So @Charlotte_Hunt_ is selling a fridge on Gumtree and immediately starts getting messages like this. The first one gets a bit of “no, we can discuss here” and they disappear. This one… gets a burner address to see how weird shit gets. What’s the angle? There’s always an angle… https://t.co/MRWep1MukS
Here phishy phishy… https://t.co/6NSlKHO4KW
Now let's see what happens. That address doesn't have a PayPal account, will we get a fake "payment receipt" or something else? https://t.co/GWLrIA1YyI
Oh goody! https://t.co/Vbi2OEYsVq
You're not going to believe this - THEY SENT MORE MONEY THAN WE WERE ASKING!!! https://t.co/9eFnZIuGQt
Alrighty, let’s proceed: https://t.co/Qpbn8o0XEV
“Lena” *really* wants me to check out those “PayPal” emails 🤔 https://t.co/LnlzM7XqFL
Alrighty, here’s the meat of the scam: both messages straight to Gmail’s spam folder, the first being “proof” of payment and the second requesting the $800 “agent fee”. That’s fine, because she already sent me the $800 along with the price of the fridge, right?! https://t.co/2oa15s2TSS
Silly Lena, she forgot to include her bank details! I wonder if I can get them… https://t.co/ejMtWtxG89
C’mon Lena, we’re all waiting here! https://t.co/1rzjfzJMEg
Oh goody, a BSB and account number! Hey @UBank, how about you pass Oluwatimilehin’s details (wow, every single vowel in one name!) onto the fraud department then see which law enforcement agency is best equipped to deal with them. Meanwhile, I’m not done yet… https://t.co/QlIjwcSVVO
After all her hard work, it would be rude not to send Lena the agent fee. I've paid her $800 and sent her the receipt, just click the link to load it Lena. C'mon, click the link!
Shit - did I mix some numbers in the account up?! https://t.co/O5JddYz2U2
Lena couldn't help herself, so she clicked the link 🤣
But that raises another important question: how is she going to get the fridge back to Nigeria? https://t.co/qArDwHPjK8
Uh oh, I may have made a mistake in the account number 🤣 https://t.co/WLrXTFtfSX
Clearly, I got the account number correct, it looks just the same! Let’s see how indignant Lena gets now 🙂 https://t.co/kSGwveBNvb
Serious side note: at a guess, Oluwatimilehin Akinade is likely living (or has lived) in Australia hence the Aussie bank account. They’re possibly a “money mule” being used to shift scammed dollars for a commission, probably not realising the illegality of it.
Clearly, we’re going to need to see more of this person’s bank account. Also, when you come online today @UBank, do note the $0.52 balance alongside the account number. The scammer has either direct access to this account or the owner is working very closely with them. https://t.co/yQDogMszt5
While we’re getting stuff shut down, @GumtreeAu, this one is for you. I’m also curious to know if there are any controls around people connecting from a Nigerian IP address (assuming it wasn’t masked) then using a new account to request sellers move the conversation to email. https://t.co/6rZCqsTTVR
She *really* wants me to talk to my bank, surely Lena must realise what the bank would tell an actual scam victim? Ah well, let’s continue 🙂 https://t.co/4Am4E7rf9O
Lena is still super keen, bank is almost open, I think it's just about time to wrap this up https://t.co/9FnQGt1v9f
Winding up now, who gets the reference? 🙂 https://t.co/K2wlmDGEIN
Uh oh, Lena is pissed, I think I have one more reply left in me… https://t.co/4r5Cel1UPM
That’s it folks, we’re done here, thanks for joining me 🙂 https://t.co/VPvp2tUOFF
Lena has now been well and truly roasted and I don’t expect to hear from her again (nothing since my last message), but just before I sent her that, I got 2 more messages. First, one from her with another @UBank account then one from “PayPal” with a @CommBank account. https://t.co/AMwDDv9ZwH
I’ve redacted those account numbers because by now, it’s pretty obvious these are money mules probably unaware of what they’ve gotten themselves into. I’ve contacted both banks with the full account details.
But what about the first account? The one belonging to Oluwatimilehin Akinade? I initially worked on giving them the benefit of the doubt and was going to contact them today after burning Lena. I found what looks like a legitimate Facebook profile with that name in my home city: https://t.co/5cwGG88l4J
Yesterday, I emailed myself a link to the profile so I could come back to it but somewhere in the last 12 hours since my final email to Lena, the FB profile disappeared. Here’s the original URL: https://www.facebook.com/profile.php?id=100087048888437
Occam’s Razor suggests that Oluwatimilehin is Lena, that’s their photo and they were a Gold Coast resident returned to Nigeria to scam victims from their previously adopted city. For OSINT enthusiasts out there, I’d love to hear what you can find with those details 🙂
And suddenly that FB profile is back. Profile wasn’t loading and search on the site returned nothing, but all good now. Curious.
So this has been fun and I hope you've all had some entertainment out of it, but it's also fascinating to look at how the different players in all this handled it.
The worst was @GumtreeAu. This should have been really simple when they had the user profile already, yet they continually fell back to a nonsensical script rather than just rapidly dealing with the problem, for example: https://twitter.com/troyhunt/status/1661222527870595073
I did email their support address and got back a response that wanted my (or @Charlotte_Hunt_'s) email address even though they knew the at fault account, then suggested I could learn more about how to stay safe online here 🤦♂️ https://help.gumtree.com.au/AU/articles/en_US/KB_Article/Suspicious-emails-AU?vgroup1=PKB&c=PKB%3ASafety&vcategory2=Suspicious_Offer_or_Reply&s=
The more you read, the more you hear about how @GumtreeAu has become a cesspit of this style of scam which so regularly follows the same pattern. The thread above was the *second* of it's kind @Charlotte_Hunt_ received, we just dismissed the first one outright.
A follower contacted @GumtreeAu directly and got the attached response which in his words, was a big "nothing burger". He's right - this boils down to "stopping scams is hard, just don't give them money". It doesn't instil any confidence in their commitment to combat this. https://t.co/d9XBPA1fNm
There was also a role played by @gmail being the mail provider for my burner account. They *really* clearly highlighted the scam nature of the PayPal emails in particular. Nobody can miss this, but that's obviously just one email provider's implementation. https://t.co/tTcztkfZFF
Then there's @UBank who were pretty good, but in a DM suggested that I shouldn't create a fake bank receipt in case scammers "copy your smarts". THIS WHOLE SCAM RELIED ON THE ALREADY FAKED MESSAGES LENA SENT!!! This bank featured *twice* in this scam, maybe reflect on that folks.
And finally, @CommBank who also appeared in a request from Lena for money. I DM'd them the bank account details at 05:10 this morning and they replied at 05:14. That's impressive! They've reported the account "for future investigation".
Stopping this stuff is a hard problem and the scams are only successful when it's not caught at any of the points above *and* the victim falls for it. But clearly, that happens a lot; @Scamwatch_gov reported Aussies got fleeced of over $3B last year alone https://www.scamwatch.gov.au/news-alerts/accc-calls-for-united-front-as-scammers-steal-over-3bn-from-australians
I hope this thread helps people spot the scams before they even engage with people like Lena. If there are any more updates to this one then I'll add them here but until then, thanks for reading 🙂
Do I have any friends at @GumtreeAu that can help with this? I can give you a head start: "SELECT * FROM Seller WHERE ID=3641564183746".
I want to see a resolution that isn't a useless helpdesk response from a script. If you know someone, connect us https://twitter.com/troyhunt/status/1662947611668799490