EcommerceBytes-Update, Number 136 - February 06, 2005 - ISSN 1528-6703     2 of 7

Interview with an eBay Vigilante

Email This Story to a Friend

vigilante (vi-j&-'lan-tE): n. - a person who tries in an unofficial way to prevent crime, or to catch and punish someone who has committed a crime, especially because they do not think that official organizations, such as the police, are controlling crime effectively. Vigilantes usually join together to form groups.

The following is an interview with one such person.

"Mr. X" has been on a crusade against online scammers and fraudsters since 2001, when he was defrauded on eBay. Because Mr. X says he has received threats and harassing emails, we are keeping his identity hidden.

And although he intensely dislikes the term vigilante, Mr. X admits to bending the rules and even breaking the law an attempt to protect other victims and expose scammers. AuctionBytes does not condone this activity, but the story of Mr. X gives an interesting glimpse into the darker side of global online trading.

AuctionBytes: Were you ever a buyer or Seller on eBay?
Mr.X: Actually, I've never sold on eBay, I've only purchased things.

AuctionBytes: How long?
Mr.X: It's been since '98.

AuctionBytes: What event sparked you to start fighting scammers on eBay?
Mr.X: About three years ago I allowed myself to be defrauded on eBay. I was totally unaware of the fraud and unaware of the system and I didn't know that the auction had to have a "Buy It Now" button to purchase it immediately. And I knew nothing about Western Union being used by the scammers to perpetrate their fraud. I thought, well gosh, there's a trusted name. Little did I know.

AuctionBytes: Was it a high-ticket item?
Mr.X: Yes, I was trying to purchase a Canon camcorder, a GL-2, because my house had been broken into and the camcorder I had was stolen so with the insurance money that I received, I was planning on purchasing a new camera. I thought, let's try to get a halfway decent one and try to save a little money.

AuctionBytes: So how did this scam go down?
Mr.X: Well I contacted the seller. I didn't realize that it was a hijacked account, because of the feedback. I was kind of wet behind the ears, and I contacted the seller. He said he was located in Miami and he wanted the money Western Union, and he needed it because he was in the process of getting divorced and was cleaning out his house. So it sounded logical. I made him an offer. He accepted it. And stupidly, I went online, conveniently cut the money transfer, and had it sent to him.

AuctionBytes: When did you figure out the this was a scam?
Mr.X: The following day. I noticed that the auction was not removed as per our agreement. He said he was going to end the auction and ship the camera to me. So what I did was, I called Western Union to try to stop my money transfer and the woman that I spoke to refused to stop the transfer. She said they were in the business to send money, not retrieve it.

I said, "But I'm getting ripped off." And she said, "Sorry, there's nothing we can do."

I was flabbergasted, so I hung up, but the following day I called back and kept badgering them until they finally put me in touch with their fraud department. The woman that I spoke to in the fraud department was very nice. I was surprised that I wasn't directed to her in the first place. I could have stopped my money transfer and saved myself some money.

But basically what I told her was that this person was using this name and was receiving money transfers for this particular auction that had a lot of bids on it. I'm sure I'm not the only the only one that sent money. She was able to look into her files and see that 22 money transfers had gone through that person's name in the state of Florida alone, and because I was able act fast enough, I was able to save 9 people – unfortunately not myself – from getting ripped off.

AuctionBytes: So how did you make the leap from consumer to online vigilante?
Mr.X: You know, I hate the word vigilante.

First of all, I do not condone anyone doing this, because they're going to make major mistakes. The reason I did it was because I saw so many people that were being defrauded and they didn't have anyone to turn to. Law enforcement is not equipped to handle the situation. The FBI and the Secret Service refuse to get involved because they don't do anything unless the dollar amount exceeds, or is somewhere in the neighborhood of $100,000. Then they'll become interested.

Otherwise it's hands off. And I understand that they have issues of national security, but they're refusing to look at the big picture. They just see fraudulent sites on an individual basis. A group of scammers can have a plethora of web sites – up to 10 running at the same time, but authorities don't look at it as a group, they look at them as 10 individual sites and 10 individual instances.

AuctionBytes: Do you tend to see the same scammers over and over?
Mr.X: Yes.

AuctionBytes: In your experience, how many groups are active at this time?
Mr.X: I would say several major ones that work as groups to put fraudulent sites up. Mostly based in Romania.

AuctionBytes: What are most common types of scams that you see?
Mr.X: My focus has been basically on fraudulent escrow sites. With an escrow process, if you've ever purchased a home, you know that money is required to be put into a third-party account that will be held until the deal goes through.

