designed to gather your Apple login information, thus gaining access to your credit card, email, and other data you want to keep private.

Don’t click links in email messages unless you are expecting to receive a link.

Check out the text of the message when it’s copied and pasted! You can see a mix of alphanumeric codes and what looks like Chinese charaters embedded in the text.

Dear REDACTED@mac.com,

The following changes to your A96p17p23l98e11 28I98D86 were made on November 6, 2018

B40i40l55l54i52n87g56 Information

If you did not make these changes, or if you believe an unauthorized person has accessed your account, you should change your password as soon as possible from your Apple ID account page at manage.iforgot.service.com
Your Apple ID will be temporarely disabled until you verify your identitiy.
We will wait 24 hours for the verification, if we not receive any verification your Apple ID will be permanently disabled !
吃生薑
Sincerely,

Apple Support

What do you do if you think a message like this might be real? Close the message, go to your browser, and manually type in the URL to go to the site in question. Log in from that screen.