From the screenshot, the scam is actually pretty easy to spot if you know what to look for. Here's some clues:
1. All accomodations are available (w/d in unit, pets ok, wheelchair accessible, furnished!) - eliminating listings with all of these checked will nearly eliminate the scam listings.
2. The description doesn't include any information about who's the renter. Usually the landlord or property manager will mention something about themselves.
3. Professional photos. This in itself is not a giveaway, but given the above two clues, almost always indicates the photos were taken from another listing. A reverse image search can confirm.
4. The deal is too good to be true. Know the market. $4.5k may not be enough to get you a furnished luxury 3BR single family home in the Bay Area.
I've had to browse through a lot of CL listings in the Bay Area and these are the nearly guaranteed ways I've found to eliminate the scam listings.
If that's not enough, I start my emails with requesting times of showings. If someone isn't willing to commit to meeting and showing me the place, I won't go any further.
> Anyhow, the single most significant indicator of all rental scam is that the perpetuator is not going to show you the apartment in person.
Yup; never rent a house long-term without seeing it for yourself and meeting the landlord in person. Never sign anything sight unseen. And don't click on links in email.
Interesting that the scammer asked the author to search on airbnb themselves; that's what I'd do to avoid following a scam link. But if the house is not found, the victim will ASK for a link, increasing the chances they'll click on it by over 9000. And if the victim doesn't trust it, they'll just bail out - like with the poorly written emails, a good way to filter out victims.
They have rental scams here where they will show you the house as well. One is where they pretend to be realtors and get the key from the listing agent.
I usually look up the tax records of the house. They are usually available on the county website and will show the owners name and when the house was last sold.
So, we often hear that "it's so easy to detect these scam listings" in ebay, amazon, air bnb, here, etc. (same for false reviews, etc.) But if it were so easy, why do companies not work harder to block them out? (I know, Craig's List is a bit of an outlier as a hands-off marketplace, but let's assume that they come under fire for these issues and are forced to make a statement)
Is it the liability issues (blocking content implies taking responsibility for the content instead of just being a middleman)? Is it fear of driving the scammers to make ever better listings? Is it that the costs to do this outweigh gains? Is that the tech would have too may false positives?
All of these 4 steps are technically automatible; what's stopping these companies from implementing them?
> But if it were so easy, why do companies not work harder to block them out?
Heuristics that are easy for a human to apply aren't always so easy for a computer. How do you quickly judge in a programming language if a photo is of professional quality but nothing about the renting agent is mentioned? How do you judge if it's priced high enough to be vaguely plausible, but suspicious in context, by knowing intimate details of the local market in the way someone living there does?
I think detecting scams is much harder than most people really want to admit. Which is why stopping them is challenging.
Average one-bedroom rent in San Francisco is $3,520, and two bedrooms is $4,550. It's much cheaper elsewhere in the Bay Area. In Oakland, average one-bedroom rent is $2,470, and two bedrooms is $3,050. $4,300 is very plausible in Oakland.
My numbers are a bit off since I last looked, and yes I was mostly looking in SF. Thanks for mentioning- I'll edit it. It definitely won't get you a furnished 3 BR with a decent interior like this place.
That is really mind blowing to me. I just looked at the local rental website for my small town and the first 2 bedroom duplex I looked at had a nice yard and looked good on the inside and was only $900/month. That is in Canadian dollars too I may add. That $4550 would be about $6000 Canadian and you would have people begging you to move in if you agreed to pay them a portion of that.The highest rental I see on the site right now is about $1800Cad.
SF is just another world to me, whenever I read about salaries or rent, it might as well be on Mars. We just bought our first home(3 bed, double drive, large garden) in a large UK city and the mortgage is £580/month(~$750 for you Americans). And it's not like we're poorly paid either, we both drive brand new cars, go on holidays twice a year etc etc. And then you get SF residents being paid well into 6 figures and unable to have a decent standard of living. It's just crazy to me.
>And then you get SF residents being paid well into 6 figures and unable to have a decent standard of living. It's just crazy to me.
To be more accurate, it is only a subset of SF residents (in the IT space) that get that kind of pay, I often wonder how is the life of those that do not belong to that elite and that do not make that kind of 6 figures money.
And set an arbitrary threshold at 45 US$/hour, the amount of people exceeding that are 31.1%, if we set it at 50 US$/hour they are 19.4%.
If we draw another line, those that get less than 25 US$/hour are 42.1% and those that get more than 25 but less than 45 are 26.6%.
So, even if we assume that 40% of people commutes for long distances (and BTW technically are not SF residents), since only between 20% and 30% of San Francisco workers can actually afford it, it still leaves us with 30%-40% of people that must be in a really tight spot.
I'm not an expert in California, but if I understand prop 13 correctly it is possible some of those are people who have lived in SF for many years at the same address - their house is paid off and taxes are minimal so they can afford to live on much less. If your house only costs $400/month to live in ($100 insurance, $100 taxes, $200 other utilities) minimum wage still leaves plenty left over, and presumably if you bought a house 30 years ago you were worth more than minimum wage...
Maybe that would account for a part (I am also not at all an expert in California, so it is just speculation), but those cannot reasonably account for 40% of workers.
I mean, if you live in SF and have a yearly income of "only" 50-60,000 US$ working some 2000 hours at 25-30 $/hour, and you live in a house that you can rent for roughly the same amount or that you can sell for (say) a million, what actually keeps you there?
Maybe you can find somewhere else a similar job, paid in the 15-20 $/hour range, you lose 20,000 on the job but get an additional 40,000 from the rent or from interests on the capital.
It's all about the area. I have friends who moved to Chandler AZ and rented an entire single floor house with 2 car garage, 2br and in ground pool for $800 month. That was 5-6 years ago but way more affordable than the 1600+ in NYC for a 2br apartment.
I am Canadian. I live on the West Coast. Vancouver has lots of high expense rentals but move out from there and any of the small communities there are plenty of low cost nice rentals.
The problem is if they have some renters at the high price it is better to say they have tenants coming (even though they never arrive) than rent for cheaper and risk the old tenants find out the price is lower and they demand a reduced rate. Now add in a bank who is auditing your books: if you have some empty units "almost rented" that looks better than full units but you are not making enough on rent to pay the mortgage - even though either way you are not making enough in rent to pay the bills.
Bank loans to landlords do not contain convenants requiring that all units be rented for $x. You appear to be confusing policies that some lenders apply when originating loans with covenants that borrowers have to follow on an ongoing basis. Those are not the same.
Probably because waiting for the property value to increase over a year or two and then deducting paying the loan rate/interest over the time is more profitable.
Classic perverse incentive, the only way to fix this is a drastic vacancy tax.
The house appears to exist as pictured at the claimed address on Google maps. Oddly, although Jeffrey's emails about the place were from a couple weeks ago, this current ad says "Posted a day ago". It also says "Call Laurence", although as before there is no phone number.
Personally, I'm still not completely sure this is exactly the scam that is being described. I'm wondering if there might be another layer here --- maybe someone who took over an existing Craigslist ad? It does seem very well crafted for a plain rental scam.
Edit: There is also a listing for the same house with same pictures on VRBO with 172 positive reviews: https://www.vrbo.com/564881. Given all the reviews, I presume that one is the real one. Maybe the Craigslist ad is a just a straight copy of this?
Edit 2: Ooh, I wonder if the reason that the scammer is willing to meet people at the property from February 14th to 16th is that he has it reserved for those dates from VRBO. Might be interesting to cross-reference.
I was renting out a house in the greater bay area a few years ago. Someone copied the ad word for word, photo for photo, and posted it half price. I was alerted by a suspicious apartment seeker. I think searching CL or even just the web with snippets from the ad could help figure this out.
Copying photos and the body text of a legitimate ad would certainly be a lot less time and effort on the part of a scammer than writing new custom scam ads every time.
Oh boy, story time. I encountered the opposite scam.
I was selling a house myself. I took photos, paid to have it listed, posted a sign out front, and posted ads in various places including CL.
Someone contacted me to say they responded to an ad on CL for a rental house. The prospective renter was told by the scammer he was out of town and that they could go to the house and look around the property. He would transact the rental remotely and mail them the keys if they liked it. They were also told to ignore the For Sale sign out front! They did go see the house but saw the For Sale sign and called the number - me - at which point we figured out what was going on. They had also spoken to the guy on the phone, who sounded foreign.
