Someone tried to scam me yesterday. After the initial wave of irritation at the fact that they wasted my time, I got weirdly excited because I knew it would make a great cautionary tale. I don’t even need stock photos for this one, friends. I have receipts.

I’ve been selling and giving away a few things on Facebook as we declutter. The giveaways are easy, but selling is trickier. You probably know that best practices for safety as a seller or a buyer include:

• meeting in a bright and populated public place, if possible/practical
• porch/driveway pickup if necessary (rather than letting a stranger in your house)
• ensuring you are not alone if a home pickup or dropoff is happening — even if this means asking a neighbor to pop outside to say hi if you need to interact with the buyer/seller, or bringing a friend as a ride-along
• keep all the communications inside Messenger instead of switching to a different communication channel

But what about financial safety? It might seem obvious that you wouldn’t provide payment before you actually retrieve your purchase, and that you should stick to secure electronic payment methods. This is because cash presents more physical risk and no paper trail, direct bank transfers leave your account information vulnerable, and scammers love gift cards, so someone asking to be paid in gift cards is usually a bad sign. But even following these general guidelines, people can get tripped up by scammers, so I’ll show you where things started to look fishy to me.

Bad energy: pushy, aggressive, or overly hurried

“Lily Eve” was the first to respond. I said she could have what I was selling, and without even asking for a pickup plan she immediately asked for my PayPal info, which seemed a little weird — but hey, people are weird and I was busy. I didn’t think too hard about it, but I didn’t love it.

Then, crucially (and I’m sorry I didn’t screenshot this part before I archived the message) I didn’t get back to her for a few hours because I was in back-to-back client calls, and I got:
“I need your email
Hello”

I didn’t like the tone at all, and in retrospect, Lily being so pushy about getting my payment info was the first bad sign. It is not normal for a buyer to be super eager to provide payment before even discussing the method of pickup. Then, I get this message:

So many red flags in the fake email

This email is so bad. First of all, it’s pretending to be from PayPal, but even before you expand the email, you can clearly see it’s a plain ol’ Gmail account, not communication from an @paypal.com domain name.

Next, the email is riddled with weird capitalization/punctuation, typos, and awkward language, a few of which I’ve highlighted below.

Fun fact: scammers intentionally include these errors to screen out skeptical nitpickers. A person who recognizes that a major company like PayPal wouldn’t send out an email riddled with errors is probably going to be harder to scam. Fraudsters want to weed out those people right away and move on to easier targets.

But even if you aren’t one to notice typos and you overlook the email thing, you should notice that the math is absolutely not mathing here. You should never need to send someone $340 and receive $400 back in order to net a $60 payment. That’s ridiculous, but lots and lots of people — even smart people — fall for it! We are all only as smart as our worst, most tired, most overwhelmed day… which is why these scams exist.

(Also note: you don’t need to have a business account to perform transactions on PayPal — sending or receiving money — and there is no fee to open a business account; they take a percentage of sales. Again, not everyone knows that, but a quick Google of actual business practices will set you apart from easy targets!)

Finally, although there were no links in this email apart from my email address, don’t click on any links in suspicious emails. Ever ever ever. Carefully hovering over a link without clicking can show you where it’s actually sending you, since hyperlinks can easily hide a true destination. However, if you’re looking at an email like this I would just send it straight to spam (or report as phishing, if you’re in Gmail).

What I did next

I immediately told the fraudster “nuh uh.”

I reported them through the Facebook block-and-report mechanism. I’m not confident that will actually do anything, but on the off chance their profile gets shut down, I’ve hopefully added a little bit of friction to their day so they have less time to go after more vulnerable victims.

What to do if you’re targeted or scammed

Friends, you have my blessing to tell any fraudster “My friend was a fraud investigator and she’s seen this before/she told me this was a bad idea/she says you can get bent.” (It’s ok to improvise; whatever gets the point across!) You should block them, and consider reporting them (even if we’re not sure it’s actually doing anything).

If you fell for it, immediately contact the legitimate payment processor (in this case, PayPal) through their app or website and report the fraud, as soon as you realize it. You will also immediately want to contact the bank that holds the account(s) linked to your payment processor and report the issue. Take and share screenshots of all interactions and stay highly engaged. Although those 2 items might not guarantee a return of your funds, they’re the first right steps. As an extra safety measure, consider following the steps I outline here on what to do if you’re notified that your identity/account is compromised.

If you have any questions — or a favorite scam red flag that you’d like to share — drop a comment or shoot me an email at hi@fortunamoney.com. And if you’ve been a victim and you want help navigating your next steps, I’ll be happy to help you create a plan. Cheers!