Non-fiction‎ > ‎

The Second Golden Age of the Confidence Trick

(Or "Online Auction Scams and how to Avoid Them")

This article was written in the hope that it would prevent some people from falling prey to one of the newer breeds of confidence trickster in existence today. Please feel free to pass its location (http://www.coraline.org/non-fiction/con_tricks) to other people if you find it interesting. - Christi

(c) Copyright 2003 - may not be reproduced without permission

Plus ca change

I admit it, I have an unhealthy fascination with con tricks. Ever since I read David Maurer's "The Big Con" and learned about the American conmen of the early 20th Century, the ingenuity of the conman has fascinated me. What a lot of people may not realise is that we live in the second golden age of the confidence trick. The Internet, in breaking down barriers to international trade, opens up to a new form of "fix" - the means by which the conman prevents the mark from having any comeback once their money has been taken.

In the first golden age, this was done by two main methods: bribery of the local police, and taking the mark away from their home territory, thus depriving them of any local knowledge that may be of assistance to them in tracking down the perpetrators. Indeed this is how the Nigerian 419 scams work these days. The formula for all big cons has essentially remained unchanged for the past hundred years. However, here I'm going to look at another creative use of social engineering and the Internet to pull off a slightly smaller scale con.

The Set-up

Another common feature of con tricks is that they generally involve the mark's complicity in something not quite kosher, or in fact downright illegal. This is another way of reducing the likelihood that the mark will go to the police when they realise that they have been ripped off.

In this case, the activity is "grey imports". Some readers will doubtless have noticed that the price of consumer electronics varies wildly from country to country. In particular, computers in the US are much cheaper than computers in the UK. This means that there is a market whereby dealers from a country where technology is cheap sell their wares to residents of a different country at a price several hundred pounds lower than they would expect to pay by buying in their own country.

This isn't illegal, although many manufacturers would like it to be, as it messes with their profit margins something chronic. (Evading import duty on items bought in this manner is another matter entirely, but even with the import duty added the price premium is often still significant.) However, manufacturer warranties tend not to be valid outside the country of purchase, so things get difficult if something goes wrong. The practice is thus not encouraged by the manufacturers, and the consumer has very little protection when buying this way.

Psychologically speaking, a bargain is a very attractive thing - the entire concept of high street "sales" and of online auction sites in general relies on a kind of competitiveness, an ability to stretch one's money as far as one possibly can. This is how people end up spending 50 pounds on three pairs of shoes when they set off to buy one pair of shoes at 30 pounds, and still believing that they have, in some sense, saved money; or paying more for an item in an auction than they would have if they bought it off the shelf. It's a powerful force and modern retailers have got very good at exploiting it to maximise their profits. But the con men were there first.

This is fertile ground for a conman. These are high value sales, with little or no possibility of comeback, the psychological lure of a bargain, and one more thing that the conmen of the early twentieth century could only have dreamed of. The ability to conduct the entire con without the mark having any idea of who they are or how to contact them.

Enter our heroine, consumed by technolust

The lure of the latest greatest shiny thing is strong. So it was for me when I noticed the new widescreen Apple Powerbooks going at prices I could actually afford on eBay. The UK retail price is 2,600 pounds - stupid money for a laptop computer. Typically, an eBay listed Powerbook will be somewhere between 1200 and 1800 pounds. All the specs are listed for the bidder's salivating pleasure too. I'm such a geek sometimes.

Fortunately for me, I'm not foolhardy enough to send complete strangers thousands of pounds without some protection against fraud. I use VISA for mail order purchases from companies I don't already trust because under UK law it is the credit card company that has to sue the trader in the case of fraud. The card user is entitled to their money back from the card company. It's a very useful safety net. (This only applies to credit cards - debit cards do not come with this protection.)

As a result of this caution, I've had a couple of interesting email conversations in the past few days. So I've developed a good understanding of how the scam works, which I'd like to share here.

Be your own roper

Traditionally, big cons rely on a two man team, the inside man, who plays the con itself, and the roper, who brings in the mark. The reason for this is again psychological. People are rightly suspicious of offers that seem too good to be true - but if the mark is introduced to the deal by a trusted third party, they're more likely to believe it is genuine. On the Internet however, a conman can be his own roper.

EBay, for those that don't know, is an online auction site. Buyers bid for an item over the Internet, and the highest bidder when bidding closes after a set time wins. In addition, sometimes sellers offer a "buy it now" price, which you can pay to close the deal straight away and avoid getting into a bidding war with other potential buyers.

