How I nearly got scammed on FB
I nearly got scammed on Facebook yesterday. In the spirit of Cory Doctorow, I’ll explain what happened.
The dog treadmill
We’ve been looking for a dog treadmill for a few years. They’re expensive. Yesterday I came across a post on a sports dog owners FB group, selling a used one 1h away from us for a good price.
I couldn’t pick the treadmill up this week, so I messaged the seller to send a deposit to reserve it. The email address the seller gave me to send the E-transfer to was weird:
sexyrisksherman7(at)gmail(dot)com
(I’m disclosing his email, because scammers don’t deserve privacy)
SexyRiskSherman??
Let’s double check before throwing money away. The seller looked like a guy in his 30s.
When millenials have a weird email address, it’s usually because it was their screen name on random websites since the days of MySpace.
It’s often easy to find traces of their history scattered across the web by looking for that username.
Reminder: Google Sucks in 2024
I search for the username on Google, and I find one main thing:
Google sucks now.
Both Kagi, Bing and DDG find a reddit and a github account linked to that username. However, Google only proposes a sex shop to me (after I turn safe search off, of course).
Both the github and reddit accounts are deleted users. I can’t find any further traces on archive.org or on the yandex.ru cache.
Sidebar: If you’re looking for deleted stuff on the internet (eg. old house listings on an MLS), Yandex doesn’t respect takedown requests. Their page cache sometimes keeps what other search engines delete.
In any case, I’m sad to learn there’s a big gap in Rule 34, and there’s zero thriving online communities about porn re-enactments of Sherman’s march to the sea. So we’ll have to look elsewhere.
Nope nope nope
We have no history on his accounts, let’s double check his FB account for signs of being a real human.
The FB account has activity since 2018, and it vaguely looks like a married guy, with pictures of his wife. If you look at it for 3 seconds, it doesn’t obviously look fake.
However, I start scrolling and red flags quickly stack up:
There are no comments on any of his posts.
All his posts are images with either no caption, or a single word.
He put up his cover picture of a golden retriever puppy the day he put the treadmill up for sale. I don’t see other pictures of a dog. Why would he sell his dog treadmill the day he gets a new dog?
It becomes clear
The next red flags I notice make it clear what’s up:
All of his posts have had exacly 7 likes for the last 5 years.
If you look at who liked them, it’s always the exact same 7 people
The other accounts in the group of 7 fit the same pattern (existed since 2018, commentless posts with 7 likes from this group). Here’s one in the cluster I found:
I message the guy saying I think he’s a fake account. He immediately blocks me and deletes his account. I report the cluster of accounts to FB for being fake accounts and scams.
Platforms don’t really care about scam accounts
FB returned to me within an hour saying they’re not taking the accounts down. This is expected behavior from a social media platform, the accounts here probably pass through their statistical filters.
Reddit, for instance, has had the FreeKarma4U subreddit for years for spammers and bots to build accounts that are “statistically legitimate”.
Facebook clearly doesn’t consider the accounts creating a fully disconnected cluster on their social graph being a red flag.
Scams are sophisticated!
This was a good scam on his part. He waited 6 years on this account to try to make a small time scam on a local dog owners FB group.
If we weren’t sending a deposit in the first place, he might have raised red flags much earlier, like asking for money before we pick the item up in person. Or asking for a deposit proactively.