
Anatomy of a Rental Phishing Scam - landfish
https://jeffreyladish.com/anatomy-of-a-rental-phishing-scam/
======
jameslk
From the screenshot, the scam is actually pretty easy to spot if you know what
to look for. Here's some clues:

1\. All accomodations are available (w/d in unit, pets ok, wheelchair
accessible, furnished!) - eliminating listings with all of these checked will
nearly eliminate the scam listings.

2\. The description doesn't include any information about who's the renter.
Usually the landlord or property manager will mention something about
themselves.

3\. Professional photos. This in itself is not a giveaway, but given the above
two clues, almost always indicates the photos were taken from another listing.
A reverse image search can confirm.

4\. The deal is too good to be true. Know the market. $4.5k may not be enough
to get you a furnished luxury 3BR single family home in the Bay Area.

I've had to browse through a lot of CL listings in the Bay Area and these are
the nearly guaranteed ways I've found to eliminate the scam listings.

If that's not enough, I start my emails with requesting times of showings. If
someone isn't willing to commit to meeting and showing me the place, I won't
go any further.

~~~
michaelkeenan
> $4.5k will get you a 1 BR in the Bay Area

Average one-bedroom rent in San Francisco is $3,520, and two bedrooms is
$4,550. It's much cheaper elsewhere in the Bay Area. In Oakland, average one-
bedroom rent is $2,470, and two bedrooms is $3,050. $4,300 is very plausible
in Oakland.

Source: [https://www.zumper.com/blog/2020/02/zumper-national-rent-
rep...](https://www.zumper.com/blog/2020/02/zumper-national-rent-report-
february-2020/)

~~~
14
That is really mind blowing to me. I just looked at the local rental website
for my small town and the first 2 bedroom duplex I looked at had a nice yard
and looked good on the inside and was only $900/month. That is in Canadian
dollars too I may add. That $4550 would be about $6000 Canadian and you would
have people begging you to move in if you agreed to pay them a portion of
that.The highest rental I see on the site right now is about $1800Cad.

~~~
gambiting
SF is just another world to me, whenever I read about salaries or rent, it
might as well be on Mars. We just bought our first home(3 bed, double drive,
large garden) in a large UK city and the mortgage is £580/month(~$750 for you
Americans). And it's not like we're poorly paid either, we both drive brand
new cars, go on holidays twice a year etc etc. And then you get SF residents
being paid well into 6 figures and unable to have a decent standard of living.
It's just crazy to me.

~~~
jaclaz
>And then you get SF residents being paid well into 6 figures and unable to
have a decent standard of living. It's just crazy to me.

To be more accurate, it is only a subset of SF residents (in the IT space)
that get that kind of pay, I often wonder how is the life of those that do not
belong to that elite and that do not make that kind of 6 figures money.

~~~
bluGill
They don't live in SF. It isn't unheard of to commute two hours for a retail
job in SF just to get where you can afford the rent.

~~~
jaclaz
Well, there must be also a given number of "middle class" people, that are not
top notch programmers, nor "entry level" or "retail".

If we take these as valid data:

[https://www.bls.gov/regions/west/news-
release/occupationalem...](https://www.bls.gov/regions/west/news-
release/occupationalemploymentandwages_sanfrancisco.htm)

And set an arbitrary threshold at 45 US$/hour, the amount of people exceeding
that are 31.1%, if we set it at 50 US$/hour they are 19.4%.

If we draw another line, those that get less than 25 US$/hour are 42.1% and
those that get more than 25 but less than 45 are 26.6%.

So, even if we assume that 40% of people commutes for long distances (and BTW
technically are not SF residents), since only between 20% and 30% of San
Francisco workers can actually afford it, it still leaves us with 30%-40% of
people that must be in a really tight spot.

~~~
bluGill
I'm not an expert in California, but if I understand prop 13 correctly it is
possible some of those are people who have lived in SF for many years at the
same address - their house is paid off and taxes are minimal so they can
afford to live on much less. If your house only costs $400/month to live in
($100 insurance, $100 taxes, $200 other utilities) minimum wage still leaves
plenty left over, and presumably if you bought a house 30 years ago you were
worth more than minimum wage...

~~~
jaclaz
Maybe that would account for a part (I am also not at all an expert in
California, so it is just speculation), but those cannot reasonably account
for 40% of workers.

I mean, if you live in SF and have a yearly income of "only" 50-60,000 US$
working some 2000 hours at 25-30 $/hour, and you live in a house that you can
rent for roughly the same amount or that you can sell for (say) a million,
what actually keeps you there?

Maybe you can find somewhere else a similar job, paid in the 15-20 $/hour
range, you lose 20,000 on the job but get an additional 40,000 from the rent
or from interests on the capital.

------
nkurz
The Craigslist ad is still up (or up again):
[https://sfbay.craigslist.org/eby/apa/d/berkeley-two-
story-3b...](https://sfbay.craigslist.org/eby/apa/d/berkeley-two-
story-3br-2ba-updated-cozy/7068211716.html)

The house appears to exist as pictured at the claimed address on Google maps.
Oddly, although Jeffrey's emails about the place were from a couple weeks ago,
this current ad says "Posted a day ago". It also says "Call Laurence",
although as before there is no phone number.

Personally, I'm still not completely sure this is exactly the scam that is
being described. I'm wondering if there might be another layer here --- maybe
someone who took over an existing Craigslist ad? It does seem very well
crafted for a plain rental scam.

Edit: There is also a listing for the same house with same pictures on VRBO
with 172 positive reviews:
[https://www.vrbo.com/564881](https://www.vrbo.com/564881). Given all the
reviews, I presume that one is the real one. Maybe the Craigslist ad is a just
a straight copy of this?

Edit 2: Ooh, I wonder if the reason that the scammer is willing to meet people
at the property from February 14th to 16th is that he has it reserved for
those dates from VRBO. Might be interesting to cross-reference.

~~~
JoBrad
Many times they are a copy of a legitimate ad.

~~~
walrus01
Copying photos and the body text of a legitimate ad would certainly be a lot
less time and effort on the part of a scammer than writing new custom scam ads
every time.

~~~
imglorp
Oh boy, story time. I encountered the opposite scam.

I was selling a house myself. I took photos, paid to have it listed, posted a
sign out front, and posted ads in various places including CL.

Someone contacted me to say they responded to an ad on CL for a rental house.
The prospective renter was told by the scammer he was out of town and that
they could go to the house and look around the property. He would transact the
rental remotely and mail them the keys if they liked it. They were also told
to ignore the For Sale sign out front! They did go see the house but saw the
For Sale sign and called the number - me - at which point we figured out what
was going on. They had also spoken to the guy on the phone, who sounded
foreign.

I found the CL fake rental ad, it was all of my photos from my sale posting,
simply copied onto the fake rental ad. I responded to the ad and almost
instantly got a long response from a Hotmail address. It was clearly a
prepared response and included some clumsy standard rental application forms.
Anyone who fell for this would have lost their rent/deposit/security as well
as all their private info.

Local police couldn't do anything about it but traced the phone to a VOIP,
dead end. CL pulled the ad.

Be careful out there.

~~~
Scoundreller
VoIP can be “backtracked”.

Takes a bit of effort, but the DOJ got providers to do it for the fake
IRS/SSA/INS calls.

There’s a standardized process for it.

Might lead to a deader-end, but “it’s VoIP so we can’t do anything” is a cop-
out.

~~~
tartoran
More should be done to standardize VOIP tracking. It's a huge problem and this
method is widely used for scams.

I don't know if caller id spoofing can be prevented though. I get on average
10 scam calls daily, some days more. My phone is on vibrate and am using this
as a way to relax instead of geting upset. I stand up from my desk and take a
walk around the office. It mostly doesn't bother me but sometimes when it
catches me at the wrong time it does get to me and Id rather this stopped.
Sure, my phone does give me the 'Scam likely' but I wouldn't pick up from
phone numbers that are not in my address book anyway. And I if phone vibrates
I check after I finish what I currently doing so it could always wait.

What bothers me is the ease with witch someone on the other side of the planet
can do this. This thought only bothers me...

~~~
Scoundreller
Neighbourhood spoofing is definitely a problem because I have on-call and it
means it could be a known or unknown colleague (big org).

Then there’s the time the scammers called every number sequentially (or
simultaneously?) in a number block, jamming the incoming/outgoing lines
because we have an exchange code block, but only a reasonable number of lines.

------
somehnguy
The scammer almost immediately sending a bunch of photos of 'himself' is very
interesting to me.

