What are /r/Scams&#39; favorite Products & Services? From 3.5 billion Reddit comments

➔ View 3 /r/Scams comments

Jorbest Burritos Tortillas Blanket for Adults and Kids, Double Sided Funny Food Throw Blanket for Everyone, Novelty Gifts for Teens, 285 GSM Soft Flannel Taco Blanket, 80 inches Yellow

Colorful Rose Infinity Rose Galaxy Rose Flower Gifts for Valentine's Day Thanksgiving Mother's Day

MUJI Aluminum Body Fountain Pen - Fine Nib - with 2 Refill Ink Cartridge

My Scratch Offs 0.25 x 1.375 Inch Silver Zebra Print Rectangle Security Scratch Off Label Stickers - 100 Pack

CPR V202 Call Blocker - Block All Robocalls, Political Calls, Scam Calls, Telemarketing Calls, Unwanted Calls on Landline Phones. Block All Nuisance Calls at The Touch of A Button Using Caller ID

Dri Mark Dual Test - The Original Smart Money Pen with UV LED Cap Counterfeit Detector System - Plus 2 Free Detector Pens - Money Loss Prevention - Fraud Protection

Don't Tell Mom I Work On The Rigs: She Thinks I'm a Piano Player in a Whorehouse

The Land That Never Was: Sir Gregor Macgregor and the Most Audacious Fraud in History

#10

Ultimate Ears MEGABOOM (2015) Portable Waterproof & Shockproof Bluetooth Speaker - Charcoal

#11

VTech CS6719-2 2-Handset Expandable Cordless Phone with Caller ID/Call Waiting, Handset Intercom & Backlit Display/Keypad, Silver

#12

CUCKOO'S EGG

#13

No Soliciting Door Sign, No Soliciting Sign, for House 10x7 Inches, Rust Free .040 Aluminum, Fade Resistant, Made in USA by Sigo Signs

#14

EPAuto 12V DC Portable Air Compressor Pump, Digital Tire Inflator

#15

Final Fantasy VII: Remake - PlayStation 4

The most popular Services mentioned in /r/Scams:

Trustpilot

172 /r/Scams comments

craigslist

123 /r/Scams comments

Have I been pwned?

77 /r/Scams comments

sitejabber

25 /r/Scams comments

Privacy.com

20 /r/Scams comments

WOT Web of Trust

13 /r/Scams comments

Cloudflare

8 /r/Scams comments

MxToolBox

8 /r/Scams comments

Aliexpress

7 /r/Scams comments

#10

This Person Does Not Exist

6 /r/Scams comments

#11

Groupon

#12

Let's Encrypt

#13

Namecheap

#14

Norton Safe Web

4 /r/Scams comments

#15

Indeed

4 /r/Scams comments

The most popular Android Apps mentioned in /r/Scams:

Truecaller: Caller ID, SMS spam blocking & Dialer

Mr. Number-Block calls & spam

2 /r/Scams comments

Calls Blacklist - Call Blocker

Firefox Browser fast & private

Automatic Call Recorder

Burner - Free Phone Number

Malwarebytes Security: Antivirus & Anti-Malware

Google Authenticator

Calls Blacklist PRO - Call Blocker

$1.99

Keepass2Android Password Safe

Blacklist Plus - Call Blocker

Whoscall - Caller ID & Block

Adblock Browser for Android

aFirewall call and sms blocker

Swagbucks Watch (TV)

The most popular VPNs mentioned in /r/Scams:

20 /r/Scams comments

$4.99 / month

5 /r/Scams comments

$8.00 / month

3 /r/Scams comments

$3.99 / month

3 /r/Scams comments

$8.32 / month

2 /r/Scams comments

$5.84 / month

2 /r/Scams comments

$5.44 / month

The most popular reviews in /r/Scams:

>Now, being the target of a couple of easy to spot scams has me on my toes and skeptical.

This is another easy to spot scam.

https://help.kijiji.ca/helpdesk/safety/avoiding-payment-scams

>Recognizing scams: Most scams attempts involve one or more of the following:

>Email or text from someone that is not local to your area.

>Vague initial inquiry, e.g. asking about "the item." Poor grammar/spelling.

>Western Union, Money Gram, cashier check, money order, paypal, shipping, escrow service, or a "guarantee."

>Inability or refusal to meet face-to-face to complete the transaction.

The page above literally describes your email.

>is there good PayPal practice to prevent scams like these?

No.

Cash in hand (in person or through Western Union, which will never happen), or no deal.

Emails claiming you are paid but the funds are in escrow, etc. do not mean anything.

Report the scammer to Kijiji, block, move on.

They have one of your passwords from the many hack and dumps from Adobe, LinkedIn, etc. Go to https://haveibeenpwned.com and put in your email addresses. It will tell you if your password was leaked.

It is because its retail price is actually $77.99 on Amazon sold by the manufacturer themselves. They just lie about the real price to make it seem like a deal on dhgate just as many people do on ebay. You would actually overpay for it on dhgate.

Also this model is really just a toy, and not anything like a professional quad in the $1000 range.

Of course this is a scam. That's why craigslist says again and again: Avoid scams, deal locally. If you cannot meet (face to face) the person buying, selling, renting, or hiring, then move on to the next opportunity.

to add to this, periodically check https://haveibeenpwned.com and make sure you aren't using any passwords associated with an account that has been leaked. It's a good idea to use different passwords for everything anyway, but we're all human and remembering passwords can be hard.

Advice is delete it and move on with your day.

Was the password actually correct for your email? If that is the case they probably got it from data dump or something from some previous data breach where you used that email address and password. You can check for this at https://haveibeenpwned.com

If so I’d recommend changing that password everywhere. Most likely someone actually does not have access to your gmail account because instead of telling you about it they’d be using it to gain access to other accounts. And everything else in the message is obviously a lie.

Btw guys the weird part was they actually did have my Facebook password. That was my fault for using the same password on every account. I checked it out on https://haveibeenpwned.com and they got it from an old MySpace account that was breached. Highly recommend checking this site to see if you to have been breached.

I don't know where you heard that lie. Craigslist already explained things pretty well on this page. You don't seem to have read that but you really should now.

According to THIS, the address belongs to a company called "E Tech Galaxy" who seems to be a company that sells cheap, imported electronics on eBay and Amazon.

Sorbus Over-The-Sink Dish Drying Display Rack Stand, Draining Rack Sink Organizer with Utensil Holder Hooks for Kitchen Counter Storage Organizer for https://www.amazon.com/dp/B07TF9MNM1/ref=cm_sw_r_cp_apap_eJgPRKzvlZami

I’ve seen the same as well just yesterday on a fake 512 GB SD card. The overall rating shows 4,5 stars but if you scroll down to the reviews, they’re all 1 star. Why would Amazon hide those when it’s obviously a scam?

https://www.amazon.com/Lexar-Professional-633x-512GB-UHS-I/dp/B012PLFAAG/ref=pd_aw_sbs_147_1/143-5621459-0945458?_encoding=UTF8&pd_rd_i=B012PLFAAG&pd_rd_r=8649f4f3-ae9d-4c7b-aca1-d9200b01ed46&pd_rd_w=syCiv&pd_rd_wg=QegMJ&pf_rd_...

It's probably because you used a weak or reused password from another account that got breached. Check out https://haveibeenpwned.com/ to see what breaches you're in and get yourself a password manager. Give every account no matter how unimportant it is a unique password.

I'm not sure that you anything you did qualifies as due diligence. If you had bothered to read Cragslist's scam page, you wouldn't have accepted Venmo or a check. Deal locally, face-to-face —follow this one rule and avoid 99% of scam attempts.

If you’re gonna use Craigslist, at least read the website’s warnings:

Your example is a like a word for word copy of what they link to on the bottom of the example of common scams.

The bank will cash the check -- it being a bank check -- and then later the check will turn out to be fraudulent, and you'll be stuck having to pay the balance back to the bank.

This is old. Good on you for noticing it is likely a scam.

> The "crypto investment app" may be fake already - are you sure it's a real one, and not a fake copy?

He said he used Kraken, which is definitely a real crypto exchange. Assuming he's actually on https://www.kraken.com/, and not some fake reproduction, of course.

Total scam.

No legitimate buyer would send a good check to a stranger - this will be a fake check and you will never see a penny.

You may lose money, your item or both, but you will never sell it to this person.

Report them to craigslist, look for actualy buyers that are willing to meet in person and pay cash.

Even then, learn how to spot fake cash. Dealing with strangers is tough.

Contact your card company and tell them it's a unauthorized transaction that you did not approve and they should refund it and get you a new card so they can't keep charging it. If not make sure you cancel the membership or billing or whatever.

Use a privacy.com card for sketchy sites you don't trust or free trials that way they can't bill your actual card (you can make individual debit cards like gift cards and set a $1 spending limit on it for example to get free trials without needing to worry about canceling)

That’s the oldest scam on Craigslist. Probably as old as Craigslist itself. Block and ignore and familiarize yourself with common scams if you’re using it to sell.

>any suggestions on how to proceed cautiously?

Yes: STOP.

Do not send any money.

Any money you already sent are lost.

Do not buy a car that you are not able to inspect in person before committing to buying it.

Any "escrow" or "shipping" service you are provided with are the scammers themselves. The car fax is fake. The car does not belong to the scammers and will never be shipped anywhere.

Since you've clearly never seen this page, read it now:

Stop believing in "too good to be true" deals. They only exist as mirages designed to part the naive from their money.

>I found a car on craigslist listed in the Brooklyn area but the woman said she moved to Kansas City MO and has the car with her there.

And she could not be bothered to delete the Brooklyn listing and list it in KC, right? Much better to ship it sight unsees to some schmoe in Brooklyn, eh? If you believe that story, I have a nice bridge to sell you. Google the Tappan Zee bridge - you'll get rich from the toll money you get to collect after buying the title from me.

Grats! For the cheap fakes, you can also go with something like https://www.amazon.com/Drimark-Counterfeit-Detector-Pen-Cap/dp/B0053Y5Q8Y . I have one for if I ever feel a Craigslist buyer seems sketch, but so far my sales have been to people generally on the level and I haven't worried so much.

You can install virtual box on windows and then you run it like a program. You grab a Linux iso and install it in virtual box and use the Linux environment from within windows like any other program.

Probably from one of the dozens of major hacks which compromised personal information. Enter your email into this website and see if anything shows up.

Just delete the email and move on. The reason there was a password on the file was to prevent antivirus software from picking it up until it was decrypted.

>So I put up a craigslist ad

And was immediately told during that process before even selecting the category of ad (and multiple times after):

>Avoid scams. Deal locally and meet in person. Beware shipping, wire transfers, cashier checks

What more can craigslist do?

It's definitely a scam. You should read Craigslist's scam advice and follow their recomendations. Also, nothing about that company looks okay. It has a Canadian flag picture, claims to be registered in England and Wales but isn't, has a bunch of logos at the bottom of the page but isn't actually partnered with any of the companies and haven't received the awards they claim to have received, and the domain was registered last week.

When you posted the ad, craigslist said (more than once):

>Avoid scams. Deal locally and meet in person. Beware shipping, wire transfers, cashier checks. Learn more.

Why did you ignore that? Oh well - go read the safety page now and all your questions will be answered.

You should probably report them and let Reddit figure it out.

Are they offering to pay you for beta testing? No? Then why the fuck do they think you should want to perform free labor? Yes? They are scammers.

I mean, PMing randoms on Reddit is very simply not how this process works. There are multiple subs dedicated to finding beta-testers on Reddit, let alone the rest of the web.

You can try scanning the link, just Google "Is this link malicious" and you'll find several different sites that offer the service...including Norton. But meh, I find the results to be lacking in general. You can try copying the text of the PM they sent you and seeing if it appears elsewhere online.

Edit: down voted for*???*

Edit: >you might not be able to find it too easily via Google (yet) since we are currently working on SEO

Shouldn't they be able to tell you exactly where to find it, though? They make no sense. Honestly, I've never heard of anyone being messaged/texted an unsolicited link that ended up being anything more than spam/scam.

Literally took me 15 seconds and three-four mouse clicks to find it on aliexpress: https://www.aliexpress.com/store/product/Hot-Fashion-Men-Sports-Watches-Men-s-Quartz-Hour-Clock-Man-Leather-Strap-Military-Army-Waterproof/1014150_32540379498.html

Could be a scam. If so, not sure why you think canceling your order is going to stop them from stealing your stuff.

More likely they are just a dropshipper. Because you can get that exact hoodie on Alibaba for half the cost. You order from this company, they order from Aliexpress and have it shipped to you, pocketing $30 in the process.

One small thing though. They live in Minnesota and craigslist told you on this ad and every ad and every page to avoid scams by dealing locally. You really should read this.

I opened it on a VM to protect my PC, the link isn't a virus or anything like that, it actually is a form collecting information. They don't ask for personal information except for Name, E-Mail and Linked-In Profile, and then a crapton of information about your experience in writing Advertising Copy.

Not sure about the company itself but the form doesn't seem to have any obvious issues.

They also link a video about the job but that again makes me sceptical because I could've made it better myself and I'm not a skilled video editor by any means: https://www.loom.com/share/e85ba17d2e3c49618443d7035dc42191

This is a pretty common scam, and is mentioned in #3&4 on CL's warning guide Feel free to troll, or disengage conversation entirely.

They will send you a check, but it will be bogus. By the time it actually bounces, the scammers mean for you to have already send them whatever the excess amount is- then you'll be on the hook with your bank for the entire amount.

EDIT: If you google a section of text, you'll see the same exact form letter over and over.

