Venus Fly Traps in the Housing Market

 

Last year, I made a big cross-country move from Georgia to California. As if moving isn’t terrible enough, trying to find a viable place to live in the most expensive city in the United States is a massive nightmare. You can visit a city dozens of times, and think you’re set to make an informed decision on living arrangements from thousands of miles away, but the struggle is real. I found my place via Craigslist. I never met my landlord in person. I met the tenants that lived there previously, but the actual landlord lives hundreds of miles away. Sounds crazy, right? In this particular situation I had enough information to verify that the landlord was a real person, who actually owned the unit, and the set up was not a sham.

Technology has made the housing search easier. Looking for a new pad? Join the ranks in using sites such as Craigslist, Trulia, Hotpads, or one of the many others, and conduct the search yourself instead paying a real estate agent. Odds are you’ll find a great deal and avoid extra fees. A year ago, when I made my big move, it was fairly easy to distinguish scammers from the real offers. Most of the scammers were blatantly obvious because the offers they made were quite ridiculous. They would advertise extravagant apartments for dirt cheap, or request you to wire money because they had to move in an emergency to a different country – I’m sure you know the deal.

Fast forward a full year later, and I’ve found myself in a situation where I had to relocate again. In my exasperating search I found it particularly interesting that the scams had evolved.  And some of them are actually believable! Okay, perhaps not quite as believable to a security professional like you or me, but to the untrained eye, these scams are Venus fly traps. Why Venus fly traps? Well, these scammers rely upon the victims to initiate contact. They lure you to contact them with their pretty apartments and fancy amenities. Once you make contact, they overwhelm you with details in hopes of capturing your information or your money, and Wham! The trap closes.

The facts: It is not uncommon for an individual to move cross country sight unseen for a new job, and these individuals are prime candidates for real estate scams. Real estate scammers have seemingly perfected the art of setting an enticing trap. They generally know how to appeal to a wide set of people and have a high influence factor as moving is never an easy ordeal. Scammers know this, and they want to make the individual think they’ve found the perfect place, in a nice location for reasonable price because let’s just face it, isn’t that what the individual is looking for? They target high demand places with an offer that’s just slightly too good to be true with hope the victim will suppress reason while under stress and ignore the red flags.

Scammers are getting smarter. They are adapting their offerings to reflect changes in market prices, and they aren’t trying to lure victims with the tremendous price difference. Instead, they are providing tons of amenities, or apartments in up and coming areas that are priced slightly less, but they are also including lots and lots of details. Thinking like an SE, this can be the equivalent of having a solid pretext. One of the most important rules of a social engineer is to have a solid pretext, or story, and stick to it. It helps to think ahead of time what questions will be asked and have an answer prepared. In the same way, these scammers have worked out solid details on the apartments. When a victim reaches out, they overwhelm them with details in hopes that the victim will ignore any red flags because of the sheer amount of information.

The curiosity in me decided to play. I wanted to see for myself how these scammers responded. After a while, I was able to easily identify a pattern of some of the scammers. They would always list out the exact address on the Craigslist posting and often even include the unit number whereas real listings often try to keep some information private.

Below is an example of a response email from a fake Craigslist posting. The email from Tom A. even has a Gmail address rather than some sketchy account from yahoo or Hotmail.Note the amount of detail in the email: the scammer can tell me when the unit was built, which direction it faces, and all of the amenities available. The scammer even attempts to address security concerns. There’s no need to worry about dealing with utilities, which could be believable (in my last apartment utilities were included), but everything the scammer says is meant to pressure me into making an irrational decision.

The scammer even offers a discounted rate for a longer lease term, and in case that doesn’t force me to make up my mind, he also adds in an artificial time constraint, by mentioning that one other individual is interested, and whoever pays first wins.

In response to the email: I decided to pretend to be eager and apply some pressure of my own, requesting visit the place.

The scammer did not respond well to pressure. Things started to get sloppy with grammar. He completely ignores the request and again mentions all of the fabulous details in an effort to get me to let my guard down. He says the viewing will be a full week away (knowing I am looking for an immediate solution) and there is a short turn around of one day after the previous tenant moves out. The scammer is trying to use yet another time constraint to force action. At the end of this email, things get sketchy when he asks for a full year’s payment + security deposit, but with the enticement of a 15% discount. Furthermore, the scammer will only send me the lease after I have filled out a form requesting personal information.

Note: the form requesting personal information does not request any sensitive information such as date of birth or social security number, which again is designed to have the victim suppress reasonable doubt that the listing is a sham.

Scammers aren’t always the best social engineers or master wordsmiths, but they do take advantage of the fact that a person is in a pinch, distracted by the stressful situation and looking for a solution. While this particular housing situation may not have convinced you or me, the scammer may have hooked someone less privy to information by forcing them to focus on all the fabulous amenities and immense detail causing them to ignore the red flags.

Should you find yourself in the search of new living accommodations, I’ve found that the best way to quickly identify scammers is to insist on a meeting or immediate showing. Pay attention to whether or not the individual answers the questions you ask or tries to deter. As demonstrated in the correspondence above, it’s easier to identify the true motivations of the poster. I would also advise house hunters to refrain from any personal information without first verifying the place is real, whether this be over the phone or via email, it’s the best way to keep information safe. House hunting is a real pain, and don’t make a bad situation worse by giving up your confidential data. If an offer seems too good to be true, that’s because it probably is: All that glitters is not gold! Until next time, my friends!

Written by Jessssssssssssss

Sources:
https://geo.craigslist.org/iso/us/ca
https://www.trulia.com/
https://hotpads.com/
https://www.social-engineer.org/framework/general-discussion/categories-social-engineers/penetration-testers/
https://www.social-engineer.org/framework/influencing-others/pretexting/principles-planning/

Image:
https://www.fg-a.com/flowers3.shtml