E-commerce, internet fraud, Nigerian 419 scams and our experience — a tale

12/04/2011 at 12:16 pm Leave a comment

We had a fraud attempt from Nigeria this morning. Here’s details of what happened and what to do if it happens to you.

Media_httpfarm4static_necdr

Photo credit: ABN2 on Flickr

Once a month we’ll get someone register on our site from Nigeria (we’ve had it occur once from the Ivory Coast too, but they have other things on their mind right now!) who then uses our member messaging system to send out typical Nigerian 419 scam messages in order to try and dupe people.  For those that don’t know, these are the messages claiming to be from the cousin of the former Interior Minister of Burkina Faso (or whomever) with $10,000,000 to liberate if only you’d help them by giving them your account details.  Annoying, but fairly easy to spot and when we see such a thing happening we usually suspend their access to our site and delete all their messages before anyone has noticed.

Today was different.

Whenever we see a login from Nigeria alarm bells ring.  I wish I could say that just a few ruin the reputation of the west African nation for all the rest, but EVERY incident of a Nigerian IP address accessing our site has led to an attempt at scamming.  So when we saw a page view register from Lagos today we watched.

What we didn’t expect was that they would upgrade to a Pro membership before the scam messages started.  But they did — and that changes everything, because it goes from being inconvenient and something we can sort ourselves to unquestionably fraudulent and needing the bank and police to be informed.

The profile they added to our site to commit the fraud is still here to see — it has been suspended so they can’t access it, but retained until the police have collected all they need from us.

Terry_mcdonald_profile

You’ll see they’ve used a non-existent address in Taunton to register a business on our site (that address may look legitimate, but the postcode is for The Crescent in Taunton and Onaldo Close seems not to exist), but the business they mention is actually located in Montana in the US (traced from the website address they gave).  The person’s name they use is real and that person is actually a partner of the business whose details they have used, but there is no link between the fraudsters and the business though.

We hold two email addresses for the frausters, both Yahoo email addresses, and both using the name of the individual detailed on their WeCanDo.Biz profile.  One of these email addresses we have authenticated to them as they were required to click a link in an email to verify their email address on registration.

The credit card they used was for a Chinese named individual registered to an address in Michigan in the US and was approved for payment by Streamline.  None of the address details or the name matched the details we held for Terry McDonald though.  In a subsequent telephone call to Streamline they advised us to refund the payment immediately, which we have done.

Normally we don’t bother retaining details of scammers to our site, because we delete their attempts before anyone knows about them, so there is no victim of crime — we do what we can to make sure of that.  This time, however, there IS a victim — us, as we have been paid for a service that will be charged back.  So the police have to get involved.

We were advised to contact Action Fraud UK, a government agency specifically to set up to combat e-commerce and email fraud.  The rise in Nigerian 419 scams, fraud through sites like eBay, Gumtree and Craig’s List, and fraudulent use of stolen or cloned credit cards through e-commerce sites necessaitated a better way of handling such issues than was previously in place.  Action Fraud is the body assigned to collect all evidence so that that information can be passed to the police.

https://reportfraud.actionfraud.org.uk/FraudReport/Content/Templates/logo.jpg

Action Fraud website

Telephone 0300 123 2040

Action Fraud collecst all information, most of which you will have to hand from emails, website forms and transaction details from your payment gateway provider, and issue a crime number before passing on to the police. W have passed to them names of all people mentioned; contact details including telephone numbers and email addresses, for both fraudster, those they name and the credit card holder; and IP addresses from which our website was accessed during the fraud.

Next contact is likely to be from the investigating office — we now have to wait for that.

In the meantime, it’s unlikely this particular fraudster will be back as they won’t get access to our site, unless they re-register and we’ll be watching out for that.  Although these things aren’t as obvious to spot as you may think: the original access of our site to register a profile was from a Nigerian IP address, but subsequent logins showed up in our website traffic monitoring system as from the US at the time, although those clicks now show as Nigeria.  So it would seem the fraudster used a proxy or somehow managed to successfully “cloak” their IP address to look like the US rather than Nigeria, removing suspicion (we still saw patterns of suspicious activity though, such as frequent and repeated use of our website to message other users).

With regards to the credit cards transaction, this has been refunded and as Streamline updates overnight we are hoping it will all cancel out with them without us needing to incur fee to handle the transaction AND the chargeback.  We’ll wait and see and update this thread once we have confirmation of how Streamline handle this — they approved the transaction remember.

If you have any questions or comments about your own experience of internet fraud, feel very welcome to add them below.

Advertisements

Entry filed under: Uncategorized.

Join me at #SMCVE in Bracknell on Friday 17 June 2011 to gain expertise from social media experts SYSTEM NOTICE: WeCanDo.Biz Social CRM downtime tonight for system upgrade #wecandobiz

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


WeCanDo.BIZ on Twitter

RSS Member sales leads from WeCanDo.Biz

  • An error has occurred; the feed is probably down. Try again later.

Blog Stats

  • 18,687 hits

%d bloggers like this: