Apple Watch for inexpensive: how they wanted to “breed” me on Avito and Yulia

Internet shopping has never been more relevant than it is now – when shopping centers are closed due to the coronavirus, and they advise you not to go outside unless absolutely necessary. Not only online sellers, but also scammers were happy about the new reality – they now have “haymaking”. Why am I doing this? I wanted to buy a smart watch – and inadvertently revealed several fraudulent schemes. One wise guy even requested feedback after exposing. But first things first.

It all started with an Apple Watch search on Avito and Yule classified sites. Among the many ads, several offers with an alluring low price caught my eye. I understood that free cheese only happens in a mousetrap … and, of course, I hastened to respond to the announcements – it’s curious what kind of schemes!

Case 1. Find 10 differences

The first ad I responded to was on Yula’s service. I found out the price of the gadget and where you can see it. The seller said that he was in a distant Zaraysk near Moscow and offered to arrange delivery “through the official website of Yula.” Usually, the service works as follows: the buyer indicates the delivery address, reserves and pays for the goods on Yula’s website (the service blocks the money). Next, the courier brings the parcel, which is checked by the buyer, and, if all is well, the seller receives the money. If the product does not fit, the money is returned to the buyer.

I also sent my details for delivery, and after 10 minutes the seller placed an order for me. At this moment, I received an SMS from the SMSVerify sender with the text:

Following the link, I saw a beautiful and high-quality fake made by Yula’s site, where I needed to pay online for an order:

When you click the “Go to payment” button, the page opens youla-from.ru/pay/85121135823 (Naturally also fake). On it I had to enter my card details and … say goodbye to money forever.

In both cases, the domains had nothing to do with Yula’s official site. He asked the fraudster why he was deceiving people, to which he replied: “I’m not deceiving my own.” In response to my complaint, Yula’s service blocked the seller.

Fraud scheme checklist:

1) the goods were cheap to attract more buyers;
2) the seller persuaded on delivery;
3) SMS came from an unknown sender;
4) the domain is not youla.ru.

Case 2. Delivery without an alternative

The second seller on Yule immediately indicated sending via Boxberry service as the only interaction option. Moreover, he wrote that the delivery service acts as a guarantor of the transaction (although the latter do not provide such a service). At the same time, Yuly’s robot several times warned that payment outside the service is dangerous:

Okay I sent the seller the details for placing the order, and this time they contacted me through WhatsApp. The “Boxberry Support Representative” (+ 7-968-501-37-37) called to inquire if I received a link to send:

Upon learning that I did not receive anything (naturally), he sent me information about the package directly in the messenger:

Following the link, I saw a page with delivery information and pay. Of course, you noticed that the link is different from the official Boxberry domain.

The Support Officer explained that this is another delivery service domain created due to the heavy load on the service. I sent a complaint about the seller to Yula support. He was blocked after a couple of hours.

Fraud scheme checklist:

1) only delivery is possible;
2) delivery must be arranged through a third-party service;
3) the payment link came from an unknown sender in the messenger;
4) links lead to fake sites.

Case 3. Sending Nowhere

Then I found a similar ad on Avito. The seller said that he was in Vladimir and would return to Moscow only after a month, and suggested sending goods through Boxberry. In response, I sent him information for delivery, indicating a non-existent address. To my surprise, the courier even managed to place an order for him. The seller contacted me through WhatsApp (+ 7-905-817-68-89) and sent a link to the order: box-berry.ru/tracking/?12223376

The link was another high-quality fake:

Naturally, it was not possible to find the departure numbers on the boxberry.ru real site.
I wrote to the author that he was a fraud, but did not receive a response (I really wanted to talk). Also sent a complaint to Avito.

Fraud scheme checklist:

1) low price of goods;
2) the seller was far away and offered delivery by a third-party service with an advance payment (he threw the message with the description and instructions as many as 3 times);
3) the seller sent a shipping link through WhatsApp;
4) the link led to a fake website of a logistics company.

Case 4. The most “sincere” fraudster

I left this case for dessert. He is with elements of social engineering. So, I found an ad on Julia and wrote to the seller. It was a girl who asked me for a phone number so that “her father” would contact me on him. Soon I received a message on WhatsApp from a stranger with a very realistic photo on the avatar: an ordinary person at the age of a nice appearance against the background of some European city. The watch turned out to be in perfect condition, they could even be watched live (which the previous intruders did not dare to do). To do this, it was only necessary to drive to Stupino, which is about a 2-hour drive from Moscow by train.

But then a surprise was waiting for my interlocutor: I have a friend in Stupino who was ready to check everything and buy a watch. What I happily told the seller about … And the script changed dramatically: it turned out that the “father” is disabled (even sent the video), and the watch, it turns out, is at the “daughter” (who apparently is not in Stupino), but they can be sent via delivery service (he offered SDEC indicating the point of issue closest to me).

I sent him a fictitious name and address. After a couple of days, the seller sent a photo of the receipt as proof that the order was really sent and was expecting payment from me at the sorting center:

Frankly: for a moment, I even believed that the package would really come (the question is just where). Here we must pay tribute to the “seller”: the move is very interesting and beautiful, but … Firstly, SDEK does not have a “safe transaction” service. Secondly, SDEC accepted the parcel to a non-existent address, and this, according to our logic of communicating with the “seller”, should have been their point of delivery. In addition, on the real SDEC website I could not check the status of the shipment, because I did not pass the check – the system recognized the sender’s phone number, but did not recognize the recipient’s phone number, that is mine (to check the site you need to indicate the last 4 digits of the number). Perhaps the scammers really sent the package, but to some kind of contact.

But I received in SMS the link to pay for the package from OmegaServis:
Cdek
Received Order No. 1176491929
addressed to Petrov Igor Ivanovich.
Estimated delivery date: 05/10/2020.
Delivery address: Mytishchi, st. Gorbachev, 1, apt. 59.
Amount to pay: 20,000₽
Track and pay: http-cdek.ru/track?track_id=1176491929

The link led to a fake logistics company website:

The page is done well, all buttons (except payment) are clickable and led to the official website cdek.ru

There was no point in drawing further, and I wrote to the fraudster that he had revealed their scheme. Oddly enough, he answered me. He admitted that he was really engaged in fraud, and that this “business” began to bring less income.

Fraud scheme checklist:

1) low price of goods;
2) the transfer of communication from the messenger yula outside;
3) transfer to an external delivery service;
4) social engineering with a trustworthy person;
5) the link received in SMS from a third-party service;
6) link leading to a fake site.

Useful Tips

So, summing up my mini-investigation, we can formulate several rules for working with services such as Yula or Avito:

1. Do not consider products with a price significantly lower than the market. If you decide to buy such a product, then only in person and for cash;
2. Prevent any attempts to talk about the product outside the official ecosystem of the service;
3. Do not settle for off-site delivery services;
4. Carefully look at the links that are sent to you;
5. Do not react and it is better not to open the links that the seller directs you;
6. Never make an advance payment for delivery or any other service. Only in the service application Yula or Avito through the “secure transaction”.

I wish you a successful and safe online shopping!

Alexander Zhukov, Director of Rostelecom-Solar Sales Support Department

Similar Posts

Leave a Reply