[HN Gopher] Tracking Down the Bulgarian Marketplace Scams
___________________________________________________________________
Tracking Down the Bulgarian Marketplace Scams
Author : syl5x
Score : 126 points
Date : 2024-12-20 12:59 UTC (4 days ago)
(HTM) web link (sy1.sh)
(TXT) w3m dump (sy1.sh)
| ChrisMarshallNY wrote:
| Good work!
|
| As noted, it probably won't change anything, but scammers are a
| _lot_ more sophisticated, these days, than they used to be.
| vintermann wrote:
| From the description, these are rent-a-scammers, who convince
| people that renting their all in one scam platform is a great
| deal. It probably isn't, or they'd be doing it themselves. It's
| a good deal if you place a premium on feeling clever from
| scamming people, and don't care about the risk of getting hit
| by the police, or by rival would-be scammers eager to show
| they're more tough criminals than you.
|
| It's the lifecycle of a scam. Once it really isn't worth the
| effort anymore, it gets packaged up and sold to stupid kids.
| dylan604 wrote:
| This isn't any different from those seminars that teach you
| how to make money in real estate, forex, or similar. All you
| have to do is buy their books and attend their seminars and
| they teach you how to host your own seminars.
| phoronixrly wrote:
| If only there were authorities that would take actions to track
| down these scammers with as much zeal as they track down
| pirates...
| honzabe wrote:
| That's bizarre - someone tried to scam me in a similar way
| literally a few minutes ago.
|
| I am selling something on a marketplace. Someone contacted me -
| they want to buy the thing I am selling. Do I still have it? I
| say yes. They say they are sending a GLS courier to collect the
| item. I figure they need the item fast - we are celebrating
| Christmas tomorrow. Why not.
|
| The "buyer" sends me a link to a service supposedly offered by
| GLS, where GLS works as an intermediary - they collected the
| money from the buyer; when they collect the item, they will pay
| me. This is happening in the Czech Republic, and services like
| that seem plausible here. I do not know every detail of every
| delivery service offered here. The page looks just like an
| ordinary GLS page. I am in a hurry. I do not pay that much
| attention. I pause and check only when redirected to my bank's
| authentication page (this is the phishing part, obviously). Turns
| out GLS offers no such service.
|
| I was closer to giving them what they wanted than I imagined
| possible. I was on autopilot until the last second. Not even my
| bank's login page surprised me that much - we have something
| called "bank identity" that lets you authenticate stuff by your
| bank ID. It is so convenient that I got used to it and I do it
| carelessly.
|
| >> I hate scammers
|
| Yes, me too.
| Gys wrote:
| I missed something: why do you as a seller have to enter your
| bankdetails?
| honzabe wrote:
| That is the thing - you don't.
|
| In Czechia, something called bank ID is commonly used to
| authenticate. The point is to verify it is you, for example
| when you sign a contract online, fill in tax returns
| online... stuff like that. The way it works is that you are
| on some site, you get redirected to your internet banking,
| you log in (that's what I meant by "bank details", I am sorry
| about expressing myself so clumsily), and your bank redirects
| you back to that site with confirmation that is you.
|
| Do I need to verify my identity when someone wants to send me
| money? Who knows. This is the part that made me check. But I
| was close to not checking simply because it is habitual, and
| you do stuff like that automatically.
|
| Nowadays, we are often dealing with systems we do not fully
| understand. You get redirected to some familiar login form,
| you log in, and you don't even pause. Well, at least I do it.
| I should be a lot more careful, apparently.
| XorNot wrote:
| Login page redirects have become a big user security hazard
| it would seem - and OAuth is basically the culprit.
| dylan604 wrote:
| The entire social engineering of sending everything off
| to 3rd party is something that really irks me. The touted
| convenience of faster to deploy updates by using 3rd
| party rather than depending on local version updates has
| never been enough for me. It also was the sugar pill for
| switching to rent seeking SaaS to gain traction.
|
| I don't want my web server dependent on anyone else's
| server/service being available or in any other way
| slowing down my user's experience.
|
| The only service that I have no local solution is payment
| processing.
| ustad wrote:
| Holy crap. What a terrible system and I hope my part of the
| world never implements such forms of tech.
| noprocrasted wrote:
| It's an actually really good system, as the origin (aka
| the domain displayed in your URL bar) changes during the
| redirect.
|
| The problem is the lack of user education as to what an
| "origin" is.
|
| But assuming there is good user education, this is the
| proper way to do it. One (untrusted) origin redirects you
| to a trusted one with instructions to give it some
| information. The trusted origin asks for your
| authentication and tells you what the untrusted origin is
| requesting. If you approve, the untrusted origin only
| gets the very specific data it requested (and you
| approved) and nothing else.
| ustad wrote:
| I'll repeat what I said above/below: Sorry, I was not
| clear. I was talking about having to use your bank for
| authentication/sign in.
| honzabe wrote:
| I am not sure I can agree with that. I almost got
| scammed, but isn't that my responsibility to check?
|
| The thing is, those services really are useful. A lot of
| stuff that used to be complicated and required me to
| stand in line somewhere can now be done comfortably from
| home. Many good things can be abused, but that does not
| mean they should not be implemented. And you don't have
| to use it if you do not want to.
|
| Also, I don't know how the scam works behind the login
| form that stopped me, but I think it would not have
| worked even if I had given them my info because there is
| 2FA - how would they overcome that hurdle?
| ustad wrote:
| Sorry, I was not clear. I was talking about having to use
| your bank for authentication/sign in.
