Lord777
Professional
- Messages
- 2,579
- Reaction score
- 1,513
- Points
- 113
It all started with a search for Apple Watch on Avito and Yula's classifieds sites. Among the many ads, a few temptingly low priced offers caught my eye. I understood that free cheese is only in a mousetrap ... and, of course, I hurried to respond to the ads - I wonder what kind of schemes!
Case 1. Find 10 differences
The first ad I responded to was on the Yula service. I found out the price of the gadget and where you can see it. The seller said that he was in the distant Moscow region of Zaraysk and offered to arrange delivery "through the official website of Yula." Usually, the service works as follows: the buyer specifies the address for delivery, reserves and pays for the goods on Yula's website (money is blocked by the service). Next, the courier brings the parcel, which the buyer checks, and if all goes well, the seller receives the money. If the product does not fit, the money is returned to the buyer.
I also sent my data for delivery, and after 10 minutes the seller placed an order for me. At this moment, I received an SMS from the sender SMSVerify with the text:
By clicking on the link, I saw a beautifully and well-made fake of Yula's website, where I needed to pay online for the order:
When you click the "Go to payment" button, the page youla-from.ru/pay/85121135823 opened (of course, also fake). On it, I had to enter my card details and ... say goodbye to money forever.
In both cases, the domains had nothing to do with Yula's official website. He asked the swindler why he was deceiving people, to which he replied: "I do not deceive my own." In response to my complaint, the Yula service blocked the seller.
Case 2. Delivery without an alternative.
The second seller on Yulia immediately indicated sending via the Boxberry service as the only option for interaction. Moreover, he wrote that the delivery service acts as a guarantor of the transaction (although the latter do not provide such a service). At the same time, Yula's robot warned several times that payment outside the service is dangerous:
OK! I sent the seller the data for ordering, and this time I was contacted via WhatsApp. I called the "Boxberry Support Representative" (+ 7-968-501-37-37) to clarify if I received the shipping link:
When he found out that (of course) I hadn't received anything, he sent me information about the package directly in the messenger:
After clicking on the link, I saw a page with information about shipping and payment. You, of course, noticed that the link is different from the official Boxberry domain.
The "support worker" explained that this is another delivery service domain, created due to the heavy load on the service. I sent a complaint about the seller to Yula's support team. He was blocked after a couple of hours.
Case 3. Sending to Nowhere.
Then I found a similar ad on Avito. The seller said that he was in Vladimir and would return to Moscow only in a month, and offered to send the goods through Boxberry. In response, I sent him information for delivery, indicating a non-existent address. To my surprise, the courier service even managed to place an order for it. The seller contacted me via WhatsApp (+ 7-905-817-68-89) and sent me a link to order: box-berry.ru/tracking/?12223376
The link was another high-quality fake:
Naturally, the numbers of the items on the real site boxberry.ru could not be found.
I wrote to the author that he was a fraud, but did not receive an answer(and I wanted to talk so much). Also sent a complaint to Avito.
Case 4. The most "sincere" fraudster.
I left this case for dessert. It has elements of social engineering. So, I found an ad on Yulia and wrote to the seller. It was a girl who asked me for a phone number so that “her father” would contact me. Soon, I received a WhatsApp message from a stranger with a very realistic photo on his avatar: an ordinary person of pleasant appearance against the backdrop of some European city. The watch turned out to be in perfect condition, it was even possible to watch it live (which the previous intruders did not dare to do). To do this, it was only necessary to drive to Stupino, which is about 2 hours away from Moscow by train.
But then a surprise awaited my interlocutor: I have a friend in Stupino who was ready to check everything and buy a watch. What I happily informed the seller about ... And the script changed dramatically: it turned out that the "father" was disabled (he even sent a video), and the watch, it turns out, was with the "daughter" (which, apparently, is not in Stupino), but it can be sent via delivery service (he offered CDEK with an indication of the pick-up point nearest to me).
I sent him a fictitious name and address. A couple of days later, the seller sent me a photo of the receipt as proof that the order was indeed shipped and was expecting payment from me at the sorting center:
I'll be honest: for a moment I even believed that the package would really come (the only question is where). Here we must pay tribute to the "seller": the move is very interesting and beautiful, but ... Firstly, CDEK does not have a "safe deal" service. Secondly, CDEK accepted the package to a non-existent address, and this, according to our logic of communication with the "seller", should have been their point of issue. In addition, on the real CDEK website, I could not check the status of the shipment, since it did not pass the check - the system recognized the sender's phone, but did not recognize the recipient's phone, that is, mine (to check on the site, you need to specify the last 4 digits of the number). Perhaps the scammers really sent the package, but to some kind of contact.
But I received in SMS a link to pay for the parcel from OmegaServis:
CDEK
Received order No. 1176491929
in the name of Petrov Igor Ivanovich.
Estimated delivery date: 05/10/2020.
Delivery address: Mytischi, st. Gorbachev, 1, apt. 59.
Amount to pay: 20.000₽
Track and pay: http-cdek.ru/track?track_id=1176491929
The link led to the fake site of the logistics company:
The page is well done, all buttons (except for payment) are clickable and lead to the official website cdek.ru
There was no point in delaying further, and I wrote to the fraudster that I had disclosed their scheme. Oddly enough, he answered me. He confessed that he was indeed engaged in fraud, and that this "business" began to bring less income.
Helpful hints.
So, summing up my mini-investigation, we can formulate several rules for working with services such as Yula or Avito:
I wish you a happy and safe online shopping!