There are two ways that I know of sending a text (or doing anything) from an already existing number (or identity):

Install a RAT (remote administration tool -- also called by some a remote access trojan) on your target's device and use it to do whatever you want to (usually RATs are silent -- unlike TeamViewer or any run-of-the-mill remote access software);
Clone your target's identity and use it in one of your devices. This one was once easy -- you just had to make a 1:1 copy of your SIM card and then use it, but nowadays it's harder to do that since authentication protocols have been hardened and you need a lot of information to clone a SIM (information that sometimes is either heavily protected on the SIM or in possession of the mobile provider).

If you want to give her some advice on how to stop that from happening, here's what I recommend if you get suspicious:

Change every password of every damn service you use on your phone;
Put a pin/fingerprint/password lock on your phone AND ACTIVATE ENCRYPTION (enabled by default on Android 7);
If you want to be extra safe, check if you have any password breaches on Have I been Pwned and BreachAlarm;
If you are extra paranoid or convinced that this rabbit hole goes deeper: go change your SIM card at your carrier. They will give you a new SIM card with new information and new encryption keys, but with the same phone number. They will also disable your old SIM so no-one can use it for whatever purposes and sometimes you can keep it so you yourself can dispose of it in any way you want.

Also be aware that your GF's device might be clean, updated and have little-to-none vulnerabilities that allow someone to exploit the messaging stack or anything on her phone. If that's the case, either she's lying and sending those texts or someone is "borrowing" her phone and doing it.

>It's a scam. The cheque will clear at first then bounce before 30 days are up. The bank will come to you for the money and fees on top of that.

Correct.

> Tell him there is a 30 business day hold for cheques or to Western Union you the funds.

Bad advice. Talking to a scammer is a complete waste of time and may result in the OP being scammed through a different method.

Block that number immediately, OP. And read this page, please... before you do anything else.

https://podcasts.google.com/?feed=aHR0cHM6Ly93d3cubnByLm9yZy9yc3MvcG9kY2FzdC5waHA_aWQ9NTEwMjg5&ep=14&episode=NmNhOTgwZmQtZTExYy00OTNmLTg2OTgtOTg2ODUzNjY0NzA0

Also, iCloud upgrades are now a subscription thing (icloud+ https://www.apple.com/icloud/) and typically Apple has you manage their subscriptions on the device so you would probably have the option to do it on the iphone settings itself anyway (and Apple really isn’t able to design a website page fir this specific thing?).

This is an extremely common scam right now. They got your password in a large data breach and are now trying to scare you. Make sure you do not use that password anymore, and consider using a password manager to help you maintain unique, high-quality passwords for each account. You can also look at https://haveibeenpwned.com/ to search for your email address in known breaches. See also this sticky: https://www.reddit.com/r/Scams/comments/biv65o/the_blackmail_email_scam_part_3/ !blackmail

Check out https://haveibeenpwned.com/ and see all the places where your previous passwords may have been compromised/leaked.

If you are still using the same password for anything, please change them all now and I strongly recommend using a password manager like LastPass (easiest option) so you can use unique+secure passwords everywhere.

It's not that simple. Planet money has an episode on that

These deals are not quite as simple as you suggest-

https://slickdeals.net/f/9710500-keybank-400-bonus-for-opening-checking-account-direct-deposit-500-first-60-days-select-states

>You must open a Key Express Checking® (this is the basic banking account in NY), Key Advantage®, Key Privilege SM, or Key Privilege Select Checking SM by the expiration date and make one direct deposit of $500 at the minimum within 60 days after account opening to get $400. Normal account service charges and balance requirements apply to these accounts. Direct deposit transactions are limited to: payroll, Social Security, pension and government benefits. ... The gift will be reported on Form 1099-INT. The gift will be deposited within 90 days of meeting requirements. If you close your account within 180 days of account opening, you will be charged a $25 account early closure fee. Offer not available to individuals who have had a KeyBank checking account or a KeyBank Hassle-Free Account® or any First Niagara accounts in the last 12 months. Accounts overdrawn or closed at the time of fulfillment are not eligible.

> it had a valid SSL certificate on the website

That means nothing. All it means is that communication between your browser and the site re encrypted. All you have to do to make that happens is buy a TLS certificate, and those can be cheap, or free (from https://letsencrypt.org/).

> Never seen a blackmail using my actual password.

https://haveibeenpwned.com

If a spammer gets a hold of one of the many mass-lists of accounts and passwords out there, all they need to do is create a mass-mail with those details in them and wait for the money to roll in.

If they had any real videos of you, they'd've included a screenshot or two to prove it, and really turned up the heat. None of this "don't waste my personal time and yours by responding" business - extortion victims are much more likely to bend under pressure, and fire-and-forget emails like these don't produce a lot of that.

It's on their website!

> Deal locally, face-to-face —follow this one rule and avoid 99% of scam attempts.