I found the CL fake rental ad, it was all of my photos from my sale posting, simply copied onto the fake rental ad. I responded to the ad and almost instantly got a long response from a Hotmail address. It was clearly a prepared response and included some clumsy standard rental application forms. Anyone who fell for this would have lost their rent/deposit/security as well as all their private info.
Local police couldn't do anything about it but traced the phone to a VOIP, dead end. CL pulled the ad.
It's pretty strong to assert that it is universally possible. From a technical perspective, yes, you can determine the origin of all VoIP calls in exactly the same way as you can determine the origin of all IP packets. This is to say, yes in theory, but in practice, no in many situations, not even necessarily when the origin has intentionally been obscured.
Cold-call spam may in many cases originate from corporate PBXs or VoIP setups which were compromised by an attacker. I'm not sure how common this is but know it happens as I have been involved in the response/cleanup on two different occasions. This is perhaps the most difficult to track case as it becomes a matter of forensics on the compromised PBX setup. This is less likely for inbound though because it's not a very stable arrangement. It is also not unheard of for non-VoIP telecom providers, generally overseas, to be themselves corrupt and involved in facilitating malicious uses of the telephone system (e.g. international calling termination rate scams).
On the other hand, there are a huge number of VoIP providers which may operate overseas, may not be very responsive to complaints and requests, and even unintentionally may not retain logs that allow them to identify customers. This means that when law enforcement determines that a call originated with a VoIP provider (via phone provide records), there is a high chance that getting information about that provider could require costly legal proceedings and even then result in a dead end.
I personally use a VoIP provider right now for completely non-malicious purposes that would probably be very difficult for law enforcement to identify me from because I know the provider to be overseas, small, and to have generally poor operational practices. This isn't even a provider which markets explicitly to criminal uses (which very much exist!), it's just an extremely cheap one.
Yes, law enforcement are certainly not doing everything which is possible. But it's far from a cop-out - law enforcement has limited resources and the way things are right now VoIP providers can easily become a very frustrating dead-end.
Nod. The cops were decent, they put some effort in, but it wasn't the crime of the century so they weren't going all-out with subpoenas for an attempted petty scam. Also, we couldn't find anyone who was actually burned, although this guy could have been operating many ads in many markets. It's a living, I guess.
More should be done to standardize VOIP tracking. It's a huge problem and this method is widely used for scams.
I don't know if caller id spoofing can be prevented though. I get on average 10 scam calls daily, some days more. My phone is on vibrate and am using this as a way to relax instead of geting upset. I stand up from my desk and take a walk around the office. It mostly doesn't bother me but sometimes when it catches me at the wrong time it does get to me and Id rather this stopped. Sure, my phone does give me the 'Scam likely' but I wouldn't pick up from phone numbers that are not in my address book anyway. And I if phone vibrates I check after I finish what I currently doing so it could always wait.
What bothers me is the ease with witch someone on the other side of the planet can do this. This thought only bothers me...
Neighbourhood spoofing is definitely a problem because I have on-call and it means it could be a known or unknown colleague (big org).
Then there’s the time the scammers called every number sequentially (or simultaneously?) in a number block, jamming the incoming/outgoing lines because we have an exchange code block, but only a reasonable number of lines.
I’m currently shopping for a house and have noticed tons of listing pictures are now watermarked with “not for rent”. Now I finally understand why. Thanks :)
The scammer almost immediately sending a bunch of photos of 'himself' is very interesting to me.
I've noticed the same technique on dating apps. 9/10 times if the person you're talking to is not real they'll send a 'casual' looking photo after 3-4 back and forth messages, completely unsolicited.
Like the author of this article it seems to be a misguided attempt to prove that they're real somehow and immediately gives away that they're not. When this happens on dating apps I like to give them my Google Voice number and play along for a bit to waste their time. They usually end up pretty angry and it makes me laugh.
I've noticed the same technique on dating apps. 9/10 times if the person you're talking to is not real they'll send a 'casual' looking photo after 3-4 back and forth messages, completely unsolicited.
