Have you seen the Part 1 of this mind-blowing, exposing story of an ex yahoo yahoo boy? Just before you start reading the PART 2, Check out the first part HERE.
Yea, carting, that same cart you see every now and then when you visit the shopping mall, that small container where you place all your items and then take it for checkout. Only that this time, we are taking it out of the shopping mall, we are literally not buying anything but at the same time buying, sounds confusing but, you will get a clearer picture as you read on. This fraudulent scheme in every way related to carding the only difference is, you don’t have to invest any money, there’s no much pretense to this as it is to carding.
Basically, pulling this off successfully came by a blunder from one of the top online payment solution, PayPal. Here’s a little back-story, back then in the early 2000s, when you receive payments through your PayPal account and you get an email notification, that email wasn’t as secure as it is now.
I alongside my friends who were in the act with me exploited that mistake to the fullest. Carting does not involve much stress but it requires you to be cunning, you can be extra if you want, that’s allowed, just be cunning and know how to play on words then master the art of lying and become a pro at it.
This was how I personally carted a lot of goods. Craig-list was the main target then, remember the basis of this act, you must have cat-fished an American citizen into believing you both are dating and you have a future together, that way, they won’t hesitate to do whatever you want. The main aim for targeting Craig-list is this, it is a market place where sellers and buyers of used items meet to transact and pulling off a scam with individuals is actually easier than trying to outsmart an establishment and that’s why I mostly avoided the top marketplaces for new items.
With Craig-list, I get to search for deals which I believed to be good and getting it down here will fetch me a lot of money by the time I resell, after finding a good deal is where the real scam begins, you chat the seller up through whatever means they provided under their advertisement on the platform which is most time an email address or a phone number, you act up all nice from the beginning of the transaction, you don’t even talk about the prize, you break the ice with pleasantries and come across to the seller as either a deaf mute, a disabled or someone who’s working off shore.
Here’s the reason for posing as the following individuals, when posing as a deaf mute, you don’t get asked to place a call through so that they can confirm if you are human and serious about getting the item, posing as a disabled and someone who’s working offshore makes them believe the default arrangement to which the site advised all users to live by won’t be possible as being a disabled will deny you the freedom of movement and getting out of your house to meet the seller is an impossibility.
Pulling off the act of being either one of the first two individuals is an emotional game, they get to do your bidding because they don’t want to be seen as someone who’s an ass and doesn’t care about the disabled, the empathy is a really important factor for carting. Once an interesting communication line has been opened, its time to haggle the price of the good back and forth just to send the right signal home to confuse the seller that you are actually real.
Where the real work lies is this, in the early 2000s, only a few people knew about PayPal as a means of payment, so, when a seller get asked about whether or not he accepts PayPal as a means of payment, most don’t but, they are always open to alternatives, so, my job like every other Yahoo Yahoo boy out there who was into carting was to put them through the process of opening a PayPal account and when they do, they get to drop their email address as that is the only identification PayPal utilizes to make payments and sort out the various transactions being carried out on the platform.
The payment part is where your expertise as a scammer gets tested, remember the PayPal transaction email loophole I talked about earlier? Here’s where it comes into play, you head over to the email, copy the sender ID, copy the message and edit the body to suit your taste according to the bargain you just had with your new catch, once satisfied the edited copy will convince even the devil himself, the next line of action is to forward the email to the inbox of the seller.
Remember he had earlier created a PayPal account with his original email which he then revealed to you so that you can forward payment to the new account, that’s exactly where we just had our little break for a recap. Once the email has been sent and seller already confirmed seeing an email from PayPal without the said amount reflecting just yet, this is where you bring in your counterfeit assurance by explaining “how PayPal works” about the payment being delayed and held by the organization until the item has gotten over to the buyer, that’s what we call an escrow nowadays. Collection of the carted item has always been in two parts since I ventured into the act;
This is for the weaklings who are dead afraid of having anything to do with the authorities down here in Nigeria, what they are actually scared of is the corrupt post office officials where the goods will pass through before getting to them.
So, instead of risking all of their hard work and have it end up with some random stranger who will probably sell it off as some worthless piece of junk, they awaken their cat-fished American lover who has been on standby all these while, the seller is instructed to act according to the PayPal policy and ship the item you bargained upon to the address of your Maga.
