Squaretrade / Craigslist Scam

Viewing 5 reply threads
  • Author
    Posts
    • #38026
      Avatardnathan
      Participant

      I usually buy through eBay/Paypal, but was encouraged to try Craigslist. I found an FX1 there from a guy in NY and arranged to buy it. He told me about Squaretrade, and of course I knew about Squaretrade through eBay. Then I received two emails from transactions@squaretrade.com; the first "verified" the seller as a seal member and the second gave me instructions on sending money through Western Union.

      I wouldn’t have taken the bait if the email had come from anywhere but squaretrade.com.

      I’ve complained to the Attorney General in NY and in San Francisco (Squaretrade headquarters). Of course I started at Squaretrade, but they are nameless and faceless. I’ve since learned of this scam with emails generated from bogus URLs like verification@transactions-squaretrade.com, but with this coming from squaretrade.com, I would think they’d be liable. Thoughts?

  • #167867
    Avatarjetson
    Participant

    And beware that a URL can be masked to look like anything!

  • #167868
    Avatardnathan
    Participant

    How can an email be masked? How could a person send an email with a false ‘From’ entry? I tried it with outlook and sent a test message using

    Test Testing [test@test.com]

    When it showed up in my inbox it read:

    D Nathan Salsbury [dsalsbury@cox.net]; on behalf of; Test Testing [test@test.com]

    Perhaps he has special software to do it.

    The other point of confusion is that I have a full name and address to which I sent the funds through Western Union. Wouldn’t this have to be his real name to receive the money? If that’s the case why would he open himself up to being thrown in jail?

  • #167870
    Avatarjetson
    Participant

    Well, I guess I didn’t compleely understand all of the steps you took. I was just thinking about the scam emails that are abundant out there that misdirect people to what looks like a legitimate web address, like ebay or paypal. The recommendation in those cases is to type the url as you know it into your browser rather than click the link in the email.

    The other side of scamming is more on the "social engineering" front, where people are led to believe something that is not true, through pure trust – the worst kind if you ask me.

    I really hope you can get some leads on this…

  • #167869
    AvatarAnonymous
    Inactive

    dnathan

    How can an email be masked? How could a person send an email with a false ‘From’ entry? I tried it with outlook and sent a test message using

    Test Testing [test@test.com]

    When it showed up in my inbox it read:

    D Nathan Salsbury [dsalsbury@cox.net]; on behalf of; Test Testing [test@test.com]

    Perhaps he has special software to do it.

    The other point of confusion is that I have a full name and address to which I sent the funds through Western Union. Wouldn’t this have to be his real name to receive the money? If that’s the case why would he open himself up to being thrown in jail?

    dnathan,

    Never underestimate the power of the hackers. You would be surprised as to how they can trick you through secretly buried code and re-directed links. The link you may physically see on a web page may not be the actual address its tied too.

    If you are using MS Explorer, one way you can tell is when you hover over a link with your mouse pointer, the address should appear at the bottom of that window within the window frame. Ive seen it where that address is not even close to one that was listed on the web page. Also sometimes you might end up seeing that address but at the other end, it might be set up to re-direct your email or the link of which you may not even be aware of. This is why everyone has to be very careful when checking out or buying stuff from on-line vendors. Stay with the reputable sites and stores. There you at least get what youre paying for. Going to some fly-by-night operation just to save $100 is not worth it because in the end you get NOTHING for what you paid for. πŸ˜‰

    RAM

  • #167871
    Avatarralck
    Participant

    I know this is a really old thread, but I thought I’d add my two cents here.

    You can actually make a fake email look very real. You can use a PHP script to generate the email headers and actually inject real looking content (like stuff he ripped out of the headers of a valid squaretrade email) to make it virtually indistinguishable(sp?) from a real email. This is how businesses have those ‘no reply’ emails. My school does this with some of the admissions and other stuff.
    This system was originally designed for businesses to set up no reply emails and have it not go automaticlly to the spam folder, but unfortunetaly, hackers have found out how to do it as well.

    So there’s my simple explanation of how he probably did it. The advice from others on how to buy from trusted sites and such is great advice and should always be followed (actually, compusolver and others saved me from buying from a grey site when I was looking for my camera!).

    Hope this addition helps anyone else!

  • Viewing 5 reply threads
    • You must be logged in to reply to this topic.

    Best Products

    homicide-bootstrap