I used to do the same when online dating -- despite many people's claim to the contrary, much of dating is physical (i.e. visual) attraction, so I sent additional pics (natural, not staged) early in the conversation just to find out if it was going to go anywhere... whether solicited or not.
But I was male -- if a super attractive woman sent me pics unsolicited, then I knew it was a scam. (my apologies if any real women were out there that look like super models, but were searching for your true love online if only someone would help you pay for a visa)
So you're saying dating sites are also full of scammers trying to con people out of money somehow? That fits. I have a (decades) old account on one of them which I recently noticed was sending messages to my spam folder. I reset the password etc to get back into the account, where I found a bunch of fake pictures (i.e. not of me) along with the old text I had there and my own attributes. Was wondering what was going on. I guess my pictures weren't deemed good enough for the scam.
I had that happen and I pointed out that the website already had her photos up, and I had mine up. But she was really insistent that she send me a pic anyway so she could prove she was real. Any time someone tells you they're a real person without you asking if they're a real person is a bit fishy.
Sending unsolicited photos of yourself is weird. But sending a link to your instagram or twitter. Of course, if the scammer had social media, then people would report them to get their accounts banned or there would be comments about being fake. Not to mention having 1 followers.
What I'm left wondering is: what is the payoff for these scams? These aren't easy to scale, as you need to be manually writing plausible looking, personalized emails, waiting for someone to take the bait, "nurture" them over days or weeks, etc. Also you need specific, valuable skills: between the social engineering, the actual engineering, the perfect grammar, the creativity, someone who can pull this off can definitely get a high-paying, honest job pretty much anywhere. Add to that the hassle of having to constantly change web hosts, stories, payment processors, etc. as you're constantly going to be chased by your previously scammed "customers", and the very real risk of prosecution. The payoff must be ENORMOUS for it to be worth all this trouble. What am I missing?
Large parts of this can be automated (scraping profiles, setting up ads based on that scraped info, templates for responses etc), CRM system to track interactions, for which you have 'white collar' staff. The rest you farm out to call center style operations, the 'blue collar' work, who can also do things like 'customer support' for ransomware victims etc. There are entire villages in e.g. Eastern Europe that are notorious for housing gangs like this. They're actual businesses, ran in a professional manner, with an HR department and tech support guys and accounting people etc. The key to financial success is keeping all your staff occupied in a efficient manner - balancing the 'lead generation' with the actual work involved, just like any other business.
Edit: Google "Râmnicu Vâlcea" if you're into this sort of stuff and have some time to go down an internet rabbit hole.
First month + last month + deposit (1-2 months) to move in. It's also very common for landlords to ask for cashier's checks or even cash to avoid possibility of checks bouncing. The rent was $4300/month so this could easily be $15k. Per person they can sucker up until the final deadline for renting it. That scumbag might be making more than we do.
I'm guessing there is little risk of prosecution wherever they are.
I think you’re missing professionalization. Writing mortgages would sound implausible, too, if each were the product of an artisan, but there is (effectively or actually) a company here, plausibly with an office, payroll, quarterly targets for on-target compensation, etc.
(This scam has unit economics strikingly similar to being a mortgage broker, with lower capita requirements, minus all the pesky compliance bits.)
Also note that a lot of the folks working for this economy don’t have high-quality access to the legitimate side of the software industry, because they live somewhere we don’t/can’t hire.
One of the best things we could do to drain the swamp is outcompeting Evil, Inc for some of their lynchpin specialists and managers.
There is also an identity theft vector. I’ve encountered scams from NYC CL apts that targeted PII for “credit checks.” I’ve had a man give me a very innocuous looking form to fill in all my sensitive details including SSN, previous addresses etc. It’s easy to fall for something like that, especially when you’re desperate for an apartment you can afford.
(Btw, KYC laws don’t help in this regard, as they condition us to give our PII to anyone who asks for it — so long as they have sufficient leverage over us, we won’t ask any questions.)
There are professional organizations running operations on Craigslist in major cities. Identity theft can be a foothold into much greater schemes, and PII is always a valuable commodity regardless.
