Downsizing and selling my HT. Posted my speakers on Craigslist and got a response. Wanted to send me a verification code from Goggle Voice. Smelled phish so I Goggled (or Duck Duck Goed). The scam requires the person to have your Gmail account. This person had nothing and I don’t use Gmail (even told them). I never opened any of the text messages and deleted out of precaution. Now I can’t see why they contained. What would sending this code to the scammer accomplish, especially on my iPhone? Here are the pics of the conversation.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Curious, how does this Craigslist scam work on iOS?
- Thread starter Julien
- Start date
- Sort by reaction score
I don’t know Google Voice but looks like he was trying to add your telephone number to it. To confirm the number belonged to him, Google would probably send a text to that number with a code for him to enter. You giving him that code could have allowed him to complete that step, though it looked like it failed to work somehow.
Don’t share 2FA or verification codes with others again.
Don’t share 2FA or verification codes with others again.
Definitely a scam. The only thing I can think of is that code you have to enter uploads your Gmail password? Typically a legit buyer won’t ask you to do that and will offer to meet in person.
Some guidelines to follow when selling on Craigslist: Craigslist is teeming will scammers.
Always use CL email relay for contact.
Never post your exact address
If someone contacts you via CL relay email and wants you to text them back, don't. It's more likely than not someone harvesting live phone numbers. Always use the CL relay email.
If it's a real potential buyer, they will ask normal questions about your item for sale.
Anything of value I've sold on CL, I've gotten at least one msg from someone trying to scam me by sending cashiers checks and having someone else pick it up later. That's always a scam.
But in CL favor- I've sold two cars and lots of used stuff on CL to legitimate buyers. You've just got to be very wary and careful. Every CL buyer wants a discount off your asking price, so post an asking price that will take that into consideration. (Higher than what you're willing to accept).
Always use CL email relay for contact.
Never post your exact address
If someone contacts you via CL relay email and wants you to text them back, don't. It's more likely than not someone harvesting live phone numbers. Always use the CL relay email.
If it's a real potential buyer, they will ask normal questions about your item for sale.
Anything of value I've sold on CL, I've gotten at least one msg from someone trying to scam me by sending cashiers checks and having someone else pick it up later. That's always a scam.
But in CL favor- I've sold two cars and lots of used stuff on CL to legitimate buyers. You've just got to be very wary and careful. Every CL buyer wants a discount off your asking price, so post an asking price that will take that into consideration. (Higher than what you're willing to accept).
For Google Voice to work, you need at least one other phone number to setup service. So what appears to be happening is that the scammer is using OP phone number as their at least one number. Google Voice will then text or call the phone to verify that legit. Once scammer has setup their Google Voice number, they then can turn off all forwarding of calls to the OP number. Or remove completely and replace with some other number.
Scammer scams, and down the road, abandons the GV number and moves onto another one.
That the GV verification code info is in Vietnamese, and OP in Atlanta, would have ended any conversation for me.
ADD: and this is why people are using burner phone number apps for CL and other boards where your number will be plastered about.
Scammer scams, and down the road, abandons the GV number and moves onto another one.
That the GV verification code info is in Vietnamese, and OP in Atlanta, would have ended any conversation for me.
ADD: and this is why people are using burner phone number apps for CL and other boards where your number will be plastered about.
Probably something along the lines of https://www.reddit.com/r/Scams/comments/65ze35/craigslist_google_voice_scam_i_fell_for_it/
I still don'y understand what the scammer could gain from me. I don't use or have google Voice/Gmail or Google Calendar. So how could using my phone number give any control of my AT&T iPhone or number to the scammer????
[doublepost=1538761137][/doublepost]
OK posted at the same time. I guess this makes the most sense. So just to be sure the verification number was not shown in my screen shots and I needed to open the text to see it? So since he keep trying looks like it didn't work.
They are basically stealing your identity in a way.
Google is sending a code to you, that you are then forwarding to the scammer.
Whatever the scammer does in the future to scam people, will be tied to you if you provide the actual code.
It sorta looks like the entire message is in the screenshoots and maybe the code too like 109591 in the first one. However he keep saying wrong code and sending again until he gave up. Do you have to open the text for the code to be accepted? Can Google tell if the text message was NOT opened (there is no read like iMessage) or was the code deeper down?
I can't read the language, but there may have been more if you had opened the message.
It's not that something would happen by opening the message or in the message itself, it's just about the code itself and simply the scammer knowing what it is (as in you letting the scammer know what the code was that was sent to you).
I found a screenshot that I did only Mac and it seems to have the translation. Asking about a link to install Google Calendar??? That seems odd since I don't use or have google Calendar. What could this mean.
Yeah...I bet this was just a way to set up a new Google Voice number that would be tied to your mobile number. Then the bad actor would have a google voice number available to run scams out of that would be traced back to you and not to them.
Unfortunately Craigslist is full of scam artists, but there are ways to use it safely: Never put your name or contact information in the post, and always use Craigslist's proxy email feature for communication (there are also other proxy communication services you can use). Agree to meet in a public place. Our police station even has a couple of parking spaces near the door designated for this type of transaction. I buy and sell stuff on Craigslist every now and then, but I have been frustrated by buyers that turned out to be scam artists. I've had better luck posting things on our local neighborhood "NextDoor" site, but usually I need to cast a wider net.
Speaking of Google Voice... we have a Google Voice number we use for stuff like this. I don't like to give my actual cell phone number to anyone for the sake of a one-time transaction. I use our Google Voice number instead... I also put our Google Voice number on any kind of registration form that asks for a home phone number (like our grocery store rewards account).