So let's translate how this works with eBay. Let's say you have a family heirloom, a piece of jewelry that you need to sell. For example, one gentleman had to sell a family diamond ring so that he could pay for his daughter's open-heart surgery. The gentleman was trying to sell this diamond ring for $6,000. He listed the item on eBay, and since he didn't have a lot of selling experience, scammers were drawn to him. Scammers thrive on low-feedback sellers on eBay.

The first thing a scammer will do is hit a new seller up with an offer to purchase their item, and these people are excited that they're selling something for what they want for it. So the seller agrees to sell the item. The scammer will then tell the seller that the money has been sent to an escrow site. The escrow site will then contact the seller and tell them that the money has been placed in an account by the buyer.

Unfortunately, the person running the escrow site and the person purchasing the item are the same scammer. The victim will ship the item, expecting to receive payment after the item has been shipped. But of course, payment never arrives.

And it does work in reverse. Scammers do sell items online that don't exist, so people send money and then they never get their items.

AuctionBytes: So when you discover a fraudulent escrow site, what do you typically do?
Mr.X: I don't want to go into too much detail, because I don't want to give away any secrets. I wouldn't want people to go out there with any knowledge of what I can do, and attempt to do this to legitimate web sites.

The first thing we do is determine whether or not a site is legitimate. The only escrow site located in the United States that is recommended by eBay for online purchases is So right away, that gives an indication, if the company says they're located in the U.S., that they're fraudulent.

We look at the domain registration information. If the company says they're located in Florida, but the registrant is located in Washington State, there's an indication that this person (the registrant) would have no connection to the web site.

AuctionBytes: Explain that a bit. The scammers set up a fraudulent escrow site. They're registering it with a stolen credit card?
Mr.X: Yes. What they'll do is harvest credit card and contact information via spoof or phishing emails. If you click on a link within a phishing email that looks like it's from eBay or PayPal and enter your information, that info is being collected by a scammer. The next thing the scammers will do is take this information and sell it online.

AuctionBytes: So these stolen Credit Card numbers are readily available?
Mr.X: Oh yeah.

** AuctionBytes: Suppose I was in the market for a stolen credit card number – where would I go, and how much would I pay?**
Mr.X: I know that the scammers use Internet Relay Chat (IRC) to conduct their business – I've heard a figure of $20 for a list of numbers. I don't know how many numbers would be on the list.

AuctionBytes: So a scammer would take these credit card numbers and do what with them?
Mr.X: They'll try to use them. They'll purchase online items. They'll register domains. Set up sites. I've seen many receipts for software and items.

AuctionBytes: And the sites that scammers use these stolen credit cards to set up are typically spoof sites and fraudulent escrow sites?
Mr.X: Correct.

AuctionBytes: So a scammer will give a web hosting company a stolen credit card number to set up a domain?
Mr.X: Yes.

AuctionBytes: And when you look at the registration information for a fraudulent domain, is it usually the owner of the credit card that is listed as the domain owner?
Mr.X: Yes.

AuctionBytes: Often there's a telephone number in the registration info for a domain contact.
Mr.X: Correct. Sometimes it's a legitimate phone number, but most often it's not their correct number – the area code will be different or the numbers will be transposed or changed. What we do is – using various tools – we'll be able to trace where the registrant lives. If we can't get their actual phone number, I'll make it a point to call one of their neighbors or call their local police department.

AuctionBytes: Let's go through the various responses you get. If you reach the person whose credit card was used to set up a fraudulent site, what is their typical reaction?
Mr.X: First of all, they'll refuse to acknowledge the fact that their credit card information has been stolen. They'll also say, "I never ordered that domain" and hang up on me. Or I get yelled at and get threatened with the FBI or the police.

They often associate me with the scam. They think that I'm trying to rip them off, when I've never asked them for any information. I try to relay information to them that these are the steps you need to do to protect yourself and we need the web site removed immediately so that other people are not victimized.

If someone is taken in by a fraudulent web site they can find out who it's registered to. They're going to find your name on the registration – and they're going to harass you. That's happened.

AuctionBytes: How about the response from the web hosting company that's hosting the fraudulent site?
Mr.X: Yes. That's actually the first thing we do. We send an email notification to the web host that they're hosting a fraudulent domain.

AuctionBytes: And how does that go over?
Mr.X: There have been several web hosts that have been adamant in their refusal to even investigate the fact that we have reported a fraudulent domain. They refuse to take any action without a court order.

AuctionBytes: Are those typically the larger web hosting companies?
Mr.X: Yes.

AuctionBytes: But don't these companies lose an inordinate amount of money by accepting money from stolen credit cards?
Mr.X: No. I've seen emails from web hosting companies saying, "Your credit card did not go through, please log in and give us an alternate means of payment." So what these scammers will do is use someone else's credit card with a different name, and the web host will accept it. And the web site stays up.