It’s potentially a twofer: steal 3 months rent and your identity!
Are you kidding? They copy the stuff from other ads, have email templates. You could set this up including the fake airbnb website in a few hours, quicker if you get good at it. All from your own home, little chance of getting caught, and the possibility of $1000s.
> can pull this off can definitely get a high-paying, honest job pretty much anywhere.
You may have to consider that there are not-so-few countries where a monthly wage of 500-1000 US$ for a good, honest job is the norm or possibly even a good wage, if the scammer can make 1 of these per year he/she is on par with what other people get, if he/she can make 2 of these per year it is more than enough.
Given some of the absolute insane move In requirements I’ve seen for some places in SF, if you can get one sucker per month, you can easily net 10-15k/mo
I’ve seen places asking for first, last and deposit as rent and a half for 4000/mo places.
> you need to be manually writing plausible looking, personalized emails,
They are not so personalized, are they? Look at the huge email with the pictures and everything. Most of it could be a template. Some of them could be one off, but they are small.
They can also just write once and copy and paste relevant sections as needed. Doesn't sound like such a big deal.
Packing up shop after you have racked in enough profits also doesn't seem like a big deal. Heck, you could be preparing your next 'camp' even as your current one is returning profits.
> and the very real risk of prosecution
May not be so real depending on where the scammer lives.
Getting a job works if you live in an area that has those jobs available. The currency that you get from these scams might also convert really well to the local currency, making it higher paying than a real job.
Marginal cost for each new pursuit is essentially zero, limited to the ad cost (often zero, like CL).
There were tons of fake CL ads for the Super Bowl and NFC Championship games, asking as little as $850 for Super Bowl tickets (minimum real market price ended up $5000+). Yet people fall for it all the time.
A similar, though less sophisticated, scam has been around in France for over a decade.
They put ads with professional photos on websites with rental offers (the price is good, almost too good to be true but you're desperate for a place to live and think that maybe, just maybe, you got very lucky), talk to you in polite and agreeable manner, offer a visit and then demand a downpayment before the actual visit occurs.
The red flag was that they demanded a scan of ID before the meeting (the landlord cannot ask for it beforehand) and of course the downpayment request. I searched online after that and found out it's been around for a looong time.
Be careful who you're paying!
And deep within that thread are links to a couple other scams by the same person for an NYC apartment and a car for sale. What would need to change so that serial scammers like this are arrested rather than allowed to continue preying on people?
You could have some digital technology that allows a person to credibly prove that they own a particular property, that is resistant to hacking techniques.
Alternatively you could have a legal rule that requires the seller to turn up in person with ID, and police could search for scam listings and then go arrest the scammers, and fine lazy legitimate sellers who want to break the rule.
The very first email from the "landlord" would tell me it was a scam. Maybe it's just because I've been doing things on the internet from before the web was a thing, but that's a pretty obvious scam.
The whole "I'm working away from my usual home city on oil/mining/gas projects in (HARD TO REACH LOCATION)" thing is at least 20 years old now for scams.
Maybe. Real estate is weird, full of odd personalities, third parties, bizarre business practices.
My first NYC apartment I left the broker feeling 90% sure I had been scammed. But all of the things that seemed weird to me were actually fairly normal and indeed I had the place. In big cities where rentals are big business, the unusual is pretty usual.
My first real job I got from a recruiter who reached out with an email of broken English and different fonts/colors. Turned out to be a huge legitimate company.
Were it not for them saying they would be in town to sign the lease and accept payment, I would agree with you. If not for that, I would call this an unusual arrangement, but not 100% a scam.
My rule though is to never put down money down, except for a reasonable application fee, on a place I can’t physically see the inside of, in the company of someone with a key. That would have stopped me from going ahead with the deal altogether, and it stops 99% of all rental scams.
This is a great rule but there are rental scams where they rent the place to show you, eventually give you a copy of the key and the place was never for rent.
Check broker's credentials, do property records searches, be diligent, particularly when dealing with an independent owner.