The system has a particular problem. How does the buyer know that the seller is trustworthy, and will not just take their money and run? Well, eBay provides a feedback mechanism. Each account has an associated number, representing that seller's karma in the eBay online community. They get one point for each positive feedback comment they get, and one point is subtracted for each negative feedback comment. Comment records are public, so potential buyers can look at a trader's feedback and see how reputable they are.

The successful conmen all seem have a feedback rating of more than 50, which ought to mean they've concluded more than 50 deals with different people successfully. Thus they appear to be safe to trade with. So how do they arrange this? There seem to be a number of possibilities here.

The easiest way to gain a good reputation is to steal one. This can be done by finding an account that hasn't been used in a while, but has a lot of good feedback, then cracking it using the standard methods. Most people are not good at choosing secure passwords, so this isn't as difficult as it sounds. The stolen account is then reassigned to an email address set up for the con, and the conman is in business.

A slightly more roundabout possibility is to create a reputation from scratch. EBay has no limits on the number of accounts that a user can create. Neither do the free webmail services. The conman can therefore create a plethora of false identities, and generate spurious auctions between them, leaving themselves positive feedback. This takes more effort than hacking an account, and also potentially requires some capital outlay, since eBay take a cut from all the false auctions. However, if the auction account is only needed for a few days, eBay won't get around to billing the conman before they have done a virtual runner.

Rope them in

Our conman now has an instant reputation. The next stage of the process is to use this reputation to get people to part with their hard earned readies. This is done by posting an ad for a high value item (say, for example, a 17" widescreen Apple Powerbook). If such an ad is a con, it will probably exhibit some of these symptoms:

  1. An expensive product is offered for sale at a price well below the retail price (hundreds or thousands of pounds) or in an auction with "no reserve". (A reserve price is a threshold set by the seller below which a sale won't take place.)
  2. The item is advertised as "new" or "with warranty" or "available immediately" or any combination of these or other lucrative factors.
  3. The auction site indicates that payment information is contained in the listing, but no payment details are given, or alternatively, the seller requests payment by direct transfer or wire transfer.
  4. Rather than using eBay's own "buy it now" facility, the listing contains an email address for use in negotiating an immediate purchase. This is in direct contravention of eBay's terms of service.
  5. There is no way of contacting the seller other than by email, or any way of identifying the seller's business, particularly if the listing claims to be from an "authorised dealer".
  6. The seller is located in a foreign country, but is selling in the listings for a different country to the one they reside in.
  7. The listing itself seems to have been copied directly from a recently closed auction, although the seller is a different person.
It is worth noting that there are probably genuine auctions that exhibit some or all of these properties. The scam relies on the fact that such things are plausible, and do sometimes happen.

The conman then waits for bids to come in. In particular, they are after direct email contacts with potential buyers. EBay discourages side trades, because eBay themselves do not make money on deals that do not go through their site. The auction site is therefore arranged so that users can only leave feedback on sellers whom they have won an online auction from. If the deal is conducted off eBay, then the buyer is unlikely to be able to warn others about any potential problems.

The procedure then varies somewhat. Some conmen take down the auction before it has completed, claiming an error in the listing, relying only on the direct contacts. Others let the deal run to completion, possibly "buying" the goods with another of their fake ids. By the end of the auction, either way the chances are that several people will have contacted them off eBay to discuss a trade.

Play the con

At this point, the con enters its final stage. The mark and the conman are in contact and discussing payment. In general, the conman will answer positively to any queries that the mark might have about the trade, such as "Is this a UK model?". In particular, the end of the auction under discussion does not cause negotiations to cease. In the case of a legitimate seller, this could be because they have a built up stock, or because they are selling something that they will order at trade price once the sale is complete (sometimes called a "pre-order"). In the case of a con man, this happens because there is no actual product, so it doesn't matter how many times they "sell" it. Warning bells should definitely be ringing if this sort of thing happens.

Payment is the one area in which the conman will offer little or no flexibility, usually claiming that any methods unsuitable to their purpose would be too slow as they need the money now. Some appear to offer the option of payment by Paypal or other similar online transfer services, but mostly, the conman will insist on a wire transfer direct to a bank account or via a transfer service such as Western Union. Even the option of paying by Paypal does not protect the mark from fraud, since Paypal only acts in the capacity of an agent. They are therefore not liable for any fraud committed by their users, although they will investigate fraud and attempt to reclaim fraudulently obtained funds. Practically though, giving money to someone by Paypal is little better than handing them a wad of notes in security terms. Similarly if the money is wired direct, they can close the bank account that the money was wired to, or pick up the cash from the wire service (probably using a fake identity in either case), and never be heard from again.