> Do not extend payment to anyone you have not met in person.

> Beware offers involving shipping - deal with locals you can meet in person.

Also, if it sounds too good to be true then it's a scam. Do some research on Auto Trader or eBay for a car of that model/year and find out how much they genuinely sell for. Is this one suspiciously cheap? (Yes, it's worth 8-10 times the price!) So it's a scam.

Finally, there is no eBay service. It does not exist! Why in the hell would eBay offer services for transactions on a rival company sales platform? That's like BMW paying for warranty work on a Mercedes.

So common that craigslist tells you on every page to only deal locally and provides this link to avoid scams.

tl;dr: A non-local will explain why face-to-face doesn't apply here and ask you to send money.

Either listen to craigslist

https://www.reddit.com/r/Scams/comments/6o4pce/rscams_common_scams_master_post/

or go give your money away.

Also, read this thread:

The ONLY safe way to complete a Craigslist transaction is face to face with a cash payment.

Cash.me is not cash. Scam.

I don't know of any specific exploits, but using a NordVPN account that he can use gets him a step closer to you. For example, a Nord account now gives access to NordLocker. What if he signed you up for a free trial of NordLocker, you accepted the invite and uploaded all your files? I wouldn't go anywhere near it.

I'd be surprised if Google allows brute force password cracking attacks on Gmail. The account would be locked before he got very far. Are you sure this isn't the criminal who stole your Gmail account charging you for handing it back?

Whatever you do, do not run any software this guy recommends or sends you. Its likely to be malware intended to extract files, passwords, session cookies, etc from your machine. How did you install the NordVPN client? Are you sure you haven't given him remote access to your machine?

A suggestion. If you’re not already using it, I’ll suggest Truecaller for IOS or Truecaller for Android, a free app that has made dealing with spam calls much easier.

Results may vary, as some spammers use the same number, while others change numbers constantly. The app allows users to block and report spam numbers, which are added to their block list database. I update the block database every day or two and I’m pretty happy with it.

They just got the email/password combination from one of the website data breaches. Check https://haveibeenpwned.com for a list of the big ones.

They grab a copy of the list like

passa123 qwerty1234

Then they will email everybody on the list the exact same message saying “I know your password is qwerty1234!”

Just ignore the blackmail, but you now know for certain that the email address and password in that message are basically public information. If you use that email/password anywhere else, that account has likely already been taken over. Change them immediately and start using a password manager like LastPass to generate unique secure passwords. That way if one account gets hacked and your password is leaked, your other accounts remain secure.

And it happens to the best of us... I used my “low security whatever” password for some accounts I don’t care about that much. One of the accounts was my Spotify. When one of the forums I visit got hacked, they lost my email and password. Hackers immediately tried it on all the major sites, realized it worked at Spotify and then sold the Spotify account to somebody.

Refers to "gypsy"; somewhat derogatory towards Romani people

Much in the same way people have formerly used the word "jew" as a verb with bad connotations.

There has been a mass influx of these lately. Many of the newer ones are derived from scrubbing old email/password leaks and will include one of your leaked passwords in the subject and message for added "authenticity" that they have gotten into your machine. The ones I've seen ask up to $7,000 bitcoin! And while most use a unique bitcoin address per message for obfuscation, some single ones have logged over $50k in transactions from victims.

Although not comprehensive, it's always a good idea to check https://haveibeenpwned.com/ and update any passwords connected to any accounts from the services that indicate your information has been stolen from.

It's a common !advancefee scam, and not even a sophisitcated one. The site has a small online presence, the positive reviews are obviously fake and incredibly low-effort while the negative reviews seem real, the address is an office building without a suite number, the site was clearly not written by a native English speaker, etc. We don't need to wait and see to know it's a scam.

You don't. This is going to be your lesson.

Craigslist has a " Avoid scams, deal locally Beware wiring (e.g. Western Union), cashier checks, money orders, shipping." on every single sale post for this exact reason.

You can use the link to report the user - but its highly unlikely you will get your money back

They are reselling this from AliExpress at a higher price. The 95% discount is a lie, solar battery packs do not cost $100.

I am also in Canada and got the same email this morning with one of my older passwords on it. I've been changing all my passwords and checking on https://haveibeenpwned.com/

looks like it might be my old 8tracks account or something that leaked the password. worth checking your email

Also a scam. The big red flags to look for are stolen text, weird domain/content combinations, fake addresses, and lack of an online presence. Also, the only real review was written by a very unhappy customer.

Lol, I just did a similar thing while trying to sell a car part. Gave the scammer my address to send me a cashier's check before it occurred to me that it might be a scam. What tipped me off was them wanting me to wire part of the money to the delivery company for them.

But, no harm, no foul.