I've noticed the same technique on dating apps. 9/10 times if the person
you're talking to is not real they'll send a 'casual' looking photo after 3-4
back and forth messages, completely unsolicited.

Like the author of this article it seems to be a misguided attempt to prove
that they're real somehow and immediately gives away that they're not. When
this happens on dating apps I like to give them my Google Voice number and
play along for a bit to waste their time. They usually end up pretty angry and
it makes me laugh.

~~~
Johnny555
_I 've noticed the same technique on dating apps. 9/10 times if the person
you're talking to is not real they'll send a 'casual' looking photo after 3-4
back and forth messages, completely unsolicited._

I used to do the same when online dating -- despite many people's claim to the
contrary, much of dating is physical (i.e. visual) attraction, so I sent
additional pics (natural, not staged) early in the conversation just to find
out if it was going to go anywhere... whether solicited or not.

But I was male -- if a super attractive woman sent me pics unsolicited, then I
knew it was a scam. (my apologies if any real women were out there that look
like super models, but were searching for your true love online if only
someone would help you pay for a visa)

------
cissou
What I'm left wondering is: what is the payoff for these scams? These aren't
easy to scale, as you need to be manually writing plausible looking,
personalized emails, waiting for someone to take the bait, "nurture" them over
days or weeks, etc. Also you need specific, valuable skills: between the
social engineering, the actual engineering, the perfect grammar, the
creativity, someone who can pull this off can definitely get a high-paying,
honest job pretty much anywhere. Add to that the hassle of having to
constantly change web hosts, stories, payment processors, etc. as you're
constantly going to be chased by your previously scammed "customers", and the
very real risk of prosecution. The payoff must be ENORMOUS for it to be worth
all this trouble. What am I missing?

~~~
roel_v
Large parts of this can be automated (scraping profiles, setting up ads based
on that scraped info, templates for responses etc), CRM system to track
interactions, for which you have 'white collar' staff. The rest you farm out
to call center style operations, the 'blue collar' work, who can also do
things like 'customer support' for ransomware victims etc. There are entire
villages in e.g. Eastern Europe that are notorious for housing gangs like
this. They're actual businesses, ran in a professional manner, with an HR
department and tech support guys and accounting people etc. The key to
financial success is keeping all your staff occupied in a efficient manner -
balancing the 'lead generation' with the actual work involved, just like any
other business.

Edit: Google "Râmnicu Vâlcea" if you're into this sort of stuff and have some
time to go down an internet rabbit hole.

~~~
heedlessly3
that's a lot of overhead and effort for a scam. It would be easier to just to
have a normal job such as being a software developer.

~~~
dwild
> It would be easier to just to have a normal job such as being a software
> developer.

Sure it is, but there's a whole world outside of the US, where jobs aren't as
easy to find, nor as well paying as software developer job in the US.

------
robpal
A similar, though less sophisticated, scam has been around in France for over
a decade. They put ads with professional photos on websites with rental offers
(the price is good, almost too good to be true but you're desperate for a
place to live and think that maybe, just maybe, you got very lucky), talk to
you in polite and agreeable manner, offer a visit and then demand a
downpayment before the actual visit occurs. The red flag was that they
demanded a scan of ID before the meeting (the landlord cannot ask for it
beforehand) and of course the downpayment request. I searched online after
that and found out it's been around for a looong time. Be careful who you're
paying!

------
randycupertino
Same scam (and probably same scammer? - same backstory) posted on reddit a few
months ago a few towns over:

[https://www.reddit.com/r/bayarea/comments/czfr3m/warning_cle...](https://www.reddit.com/r/bayarea/comments/czfr3m/warning_clever_fraudster_on_craigslist_home_rental/)

~~~
nkurz
And deep within that thread are links to a couple other scams by the same
person for an NYC apartment and a car for sale. What would need to change so
that serial scammers like this are arrested rather than allowed to continue
preying on people?

~~~
rmtech
You could have some digital technology that allows a person to credibly prove
that they own a particular property, that is resistant to hacking techniques.

Alternatively you could have a legal rule that requires the seller to turn up
in person with ID, and police could search for scam listings and then go
arrest the scammers, and fine lazy legitimate sellers who want to break the
rule.

------
walrus01
The very first email from the "landlord" would tell me it was a scam. Maybe
it's just because I've been doing things on the internet from before the web
was a thing, but that's a pretty obvious scam.

The whole "I'm working away from my usual home city on oil/mining/gas projects
in (HARD TO REACH LOCATION)" thing is at least 20 years old now for scams.

~~~
nkozyra
Maybe. Real estate is weird, full of odd personalities, third parties, bizarre
business practices.

My first NYC apartment I left the broker feeling 90% sure I had been scammed.
But all of the things that seemed weird to me were actually fairly normal and
indeed I had the place. In big cities where rentals are big business, the
unusual is pretty usual.

~~~
jimmaswell
My first real job I got from a recruiter who reached out with an email of
broken English and different fonts/colors. Turned out to be a huge legitimate
company.

------
iscrewyou
So apt. I’m moving to the Monterey area in the coming months and looking at
places to rent. I started with Craigslist and emailed some listings without
thinking much of it. And fell for one person telling me they can’t let me see
the property but I have to send them an application with rent attached. I
quickly realized what was happening. Then I moved on to Zillow and saw
postings by rental agencies mixed in postings by unknowns. So I think those
are scammy too(the unknowns). From Zillow I got some names of property
management companies and now I look straight on their website.

It seems like people on Zillow copy rental agency postings for scamming. But
they definitely copy Zillow postings on to craigslist.

This arrival seemed relevant to what I’m going through now. So I figured I’d
pitch in with a bit of my story.

------
55555
I'm assuming there is a Stripe/other payment form behind the button, and not a
login form for phishing. This seems like a lot of work for just phishing. It
would seem amenable to actually taking payments because people are booking
months in advance, giving you months of no complaints or chargebacks or fraud
reports so the criminals can cash out.

~~~
Scoundreller
Maybe it “fails” and then they ask for WU or something non-repudiable.

As you get more committed, the more of a length you’ll go to get the place?

~~~
FDSGSG
WU or just a bank transfer to a drop account. They definitely aren't after
card info with a scheme requiring this much interaction.

~~~
AstralStorm
It's enough to drain few thousands per sucker with scam this automated.

It will be pushed immediately to a temporary account and forwarded in non-
repayable way to the scammer, leaving bank or credit card company to take the
fall and a big headache to the user.

~~~
FDSGSG
That doesn't happen. The whole idea is utterly ridiculous, if someone could
cash out credit cards like that they'd just buy the cards for dollars a piece
and not waste their time on a complicated scam like this.

> scam this automated

haha no

~~~
55555
You are wrong because the nature of this setup specifically allows them to
ensure no card owner will be able to find out that they've been conned for
several months (by only accepting renters who want to move in in several
months). If you just buy card info and charge them, some of those card owners
will notice right away.

------
Pharaoh2
This scams are very common and fairly easy to detected even without contacting
the person.

I have been looking at apartments since november and finally found a place in
January, and this is the third apartment I have rented in SF over the last 5
years. I believe this one would have been caught by point 2.

Detecting a SF craigslist rental scam:

1\. Is it too good to be true? Its a scam. What's too good to be true you ask?
Check other listings, especially on something like rentSFnow, or the many
other property management company to get a baseline price range.

2\. Reverse image search the images and if it comes from a house listing on
redfin or some other website to buy/sell houses, its a scam.

3\. Does it mention a management company? Check their website, if the
apartment is not listed there, its a scam. If they don't have a website, its a
scam. Does the building/apartment's google maps or yelp not link to the
management company website? Its a scam.

4\. Are the pictures really good/professional looking? It MAY be a scam.

5\. Does the listing provide no/very little info about the
apartment/roommates? Its a scam.

6\. Look for listings for the same apartment on alternate sites like
apartments.com/hotpad/zillow/trulia. Don't find another listing for the same
place? Its a scam, with a minor chance that the owner may not be technically
adept, in which case look at the pictures, if they are good, its a scam.

7\. Are there multiple postings on the same day/close by with different titles
but same content? Its a scam.

If it passes all of these, it may still be a scam, reach out and proceed with
caution.

If after reaching out, they ask for deposit before seeing the place, its a
scam. If they ask you to sign up on any website, it may be a scam. If the sign
up requires credit card/bank account or sensitive personal info, its
DEFINITELY A SCAM.

Ignore most things they tell you, the only thing you should care about is
actually checking the place out and making sure it works for you in person.

Even if they let you see the place, IT MAY BE A SCAM. Proceed with caution and
make sure the person actually own the place/has the right to rent the
apartment.

