Simple way to avoid having your ham radio identity stolen and used in Scams!!

[KJ5XX]

I think we're all seeing more and more cases of scammers posing as hams trying to either buy or sell items here and elsewhere in the hopes that someone will send them money.

What is becoming extremely common is that the scammers are stealing callsigns and posting or responding to ads. How? Well it's very simple - the find a callsign here on QRZ, preferably someone who isn't a member or doesn't have a phone number in their QRZ listing.

Then they just setup a yahoo or gmail address with that callsign, like B0Zo.gmail.com, and they're off and running.

So, how can you protect yourself? Simple - put your email address in the bio section of your listing. That way when a ham sees something for sale, they can look up the call and email the real ham and ask if they are selling that particular item.

Also, it's good practice to ask for a picture of the scammers QSL card - had it happen to me this week - the language of what he was offering made me suspicious, so I said "before we go any further, please send me a photo of your QSL card". He balked - said he had one but was unable to send a picture.

If you are posting an ad, put your QSL in the picture - just gives other hams a little bit of confidence.

Also, if I suspect I may be dealing with a scammer, I might ask a question like "now does this rig have the optional reverse osmosis filter", or something weird like that. More often than not they'll say "oh, yes, most definitely".

Not that any of this is foolproof, but it does keep the lads on their toes!

[ER1UVL]

I think we're all seeing more and more cases of scammers posing as hams trying to either buy or sell items here and elsewhere in the hopes that someone will send them money.

What is becoming extremely common is that the scammers are stealing callsigns and posting or responding to ads. How? Well it's very simple - the find a callsign here on QRZ, preferably someone who isn't a member or doesn't have a phone number in their QRZ listing.


So, how can you protect yourself? Simple - put your email address in the bio section of your listing. That way when a ham sees something for sale, they can look up the call and email the real ham and ask if they are selling that particular item.


If you are posting an ad, put your QSL in the picture - just gives other hams a little bit of confidence.


Not that any of this is foolproof, but it does keep the lads on their toes!

It's correct what you mentioned my friend!


Also is very advisable for a ham to mention his land line number if it's available.


Also a ham who wants to sell item, best way to use Insured Trackable Mail with mandatory counter signature of receiver of goods.

[KC0BIN]

Something else that makes "back-channel" contacts even more important: the Scammer's diction and syntax are improving. It won't be too long before their technical knowledge does, too. Either that, or they will find a Ham willing to take a cut of the profits for his/her savvy.

The Scammers are well motivated to perfecting their art: radio gear can bring them huge profits. The last Scam contact I had sounded almost genuine.....but I busted 'em on Betty Grable's best movie scenes. Works every time.

[KJ5XX]

Absolutely true! Yes, they are getting more sophisticated, their grammar is improving and they are doing a lot better at "imitating" hams.

For example - I recently posted a WTB on QRZ for a Flex 3000. Almost immediately I received reply from a "ham" in the UK who claimed he had a Flex for sale, in perfect condition, blah, blah, blah.

I engaged him, but my radar was on right from the beginning. Turned out to be nothing but a hoax, but I have to say, that since this wasn't the first time I've been courted by someone trying to pull off a hoax, this guy was very smooth. Very good English, apparent knowledge of ham radio, but something just didn't sound right - the more I engaged him, the more little things started to come out. In particular:

- Used phrases like "Kindly get back to me"
- Seemed very anxious to sell - overly so in fact. In the very first email - even before I replied to him, he said "Kindly get back to me if you still want to buy from me". I hadn't even replied to any email and therefore had made no indications of any kind that I had any intention of buying - this was a major red flag.
- As the exchange went on (I just kept asking more questions), he would add things to the description of what was included that he hadn't mentioned before. He even added some things that had absolutely nothing to do with the radio - another red flag.
- He added that the rig came with a "W2IHY cable". I knew that W2IHY makes some pretty nice audio processing units, but played ignorant and asked him what it was for and what it did - what I got back was pure BS. He also told me "all Flex radios come with it" - also pure BS.
- I played along and asked him some technical questions - "One of the options with the flex is the fission frequency processor and outboard circuit discrepancy divider" (terms I obviously made up), and asked him "does your rig have these options on it?". This was my attempt to see how deep the BS went - if he came back and said "yes", I knew I had him. He didn't take the bait.
- Finally I said that I needed to see a picture of his QSL card. He told me he couldn't provide one. I said - why, you provided a picture of the rig, why not your QSL?? Not that anyone who steals a ham call and creates a YOURCall@gmail.com email address, couldn't quickly fabricate a QSL, but you get the idea.
- This guy also wanted to do the deal via MONEYGRAM - Never, and I repeat NEVER do a deal via MONEYGRAM.

