Thursday, July 5, 2018

Anatomy of a Scam: How "Verification Code" Scam Works

If you post anything for sale on Craigslist, you can be unwittingly enlisted by a scammer to be an accomplice, even if you don't accept the offer.

The scam usually goes like this.

A) You list something for sale on Craigslist. It doesn't matter for what.

B) You get a text reply, that goes roughly like this:

X: I want to buy (insert product name). Is it still available?

YOU: Yes it is.

X: I sent you a verification code from (X). Prove to me you are real by sending me the code.

(X) can be Google, Yahoo, Craigslist, Microsoft, etc.

C) A few moments later, you get a text message from a "short code" (4-6 digits only, not a phone number), it may or may not be in English.  It does contain a code.

At this point, you should cut contact with the scammer. 

The scammer is registering a new account on (X). However, instead of entering their own phone number for verification, they entered YOUR phone number instead. Thus, (X) is verifying that the request came from you. (Not the scammer)

If you give scammer the code, you have linked YOUR phone number to scammer's account. You also enabled them to get an account they shouldn't be able to otherwise.

This has various consequences when the scammer's account is eventually banned for scamming. Usually, it means you will be unable to register for any new accounts. using that phone number. In the worst case, police may track you down instead. And you will have a hard time explaining why is your phone number used to register a scam account.

The effect of this differs by service.

On Craigslist, the scammer can now post ads for 90 days without further verification.

On Google, this can enable them to obtain a Google Voice number (for phone calls and text) and Gmail address. 

For Yahoo and other email services, this allows their registration to go through.

So don't fall for this scam within a scam. 


No comments:

Post a Comment