So apt. I’m moving to the Monterey area in the coming months and looking at places to rent. I started with Craigslist and emailed some listings without thinking much of it. And fell for one person telling me they can’t let me see the property but I have to send them an application with rent attached. I quickly realized what was happening. Then I moved on to Zillow and saw postings by rental agencies mixed in postings by unknowns. So I think those are scammy too(the unknowns). From Zillow I got some names of property management companies and now I look straight on their website.
It seems like people on Zillow copy rental agency postings for scamming. But they definitely copy Zillow postings on to craigslist.
This arrival seemed relevant to what I’m going through now. So I figured I’d pitch in with a bit of my story.
I'm assuming there is a Stripe/other payment form behind the button, and not a login form for phishing. This seems like a lot of work for just phishing. It would seem amenable to actually taking payments because people are booking months in advance, giving you months of no complaints or chargebacks or fraud reports so the criminals can cash out.
It's enough to drain few thousands per sucker with scam this automated.
It will be pushed immediately to a temporary account and forwarded in non-repayable way to the scammer, leaving bank or credit card company to take the fall and a big headache to the user.
That doesn't happen. The whole idea is utterly ridiculous, if someone could cash out credit cards like that they'd just buy the cards for dollars a piece and not waste their time on a
complicated scam like this.
You are wrong because the nature of this setup specifically allows them to ensure no card owner will be able to find out that they've been conned for several months (by only accepting renters who want to move in in several months). If you just buy card info and charge them, some of those card owners will notice right away.
This scams are very common and fairly easy to detected even without contacting the person.
I have been looking at apartments since november and finally found a place in January, and this is the third apartment I have rented in SF over the last 5 years. I believe this one would have been caught by point 2.
Detecting a SF craigslist rental scam:
1. Is it too good to be true? Its a scam. What's too good to be true you ask? Check other listings, especially on something like rentSFnow, or the many other property management company to get a baseline price range.
2. Reverse image search the images and if it comes from a house listing on redfin or some other website to buy/sell houses, its a scam.
3. Does it mention a management company? Check their website, if the apartment is not listed there, its a scam. If they don't have a website, its a scam. Does the building/apartment's google maps or yelp not link to the management company website? Its a scam.
4. Are the pictures really good/professional looking? It MAY be a scam.
5. Does the listing provide no/very little info about the apartment/roommates? Its a scam.
6. Look for listings for the same apartment on alternate sites like apartments.com/hotpad/zillow/trulia. Don't find another listing for the same place? Its a scam, with a minor chance that the owner may not be technically adept, in which case look at the pictures, if they are good, its a scam.
7. Are there multiple postings on the same day/close by with different titles but same content? Its a scam.
If it passes all of these, it may still be a scam, reach out and proceed with caution.
If after reaching out, they ask for deposit before seeing the place, its a scam.
If they ask you to sign up on any website, it may be a scam.
If the sign up requires credit card/bank account or sensitive personal info, its DEFINITELY A SCAM.
Ignore most things they tell you, the only thing you should care about is actually checking the place out and making sure it works for you in person.
Even if they let you see the place, IT MAY BE A SCAM. Proceed with caution and make sure the person actually own the place/has the right to rent the apartment.
Points 2 and 3 are not sure signs of a scam. Some landlords use “stock” photos that may be the same as the ones on Redfin/Zillow/MLS. And, there are “management companies” that amount to an 80 year old guy, his 2 sons, and one of his grandsons, that don’t have a website because they only manage their own properties. These 2 scenarios describe my current and previous apartments, respectively.
Yeah that's the one that stuck out to me. An apartment as nice as the one described wouldn't allow pets, at least not if they're as experienced as they claimed to be here.
> Even if they let you see the place, IT MAY BE A SCAM. Proceed with caution and make sure the person actually own the place/has the right to rent the apartment.
This part was mind-blowing. I would never considered that someone would show an apartment they don't actually own.
This has been a thing in Vancouver for a while now. Scammers would rent fully furnished luxury apartments on airbnb for a couple of weeks, and "show" them to potential tenants as if they were the owner or a person needing to sublet, signing leases, collecting first month+deposit payments from like a dozen different people.
Of course this only duped the most gullible, since nobody should be paying rent+deposit for a $3000/month apartment in cash. Then of course when it came to be end of month and time to move in, the scammer would be long gone.
