“You will never find a more wretched hive of scum and villainy.”
Obi-Wan warns Luke to keep his wits about him as they arrive in Mos Eisley Spaceport, in Star Wars. The same must be said for buying anything on Facebook Marketplace of high value.

Normally I would include links and details about the scams I’m investigating but in this case, I believe this is serious organised crime and I don’t want to draw attention to whom I’m investigating.

If you want to watch a good video on a similar scam involving high net-worth cars have a look at the following on Youtube Mark McCann I CONFRONTED THE SCAMMER THAT THREATENED MY FAMILY – YouTube

A Good friend of mine contacted me last week as he was looking to purchase a converted shipping container to use as an office in his garden. He knew the price of these from research to be around 7k but was surprised to see one offered on Facebook Marketplace for 4k (The Bait). As he knows I work in Cybersecurity he asked if I could take a look to see if this was a genuine sell.

The Foundation Work

My friend (The Mark) contacted the seller via messenger and immediately was given a telephone number to call the seller (The scammer) to get more details.

The telephone number was a London number and upon calling a receptionist (All part of the scam) answered and informed him she was putting him through to the sales department. On transferring the call, he was greeted by David the salesman (scammer) who told him all about the unit he had. The scammer asked the mark’s location (London) then proceeded to tell him the container was currently in storage in Folkstone and would be difficult to view in person and that he had received multiple calls regarding people wanting to purchase the container today (The urgency). The scammer then asked for the marks email address and said that he could send him multiple photos of the unit and to rest assured they are a proper company and for him to do his research on them.

The build up

The emails received had a professional-looking email signature which included the scammer’s name, London telephone number, Company name, website address & the UK company number (Which is not normally included in an email signature).

Most people reading this will be aware that all UK public Ltd companies must be registered at companies’ house. Basically, this is a registration for all companies to do business and shows when the company was founded, and who the directors are and other information.

From the scam email received you can take the company number shown and search on it. It comes back with a valid company with the same name registered in 2014 (Validation). The clever part of this is that the scammers have selected to use a company number from a company that is registered but has no web presence or social media presence. This gives the Mark more confidence that they are dealing with a legitimate company.

On looking at the scam website link provided you are presented with a professional looking website, that contains testimonials from recent clients. At the bottom of the screen, they even have some older information regarding covid conditions (Validating that they have been in business for some time). Also, the company address located in companies house is present at the bottom of the screen (Well almost they put in the wrong number at the address).

The “hurrah”

Conversations and rapport via email and phone were going back and forward and a 50% deposit upfront with the rest paid on delivery was requested by the scammer. However, the mark must move quickly as others have expressed interest in purchasing the container (More Urgency).

The Mark was being convinced by the validation of the information and multiple calls/emails that he was considering purchasing the office without physically seeing it.

Thankfully a bit of investigation by yours truly there are areas which they have messed up the scam and been sloppy.

On inspecting the emails, you can see a distinct font change and there is indication this is obviously all scripted. It also has several American spellings of English words.

The email and website domains & SSL certificate have only been in existence for a couple of weeks. This is the biggest smelling phish part of the scam. Those reading this of a technical nature will know that you can query the whois domain name database to see when a domain was registered. If you are not of a technical nature then the Wayback Machine can help validate.

The Wayback Machine Is basically an internet time machine. Insert a website address and see a history of that website over the years. (See Links)

On entering the scam website address (& email domain used) I could clearly see that it had only been running for a couple of weeks.

You can also see that the images sent over via email are the exact images located on other websites using a reverse image search (See Links)

I also managed to find one of the directors listed at companies’ house and warn him that this company was being used in a scam.

Busted!!!!

Whilst this was stopped for my friend, I can see how easily this type of scam fools people with the validation aspects used. When people think they are getting a bargain certain logic can go out of the window.

This week I’ve stumbled across three more scams of the same nature using similar approaches all looking entirely real, but all have only recently registered their web presence.

Reporting & Takedown

This is unfortunately difficult, and the scammers know it!! There is so much of this going on Cyberfraud wise and I think the UK resources are being inundated however do report any UK occurrences of fraud at the following:

https://www.actionfraud.police.uk/ Action Fraud is the UK’s national reporting centre for fraud and cybercrime

https://www.gov.uk/report-suspicious-emails-websites-phishing Report this to the NCSC National Cyber Security Centre

Validation

Does it look to good to be true?

It probably is

How did you receive the Advertisement?

If Facebook, how long has the account been active?

Are they asking for money upfront via a bank transfer?

Don’t…my advice: only buy something if you physically see it.

The following links will help you with some basic validation

Whois find out when the domain name (Website/Email address) was registered https://www.whois.com/whois/

The Way Back Machine (See when the site was created)

https://web.archive.org/

Who called me, good site where you can enter the telephone number of someone who has called you and it will let you know if anyone else has reported it. It will also indicate if the number is a VOIP number which could also indicate some suspicion.

https://who-called.co.uk/

Search companies house in the UK based on number

https://find-and-update.company-information.service.gov.uk/

Search for an image on the internet (Is it located on other sites)

https://tineye.com/

Subscribe So You Never Miss an Update

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Organised Crime Using Meta Facebook Market Place

Related Posts