
Who’s Behind the ‘Web Listings’ Mail Scam? - raybb
https://krebsonsecurity.com/2020/03/whos-behind-the-web-listings-mail-scam/
======
jawns
It irritates me when people say this isn't a scam because the invoice
discloses (in fine print) that it is a solicitation not a bill.

The fact is, most scams operate this way. There are generally subtle signs
that it's a scam if you look hard enough AND know what to look for, but they
are effective because they are misleading and rely on some realities of human
nature, such as the fact that many people trust that when they receive
something that looks like a bill, it's actually a bill, and they will often
pay it without looking it over with a fine-toothed comb.

Claiming that it's not a scam, even though it's clearly deceptive, just
because an astute person might be able to identify it as a scam by reading the
fine print, is unfair to those who are taken in. It's like trying to pass off
counterfeit bills and then claiming you weren't engaging in fraud because the
money had "Not legal tender" written in small print and the store clerk would
have realized that if they'd only inspected every individual bill closely
enough.

This scam is also not a "stupid tax." Its victims do not deserve to be
defrauded simply because they failed to exercise the same caution that a more
savvy person might have. It is an immoral, legally gray activity that hurts
others and tends to prey on vulnerable people, like the elderly and those for
whom English is not a first language.

~~~
ryandrake
But the example's disclosure in the link was not hidden in fine print at all.
It is in boldface and uses the largest font on the paper: THIS IS NOT A BILL.
THIS IS A SOLICITATION. There are scams out there but this one seems more like
a dark pattern. You don't have to be that astute to identify it--you just have
to be able to read and not go on autopilot.

Victims don't deserve to get scammed, but that doesn't mean they shouldn't
exercise caution.

~~~
majormajor
"Dark pattern" is just a nice way of saying "how can we trick people while
staying just barely on the right side of the law."

Why is tricking people _legally_ ok?

~~~
bryanrasmussen
Often tricking people is not legally ok, also even tricking people that is not
deemed criminal may not be allowed by a civil court, if you cared to take it
to court of course.

------
gnicholas
I was shocked that our public schools do business with a company that does
something similar, which is also illegal:

Kids draw a picture in art class, and come home a week later with a magnet
that has been printed with their drawing. They also have an invoice saying you
can order these other things (mugs, shirts, etc), and we've included a sample
magnet so you can see what the printing looks like.

But the magnet isn't free — if you want to keep it, you're supposed to pay 6
bucks, or you can return it to the basket where the order slips go.

Now of course no kid wants their artwork to be sent back and destroyed, so
they want you to keep it. And since that forces you to fill out the order
form, perhaps you'll order something else while you're at it.

Of course, the prices are terrible compared to vistaprint/costco/etc. And
since you have the original art (that your kid made), if you want to have a
shirt printed up, you can do so for half the price elsewhere.

This practice is totally illegal (where I am, in California). You can't send
someone a thing and then charge them if they don't send it back. I was
surprised and disappointed that our public school would partner with a company
that literally breaks the law, to the detriment of students and their
families.

~~~
idoh
Same thing happened to me, but it was photos. I just kept the photos, threw
away the order form.

If they give random things to kids then the parent is not on the hook to make
sure those things are returned.

------
throwaway13337
This kind of salesmanship sliding into fraud is getting more common in the US.

ADT (the big home security company) had someone come to my house that I
recently bought. He insisted he was not a salesman. He pretended that the
house had previously been using their services (but didn't out right say it).
He asked if the escrow office informed me, and said that their system was
'already set up'.

Of course, it wasn't. It was a ploy but a confusing, sinister one.

It's troubling that such a large company can get away with this legally.