Unfortunately Craigslist is full of scam artists, but there are ways to use it safely: Never put your name or contact information in the post, and always use Craigslist's proxy email feature for communication (there are also other proxy communication services you can use). Agree to meet in a public place. Our police station even has a couple of parking spaces near the door designated for this type of transaction. I buy and sell stuff on Craigslist every now and then, but I have been frustrated by buyers that turned out to be scam artists. I've had better luck posting things on our local neighborhood "NextDoor" site, but usually I need to cast a wider net.
Speaking of Google Voice... we have a Google Voice number we use for stuff like this. I don't like to give my actual cell phone number to anyone for the sake of a one-time transaction. I use our Google Voice number instead... I also put our Google Voice number on any kind of registration form that asks for a home phone number (like our grocery store rewards account).
The Google Translate translation is "123456 is your Google Voice code".
Not a good scammer, from appearances.
Looks like a couple of things going on. Appears that scammer is trying to sign into Google Voice website and or app and Google is sending 2FA codes to OP number for that. And they forgot to send the two-digit code on their screen that OP would need to enter on their phone when Google robocalls them. Guessing OP is getting a random 800/866 number and ignoring.
http://eesmyal.com/wp-content/uploads/2012/01/Verify-Google-Voice.png
Re: the calendar message. Standard Google process of when getting onto one of their web services that has an app, they'll have a box asking if you want to use the app, and if so, they'll text you the link. Guessing scammer tapped at the wrong thing when flailing about.
I guess the question here is, did you provide them with any of the verification codes that allowed them to actually complete the registration of a new Google Account or Google Voice number tied to your mobile number? If you think that might have happened, I would try to contact Google to see if someone can tell you what accounts are associated with your mobile number. Of course contacting Google is not easy. I'm not even sure how to go about it. They do have ways to report identity theft and fraud, but you usually need to be very specific about what happened.
You might try putting your number into their Google Account Recovery page to see what accounts come up. There might be a separate one for Google Voice.
Link within link "C DM" provided has instructions for reclaiming your phone number. Basically, create your own Voice account using some other number you have access to (not the scammed number) and then click the reclaim option for the scammed number.
https://archive.fo/7isfZ
https://archive.fo/7isfZ
You see everything the scammer saw or knows. I did not open any of the texts or send any info other than the screenshoots just to prove I got it. I then deleted the unopened text messages.
If any code was seen from what you sent and was able to be used then something could have potentially taken place (if the codes were correct and used correctly). Again, opening or not opening the texts doesn't really matter, it's simply seeing/knowing the code that they would have.
Just checked and I have an Google voice phone number from MANY years ago. I thought it would have expired since I havn't used it. Looks like my phone is still linked to it. So shouldn't this mean it's not linked to any other Google voice number?
EDIT: I just verified since I don't think that was ever done. Not sure how it works but it looks like by checking I will receive a text from the Google Voice number.
So I should use this number for things like Craigslist? Is it more secure or what??? Have been weening off Goggle services and tracking for the last few years. Hate to start back down that road again.
EDIT: I just verified since I don't think that was ever done. Not sure how it works but it looks like by checking I will receive a text from the Google Voice number.
So I should use this number for things like Craigslist? Is it more secure or what??? Have been weening off Goggle services and tracking for the last few years. Hate to start back down that road again.
Last edited:
I mostly use my Google Voice number to register for services that require a phone number. I don't put any phone numbers in Craiglist ads or even while I'm negotiating with a potential buyer. I do that all through Craigslist proxy email (they call it 2-way email relay). That obscures your actual email address, but not necessarily your display name. I kind of go by gut feeling. If the buyer or seller sounds legit and offers their phone, I may contact them via phone or text using my Google Voice number. If I google them and they totally seem safe (one time I recognized the seller as a neighbor) I will just contact them from my iPhone.
Since Google sent you a verification code that the scammer you were dealing with initiated, that tells me that they knew either your cell phone number or your Google Voice number, and they were trying to get you to give them the code to verify some transaction that was definitely sketchy. I could see this being pretty effective scam with some. A scammer gets someone's personal email or phone number from a Craigslist ad or transaction. Then they attempt to access that person's account using the account recovery option. A verification code goes to you, and they try to talk you into providing it to them. Some people who aren't familiar with scams or how multi-factor authentication or trusted email/phone verification works could easily fall for this. Fortunately you recognized it for what it was, but I would make sure everything is protected with multifactor. Many accounts (including Google) also let you audit activity.
Well I just smelled phish and always trust my instincts. Just for safety I deleted my phone number and then re added it. It sent me a code and I entered it. So if I understand correctly my iPhone number CAN'T be used by or attached to any other Google number.
Also looked and there were no phone calls or messages sent to my Google number yesterday or today.
Here is another Craigslist scam I doesn't understand. First I got an email and sounded OK. As you can see the first 2 post sound normal and then the 3ed. Of course it smells but what is there to accomplish? Sending me a fake cashier check (which I wasn't going for) and not picking up???? How does that scam me?
In this case, something along the lines of, "you know what, I've talked to the little lady, and we don't want the item anymore. Can you send the money back? Here's my PayPal account, PO box, etc.". Or "I've got a mover lined up, can you wire them the extra $50 as a deposit and I'll send you another check for that. Here is their PayPal account".
Or, has cohorts in town. They pickup stuff, and a few days later, find out check bounced and lost money and items.
ADD: this specific number, one of the first search hits is a post on a scam alert site stating it's a "send money to mover" scam.
https://www.bbb.org/scamtracker/detail/fakecheckscam-10466-NY/261615
Or, has cohorts in town. They pickup stuff, and a few days later, find out check bounced and lost money and items.
ADD: this specific number, one of the first search hits is a post on a scam alert site stating it's a "send money to mover" scam.
https://www.bbb.org/scamtracker/detail/fakecheckscam-10466-NY/261615
Last edited:
