Craigslist Used Car Scammers Up Their Game with More Convincing Secure Sites
Published November 29, 2016
Scammers targeting used car sellers on Craigslist now using sites with "https" to trick victims.
About a year ago we started warning the public about a rather clever new scam plaguing people who were trying to sell their used car on Craigslist. The scammers will scan Craigslist listings with robot software, and reply to your ad either via email or text message, posing as a buyer who really wants to buy your vehicle.
They give you some bogus story about being afraid of getting ripped off on a lemon so they tell you to run a vehicle history report on this third party web site which they provide the link to, and they want you to run this report to make them feel at ease about buying your car.
This scam is either about stealing your credit card number by way of their fake VIN report site, or by collecting an affiliate fee for sending you to this Vin history site that offers you a joke of a watered down vehicle history report.
Scammers are trying to get your credit card
They build trust with a snake oil report
Our research shows that many times these scammers are after your credit card information. They want to rack up fraudulent charges before you notice. In order to keep you from being suspicious, they will provide you with a legitimate looking report. Providing this will also prevent you from being able to dispute the charge on you credit card. You'll be out the cost of the report even if you get the fraudulent charges that the scammers make taken off your statement.
Believe me folks, we here at CarBuyingTips.com have seen some of these phony VIN reports and you can tell they are fake; many of these reports give you nothing more than a VIN# decode which you can get free from many sites anyway. Then wrapped around this VIN decode data are a few pages of bogus nonsense, much of the fluff data categories on the report redundant, to make it look like you have some big report, but's really hot air. It is the online equivalent of snake oil.
Of course once you become suckered and fall for their trick and complete the task of buying this phony VIN report from the site under the scammer's control, you'll never see or hear from them again. They are scammers likely in another country like Jamaica or Nigeria who never intended to buy your car; they just want your money. And you just gave it to them. Unfortunately, you are likely to remember them when you are dealing with getting fraudulent charges removed from your credit card.
In the past we warned you that the only vehicle history reports worth getting are from Experian's Autocheck and CARFAX; after these 2 reputable firms, the quality of the reports drops off a cliff, and certainly any site that some person posing as a "buyer" on Craigslist sends you to spend money on will be junk at best, and fraud/stolen credit cards at worst.
We had also warned you to look for sites that:
- Are not secure, meaning they don't start with https:// in their name
- They had dashes in their name, because all the quality names have been taken
- The link the scammer sent you to redirected to another site
- Fake mailing addresses on their site lead to nowhere
- The domain name is only days or months old, not years old and established
How the scammers upped their game to trick you
Well it is no secret that for years we have been warning the public about online scammers, so the scammers saw that we warned you about looking for the https:// at the beginning of their domain name. So now the Craigslist scammers have adapted their game a bit and are now using secure https web sites.
Why didn't scammers just use secure https sites from the start?
About 2 years ago when we started seeing these phony VIN web sites, people were just starting to migrate their web sites from http to https, even though most e-commerce shopping cart web sites were already what we call secure socket layered, which is indicated by the https and the tiny padlock icon next to it.
But regular content blog and news sites like ours were not secure because we don't sell anything, and there is no reason for us to have you sign in. But in stepped Google, the 800 pound gorilla and told all webmasters if you want to your site to rank with good SEO, you better switch to secure sites using https.
The barrier to getting a secure web site is now easier for scammers
Two years ago when we switched our site to secure, it was a week long nightmare kluge-fest, of buying your secure certificate here, going back to your web host to do this, that and the other thing, and it took a lot of testing to get it working. This was too much work for the scammers.
Now when scammers take out new domain names, the registrar gives them opportunity to pay a couple of bucks extra for the secure site and it now happens pretty seamless for them. The scammers think that now with their added https on their site that it adds another level of legitimacy for them when you see the padlock on their site.
Don't be fooled by scammers using the https web sites
The best strategy you can adhere to is remember don't ever go to a link that anyone on Craigslist tells you to go to, not ever. If you stick to that, you'll be safe and never fall victim to them. Now you know what the scammers think you don't know.
Here is an example of a site that a Craigslist scammer told us to use, called VinHistories, and look at the screenshot of it below, you'll see they even made this a secure site for you as well.
How to dissect and determine if a VIN history site is a scam
Try running a Google Maps search on the fake web site's street address
Most of these sites have Contact Us pages that list the address of their "headquarters." But these guys often steal an address out of public record, not expecting your attempts at vetting them out by looking it up and confirming the address on Google.
Continuing with the VinHistories site that the Craigslist scammer above told us to use, we knew it was a scam right out of the gate. Why? Because the "buyer" told us to run a report there, that is your first red flag.
Look at the age of the web site in question
OK, so now let's have some fun and lookup the domain name. Now you can see below the result of the WHOIS lookup, and it reveals another startling red flag for us. The site domain name was just created in June of this year, hardly an established brand like you would expect:
By comparison to the above site that the scammer told us to use, the real companies we know like AutoCheck and CARFAX had their web sites created in 1999 and in 1997 respectively. That is the criteria you need to look for in an established company.
Scammers like to use fake addresses on their Contact Us page
Are you ready for some more fun? Go to the web site's Contact Us page, and see if there is an address or a live chat that is actually functional. See our screen shot below of their page captured today. Look at the format of their street address, see anything weird about it? Is that the way you would write down the address?
Also we Googled their posted mailing address and searched on Google Maps which you can see below and their address resolves to an apartment in New York. Not sure that gives me a warm and fuzzy feeling that I'm dealing with an established company. Plus a few other suspiciously named VIN sites show up in the Google search results for this address. When I see stuff like this, it typically turns out to be an address grabbed out of public record, or a previous identity theft victim's address.
Final tips to avoid the Craigslist phony buyer scams
As I mentioned last year, when you are selling something on Craigslist, money should flow toward you from Craigslist buyers who show up in person with cash in hand. Money never flows away from you to any other site or person. If you just key in on that fact that as a seller never let one cent leave your wallet, no matter what the circumstance is, then you'll avoid 100% of all the possible scams.
Look for the red flags I mentioned above, and remember like stale old saying goes, if it seems too good to be true, it is a scam. If a buyer says they want to buy your car and they have not seen it yet, that should be a red flag. The buyer should be getting your VIN and paying for their own report, not the other way around. If they tell you to go run a report somewhere, don't ever answer them back.
What type of scams did you encounter trying to sell your used car online? Let us know in the comments below.
About The Author: Jeff Ostroff
A lifelong consumer advocate with over 20 years of unparalleled expertise, Jeff is the Founder, CEO and Editor-In-Chief of CarBuyingTips.com. As chief consumer advocate, he oversees a team of experts who cover all aspects of buying and selling new and used cars including leasing and financing.
For decades, Jeff has been the recognized authority on vehicle purchasing, sought out often by the media for his decades of experience and commentary, for live call-in business radio talk shows and is cited often by the press for his expertise in savvy car shopping methods and preventing consumer scams and online fraud. Jeff has been quoted in: CNN, MSNBC, Forbes, New York Times, Consumer Reports, Wall Street Journal and many more.