Turns out CL has a good rundown of the most common scams people attempt here: https://www.craigslist.org/about/scams

It happens every day. Someone browses craigslist for something, ignores Avoid scams, deal locally on every page, then comes here to ask if it is a scam. The correct response always refers back to the craigslist link they failed to read.

Now, in the guise of helping users on some obscure site, a bot has begun to ask the same question that craigslist already answered in the page that everyone - the user, the bot, and this cluking reporter - continues to ignore.

>I operate under the assumption that it's not the person who got scammed's fault that they got scammed if there was something the platform could do to prevent it.

Craigslist tries very hard to prevent scams by putting that link to a concise bit of helpful information. It is a shame you ignore that advice and don't pass it on to your users that seem to have missed it the first time around.

Craigslist is intended for local use only. If you need something in another city, it offers no features nor protections and in fact makes it easy for scammers to operate. If you use it locally, you cut out 99.9% of the scams.

Your automated bot should remind your users of all this instead of asking a question answered in the FAQ over and over.

>I'm not entirely sure how paypal works

Honestly, I'm glad you came to ask first. /u/jrworthy is right that it might be a cash forwarding scam, but it could just be a hacked account, (which will cause the charges to reverse) leaving you with no money, no item. And if it's a cash forwarding scam, then you're left with no money, no item, and usually a few hundred/thousand dollars lighter.

/u/MayorOSeedy's advice is 100% right, so make sure you meet the next buyer in person (preferably at a safe spot, like a bank or police station) and get cash in hand. Also, keep an eye out for these common scams.

Good luck!

So, it’s not a scam, per-Se. More just a shady Chinese company that finds pictures of dresses online and makes their own lower quality versions to send to you. Or, they send you nothing. In high school, I had a few friends order dresses from sites like this for prom. It is EXTREMELY hit or miss. I had a friend who got a knockoff high-end brand from one of these sites and it was gorgeous. Another friend received nothing.

My biggest red flag to point towards one of the more untrustworthy sites is the logo... they’re clearly trying to make it look like the Victoria’s Secret logo. That to me screams deception. I’m pretty sure that before, it was called Victoria’s Dress, and the reviews are very poor.

Best case scenario, you get a sweat-shop made dress that somewhat bears a resemblance to the dress in the picture. Worst case, you lose your money. I would stay away.

Sounds like a basic creep. Generally speaking people who have control of a device don't usually tell the owner that as they normally would want to maintain the connection. If it is a scam I'd guess "Chris" wanted your GF to believe he had control over her device, social media accounts, shopping, banking, texts, photos ect ect and in order to relinquish the control she'd have to pay his price. Normally money or photos, like I said, a creep.

You've done the right thing blocking the contact, normally when they realise the target isn't buying it and isn't going to interact they move on.

It's probably unlikely her device is compromised and the fear is the only tool "Chris" was using, however generally speaking, it's never a bad time to think about digital security house keeping is a good idea. Don't reuse passwords, don't use common/weak passwords, make sure your devices are up-to-date with the latest version of your OS, try not to over share online and so on.

If you check out;

https://haveibeenpwned.com https://howsecureismypassword.net

You can see if your email accounts have been in past data breaches and get a rough idea of how weak/strong your passwords are.

Hopefully that's the last you'll hear from "Chris" though, if it happens again and becomes harassing in nature make notes, don't engage with him and inform the appropriate authorities.

If you're on Android, install the Google Messages app, it has scam/spam filtering. It's the default one that comes on 'stock' android phones (Motorola, for instance) and on Pixels.

https://play.google.com/store/apps/details?id=com.google.android.apps.messaging

EDIT: Nevermind, I missed that you were on an iPhone on my first readthrough. I'm going to leave this up in case someone else might find it useful, though.

Could be them trying to phish a password from you.

Keep in mind that https://haveibeenpwned.com/ is only for known breaches. There could be an exposed server right now that has your info in it and they're seeing if they can use that info. The best advice I can give is to get a password manager.

To be fair, I've had recruiters (in the UK) for 100% legit jobs be secretive about the company name until the first call before. They want to know you're interested before they give any identifying info. It's really weird. They drip feed details until they know you're definitely willing to apply.

Worst one for this is salary, I hate going through sending someone my CV/Covering letter and an entire call with some rando recruiter before finding out the salary is half what I'm earning. Thanks for wasting my time.

Anyway, u/skeri6 point is sometimes recruiters are vague. zoom.us links should be legit and will take you to a page that will open your zoom app (so you shouldn't need to enter details into a browser). As with any interaction with a stranger though, just approach with caution just in case it's an MLM or something as the user above has said.

