Craigslist Used Car Scammers Up Their Game with More Convincing Secure Sites

Jeff Ostroff Author Circle
By , Consumer Advocate, Editor-In-Chief
Published November 29, 2016

Scammers targeting used car sellers on Craigslist now using sites with "https" to trick victims.

Address on a VIN history web site is just an apartment in New York

Address on a VIN history web site is just an apartment in New York

About a year ago we started warning the public about a rather clever new scam plaguing people who were trying to sell their used car on Craigslist. The scammers will scan Craigslist listings with robot software, and reply to your ad either via email or text message, posing as a buyer who really wants to buy your vehicle.

They give you some bogus story about being afraid of getting ripped off on a lemon so they tell you to run a vehicle history report on this third party web site which they provide the link to, and they want you to run this report to make them feel at ease about buying your car.

This scam is either about stealing your credit card number by way of their fake VIN report site, or by collecting an affiliate fee for sending you to this Vin history site that offers you a joke of a watered down vehicle history report.

Scammers are trying to get your credit card

They build trust with a snake oil report

Our research shows that many times these scammers are after your credit card information. They want to rack up fraudulent charges before you notice. In order to keep you from being suspicious, they will provide you with a legitimate looking report. Providing this will also prevent you from being able to dispute the charge on you credit card. You'll be out the cost of the report even if you get the fraudulent charges that the scammers make taken off your statement.

Believe me folks, we here at have seen some of these phony VIN reports and you can tell they are fake; many of these reports give you nothing more than a VIN# decode which you can get free from many sites anyway. Then wrapped around this VIN decode data are a few pages of bogus nonsense, much of the fluff data categories on the report redundant, to make it look like you have some big report, but's really hot air. It is the online equivalent of snake oil.

Of course once you become suckered and fall for their trick and complete the task of buying this phony VIN report from the site under the scammer's control, you'll never see or hear from them again. They are scammers likely in another country like Jamaica or Nigeria who never intended to buy your car; they just want your money. And you just gave it to them. Unfortunately, you are likely to remember them when you are dealing with getting fraudulent charges removed from your credit card.

In the past we warned you that the only vehicle history reports worth getting are from Experian's Autocheck and CARFAX; after these 2 reputable firms, the quality of the reports drops off a cliff, and certainly any site that some person posing as a "buyer" on Craigslist sends you to spend money on will be junk at best, and fraud/stolen credit cards at worst.

We had also warned you to look for sites that:

How the scammers upped their game to trick you

Well it is no secret that for years we have been warning the public about online scammers, so the scammers saw that we warned you about looking for the https:// at the beginning of their domain name. So now the Craigslist scammers have adapted their game a bit and are now using secure https web sites.

Why didn't scammers just use secure https sites from the start?

About 2 years ago when we started seeing these phony VIN web sites, people were just starting to migrate their web sites from http to https, even though most e-commerce shopping cart web sites were already what we call secure socket layered, which is indicated by the https and the tiny padlock icon next to it.

But regular content blog and news sites like ours were not secure because we don't sell anything, and there is no reason for us to have you sign in. But in stepped Google, the 800 pound gorilla and told all webmasters if you want to your site to rank with good SEO, you better switch to secure sites using https.

The barrier to getting a secure web site is now easier for scammers

Two years ago when we switched our site to secure, it was a week long nightmare kluge-fest, of buying your secure certificate here, going back to your web host to do this, that and the other thing, and it took a lot of testing to get it working. This was too much work for the scammers.

Now when scammers take out new domain names, the registrar gives them opportunity to pay a couple of bucks extra for the secure site and it now happens pretty seamless for them. The scammers think that now with their added https on their site that it adds another level of legitimacy for them when you see the padlock on their site.

Don't be fooled by scammers using the https web sites

The best strategy you can adhere to is remember don't ever go to a link that anyone on Craigslist tells you to go to, not ever. If you stick to that, you'll be safe and never fall victim to them. Now you know what the scammers think you don't know.

Here is an example of a site that a Craigslist scammer told us to use, called VinHistories, and look at the screenshot of it below, you'll see they even made this a secure site for you as well.

Suspicious VIN history report site from Craigslist scammer

Suspicious VIN history report site that a Craigslist scammer posing as a buyer told us to use

How to dissect and determine if a VIN history site is a scam

Try running a Google Maps search on the fake web site's street address

Most of these sites have Contact Us pages that list the address of their "headquarters." But these guys often steal an address out of public record, not expecting your attempts at vetting them out by looking it up and confirming the address on Google.

Continuing with the VinHistories site that the Craigslist scammer above told us to use, we knew it was a scam right out of the gate. Why? Because the "buyer" told us to run a report there, that is your first red flag.

Look at the age of the web site in question

OK, so now let's have some fun and lookup the domain name. Now you can see below the result of the WHOIS lookup, and it reveals another startling red flag for us. The site domain name was just created in June of this year, hardly an established brand like you would expect:

Domain name lookup shows this site is only a few months old

Domain name lookup shows this site is only a few months old, not an established business

By comparison to the above site that the scammer told us to use, the real companies we know like AutoCheck and CARFAX had their web sites created in 1999 and in 1997 respectively. That is the criteria you need to look for in an established company.

Scammers like to use fake addresses on their Contact Us page

Are you ready for some more fun? Go to the web site's Contact Us page, and see if there is an address or a live chat that is actually functional. See our screen shot below of their page captured today. Look at the format of their street address, see anything weird about it? Is that the way you would write down the address?

Also we Googled their posted mailing address and searched on Google Maps which you can see below and their address resolves to an apartment in New York. Not sure that gives me a warm and fuzzy feeling that I'm dealing with an established company. Plus a few other suspiciously named VIN sites show up in the Google search results for this address. When I see stuff like this, it typically turns out to be an address grabbed out of public record, or a previous identity theft victim's address.

Final tips to avoid the Craigslist phony buyer scams

As I mentioned last year, when you are selling something on Craigslist, money should flow toward you from Craigslist buyers who show up in person with cash in hand. Money never flows away from you to any other site or person. If you just key in on that fact that as a seller never let one cent leave your wallet, no matter what the circumstance is, then you'll avoid 100% of all the possible scams.

Look for the red flags I mentioned above, and remember like stale old saying goes, if it seems too good to be true, it is a scam. If a buyer says they want to buy your car and they have not seen it yet, that should be a red flag. The buyer should be getting your VIN and paying for their own report, not the other way around. If they tell you to go run a report somewhere, don't ever answer them back.

What type of scams did you encounter trying to sell your used car online? Let us know in the comments below.

Author Jeff Ostroff

About The Author: Jeff Ostroff

A lifelong consumer advocate with over 20 years of unparalleled expertise, Jeff is the Founder, CEO and Editor-In-Chief of As chief consumer advocate, he oversees a team of experts who cover all aspects of buying and selling new and used cars including leasing and financing.

For decades, Jeff has been the recognized authority on vehicle purchasing, sought out often by the media for his decades of experience and commentary, for live call-in business radio talk shows and is cited often by the press for his expertise in savvy car shopping methods and preventing consumer scams and online fraud. Jeff has been quoted in: CNN, MSNBC, Forbes, New York Times, Consumer Reports, Wall Street Journal and many more.

Jeff also has extensive experience and expertise in new car brokering and selling used cars for clients on eBay and Craigslist. Connect with Jeff via Email or on Twitter. has affiliate relationships with multiple web sites. We are paid referral fees for leads or sales generated from visitors that click on some links or fill out certain forms on this site. Please view our advertising policy page for more information.