~~~
outworlder
> Even if they let you see the place, IT MAY BE A SCAM. Proceed with caution
> and make sure the person actually own the place/has the right to rent the
> apartment.

This part was mind-blowing. I would never considered that someone would show
an apartment they don't actually own.

~~~
Spooky23
Real estate is a very fragile system with all sorts of crazy scams. Deed fraud
is a thing — people buy houses and incompetent banks write loans on houses
that aren’t for sale.

There were a bunch of cases in Brooklyn a few years ago, some were related to
corrupt officials in the Surrogate/Probate court and deceased persons
property. Others were grifts affecting unoccupied properties. The system isn't
really designed to stop these sorts of frauds.

~~~
Gibbon1
Friend of mines neighbor lives in a rental with an absentee landlord. Someone
stole the landlords identity, took out a homeowners loan on the place, then
wired the money to a bank in South America. They found out because real estate
vultures started knocking on their door.

------
mdani
In the reply, I'd probably include 1x1 pixel hidden tracker image or maybe a
legit looking logo below signature and get the client ip of the scammer's
computer when it does http GET on it. The ip can tell more about where they're
located.

~~~
craze3
This is a great idea, but if he's gone through all this trouble already, then
he's probably behind a proxy or VPN...

~~~
pbhjpbhj
Reverse Captcha? Send an image, ask them to email you at the address in the
image -- at that point their handlers will likely decide you're too much
trouble and you'll be ghosted.

------
jimmaswell
At the place I moved into, they apparently had to constantly remove signs
scammers had put in the yard.

~~~
megablast
What sort of signs?

~~~
mschuster91
"Up for sale/rental, call xxx" probably.

------
sjf
It makes me deeply depressed that real estate is huge right now, many more
people than ever are renting and we still have to deal with Craiglist scams to
find a place to live. Ignoring the fact that the last ten years of UX seems to
have passed Craiglist by, it's unbelievable that such a huge site has the
absolute minimum of fraud prevention. There are so many comments on here about
various kinds of CL scams, why does a trusted marketplace for rental housing
not exist?

~~~
unishark
You'd think they have the world's biggest dataset of scam posts too, with
people constantly labeling posts for them (including law enforcement).

~~~
ericd
The problem is that scam posts are frequently just copied legitimate posts.
The only thing we found that worked was to force communication to go through a
messaging proxy to run classifiers on those messages.

------
blisterpeanuts
Craigslist is the Wild West; use it at your own risk. A few years ago, I
answered an enticing ad for a pretty nice apartment in a good school district
near Boston. The price was about half what you would expect; that was the only
tell.

They answered my inquiry right away and said something about being "away in
Africa on mission work and need someone to sublet our place". I supposed this
was somewhat plausible, but decided to test them.

Since they said they wanted someone quiet, I said, "We have a pet howler
monkey. I hope that's okay."

They replied "That is fine." I then knew something was wrong, so I mentioned
that he's not really house trained, and tends to throw things, and then they
ghosted me.

Meanwhile, someone else might have fallen for the scam. I did report the ad,
of course, but that takes a few hours or days and in the meantime, someone
else might have been suckered. Craigslist could really benefit from some kind
of comment/review system that would allow you to immediately call out these
kinds of posts publicly. Of course it would also require a systematic way to
take down revenge or mischief posts that unfairly attack legitimate sellers.

~~~
kyuudou
Have had this same scenario play out several times myself on CL. The other
most common scammy post is a roommate.com one where when you get in touch with
the poster, they have you go to a roommate.com link which basically requires
you to sign up for a ~20$/mo membership. I get the need for such sites but
I've seen this so often I consider it a scam and wonder if, like hired shills
and trolls, people get hired to post such content just to drive membership.

------
peteradio
There should be simple highlighter on the domain name in the browser so you
can easily see:

airbnb.com.rooms-040349.town vs airbnb.com

Or some kind of script that can recognize likely b.s. for common domains. Now
that I say it, it probably already exists.

~~~
stickfigure
That seems like a great idea!

Why _doesn 't_ the url bar highlight the domain? Given how security-critical
it is compared to the rest of the URL, why is it not bold and obvious?

It seems so easy for browser vendors to implement...

~~~
333c
I think you may be saying this sarcastically, but in response to the comment
you replied to, at least my browser (Firefox) does do this. On this page,
"ycombinator.com" is highlighted in white.