I did a Google search on reviews of this company. But any. Look at all the the 5 star reviews. They have they have very similar review reviews on other companies https://www.trustpilot.com/review/365capitalmarkets.com

I have a Privacy Card attached to all online shopping sites.

I use Apple Pay for shopping in box stores and to get gas.

I haven’t even taken out my debit or credit card in months.

The last time my card was compromised was at a gas station.

Yes this. You can check many of these things on a site like https://haveibeenpwned.com/ where you can enter an email or username and see where your creds have been stolen.

As far as this email goes, delete and ignore, just regular spam bs with a little bit of targeted information to scare you.

I wish I had examples to show, but I don't :(

Have you sat down with her and had a thorough conversation with about internet scams and phishing?

Have you tried looking up the app she found on Craigslist?

Edit: oh dear... https://www.trustpilot.com/review/roomster.com

I'm not connected to a bank on my paypal but I filed a dispute message through PayPal and the message was sent to the support and dundle I guess but I highly doubt they'll get back to me, here are some other people who've also been scammed by them https://www.trustpilot.com/review/dundle.com

No it doesnt depend on the user. Its what craigslist recommends

https://thispersondoesnotexist.com/

“ Deal locally, face-to-face —follow this one rule and avoid 99% of scam attempts.“

Do not provide payment to anyone you have not met in person.
Beware offers involving shipping - deal with locals you can meet in person.
Never wire funds (e.g. Western Union) - anyone who asks you to is a scammer.
Don't accept cashier/certified checks or money orders - banks cash fakes, then hold you responsible.

Excellent point, dude! AI face-tech is currently terrifying.

This might sound weird but stick with me... I often spend a long time (like 20mins of just clicking through) to see if I can spot any variance / commonality in these things.

One thing that stuck out was that none of them were super attractive, like movie star or model attractive. They all looked too real. Perhaps the normal, real-world attractiveness of "the person at work with the nice eyes" but no Chris Pratt or Megan Fox.

TL;DR I think the AI is very good at making "normal looking" faces, or ones that aren't heavily made-up.

Most of the Asian scammers I have seen go for a type, and that is "ludicrously attractive."
I think that's a deliberate choice because it weeds out sensible people. Most people think "why is someone who looks like Megan Fox emailing me?" whereas a gullible person thinks "OMG someone who looks like Megan Fox is emailing me" and then finds reasons to make it so.

Using disproportionately attractive people is like a Nigerian scam using terrible English - only the more suggestible people will reply because everyone else has already clocked it.

I am probably thinking way too much about that and drawing total bullshit. Correlation and not causation etc.

100% scam.

>Recognizing scams

>Most scams attempts involve one or more of the following:

>Email or text from someone that is not local to your area. >Vague initial inquiry, e.g. asking about "the item." Poor grammar/spelling. >Western Union, Money Gram, cashier check, money order, paypal, shipping, escrow service, or a "guarantee." >Inability or refusal to meet face-to-face to complete the transaction.

Read the rest of that page and stop communicating with this obvious scammer.

You will end up paying them money for "shipping" or something else and will never get anything.

Why in god's name would any legit seller ship you an ?ATV sight unseen and give you 5 days to consider whether to buy it?

They won't wire money. They might have another scam victim do that.Just forget about this and move on. And take a moment to read this page, which you should have done the moment you considered posting an ad on craigslist.

Craigslist has a section on scams off their main page. Here. The Nanny scam is actually one of the examples given.

Hope this works out well for you. Do come back and update what happens.

I was recently wondering how many of these fake accounts use face generators like https://thispersondoesnotexist.com/ to create images of a person that definitely won't show up during reverse image searches. I don't know if they can make multiple photos of the same person but I'm sure with enough motivation a scammer could find a way.

No, they are legit, I think they are the older version of the Z213. They are sold by Logitech on German Amazon and have tons of references online from legitimate sites.

I would recommend that you check your email account(s) with https://haveibeenpwned.com A site that collects breaches from various sources. That way you might find that you have multiple sites where you need to reset your password.

You've been pwnd and haven't changed your password, check out https://haveibeenpwned.com/. Get a password manager and give every account a unique password no matter how unimportant it is.

Did you notice when doing a WHOIS that the domain is only 33 days old? As of today. So when you send the phone, only 7 days.

On some page on the website you find the url: gonerdzy.com

This site is offline, but this is what trustpilot says: https://www.trustpilot.com/review/www.sellmycellphones.com Not good, so they probably started over.

Craigslist is for local, in-person, face-to-face transactions ONLY.

More info on scams on craigslist:

While you're at it be sure to check the safety/scam pages on all the online services/websites you are using for your car search. This will help you to understand what the website is for and how to be better equipped to recognize scams on that site.