| mcyukon wrote:
| Canada checking in. We have the same system for
| authenticating with government services.
| https://www.interac.ca/en/verification/personal/sign-into-
| go...
|
| I dislike this as well, as this is conditioning people to
| not second guess why a third party website is sending you
| to your bank to login. As well as scam websites I've come
| across that mirror the authentication process down to every
| step you would have when using it for legitimate purposes.
| Scam website>Scam Interact login parter>Scam web banking
| login> stolen bank credentials.
| ustad wrote:
| Holy crap! I would have thought Canada would know better
| than use this "Bank ID" method.
| seymore_12 wrote:
| Honest question. Shouldn't this internet banking that offer
| authentication as a service do it via at least mandatory
| 2FA for log in. I would guess that way fake bank sites
| would be failing?
|
| I dont have many banking relationships, using 2 banks and
| there is not even a password to remember, all login is done
| via authentication apps.
| lifestyleguru wrote:
| The problem is using bank account for anything else than
| managing and transferring money. Confirming identity is a
| "convenience" no one asked for. Government services have their
| own authentication. Bank shouldn't know where and when you are
| accessing any other services, they _will_ use it for profiling
| or could even escalate into some KYC enquiry. Government should
| know only your IBAN. Connecting these dots for various service
| providers will never work in your favor.
| cynicalsecurity wrote:
| Why am I not surprised that Russians are behind this scam?
| akaitea wrote:
| because their similarity in language with Bulgaria helps
| performing convincing scams
| atodorov99 wrote:
| The author has shared information that he had discovered the
| scammers are operating in Spain and Italy as well. So it is
| not specifically because of language similarity.
| paxys wrote:
| It's so easy to spot marketplace scams that I'm baffled people
| still fall for them.
|
| Are you going to show up with cash on my doorstep (or another
| agreed upon location)? If yes, we can continue talking. If not,
| you are blocked and reported. End of story.
| meiraleal wrote:
| > It's so easy to spot marketplace scams that I'm baffled
| people still fall for them.
|
| That's survival bias. There are some you can't spot.
| alangibson wrote:
| You missed their point. It's cash on the barrel head or
| counterparty is presumed to be a scammer. If you follow that
| rule you'll never be scammed.
| meiraleal wrote:
| > If you follow that rule you'll never be scammed.
|
| until you get robbed, kidnapped or forced to do a bank
| transfer.
| dylan604 wrote:
| you just named multiple things that are not a scam
| meiraleal wrote:
| How not? The robber never intended to finish the deal.
| dylan604 wrote:
| Because like everything else in law, the lower charge
| becomes irrelevant in light of a worse offense. Breaking
| into someones home is burglary, but do it when someone is
| home and it becomes home invasion. Do it with a weapon
| and it becomes an aggravated charge.
|
| At that point, nobody cares if you were trying to steal
| the silverware.
| ClassyJacket wrote:
| None of those things are a scam.
| yojo wrote:
| The article mentioned it was a listing specifically for a large
| item.
|
| I get why someone might not show up on my doorstep if they're
| buying a piano - they probably need to hire somebody and are
| themselves not going to contribute anything to the piano moving
| process.
|
| But fully agreed that once you're an inch off the "show up with
| money" path, everything is suspect.
| paxys wrote:
| That's even more of an indicator that it's a scam. You put a
| listing for something big/bulky/expensive on the internet and
| some person sees a couple pictures, thinks "good enough" and
| immediately wants to wire you hundreds of dollars? Without
| actually seeing it or making sure _they_ aren 't getting
| scammed? Nope, does not happen.
| lazide wrote:
| Hey, only a hundred ish for a piano? Even if 1/2 the time
| it's a scam, that's still a pretty good deal.
|
| This is how overall marketplace trust dies and the overall
| industry collapses though.
| sfjailbird wrote:
| This is common. I've done it myself and had no problems. I
| want to buy some bulky item from another part of the
| country, I trust the seller, so I just wire them the money
| and tell them when my movers are going to show up.
| seb1204 wrote:
| This is how I do it as well, gumtree or marketplace. I Still
| have to deal with the spammers messages and reporting
| lazide wrote:
| The 'beauty' of the Internet is how scalable it is. Both for
| good, and for evil.
|
| Even if you get .01% success rate, if it costs so little to
| reach 1M people, you'll do well.
| aorth wrote:
| Awesome work. Entertaining read. Mnogo pozdravi!
| RobinL wrote:
| I got several people wanting to send a courier last time I listed
| something on Facebook. Checking their pages, they were all from
| eastern Europe with no obvious connection to my city. Good to
| know the mechanics of the scam, I wondered what they were up to.
| Don't understand why Facebook couldn't have auto detected the
| messages though - seemed like a pretty major failure of
| marketplace that the majority of the messages I got were scams.
| lazide wrote:
| Someone is probably afraid to be too effective at filtering
| them out, as it would nuke their numbers. (Engagement/messages
| sent? Who knows)
|
| If most of the traffic is scams, it's not like they can remove
| it without _something_ showing up in their metrics after all.
|
| Search, and USPS 'spam' mail has a similar problem.
| hkdobrev wrote:
| I had a bunch of those whenever I tried to use OLX - both on OLX
| messages and Whatsapp as well. Bot prevention is 0. I know people
| who were successfully scammed as they think they are entering
| their card details to get money transferred by their card number.
| atodorov99 wrote:
| If anyone here has done a similar reconnaissance operation - I am
| curious how much time does it roughly take ?
___________________________________________________________________
(page generated 2024-12-24 23:02 UTC)