When it gets there, the lies used in the very first session can be built upon, the one about wanting to donate to kids in Africa, yeah, it works like magic, that way, the client aka Maye sends the goods down to a post office close to your residence in Nigeria where you get to collect your goods.
The other way to go about this is have the American “lover” sell off all the properties you have with him/her and he then sends the money down to you, an amount which you will promptly cash out from any Nigerian bank.
This eliminates any American third party; this is more like a solo thing, safe for the Nigerian post office guys whom the items will go through. This works well with the third option of pretense, the offshore worker. As an offshore worker on the water for days and sometimes even months, it’s an easy task to convince anyone you are in any country of choice; this is why the offshore worker method works well with direct carting.
When the seller has been brainwashed to send the item so as to get the fake cash that’s dangling with PayPal, care needs to be taken in this very critical aspect of getting the victim to send the items down to Nigeria because you don’t want the police trailing you, so, what I did was, go to another state, find out about an operational post office, get the needed details to ensure the safe delivery of the items, then, forward the address of the post office to the victim and that’s where he will send the items.
When the items gets there which takes weeks of patience, I’d get a call from the post office officials about a package waiting for me in their office, I’ll head over and appear as responsible as possible, get to the collection counter, sort out the officials on seat and get out with the carted items. Getting to sell those items off is usually a piece of cake as Nigerians love affordable gadgets, the items usually get sold out in no time as I don’t even haggle price.
The act of posing as a businessman or woman to unsuspecting victims is the peak of the trade as it involves some technicalities. This act is the most dynamic of them all, you can pretend to be in any field of work and maintain the act for as long as required of you to make a substantial amount of money through the scheme. Just like cat-fishing, you get an America victim to believe your cock and bull story about being a busy person.
Pulling this off requires a third party that is well versed in website design; this is because the person will be needed to create a banking platform that is exclusive for you alone. This is in every way related to phishing but, this is the most advanced form of phishing, what you have to do is this, get the website developer to create a platform that will in every way look like a top banking platform.
He will also help you create a profile on the just created banking platform that will in every way reflect the profile you have been using to catfish your victim(s), getting a banking profile that will match your cat-fishing profile is all in a bid to up your make believe game.
So, when all is set and ready, you have to set the bait for the victim to hook on by coming up with a story about needing some money and not being able to access the money in your bank because you are in another state. This is the part where you make them believe you trust them, this is the part where you give out the details of the profile you created on the banking platform that is being controlled by the webmaster you just employed.
Once they get the details, you instruct the victims to help transfer some money to an account you’ll give them, once they login to the banking platform, they receive the shocks of their life, your account balance is mouth watering and it is an indication that you are doing well in your field, you trusting them with the details of the account will make them believe you totally trust them.
As a Yahoo Yahoo boy, this is where you start mapping out how to ambush the victim who has been swept off his feet by the content of the account, you ask them to make transfers that is related to the first a couple more times and you instruct your website developer to make subsequent transfers return an error. Once the victim sees this unfamiliar result, without even saying a single word, they would start pacing about, why?
It has never happened since they started sending money on your behalf and you posing as someone in dire need of having the money transferred even complicates their woes. If the victim doesn’t offer to send the money from his account, getting them to is not rocket science as they have seen the substantial amount of money that is in your account, once you ask them to help rally round and get some money for you to sort out yourself pending the time you will get whatever it is with your bank sorted.
Any victim that is unfortunate enough to send the money I just requested just opened the doors of his house to wolves as he will keep sending for as long as I want him to.
This scheme, just like the business woman/man is technical and it does require a third party to help with the technical bit, if you are not well versed in using picture manipulation programs like Photoshop and the likes, this scheme will definitely be in futility as you need to be extra good to successfully earn some bucks from this.
Basically, all that is needed to pull this act off is a clear picture of any American bank’s cheque. This cheque picture is what Yahoo Yahoo boys capitalize on, when I was in the game, out of the wide range of technical skills I possessed, image manipulation wasn’t one of them, so, I had to hire another guy to do that for me. What needs to be doctored on the picture is the amount and the name of the receiver, once everything is set, that is when the need to convince your victim to go to the bank with the cheque arises.
