The pandemic kept a lot of people at home. Working from home and pretending to be working out at home. Spending so much time sitting at my home office made me decide to bring some exercise into my work schedule. I brought my exercise bike from the basement thinking that would help but I discovered that the only time I noticed the bike was there was maybe after the day was over. I then had this genius idea to purchase a foldable treadmill. We have a treadmill already, but it was down in the basement and maybe I use it three times a year, but the idea of the foldable treadmill was so fascinating, and I believed there was no way that would not work for me.
I was so excited looking on amazon and other websites but then I thought about the Facebook marketplace. I wanted to buy the treadmill, but I did not want to spend too much on it than I had to; we already have an expensive one that I rarely use anyway. It was then I found a seller that looked attractive to me. The price was $30, which looked too good to be true, but I was drawn by the price. It was a company here in the US so I assumed it was legit. Just to make sure it was a real company; I went to their website and made the purchase instead of buying it through the Facebook App. I wanted to buy two but thank God my wife persuaded me to buy one and wait to see how effective it was before ordering a second one.
I waited for almost two months, but my treadmill was not delivered. I contacted the seller only to be told my package had already been delivered to me, I was even given a tracking number which was for USPS. From the tracking, I discovered I had been shipped a waist pouch instead of a treadmill. I contacted the seller with an assumption that it was a mistake, but the seller insisted my package had been delivered to me and should be in my mailbox. How in the world can a treadmill be delivered into a mailbox? I reported the issue to PayPal but later found out that a lot of PayPal customers had similar experiences with this same company. PayPal investigated the transaction but could not offer a refund, which makes sense since a package was actually delivered, just not the product I ordered.
While most social engineering schemes utilize email as their attack vector, this scheme adopted social media platform (Facebook Market Place). The factors that make social engineering effective include different elements like trust, urgency, familiarity, authority, consensus, and intimidation. The particular scheme adopted some level of trust since most people, including myself, trust the Facebook marketplace based on past reputation.
It seems a little hard, but it might be possible to prove there was mail fraud as mail fraud is defined by U.S. law as any type of scheme involving fraud that intentionally deprives others of property through mail. It also includes wire communication, according to the Legal Dictionary website. The seller utilized the internet (Facebook Market Place to advertise the item, a website to sell it, and email to respond to customers’ requests), the elements of mail fraud seem included. Mail fraud occurs when U.S. Mail(in this case USPS) is used in furtherance of a criminal act. The seller could be convicted under 18 U.S.C. 1341 for committing mail fraud since some of the required elements were met. The requirements include the following elements: (1) the defendant (the seller) must have been engaged in a scheme to defraud; (2) the scheme must have involved material misstatements or omissions; (3) the scheme resulted, or would have resulted upon completion, in the loss of money, property, or honest services; (4) the defendant (seller)must have used U.S. mail in furtherance of a scheme to defraud; and (5) the defendant(seller) used or caused the use of U.S.mail. The seller’s use of USPS alone makes this a very good case, but it seems like a waste of time and effort to sue the seller except if it was a class-action lawsuit. It later occurred to me that the seller might actually not even be located in the US, so good luck to anyone who wants to track him down.
However, the summary of the whole issue goes back to caveat emptor; “let the buyers beware”; which is the principle that the buyer alone is responsible for checking the quality and suitability of goods before a purchase is made. This scheme appears to be another form of social engineering; as it is one of the ways attackers manipulate people to take actions they would not usually take, like enticing someone to buy a treadmill for $30 while the intention is to deliver a waist pouch.