This is the bad part. Let's say the scammers use a credit card and the charges are declined. What happens is, there's a charge-back situation. The hosting company, fully knowing what's going to happen, disputes the charge-back. That site can stay up for another 90 days while it's in dispute – all the while these scammers are victimizing unknowing users – so that the hosting company can claim on its insurance, they have insurance against charge backs – and recoup their losses.

So it actually benefits these web hosting companies to keep these fake escrow sites up, so that they get money from their insurance companies.

AuctionBytes: Are there any hosting companies that work with you in shutting these sites down?
Mr.X: Yes. I just had a very pleasant experience with several web hosting companies. They have been very, very helpful in removing fraudulent domains.

AuctionBytes: And what about the authorities? I assume that you've had some contact with the authorities?
Mr.X: Many times, the police departments will refuse to cooperate and work with me. What they'll tell me is that the victim has to contact them before they'll do anything.

I try to explain to them that the victim, most often, is not aware of the fact that their credit card information is being used and a very important thing to consider is the fact that there are going to be many people defrauded by the fake sites that the stolen credit card is being used to set up.

AuctionBytes: Do you ever get the authorities to work with you?
Mr.X: Yes. I've contacted many police departments who will bend over backwards to help. And they tell me that they very much appreciate my getting involved.

AuctionBytes: You've mentioned the word "We" a few times in your responses. Can I assume that there are others that are doing the same work as you?
Mr.X: Behind the scenes there are several people and several resources. I don't want to go into detail about who they are or how we find these domains. Many of them are on a "hit list."

AuctionBytes: How many hours a day do you spend on this?
Mr.X: Way too many. 6-8 hours, typically. I do have to do real work to support myself, however. I just feel compelled to help other people because I know there are things that I can do.

AuctionBytes: Are you ever in contact with the scammers themselves?
Mr.X: I receive death threats. There have been postings on various web sites where the scammers have offered rewards for information leading to my full name and address.

AuctionBytes: So what how do you let a potential victim know that they are being scammed?
Mr.X: When I find out who the intended victims are on these fraudulent escrow sites, I send them a warning email that tells them that they're engaged in a transaction on a fraudulent site. I also give them links to legitimate sources such as eBay, where there is a full explanation of the escrow process and what sites are recommended. I also give them a link to the web site, which tells them how to spot fraud web sites and try to help them learn for themselves what they're getting into.

Unfortunately, a lot of people don't believe my warnings and they complete the transactions or they'll forward my email to the scammers – who then know the jig is up.

There was one instance where there were about 15 people who had sent items via Fedex. I obtained the tracking numbers and called Fedex. They told me they don't accept information via third parties and there was nothing that they could do. I spoke to a Fedex fraud investigator and she refused to take any information. She refused to take the name of the fraudulent escrow site and the numbers of the Fedex packages and said they were on their way to Spain.

None of the packages had been delivered. What I had to do was comb through them and try to determine who they belonged to and try to get hold of a couple people – which I successfully did – and have them call Fedex. It's the same story with UPS as well. I've tried to contact the Postal Service and their Postal inspection service and my calls are never returned. It's frustrating.

AuctionBytes: Do you feel that there are any inroads being made against fraud?
Mr.X: Yes, but it's still frustrating. I've contacted the FBI, the Secret Service and the Postal Inspection Service – all three agencies refuse to return my calls. I've sent reams of credit card information to the Secret Service, who refuse to acknowledge that I've even sent it to them. I've tried to get the FBI to help me bust these web sites and get them removed. They have a "stand off" attitude.

I've been told "off-the-record" that they very much appreciate my helping other people, but technically what I'm doing is illegal and I could be prosecuted for it.

AuctionBytes: Are there any specific incidents that stand out, since you've been doing this?
Mr.X: I had a situation with a woman in Ohio, who was thought she was purchasing a Mini-Cooper. She wired $9,800 to a bank in Idaho. I found out what the account information was for the bank in Idaho. I sent an email to the woman, warning her not to send any money. She and her husband read the email, and simply ignored it because they thought I was trying to rip them off. In the meantime, I contacted the bank and asked them to freeze that account. I was assured that they would look into it.

Unfortunately, they didn't. The woman didn't listen. She wired the money to Idaho, and the scammer pulled the money out of the account.

I know that banks are skeptical about phone calls made "out of the blue" about this kind of situation – but you'd think there would be some due diligence by the banks, because they could be stopping so much money from leaving the country.

There are some banks that are fully aware that the information that I give them is correct – I get great cooperation from some banks – I work with the fraud investigator of one bank in their corporate offices, she's great. All I have to do is give her the information and it's taken care of.