This method has been tested personally by me and it sure works until the time I opted out of the trade, I am not too sure about now, the thing about this method is that, the fail rate is higher than the success rate. This is so because, most American banks are smart, they are not foolproof to being penetrated but they take the extra steps to reduce the rate to the barest minimum.
Another fail factor for this scheme is poor editing skills, some supposed Photoshop gurus only have the name to show for it, they actually don’t know how to go about doing things, they might know the basic and have you fooled about their competence, when your scheme gets busted and your victim gets arrested is when you know, they are full of crap.
The last but not the least fail factor is fear, some victims will reluctantly go to the bank and due to some questionable characters they might have exhibited in the course of presenting the cheque, they get apprehended and questioned about the source of the cheque. This is the easiest of all the yahoo yahoo schemes I have ever perpetrated, all that is needed is to send the doctored picture to the victim, have them print it out, they head to the bank, cash out the amount of money on the cheque and they send it down to you through whatever means you prefer.
The yahoo yahoo scheme I’ve highlighted so far are peculiar to the western world, down here, when people hear about yahoo yahoo, what comes to their mind is, “oh, he’s lying to the whites to get money’, that is not entirely true as we have some country of origin oriented scams too, for instance, I as a Nigerian internet fraudster will highlight some of the ways I had utilized to scam unsuspecting kinsmen of their hard earned cash. Here we go;
This is actually the most common of them all and this particular scam is like a big mango tree with lots of branches. The most reoccurring one is the atm card fraud. This act is perpetrated through bulk sms sites, back then, before the providers of this service woke up to the reality of the damage users are causing with their service, it was a piece of cake to send out bulk sms with any name of your choice as the sender, so, it was easy to send messages to people about their atm cards being obsolete and remind them about the need to renew it via telephone.
The aim of this text was to get the recipients to call and numbers included at the end of the text and divulge as much information as possible about their bank so that the provided information can be used to gain access to the account’s dashboard and carry out whatever transactions we deemed fit. Moving on to one that’s very similar to this, a bulk sms platform of choice is also needed to perfect this and make it a success.
This is mostly not about money for the yahoo yahoo guy, it’s about getting a product that can be resold at a later date, here’s a typical example; I have once called up a guy who wanted to sell his used Samsung tablet, we arranged for a meetup, we met at the agreed location, I inspected the tablet and proceeded to make “payment”. Note that, the payment is in quotes, that is because making a payment for me translates into two things. One, its either I actually made the payment and contacted my bank about a fraudulent transaction that will make the transferred money to be reversed back into my account or two, after getting the bank details of the seller, I’ll proceed to login to any bulk sms platform of my choice, login with my previously registered details, click on the option to compose a new message and fill in the details as follows; sender id: seller’s bank name, message body: a typical credit alert message modified to suit the situation at hand.
Here is the tricky part, every credit alert usually ends with the available balance that’s in the receiver’s bank account, in a bid not to be found out, you intentionally leave out the part where the account balance is meant to be and make it look like the message was truncated by the network, the seller would have parted with his item and in his bed relaxing before seeing flashes of the red flag he had ignored, by then, it would have been too late. Still on the bank schemes as a yahoo yahoo boy, we have the man in the middle attack.
Man in the middle attack was something I learnt from observing how businesses are being conducted, so, after successfully getting victims of the atm card scheme to divulge their information, there are plethora of things I could have used the details for, but, it can always be traced back to me, so, instead of risking sorting out police officials or the worst of it all, jail time, the money will be made to go through a legit business person before getting to you. I know you must have been cursing me out in your mind about how wicked I am, but, this man in the middle attack scheme will not in any way hurt the business person.
Here’s why, a business transaction will be conducted and money paid through the recently hacked bank account, when invited by the police and questioned about how money got into the business person’s account, all that is needed is a record of the business transaction and the police will have no other choice than to allow the business person go his way, as simple as that. In practical terms, the kind of business persons I targeted were e-currency marketers and sellers, bitcoin to be precise, people who are in the know understands how nearly impossible it is to trace a bitcoin transaction, that’s what I had leveraged on over the years to clean my dirty money.