Real estate is a very fragile system with all sorts of crazy scams. Deed fraud is a thing — people buy houses and incompetent banks write loans on houses that aren’t for sale.
There were a bunch of cases in Brooklyn a few years ago, some were related to corrupt officials in the Surrogate/Probate court and deceased persons property. Others were grifts affecting unoccupied properties. The system isn't really designed to stop these sorts of frauds.
Friend of mines neighbor lives in a rental with an absentee landlord. Someone stole the landlords identity, took out a homeowners loan on the place, then wired the money to a bank in South America. They found out because real estate vultures started knocking on their door.
For a house/condo, presumably you can just search for the property online and see who the owner is. Then when you are only writing checks to the actual owner's name, I would feel pretty safe.
What are the downsides to missing a legit listing on Craigslist versus falling for one of these scams? I think in this case, having a prediction function with high low false negative rate, but high false positive rate for scams is better than the inverse.
What are the downsides to missing a “looks to good to be true” listing that’s real? You miss the great listing... obviously. And great listings are not at all easy to come by in that area.
To be fair my last apartment I rented off Craigslist:
- He paid me $1000 to move in
- Gave me all of his furniture for free
- Paid my application fee
I actually got the apartment via a sublease and opted to continue his lease. A few months ago I sold the furniture for a profit and moved with no issue.
Are you saying that you’re protected from an SSN phish on an illegitimate site because you’re careful to only enter your SSN on legitimate sites? How do you know they’re legit?
In the reply, I'd probably include 1x1 pixel hidden tracker image or maybe a legit looking logo below signature and get the client ip of the scammer's computer when it does http GET on it. The ip can tell more about where they're located.
Reverse Captcha? Send an image, ask them to email you at the address in the image -- at that point their handlers will likely decide you're too much trouble and you'll be ghosted.
It makes me deeply depressed that real estate is huge right now, many more people than ever are renting and we still have to deal with Craiglist scams to find a place to live. Ignoring the fact that the last ten years of UX seems to have passed Craiglist by, it's unbelievable that such a huge site has the absolute minimum of fraud prevention. There are so many comments on here about various kinds of CL scams, why does a trusted marketplace for rental housing not exist?
With these sorts of marketplaces, the major challenge is trying to get small landlords to list. Of course the sites want their listings to be legitimate, though, so there's a tension between making it easy for posters and getting enough information and verification to be able to detect and weed out scammers.
The problem is that scam posts are frequently just copied legitimate posts. The only thing we found that worked was to force communication to go through a messaging proxy to run classifiers on those messages.
Craigslist is the Wild West; use it at your own risk. A few years ago, I answered an enticing ad for a pretty nice apartment in a good school district near Boston. The price was about half what you would expect; that was the only tell.
They answered my inquiry right away and said something about being "away in Africa on mission work and need someone to sublet our place". I supposed this was somewhat plausible, but decided to test them.
Since they said they wanted someone quiet, I said, "We have a pet howler monkey. I hope that's okay."
They replied "That is fine." I then knew something was wrong, so I mentioned that he's not really house trained, and tends to throw things, and then they ghosted me.
Meanwhile, someone else might have fallen for the scam. I did report the ad, of course, but that takes a few hours or days and in the meantime, someone else might have been suckered. Craigslist could really benefit from some kind of comment/review system that would allow you to immediately call out these kinds of posts publicly. Of course it would also require a systematic way to take down revenge or mischief posts that unfairly attack legitimate sellers.
Have had this same scenario play out several times myself on CL. The other most common scammy post is a roommate.com one where when you get in touch with the poster, they have you go to a roommate.com link which basically requires you to sign up for a ~20$/mo membership. I get the need for such sites but I've seen this so often I consider it a scam and wonder if, like hired shills and trolls, people get hired to post such content just to drive membership.
I think you may be saying this sarcastically, but in response to the comment you replied to, at least my browser (Firefox) does do this. On this page, "ycombinator.com" is highlighted in white.
Perhaps even a color chosen based on a hash of the domain name, so a visually similar domain name (e.g. goog1e.com) shows in a different color than the user is used to.
1Password makes it very easy to spot these. If you click on the 1Password icon in your browser and you don't see your account, you're not on the official/right/real domain name.