Case 1. Find 10 differences
The first ad I responded to was on the Yula service. I found out the price of the gadget and where you can see it. The seller said that he was in the distant Moscow region of Zaraysk and offered to arrange delivery "through the official website of Yula." Usually, the service works as follows: the buyer specifies the address for delivery, reserves and pays for the goods on Yula's website (money is blocked by the service). Next, the courier brings the parcel, which the buyer checks, and if all goes well, the seller receives the money. If the product does not fit, the money is returned to the buyer.
I also sent my data for delivery, and after 10 minutes the seller placed an order for me. At this moment, I received an SMS from the sender SMSVerify with the text:
By clicking on the link, I saw a beautifully and well-made fake of Yula's website, where I needed to pay online for the order:
When you click the "Go to payment" button, the page youla-from.ru/pay/85121135823 opened (of course, also fake). On it, I had to enter my card details and ... say goodbye to money forever.
In both cases, the domains had nothing to do with Yula's official website. He asked the swindler why he was deceiving people, to which he replied: "I do not deceive my own." In response to my complaint, the Yula service blocked the seller.
Case 2. Delivery without an alternative.
The second seller on Yulia immediately indicated sending via the Boxberry service as the only option for interaction. Moreover, he wrote that the delivery service acts as a guarantor of the transaction (although the latter do not provide such a service). At the same time, Yula's robot warned several times that payment outside the service is dangerous:
OK! I sent the seller the data for ordering, and this time I was contacted via WhatsApp. I called the "Boxberry Support Representative" (+ 7-968-501-37-37) to clarify if I received the shipping link:
When he found out that (of course) I hadn't received anything, he sent me information about the package directly in the messenger:
After clicking on the link, I saw a page with information about shipping and payment. You, of course, noticed that the link is different from the official Boxberry domain.
The "support worker" explained that this is another delivery service domain, created due to the heavy load on the service. I sent a complaint about the seller to Yula's support team. He was blocked after a couple of hours.
Case 3. Sending to Nowhere.
Then I found a similar ad on Avito. The seller said that he was in Vladimir and would return to Moscow only in a month, and offered to send the goods through Boxberry. In response, I sent him information for delivery, indicating a non-existent address. To my surprise, the courier service even managed to place an order for it. The seller contacted me via WhatsApp (+ 7-905-817-68-89) and sent me a link to order: box-berry.ru/tracking/?12223376
The link was another high-quality fake:
Naturally, the numbers of the items on the real site boxberry.ru could not be found.
I wrote to the author that he was a fraud, but did not receive an answer
Case 4. The most "sincere" fraudster.
I left this case for dessert. It has elements of social engineering. So, I found an ad on Yulia and wrote to the seller. It was a girl who asked me for a phone number so that “her father” would contact me. Soon, I received a WhatsApp message from a stranger with a very realistic photo on his avatar: an ordinary person of pleasant appearance against the backdrop of some European city. The watch turned out to be in perfect condition, it was even possible to watch it live (which the previous intruders did not dare to do). To do this, it was only necessary to drive to Stupino, which is about 2 hours away from Moscow by train.
But then a surprise awaited my interlocutor: I have a friend in Stupino who was ready to check everything and buy a watch. What I happily informed the seller about ... And the script changed dramatically: it turned out that the "father" was disabled (he even sent a video), and the watch, it turns out, was with the "daughter" (which, apparently, is not in Stupino), but it can be sent via delivery service (he offered CDEK with an indication of the pick-up point nearest to me).
I sent him a fictitious name and address. A couple of days later, the seller sent me a photo of the receipt as proof that the order was indeed shipped and was expecting payment from me at the sorting center:
I'll be honest: for a moment I even believed that the package would really come (the only question is where). Here we must pay tribute to the "seller": the move is very interesting and beautiful, but ... Firstly, CDEK does not have a "safe deal" service. Secondly, CDEK accepted the package to a non-existent address, and this, according to our logic of communication with the "seller", should have been their point of issue. In addition, on the real CDEK website, I could not check the status of the shipment, since it did not pass the check - the system recognized the sender's phone, but did not recognize the recipient's phone, that is, mine (to check on the site, you need to specify the last 4 digits of the number). Perhaps the scammers really sent the package, but to some kind of contact.
But I received in SMS a link to pay for the parcel from OmegaServis:
CDEK
Received order No. 1176491929
in the name of Petrov Igor Ivanovich.
Estimated delivery date: 05/10/2020.
Delivery address: Mytischi, st. Gorbachev, 1, apt. 59.
Amount to pay: 20.000₽
Track and pay: http-cdek.ru/track?track_id=1176491929
The link led to the fake site of the logistics company:
The page is well done, all buttons (except for payment) are clickable and lead to the official website cdek.ru
There was no point in delaying further, and I wrote to the fraudster that I had disclosed their scheme. Oddly enough, he answered me. He confessed that he was indeed engaged in fraud, and that this "business" began to bring less income.
Helpful hints.
So, summing up my mini-investigation, we can formulate several rules for working with services such as Yula or Avito:
- Do not consider products that are well below market prices. If you decide to buy such a product, then only in person and for cash;
- Stop any attempts to communicate about the product outside the official ecosystem of the service;
- Don't settle for off-site delivery services;
- Look carefully at the links that are sent to you;
- Do not react and it is better not to open links at all that the seller sends you;
- Never prepay for shipping or any other service. Only in the application of the Yula or Avito service through a "safe deal".
I wish you a happy and safe online shopping!
