Gumtree is a UK and Australia website for used item sales, a bit like ebay but more personable. Recently I put an item up for sale, an RTX 2080 GPU (looking to upgrade to an RTX 2080ti). I received a response in less than an hour, and I have posted the messaging transactions in italics so you can see the scam play out.
Hi A, I’m interested in “RTX 2080”. Is this still available? If so, when and where can I pick it up? Cheers David
This is a default gumtree email message, a quick lookup of David on gumtree, no history, joined gumtree 2019
Yes, can pickup today anytime as I’m off work or on weekend (A)
Your email (D)
I thought to myself, this guy seems a little rude (who just writes an email just containing ‘your email’ to someone?), maybe he’s just really busy.
? Do you mean my email address outside gumtree app it’s: myemailaddress.com (A)
From: David Schmeck <email@example.com> What’s your last price? I work on a rig as a mechanical engineer, I wouldn’t be able to come inspection Regarding the payment, I will be paying you through PayPal, kindly get me your PayPal email or if you don’t have PayPal, You can alternatively send your me bsb number, acct holder name and acct number…I have a private courier that will come for pick up after the payment have been made…Thanks (D)
Hmm.. I thought, seems slightly odd, grammar is a little off, his own private courier? how often does this guy do this stuff?, why did he ask if I had a PayPal account, there’s an icon on gumtree that shows I have a liked account, but hey he seems keen and I’ve used paypal before and all went well previously.
Hi David. $900 is my lowest price. Courier pickup is fine. My PayPal email is mypaypalemailaddress.com Cheers A (A)
Thanks for your mail…I will proceed with the payment immediately. Kindly end the ad on gumtree immediately since you have decided to sell me and also get back to me (D)
I thought to myself, ‘immediately’? gee this guy seems a little pushy (and wording again did seem slightly odd), I then ended the ad on gumtree
Hi David, Just deleted the ad, may take a few minutes for it to disappear. Sendle as courier service is preferable as then I can dropoff at my local newsagent ..address... They are well priced and have used before. Cheers A (A)
Ok, thanks. (D)
I thought, maybe this guy isn’t so bad, at least he said thanks.
Hi David, I just realised PayPal charge 2.6% of payment I receive, my minimum was $900, but PayPal are gonna charge ~$20. Are you ok with $920? (A)
Hello B, Yes sure I will but I really need you to do me a favor, I got a message from the courier agent that will come for the pick up, when I was about to make the payment, that I need to pay a total commission fee of $300 via western union to them before the pick up can be registered, I will include the $300 to the payment I will be transferring now and you will help me send the $300 to the courier agent via western union as soon as you get your money. The courier agent will contact you to the scheduled pick up time with you ok (D)
This is where it gets interesting, the first thing I noticed, he didn’t use my name that was at bottom of every email I sent, he used part of my email address. Second was the big red flags: some mysterious $300 transaction that I am requested to make, the use of Western Union, and that he ignored my request to use the Sendle courier service.
Hi David, Could you use Sendle please, they don’t need Commission and fee should be <$20. This $300 transfer sounds complicated I’d prefer not to do that. Cheers A (A)
And that was the last I head from ‘David’.
Thinking about this, what I could have done is played along, waited for a paypal payment into my account and sat on it until paypal formally cleared the funds, but I’m sure this scammer would recall the paypal transaction if he hadn’t received his $300 within a certain time window.
So my takeaways are for paypal transactions over gumtree:
Check the history of the gumtree user, no history and no liked paypal account on gumtree=raise level to warning
Review text messages for incorrect grammar usage and apparent cut and paste usage (capitals in middle of sentences).=raise level to danger
Do a quick linkedin check if you have their full name.
Be suspicious if they request you message with them outside the gumtree messaging system.=consider terminating conversation
Be suspicious if they don’t respond to informal friendly conversation in communication.
Terminate all discussions if the buyer requests you make strange transactions outside the buy price of the item, especially if these transactions are requested on another platform (direct bank account, western union etc).
If you do give out your paypal address, make sure your paypal account has 2fa and a really, really long password (if should already be, but double check, and use a password manager if you don’t already do so make sure every site you have a password for is unique)