But this only works for .com, whereas worldwide there are plenty of two-letter TLDs, which are often used as subdomains (e.g. dk.ebay.com and www.ebay.dk.).
Something like this happened to me as well in Germany.
I reported to authorities and they said "well, since no damage was done, we can't do anything"
THANKS, lol!
Interesting! I encountered this same exact scammer recently and as soon as he sent the email with all the pictures I knew it was a scam. I was definitely fooled up to that point as well though...
My apologies..I know this is a bit unrelated but I saw that you had a post for a full stack developer listed almost a couple months ago I wanted to find out if this opening is still available or if it has been filled? Thanks
This was awesome! I didn't know the <a href="https://reverseimagesearch.app">reverse image search</a> was working so well (I never quite thought about this until I did this). I used it on a video game and the algorithm looks amazing!
It's pretty amazing that modern browsers don't flag .com. as a scam.
Is there any legitimate use for addresses like this?
It's also amazing that email software doesn't highlight fake link texts. There should be a rule that if the text looks like a URL then the actual URL has to match it exactly.
This is the one downside of Let's Encrypt. They made running https scam sites cheap and easy. I still think having https everywhere is worth the trade off, but the downside should be acknowledged.
I wish there were an EV certificate like alternative for sites where actual money is involved (banking, hotels, etc) which cost a decent amount of money, so that at least the cost of running these scams would go up. For example, airbnb paying $1000 for one of these certificates would be a rounding error to them, but it would stop a lot of scam sites.
EDIT:
Right now the issue is the phishing protection is reactive in that we try to flag bad sites after the fact. I wish there was someway to make it proactive so that good sites could be attested to.
The fact that domain verified TLS/SSL is possible for free now, compared to a token payment of $7, doesn't change the fact that domain-verified SSL has never been, and should never be a verification of legitimate corporate identity.
That isn't a downside of L.E. though because HTTPS by itself was never meant to imply trust in the site, and any notions to that effect should rightly be dispelled. Sounds more like a benefit of LetsEncrypt if it brought more awareness to this.
And FWIW the EV cert that sites like AirBNB buy cost in the range of $500. The cost isn't what makes it prohibitive, though, but instead it's the corporate and personal identity that they (should) do as a part of the process.
It doesn't even matter. Tax havens like the United States of America or the United Kingdom go out of their way to make it easy for foreigners to create "corporations" with no local footprint, no ties back to anything and no practical way to investigate.
If you have $1000 and don't live there you can set up a bona fide US Corporation today and get an EV cert issued for it, within 24 hours. So long as you pick a unique name in the place where you register (any of 50 different US states) they don't need and won't ask for any further information - the paperwork will show up as "American" even if you can't point at the US on a map and have never even visited in your whole life. Congratulations, you are entitled to an EV certificate for, let's say, Okland Best Property Rentals Inc. a US company that older browsers show a proper American flag for and looks 100% legit but in fact proves nothing except that you filled out a web form and had a few hundred dollars.
If somebody tries to "send in the cops" to "Okland Best Property Rentals" expecting it's some crook who actually lives in California they'll be fighting a multi-billion dollar state-sponsored entity whose purpose is to help (non-US) crooks hide money, the agencies will stall and eventually, after a long and expensive fight, give up a PO box address in Abuja, Nigeria or something. There the trail ends. Bye.
1. All accomodations are available (w/d in unit, pets ok, wheelchair accessible, furnished!) - eliminating listings with all of these checked will nearly eliminate the scam listings.
2. The description doesn't include any information about who's the renter. Usually the landlord or property manager will mention something about themselves.
3. Professional photos. This in itself is not a giveaway, but given the above two clues, almost always indicates the photos were taken from another listing. A reverse image search can confirm.
4. The deal is too good to be true. Know the market. $4.5k may not be enough to get you a furnished luxury 3BR single family home in the Bay Area.
I've had to browse through a lot of CL listings in the Bay Area and these are the nearly guaranteed ways I've found to eliminate the scam listings.
If that's not enough, I start my emails with requesting times of showings. If someone isn't willing to commit to meeting and showing me the place, I won't go any further.