AuctionBytes: What about this woman who sent the money to Idaho?
Mr.X: What happened was – eventually the authorities caught up with the person who received the money. He was supposed to be a "go-between" and supposed to send the money out of the country and I guess he decided to keep the money for himself, which screwed him. The last I heard, he was supposed to be extradited to Ohio to face charges for wire fraud.

AuctionBytes: Did you ever heard from this woman?
Mr.X: Yes she called me to tell me what was going on. The funny thing was – even after I warned her and worked with her to try to get her money back – she still had the nerve to suggest that I was trying to divert the funds to myself.

AuctionBytes: Any other stories?
Mr.X: There was a gentleman who was an assistant H.S. principal in California. I noticed that he had engaged in a transaction on a fraudulent web site. I sent him a warning, but he refused to believe me and forwarded my email to the scammers. I didn't realize it at first, but in order to try to convince him not to wire $13,600 for a BMW in Spain, I had given him my telephone number and told him to call me to talk about this. The vehicle did not exist.

He refused to believe me and forwarded my email with my telephone number to the scammers, who proceeded to call me. From Romania.

AuctionBytes: So scammers know who you are?
Mr.X: Some of them do, yeah. The ones that are the nastiest.

AuctionBytes: What are some of the newest scams?
Mr.X: Probably these money-laundering jobs and money-laundering web sites. People apply for jobs on these sites for the position of financial officers.

What the scammer will do, is if you apply for a job on one of these job sites, they'll use your name as a seller on eBay. Basically the scammers will hijack an eBay account, and use the name of an applicant as the contact person for that eBay ID. So the victim, in this case a buyer on eBay, will send the money to someone in the US, who is acting as a financial agent for the Russian scammer. The "financial agent" will begin receiving payments in the form of wire transfers, money orders and cashiers checks, and it's his job to cash the checks and send it via Western Union to the Ukraine. Because the Russians cannot secure their own banking facilities in the US, so they need people to handle their transactions for them.

AuctionBytes: And this is a Russian scammer?
Mr.X: Yes. The Russians and the Romanians do this, but right now I've concentrated on a specific person. He's still doing it.

AuctionBytes: Would you say that fraud is more or less rampant than when you started 3 years ago?
Mr.X: It's gotten worse. For some strange reason, because we're busting so many of these fake escrow sites, they're popping up like a plague. Unfortunately, a lot of times we don't find the sites until the damage has been done. If someone complains about a web site on eBay, we know that this has been worked heavily. If one person complains, there's probably going to be 50 victims.

AuctionBytes: How fast is the cycle? How quickly does a scam site go up, how long does it last and how fast do scammers move on to the next site?
Mr.X: A matter of days. For example, they'll set the site up on a Wednesday, they may even have that site rolling on the same day. As soon as the site is active, scammers will start trolling the auctions and trying to get people to use it. And scammers aren't stupid. They'll only work a site for a few days, then split.

AuctionBytes: And in that short time, how many victims would you say use that site?
Mr.X: I would say on average at least 20 victims per site. I've seen some sites, where the web host has refused to removed it, so these guys are free to scam at will. I've got data on websites with over 100 victims who have actually concluded their transactions.

AuctionBytes: And typically, these escrow sites deal with higher-ticket items. Correct?
Mr.X: Yes.

AuctionBytes: And how much might that fake site be worth to a scammer?
Mr.X: We're talking a couple hundred thousand dollars.

AuctionBytes: What can a person do to protect themselves?
Mr.X: Never use a common password and don't use the same password across multiple sites. Some people will have the same password for their email, for eBay for their PayPal account – and when they sign up on a fake escrow site, they'll use the same password there, too. So a scammer now has all the information they need.

People need to know who they're dealing with – and that's difficult because people aren't aware of what they need to do. If you receive an email from someone who's selling something, you're not going to automatically check the headers to see what IP address it came from. The scammers often use AOL to hide their actual locations.

When you're purchasing something on the Internet, use your credit card. At least you have some protection then.

AuctionBytes: How about if you're a seller?
Mr.X: You have to know what fraud is. You have to research fraud. If you're going to be selling on the Internet, you have to know what types of scams are going on. Always go through legitimate sources. If you're selling something on eBay, go through PayPal. If you're using an escrow service, go through

If someone someone suggests an escrow site, remember to check to see if it's a legitimate site before you enter into a transaction. Check what eBay has to say about escrow.

And most importantly, report a scam. It's a community – we have to help each other.

About the author:

David Steiner is President of Steiner Associates LLC, publisher of and the merchant directory. David, a former television producer, handles business development and advertising for EcommerceBytes. You can reach him at

You may quote up to 50 words of any article on the condition that you attribute the article to and either link to the original article or to
All other use is prohibited.