Get best of the week

Apple Watch for inexpensive: how they wanted to “breed” me on Avito and Yulia

Internet shopping has never been more relevant than it is now - when shopping centers are closed due to the coronavirus, and they advise you not to go outside unless absolutely necessary. Not only online sellers, but also scammers were happy about the new reality - they now have “haymaking”. Why am I doing this? I wanted to buy a smart watch - and inadvertently revealed several fraudulent schemes. One wise guy even requested feedback after exposing. But first things first.



It all started with an Apple Watch search on Avito and Yule classified sites. Among the many ads, several offers with an alluring low price caught my eye. I understood that free cheese only happens in a mousetrap ... and, of course, I hastened to respond to the announcements - it’s curious what kind of schemes!

Case 1. Find 10 differences


The first ad I responded to was on Yula’s service. I found out the price of the gadget and where you can see it. The seller said that he was in a distant Zaraysk near Moscow and offered to arrange delivery "through the official website of Yula." Usually, the service works as follows: the buyer indicates the delivery address, reserves and pays for the goods on Yula’s website (the service blocks the money). Next, the courier brings the parcel, which is checked by the buyer, and, if all is well, the seller receives the money. If the product does not fit, the money is returned to the buyer.

I also sent my details for delivery, and after 10 minutes the seller placed an order for me. At this moment, I received an SMS from the SMSVerify sender with the text:



Following the link, I saw a beautiful and high-quality fake made by Yula’s website, where I needed to pay online for the order:



When you clicked “Go to payment”, youla-from.ru/pay/85121135823 page opened (naturally, it’s also fake). On it I had to enter my card details and ... say goodbye to money forever.



In both cases, the domains had nothing to do with Yula's official site. He asked the fraudster why he was deceiving people, to which he replied: “I’m not deceiving my own.” In response to my complaint, Yula’s service blocked the seller.

Checklist fraud scheme:
1) the goods were cheap to attract more buyers;
2) the seller persuaded on delivery;
3) SMS came from an unknown sender;
4) the domain is not youla.ru.


2.


The second seller on Yule immediately indicated sending via Boxberry service as the only interaction option. Moreover, he wrote that the delivery service acts as a guarantor of the transaction (although the latter do not provide such a service). At the same time, Yuly’s robot several times warned that payment outside the service is dangerous:







Okay! I sent the seller the details for placing the order, and this time they contacted me through WhatsApp. The “Boxberry Support Representative” (+ 7-968-501-37-37) called to inquire if I received a sending link:



Having found out that I didn’t receive anything (naturally), he sent me the information about the package directly in the messenger:



Following the link, I saw a page with information about delivery and payment. Of course, you noticed that the link is different from the official Boxberry domain.

The Support Officer explained that this is another delivery service domain created due to the heavy load on the service. I sent a complaint about the seller to Yula support. He was blocked after a couple of hours.

Checklist of the fraudulent scheme:

1) only delivery is possible;
2) delivery must be arranged through a third-party service;
3) the payment link came from an unknown sender in the messenger;
4) links lead to fake sites.

Case 3. Sending Nowhere


Then I found a similar ad on Avito. The seller said that he was in Vladimir and would return to Moscow only after a month, and suggested sending goods through Boxberry. In response, I sent him information for delivery, indicating a non-existent address. To my surprise, the courier even managed to place an order for him. The seller contacted me through WhatsApp (+ 7-905-817-68-89) and sent a link to the order: box-berry.ru/tracking/?12223376

The link was another high-quality fake:



Naturally, the numbers of the items on the real boxberry website. ru could not be found.
I wrote to the author that he was a scammer, but did not receive a response (and I wanted to talk so much) . Also sent a complaint to Avito.

- :

1) ;
2) ( 3 );
3) WhatsApp;
4) .

4. «»


I left this case for dessert. He is with elements of social engineering. So, I found an ad on Julia and wrote to the seller. It was a girl who asked me for a phone number so that “her father” would contact me on him. Soon I received a WhatsApp message from a stranger with a very realistic photo on the avatar: an ordinary person at the age of a nice appearance against the background of some European city. The watch turned out to be in perfect condition, they could even be watched live (which the previous intruders did not dare to do). To do this, it was only necessary to drive to Stupino, which is about a 2-hour drive from Moscow by train.



But then a surprise was waiting for my interlocutor: I have a friend in Stupino who was ready to check everything and buy a watch. What I happily told the seller about ... And the script changed dramatically: it turned out that the "father" is disabled (even sent the video), and the watch, it turns out, is at the "daughter" (who apparently is not in Stupino), but they can be sent via delivery service (he offered SDEC indicating the point of issue closest to me).



I sent him a fictitious name and address. After a couple of days, the seller sent a photo of the receipt as proof that the order was really sent and was expecting payment from me at the sorting center:



Frankly: for a moment, I even believed that the package would really come (the question is just where). Here we must pay tribute to the "seller": the move is very interesting and beautiful, but ... Firstly, SDEK does not have a "safe deal" service. Secondly, SDEC accepted the parcel to a non-existent address, and this, according to our logic of communicating with the "seller", should have been their point of delivery. In addition, I could not check the status of the shipment on the SDEK real site, because I did not pass the check - the system recognized the sender's phone number, but did not recognize the recipient's phone number, that is mine (to check the site you need to indicate the last 4 digits of the number). Perhaps the scammers really sent the package, but to some kind of contact.

But I received in SMS a link to pay for the package from OmegaServis:

CDEK
I received order No. 1176491929
addressed to Petrov Igor Ivanovich.
Estimated delivery date: 05/10/2020.
Delivery address: Mytishchi, st. Gorbachev, 1, apt. 59.
Amount to be paid: 20.000₽
Track and pay: http-cdek.ru/track?track_id=1176491929 The

link led to a fake website of a logistics company: The



page is well done, all buttons (except for payment) are clickable and led to the official website cdek.ru

Pull further There was no point, and I wrote to the fraudster that he had revealed their scheme. Oddly enough, he answered me. He admitted that he was really engaged in fraud, and that this "business" began to bring less income.







Checklist of fraudulent schemes:

1) low price of goods;
2) the transfer of communication from the messenger yula outside;
3) transfer to an external delivery service;
4) social engineering with a trustworthy person;
5) the link received in SMS from a third-party service;
6) link leading to a fake site.

Useful Tips


So, summing up my mini-investigation, we can formulate several rules for working with services such as Yula or Avito:

  1. Do not consider products with prices well below the market. If you decide to buy such a product, then only in person and for cash;
  2. Prevent any attempts to talk about the product outside the official ecosystem of the service;
  3. Do not settle for off-site delivery services;
  4. Look carefully at the links that are sent to you;
  5. Do not react and it is better not to open the links that the seller directs you;
  6. Never make an advance payment for delivery or any other service. Only in the service application Yula or Avito through the "secure transaction".

I wish you a successful and safe online shopping!

Author: Alexander Zhukov (Zhukovsun), Director of Rostelecom-Solar Sales Support Department

More articles:


All Articles