It's also not surprising that the merchants of fear (selling security) are
employing such tactics.

~~~
tialaramex
The UK has this situation where Tories insisted on privatising the utilities
even though they are a natural monopoly. So the actual delivery (of gas or
electricity) was given to a company to do but then "supply" to customers is on
paper something customers can switch, even though obviously the actual gas or
electricity delivered to your home can't be switched because that would be
horribly impractical.

The idea was people can choose a better "supplier" \- maybe it's a famous
brand or they liked the TV advert or it just offers better prices. These days
a lot of them offer "100% Green electricity". You're getting the same
electricity as ever, but they've got a spreadsheet which shows they bought the
requisite amount of "credits" for solar or wind or whatever not coal. Not
quite pointless, but maybe about the same practical impact as signing a
petition. Anyway of course it turns out consumers don't like change (this is
the _Conservative_ party, you'd think they might know a thing or two about
that) and so most people stuck with the "incumbent" they were assigned based
on where they lived even if it had worse customer service and higher prices.

But just keeping 80+% of the market wasn't enough. Incumbent suppliers wanted
100% of "their" market, so for way too long (until businesses actually got
fined real money for this after being caught on camera too often) they'd do
stuff like a sales guy is given a badge which says "District manager" or
something, not "Sales" \- and dressed up like an actual maintenance guy and he
shows up at homes that have switched to a different supplier. He's all
apologetic, "Sorry to bother you," but he just needs you to sign some
paperwork because of a "problem". Maybe he looks at a meter, pretends to
examine the cables or pipework... He doesn't mention that he's a sales person
and the "problem" is that you're paying less money to somebody else for the
same product. You sign, "All done, you won't have any more problems" and you
only find out when the bill arrives from an unfamiliar supplier what sort of
"problem" it was you were having.

Of course if you spent a few minutes reading the paperwork it says what you're
signing, so it won't fool the average HN reader, but "Technically not scamming
most smart people" isn't the standard we ought to be setting for anybody, much
less essential utilities.

------
PaulAJ
When I registered a trademark I got a very similar fake invoice from a company
in Serbia. They wanted £940 for their "trademark monitoring service". The only
clue that this was not a real invoice was "This offer is not an invoice but a
solicitation" in the fine print at the bottom.

Fortunately the Trademark Office warns everyone who registers a trademark that
they can expect to receive something along these lines, but of course the idea
is that in a big company the "invoice" might get paid by someone in too much
of a hurry to look carefully.

~~~
floren
I think almost any transaction which results in a public record including your
address could lead to this. After I bought my house, I was inundated with
letters offering mortgage insurance.

~~~
joshmn
And in some states in the US, the DMV will sell your information to companies
who will eagerly remind you that your car's warranty has expired.

~~~
Wistar
WA-state. When I registered a new (to me) car three years ago, the privately-
owned licensing agency misspelled my name. I began to receive junk mail to my
address with the misspelled name within a week or two and which continues to
this day.

------
luckylion
In Germany, if you register a company, your accountant will warn you that
you'll get scam invoices. The notary that does the legal stuff will warn you.
And finally the official court registry will send you a letter warning you
that you'll get scam invoices (their letter arrives _after_ the first scam
invoices, though).

It's ridiculous. Everybody knows it's a scam, they even give themselves
official-sounding names to pretend that they are the official registry, and
yet the government just folds and says "I guess we can't do anything". It's a
joke.

~~~
tialaramex
It's the same with pyramid schemes. Essentially all "Direct Marketing"
businesses of any significant size are just a pyramid scheme of course, but
governments are reluctant to try to jail people for it, since of course these
people will have all the resources of their bogus "company" to throw at the
court case. So they mostly limit themselves to trying to force these companies
to "explain" their "Direct Marketing" company in a way that should help more
victims to spot the scam before they lose their life savings.

For example they might oblige the company to tell (albeit not necessarily very
obviously in headline fonts) its new "independent business owners" that only
0.01% of such "independent business owners" make any money at all in a typical
year's operations. That's the sort of sobering statistic that might persuade
some other gullible people to reconsider. Or not.

But just going in and shutting down the business - they're not keen. After
all, the same victims will likely just sign up for another and perhaps even
more predatory pyramid scheme.

My favourite scheme (I used to research these) had a setup where they sold
basically mediocre fruit juice as a health product, and it's a pyramid scheme
but then the extra genius is that the product sold through this pyramid scheme
is itself bogus. So even the underlying business, ignoring the pyramid
structure, is crooked anyway. The corporations were set up such that if the
pyramid scheme is busted it has no money, all the "real" profit went to the
notionally separate company making mediocre fruit juice. They can claim
ignorance of the pyramid scheme and of the bogus health claims, everything,
and they keep all the money. Brilliant.

~~~
lonelappde
"Direct Marketing" just means mailing ads to consumers. Almost all locally
present businesses do that and many remote ones. It's cheap and effective.

You deem to be describing Multi Level Marketing.

~~~
tialaramex
D'oh. Too late to edit my comment but you're correct, this should say Multi-
level marketing throughout. No idea what brain short-circuit caused that.

------
dimensi0nal
The previous occupant of my apartment had a .com with real WHOIS information.
I got a scam invoice for a renewal at multiple times the actual cost.

------
waltbosz
I remember receiving letters in the mail to remind me it was time to renew my
domain name. They were sent around the time my domain was set to expire,
except they were sent from a different registrar.

It was written in a way that made it easy to miss the fact that the sender of
the letter was not my registrar. IIRC, the letter contained scary language
like "you must renew to keep your domain name!".

I only noticed the fine print that said it was a solicitation for business
because I was curious why this other registrar was contacting me.