As others have said, it's a fake check scam. First it will clear, then later it will be found fraudulent so you will owe the funds and be in trouble.

I'm sorry for the bluntness but there's a reason every single page on craigslist has a mention "Avoid scams, deal locally! DO NOT wire funds (e.g. Western Union), or buy/rent sight unseen". Following that link, the first line, in bold highlighted characters, is "Deal locally, face-to-face".

The two golden rules of Craigslist

IN PERSON
CASH ONLY

They even tell you that this is how to avoid 99% of scams

http://hubpages.com/relationships/Romance-Scam-Threatened-Both-Male-and-Female-Revived-in-Cyberspace-Left-Broken-Hearts-and-Wallets

This is absolutely, 100% solid gold a big fat scam

It's a standard thing, unfortunately. I wrote this a while back, perfectly applicable even today.

Anyone can make an SSL certificate (which is what allows a website to have a secure connection) for free. You don't have to prove you are who you say you are to get one. In this case they used cloudflare. https://www.cloudflare.com/ssl/

Here's a website that tells you if any of your accounts have been leaked, for example my Adobe email and name was leaked a long time ago. So I assume they have gotten it from that.

https://haveibeenpwned.com/

They didn't hack you to get your password. Instead, they found your password / email pair by one of the big famous hacks which happened a few years ago.

They just send this form e-mail out to everyone from each hack. Check your username here, and ###STOP REUSUING PASSWORDS###

I have a legit subscription to them that I renew yearly -- it does not autorenew.

I got a renewal email from lastpass around August, just checked and the link I got for renewing looked like this -- all the links to their site were https, not http also:

https://lastpass.com/features_joinpremium.php?utm_source=trans_email&utm_medium=YourLastPassPremiumSubscriptionWillExpireSoo

Not sure what links.e.lastpass.com is all about. I was a little thrown off by the logmein

I would just try to log in to your former account directly at lastpass.com and see if you can figure it out from there. Or maybe try contacting them through their site otherwise?

Brave doesn't advertise as a free game downloading software. It advertises as a browser with built in ad-block and the ability to give "BAT" (brave tokens) to your favorite content creators from YouTube and twitch that use the site.

https://brave.com

There is nothing here that suggests you can download games for free.

The chargeback process is when you call your credit card provider and dispute a transaction. They'll investigate and ask the merchant for their side. If they decide in your favour, you get the money and the merchant gets charged. Don't lie during this process, obviously. For ad blockers, I use uBlock Origin, and Adblock Plus is very popular.

Reverse image search only works for the parts of the internet that can be freely crawled. If it costs money to see the pictures, they will not get indexed by google or whomever. A good example of this is the pictures people put of themselves on dating sites. If you have to join match.com (for example) to see the particular picture, its not going to show up in a reverse image search. Hope this helps.

This is not just Letgo/CashApp; it’s been going on with Craigslist/PayPal (and other platforms) for years.

You’ll get a pretend email that looks like it’s from the payment platform, but the transaction never took place.

Letgo, Craigslist, and the like are for local hand-to-hand transactions. Accept cash only. eBay is for shipping. Craigslist has a good section on scams.

Also, if you do make a long-distance transaction, wait until you have the actual money in your account. Check from an app on your phone, or on the computer by entering the actual address of the payment service. Do not click on links in emails; they may be phishing.

Really? Nobody sends a "mover" to come fetch a god damn camera lens. I suggest everyone involved read the craigslist page about scams:

Note it's not an exhaustive list, just some of the more common ones.

>I posted an item...

and didn't bother to read any of the instructions, safety tips, rules, or advice provided by the service I used.

FTFY.

Seriously - so many questions, especially related to craigslist, Gumtree, LetGo, and other local for-sale sites have been answered in pages such as this and this.

This sub's sidebar says, "For all your scam identification needs." One of the steps in identifying scams is read the basic information provided by the service you are using.

You can trust me on this. I have a verified paypal. Or you can trust the other guy with a verified paypal. Or, you can trust craigslist when they say, "deal locally, face-to-face."

Craigslist tells you, on every page, to avoid scams by dealing locally face-to-face.

Why, when craigslist tells you an easy step to be safe, do you ignore it? Go read this page now, and then it should be obvious.

You were almost scammed on craigslist and still have not read this page. Why not? Craigslist says "deal locally, face-to-face". You don't have to go with your guy on this one - simply do what craigslist tells you to do.

Bottom line: craigslist is for local sales. Anyone not local to you is out to pull one over on you. That's why craigslist puts the "deal locally" on just about every page.

This is one of the biggest craigslist scams out there. Report/flag them and stay far away from them. Good on you for being skeptical. My mother on the other hand...she lost 5000 on this exact scam.