~~~
stickfigure
No sarcasm.

Chrome does not display any significant difference... or if it does, it's too
subtle for my 20-40 vision.

Firefox is noticeable, now that you mention it. I never noticed before. A for
effort, C- for execution?

Given the security implications, how about bold and blue? Maybe even a bigger
font size? It should stand out, no?

~~~
JoshuaDavid
Perhaps even a color chosen based on a hash of the domain name, so a visually
similar domain name (e.g. goog1e.com) shows in a different color than the user
is used to.

------
teraku
Something like this happened to me as well in Germany. I reported to
authorities and they said "well, since no damage was done, we can't do
anything" THANKS, lol!

------
goodoldboys
Interesting! I encountered this same exact scammer recently and as soon as he
sent the email with all the pictures I knew it was a scam. I was definitely
fooled up to that point as well though...

~~~
pydeveloper22
Hello,

My apologies..I know this is a bit unrelated but I saw that you had a post for
a full stack developer listed almost a couple months ago I wanted to find out
if this opening is still available or if it has been filled? Thanks

------
KarlHermie
This was awesome! I didn't know the <a
href="[https://reverseimagesearch.app">reverse](https://reverseimagesearch.app">reverse)
image search</a> was working so well (I never quite thought about this until I
did this). I used it on a video game and the algorithm looks amazing!

------
rmtech
It's pretty amazing that modern browsers don't flag _.com._ as a scam.

Is there any legitimate use for addresses like this?

It's also amazing that email software doesn't highlight fake link texts. There
should be a rule that if the text looks like a URL then the actual URL has to
match it exactly.

~~~
hobofan
I was under the impression that in quite a few countries they are quite widely
used. E.g. .com.au in Australia.

~~~
rmtech
OK but outside of a few legitimate exceptions?

Surely it's reasonable to flag .com.blahblahblah.thing.spamdomain as fishy?

.com.au/ or any other actual country top level domain is ok

------
RcouF1uZ4gsC
This is the one downside of Let's Encrypt. They made running https scam sites
cheap and easy. I still think having https everywhere is worth the trade off,
but the downside should be acknowledged.

I wish there were an EV certificate like alternative for sites where actual
money is involved (banking, hotels, etc) which cost a decent amount of money,
so that at least the cost of running these scams would go up. For example,
airbnb paying $1000 for one of these certificates would be a rounding error to
them, but it would stop a lot of scam sites.

EDIT:

Right now the issue is the phishing protection is reactive in that we try to
flag bad sites after the fact. I wish there was someway to make it proactive
so that good sites could be attested to.

~~~
endorphone
That isn't a downside of L.E. though because HTTPS by itself was never meant
to imply trust in the site, and any notions to that effect should rightly be
dispelled. Sounds more like a benefit of LetsEncrypt if it brought more
awareness to this.

And FWIW the EV cert that sites like AirBNB buy cost in the range of $500. The
cost isn't what makes it prohibitive, though, but instead it's the corporate
and personal identity that they (should) do as a part of the process.

~~~
nkozyra
> but instead it's the corporate and personal identity that they (should) do
> as a part of the process.

And often that isn't nearly as intensive as you might think.

~~~
tialaramex
It doesn't even matter. Tax havens like the United States of America or the
United Kingdom go out of their way to make it easy for foreigners to create
"corporations" with no local footprint, no ties back to anything and no
practical way to investigate.

If you have $1000 and don't live there you can set up a bona fide US
Corporation today and get an EV cert issued for it, within 24 hours. So long
as you pick a unique name in the place where you register (any of 50 different
US states) they don't need and won't ask for any further information - the
paperwork will show up as "American" even if you can't point at the US on a
map and have never even visited in your whole life. Congratulations, you are
entitled to an EV certificate for, let's say, Okland Best Property Rentals
Inc. a US company that older browsers show a proper American flag for and
looks 100% legit but in fact proves nothing except that you filled out a web
form and had a few hundred dollars.

If somebody tries to "send in the cops" to "Okland Best Property Rentals"
expecting it's some crook who actually lives in California they'll be fighting
a multi-billion dollar state-sponsored entity whose purpose is to help (non-
US) crooks hide money, the agencies will stall and eventually, after a long
and expensive fight, give up a PO box address in Abuja, Nigeria or something.
There the trail ends. Bye.