~~~
tomc1985
From "Domain Registry of America" or somesuch, right?

~~~
waltbosz
That sounds about right.

~~~
Bubbadoo
Yes, except they were charging 800% more for what was a $10 renewal fee.

------
dawnerd
If any of this junk mail includes a prepaid mailer I just send it back to
them. Its not much but does cost them money. They can pay to have their trash
thrown out.

~~~
meej
Tape it to a brick, for good measure.

~~~
joncrane
Common fallacy. The USPS will not deliver anything significantly heavier than
the expected weight of the mail piece.

~~~
catalogia
Hassling the USPS by making them dispose of a brick seems like suitable enough
punishment for them delivering junk mail in the first place.

~~~
colinmhayes
USPS wouldn't exist without junk mail. I thank the junk senders for their
patronage of our postal system.

~~~
catalogia
They could charge a reasonable price, or receive [more] funding from taxes.
The notion that scam/junk mail is essential to the system is moronic.

~~~
chipperyman573
They could, or they could let private companies subsidize it.

The only ("only") problem I personally have is that it generates soooo much
waste. It is always so frustrating checking the mail, and immediately dropping
10 or so sheets of paper in the trash before I even close the mailbox (the
safeway mailer is especially bad at this...)

~~~
subhro
If we could avoid junk mail, that would definitely be ideal case scenario. I
find a little comfort in believing that what I throw in the recycle bin (which
is all the junk mail) gets recycled into new paper.

------
hogFeast
The guy mentioned has quite a significant online profile. He runs a startup
that just raised quite a bit of money and I heard about him before I clicked
the post.

Not going to link (tbh, anyone can probably find this guy/his picture/videos
online) in case this turns out to be a case of mistaken identity (the guy who
raised the money is 100% the guy Krebs is talking about...maybe Krebs is wrong
though) but...if this is true...it seems that some well-regarded people really
didn't do their due diligence.

~~~
jacquesm
> it seems that some well-regarded people really didn't do their due
> diligence.

That is not rare at all. Lots of scammers try to milk investors. Usually
unsuccessfully but sometimes they score, and sometimes they score big too.

~~~
hogFeast
Yep, one of the investors is a guy who has made $25m from investing in similar
companies (and ran his own).

Scamming institutional investors isn't unusual. I know the lead investor on
the deal is one of these PE/VC bubble firms that sprung up in the last ten
years. But there are people involved who are definitely not stupid.

Also, the company is most certainly not a scam. Again, I heard about them
years ago, and they have a legitimate business selling to consumers (i.e. it
is fairly straightforward to check if the business exists).

------
feross
Duplicate:
[https://news.ycombinator.com/item?id=22668610](https://news.ycombinator.com/item?id=22668610)

------
MaxBarraclough
So did Krebs report all this?

I'm surprised to see so much talk congratulating Krebs on his skilful fact-
finding, and seemingly no mention of informing the authorities.

~~~
lonelappde
What was the crime under the law?

~~~
MaxBarraclough
The offence of deliberately scamming people, of course.

This comment [0] points out that it's likely against the law in the USA. (I
_think_ the relevant law is at the federal level.) It seems likely that
Scotland's laws are similar.

I get the sense that a lot of people think it's obvious the law can do
nothing, so there's no point even reporting the guy. I don't see the sense in
this. I imagine scammers benefit greatly from this kind of thinking.

[0]
[https://news.ycombinator.com/item?id=22677118](https://news.ycombinator.com/item?id=22677118)

------
wildduck
Has anyone try to go the site.

it gets redirected to:

[http://107.170.104.233/online/](http://107.170.104.233/online/)

Says secure payment on a NON-SSL site. Sounds pretty shady.

~~~
gowld
Can you name a legit site for the general public that doesn't even have a
domain name?

~~~
tialaramex
1.1.1.1 does _have_ a domain name (and of course is operated by Cloudflare)
but it doesn't redirect you or anything, it's totally happy to advertise
itself as [https://1.1.1.1/](https://1.1.1.1/) which seems more memorable than
most possible names.

~~~
lonelappde
Yes the DNS companies are an exception because the number is meaningful to
humans.

------
thrownaway954
so what's happen to these people? it sucks that you can report them hand over
fist and nothing happens to them and they continue to operate and scam people.

~~~
ficklepickle
Read the comments.

This appears to be him: [https://www.bellaandduke.com/our-
story/](https://www.bellaandduke.com/our-story/)

His latest scam involves a terrible DIY website hocking "healthy" dog food

~~~
chuckgreenman
Oh geeze, he claims that regular dog food gives dogs cancer in one of those
promo videos. Yikes.

