Tell them you will send them the money through western union. After getting their info then tell them you just sent the money they will cream their pants only to go down to the nearest western union to find the money is not there. When they contact you again swear that you sent it and will go down there again to figure out what happened. Email them back saying there was some small hiccup but the money is there for them now. Laugh knowing that they made two wasted trips to get your money.
Unfortunately, I think now they can call Western Union by phone and verify if the money has been wired before going to pick it up.
The best approach to dealing with these people is to report the activity to the abuse departments of the systems they are using. Contact abuse@craigslist org and forward them examples. A search on Google will reveal the ads are posted all over CL. The scammer is using the e-mail box:
[email protected], so contact
[email protected] and let them know that account is been hacked and used by someone else. Then examine the IP addresses of the correspondence the scammer sends out. Let's do some forensics of the headers:
Received: from outbound-mail.vgs.untd.com (outbound-mail.vgs.untd.com [64.136.55.15])
Received: from outbound-bu1.vgs.untd.com (webmail22.vgs.untd.com [10.181.12.162])
by smtpout06.vgs.untd.com with SMTP id AABGPQCHKAMVY24A
Received: (from
[email protected])
by webmail22.vgs.untd.com (jqueuemail) id QT6NN7XP; Sun, 07 Nov 2010 12
38 PST
Received: from [172.129.107.90] by webmail22.vgs.untd.com with HTTP:
Sun, 7 Nov 2010 20:13:51 GMT
X-Originating-IP: [172.129.107.90]
Mime-Version: 1.0
From: "
[email protected]" <
[email protected]>
What we know from the above info:
"Jessica" was using a webmail application hosted by untd.com (so we want to forward that info to
[email protected] - you can do a WHOIS of untd.com and get the contact info if abuse@the domain doesn't work - you can even get someone on the phone sometimes too). When "she" accessed webmail, she was at the IP address of 172.129.107.90
That IP address belongs to AOL. So ironically, you have someone using a corporate webmail account, with AOL as the ISP, using a juno.com return address. They're definitely trying to hide their tracks. You can also forward the mail to
[email protected] and with any luck, you can get untd.com, aol, juno and CL to shut down all the accounts, or else turn the data over to the FBI for investigation since it's an active interstate fraud situation going on.
Also, further correspondence with the scammer will likely reveal additional systems and user accounts he's compromised, so you can gather all that info and start shutting things down. You could also contact the FBI, but usually they don't care about cases unless it involves some big influential corporation.
