If you have been scammed, please post here and share your experience; it may help others avoid the same situation!
by clarksn Mon Mar 16, 2015 6:42 pm
We have just nearly fallen foul of the following scam which uses Paypal as a vehicle coupled with social engineering. Note that this is not a straightforward Paypal scam, but uses social engineering in an attempt to exploit a weakness in Paypal's linked account verification process. It is more likely to succeed against businesses (as we are) rather than individuals.

The perpetrator looks to buy something from the business and offers to pay by by bank transfer and asks for the bank details to make the transfer. Most businesses would monitor their bank account expecting to see cleared funds within hours or a few days depending on the nature of the transfer to be made.

The transfer doesn't appear. The perpetrator waits for a few days chases up (or is proctively informed by the business) and is told that the funds haven't arrived. The perpetrator insists that he has sent them and sends a scan of his bank statement to show the funds have been sent, with the dates and details left in but theamounts crossed out.

The business says, sorry, the funds still haven't arrived. The perpetrator says send me a scan of your bank statement to prove they haven't arrived or otherwise how do I know you haven't just kept my money, I sent the money and my bank says it has gone into your bank on x date so just send that date and by all means obscure the details just like I did when I sent you my account.

The business then if caught out might think this is the quickest way to solve the issue prove they don't have the money. HOWEVER the scammer has actually created a false Paypal account that they control. Of course they haven't used your bank details to pay you and have faked their bank statement. They have instead fed your bank details into Paypal to set up a bank linked account from which they can draw funds to fund the paypal account. To validate a linked account paypal makes a 1p credit to the bank account with a four digit PIN code in the bank reference. The scammer needs that to close the loop and validate the link and of course he has done this in the date range that he hopes to see when the business proves they did not get the money. The scammer has further socially engineered the situation by giving the victim a subconcisous template for how to anonymise the scan of their bank statement, which would leave the critical information intact.

At that point they then have direct debit access to the victim's account.

This scam did not work on us for three reasons:

1. We keep a separate account soley for receiving inbound bank transfers and all money in is immediately moved to our main accounts on receipt. This means the balance in the account is very low and the transactions are few and far between.
2. We did initially fall into the trap of sending a scanned excerpt from our bank statement back (as being the quickest way to prove we didn't have the money), however we realised that the bit to anonymise whilst still proving we didn't have the money was not the amounts but the account reference detail. We therefore anonymised the bit the scammer needed.
3. Because of 1 we had spotted the paypal credit and already queried it with our bank as suspicious.

Hope this helps people not fall into the same trap we nearly did.

Not seen this reported anywhere else in the googlesphere so also reporting it to paypal and our bank.
Advertisement

by vonpaso xlura Tue Mar 17, 2015 6:18 am
This sounds like an ingenious scam and one I haven't heard of before. Could you post the email address, phone number, or other identifying information of the perpetrator that other victims may be searching for?

... ni los estafadores heredarĂ¡n el reino de Dios. 1 Cor. 6:10
by clarksn Tue Mar 17, 2015 3:15 pm
here is the contact info as originally sent (I believe he was genuinely french as he made the intial contact by phone to book rooms at our guest house - he would never have stayed of course - he used our deposit taking process to try to execute the scam)

christophe monfort <[email protected]>:

when i will make transfer i will notice you.
Full names : MONFORT CHRISTOPHE, CHOPLIN ANNE-MARIE, LANGLOIS ROBERT, DOUET ROZENN
adress: 29 chemin des sources 75009 paris
phone number: +33647197582
kind regards
chris

Who is online

Users browsing this forum: ClaudeBot and 3 guests