This is the point at which some of the marks will smell a rat. The conman then has several tactics for cooling them and maximising the chance of the deal going ahead. If an alternative payment method is suggested by the mark, they may present themselves as being hurt, claiming that their positive feedback proves their integrity. This is another use of social engineering. Most people will try not to offend others, and may feel slightly guilty that they have questioned the integrity of a trader with a good record. The mark's confidence in the deal is subconsciously increased by a desire to make up to the seller for calling their integrity into question. A genuine trader, on the other hand, is likely to be happy to provide evidence that they are bona fide.

The reason for this is that a genuine trader understands about reciprocity of trust. It is reasonable for a trader not to send out goods unless there is evidence that a payment has occurred. The flip side of this is that it is reasonable for a buyer to want some guarantee that the goods are as advertised before they irrevocably part with their money. For a genuine trader, the best kind of deal is one in which both parties are satisfied - the trader because they have made a profit, and the buyer because they have got what they wanted.

Another approach is for the conman to make a counter-offer. They suggest that the mark wire the money to the appropriate place in their own (the mark's) name. Then, when the goods are delivered, they contact the wire transfer agent and arrange for the transfer order to be changed to the name of the buyer. Alternatively, they may suggest using a security question with the transfer, so they cannot get at the money until told the answer to the question by the mark.

Neither of these methods are secure, however. Fake identification is easy enough for a conman to obtain, and all they need to know is the number of the transfer (which the mark is required to tell them in order to verify that the money has arrived), and the name the money is sent to. The conman presents false id at the wire transfer outlet, and walks away with the money without a problem. The security question facility that some transfer agents offer is actually a fallback for those who have lost their identity papers or had them stolen abroad. If the conman can present what appears to be valid identification, they will be permitted to withdraw the money without having to answer the question. In short, wire transfer is not a secure way to send money to someone you do not already have an established trust with.

There is another last ditch ploy that a conman may try on a particularly resistant mark - the half the money now, half on delivery option. In a deal where legal action would be feasible should the deal fall through, this is sometimes a good way of establishing trust, but in this case, there is no comeback if the conman walks off with half of the mark's money. The conman is effectively cutting their losses and seeing if they can salvage something from the time invested in the deal. Half the money is clearly much better than none to them.

The emptor strikes back

So, how does one go about doing business on the Internet in a global environment without getting stung by the fraudsters? Well, there are a few ways to handle the problem. The easiest is to pay for goods directly using a credit card. In Britain at least, it is then possible to claim the money back from the credit card company if the goods don't arrive.

Some traders, however, are too small to be able to process credit card sales. The private vendor of a second hand laptop, for example, is unlikely to be able to take VISA. There is an alternative in this case though - it's called escrow. Escrow involves the buyer placing the money for the purchase in trust with a third party, who then releases the money to the seller once the buyer has confirmed that the goods have been delivered. This is good for both the buyer and the seller, since the seller can verify that the money has really been paid before despatching the goods, and the buyer can cancel the transaction if the goods do not arrive, or need to be returned because they are in some way unsatisfactory.

The downside, of course, is that the trusted third party needs to get something out of the deal, and thus using an escrow service can be quite expensive. However, if the buyer is making a significant saving, the cost of escrow may still be worth it in terms of reduced risk of losing everything. In particular, a conman will run a mile should a buyer insist on paying by escrow, as there's no chance they will be able to get their hands on the money.

The majority of online auctions are legitimate, and a great way of getting hold of a bargain, or something that's simply unattainable locally. If bidders are careful, and aware of the risks they take when they bid, then they are good for everyone involved. Just keep an eye out for the conmen.

Links

About the author

Christi Scarborough is a freelance writer who has spent most of her time doing a wide variety of things that seem to make authors look interesting in this kind of biography. At various times she's been a systems administrator, an academic, a librarian, a counsellor, and a computer programmer. Her hobbies include drama and singing. She regrets that she has never worked for the nuclear power industry or as a bodyguard, or bitten the heads off live chickens, so therefore is not nearly as cool as Ozzy Osbourne, Douglas Adams or Terry Pratchett.