If you're going to be a scammer, you better make sure you cover your tracks - all of them. Which, in the digital age could be nearly impossible. That's what one young man had to learn the hard way.
Security researcher Christian Haschek, based in Austria, recently won a contest in which he was awarded $500 in Apple Store gift cards. Unfortunately, he couldn't use the cards in Austria; they could only be used in the United States. So he took to the internet to see if he could sell them and put them to good use.
Haschek eventually found an interested buyer on Reddit. He checked out the buyer's profile on eBay and saw that it had positive reviews and everything seemed in order.
So, Haschek took photos of the gift cards and emailed them to the buyer. He also physically shipped them to (what turns out would be a fake) U.S. address.
Guess what? Haschek never got his payment. He tried to contact the buyer on eBay and got this reply:
"Excuse me, but who are you? I don’t use this account except when I occasionally buy items. Antworten
"my ebay [sic]was hacked recently along with my email because I was keylogged. The hacked then proceeded to access my bank paypal [sic] and ebay. So no. I won’t send you money for someone else hacking you but I do feel sorry for you."
That was when Haschek took measures into his own hands. Instead of being scammed, he took the eBay screen name and found the same screen name for Reddit and other online accounts.
Piecing small bits of information together from those sites, Haschek was able to find out the scammer's first name, the first letter of his last name, along with the city he lived in.
Next, Haschek was able to find the scammer on Facebook. He entered the information and could only find a single post made by the scammer with one like.
It was that one like that made all the difference. It was made by one of the scammer's friends who posted everything as public. Jackpot.
After looking through four years' worth of posts, the researcher was able to fully identify his scammer, along with the scammer's mother, father, brother and cousins. He then sent messages to the scammer's family telling them what had happened.
Around 10 minutes later, the researcher got a message from the 22-year-old college student scammer, apologizing like crazy and begging for forgiveness.
Here's what he wrote, as published in Naked Security:
"This is ungustly from before. I am sorry for what I did. I am young and stupid and always in a really bad place. I ama full time student and I have no job. I contacted Apple and got a giftcard back. I can. Give you your giftcard back I have a card for $477 and one of the existing card you gave me should have the remaining balance. Please leave me alone after this I won’t do anything like this anymore I am having panic of attacks just thinking about this.
"I do not have the bitcoins if I did I would have sent it to you already. I have literally 0 money and as a full time college student I have no savings please I beg you to understand I have had a handful of anxiety attacks in the past few days over this issue and I am extremely scared. All I want is to leave me alone I know what I did was wrong please I beg you to forgive me
"I will never do anything like this again. I have 6 classes and I am a full time student I can’t even go to work to pay you back. I would immediately pay I back if I could but I am broke and living on cheap fast-food. Please I beg you to forgive me and accept the card I returned I am very sorry I did this to you."
Haschek didn't go to the police or file charges, but rather told the student to sell the cards in order to pay him back what he was owed. The student then thanked him and promised never to do anything like this ever again.
What do you think? Would you give this young full-time student a break? Do you think he learned his lesson? Let me know your thoughts by posting in the comments below.