Keep asking questions, even use questions designed to trip them up. Ask them stuff that any ham should know. Ask to call them on the phone to discuss the deal (again, even this isn't foolproof as even scammers will say yes).

If the deal doesn't "feel right" to you - don't to the deal!! No matter how anxious you are to get that particular rig or new toy - there will be others out there.

Now on the Betty Grable's best movie scenes - certainly know who she was, and I'm an avid movie buff (especially the old ones), but you'd probably have me on a question about her best movie scenes. And, as with just about anything, anymore - google is the scammer's best friend too, which is why I try to trip them up by asking them about stuff that doesn't exist.

Also, beware of anyone that responds to your WTB ad. Always be on your guard.

[2E0CPX]

Most of the scammers I hear about actually come from Nigeria. It matters not if they use a call sign in a gmail or hotmail address its still a case of buyer/seller beware.

Easy way to identify a scammer is look at the email, click File then Properties, then click details. You are looking for the senders IP address (there are bonafide websites where you can check an IP address).

If that IP address originates in Nigeria, India or some third world country, then safe to say its not a legit reply from anyone in the UK and US.

If you have been scammed then stop blaming those call sign holders that are blissfully unaware that their calls have been pirated. At end of the day you didn't do enough checks on who you were dealing with.

So:

• Remember to check the IP address in the email
• Be wary of callsigns that feature in email addresses
• Speak to the person by phone even better use Skype so you can see who you are talking to
• Never ever use Western Union or Moneygram or any similar money transfer

[KJ5XX]

Well, while it is True, you can often identify a scammer by using the technique you describe, that does not always work. In the case I mentioned, that was the first thing I did. As it turns out the IP came up as UNKNOWN. So, while this is a good idea, the scammers have gotten wise to the fact that this method is being used and have come up with their own methods to avoid having their IP location disclosed.

Scammers often do come from Nigeria and other third-world countries, but realistically they can be anywhere in the world. Hotmail, gmail, doesn't matter - my point is that it's very easy to steal a ham's identity by getting a hotmail, or gmail address with a legitimate ham's call.

Not sure what your reference to "stop blaming...." is about - don't see anyone in this thread that is blaming someone for having their callsign pirated - why would anyone blame the victim of a scam (?)

To suggest that I didn't do enough checks makes a huge assumption, either that or you didn't read my post, probably both. And we all know what happens when you assume. I did my due diligence on this guy, which is why I wasn't scammed, and my post is simply suggesting methods that can avoid being scammed.

To suggest that hams be aware of emails featuring callsigns means that the vast majority of hams should be suspect - most hams that I know have callsign emails. Talking to the person you're dealing with is always a good idea, and IMHO is the best way to get comfortable with the person you are dealing with. However, I fail to see how Skype is going to be much assistance, since to the best of my knowledge, scammers don't have a particular "look".

[2E0CPX]

Well, while it is True, you can often identify a scammer by using the technique you describe, that does not always work. In the case I mentioned, that was the first thing I did. As it turns out the IP came up as UNKNOWN. So, while this is a good idea, the scammers have gotten wise to the fact that this method is being used and have come up with their own methods to avoid having their IP location disclosed.

Scammers often do come from Nigeria and other third-world countries, but realistically they can be anywhere in the world. Hotmail, gmail, doesn't matter - my point is that it's very easy to steal a ham's identity by getting a hotmail, or gmail address with a legitimate ham's call.

Not sure what your reference to "stop blaming...." is about - don't see anyone in this thread that is blaming someone for having their callsign pirated - why would anyone blame the victim of a scam (?)

To suggest that I didn't do enough checks makes a huge assumption, either that or you didn't read my post, probably both. And we all know what happens when you assume. I did my due diligence on this guy, which is why I wasn't scammed, and my post is simply suggesting methods that can avoid being scammed.

To suggest that hams be aware of emails featuring callsigns means that the vast majority of hams should be suspect - most hams that I know have callsign emails. Talking to the person you're dealing with is always a good idea, and IMHO is the best way to get comfortable with the person you are dealing with. However, I fail to see how Skype is going to be much assistance, since to the best of my knowledge, scammers don't have a particular "look".

I wasn't aiming at my post at you in particular, most of the posts in other threads seem to be blaming Ham Radio Ops without understanding that scamming is going on,

I have two personal emails, my main one is gmail and I have a hotmail address, but neither feature my call sign.

Well with Skype you can hear and also see the person, no one from Lagos in their right mind is going to use Skype because they will be sussed out in three seconds flat.

I know someone who had their identity stolen (G callsign) person who was ripped off was in South Africa and they know now that it was Nigerians.

Its like here we suffer daily from phone calls from India, who say that they are calling from Microsoft and that someone has logged a call about a problem with your PC, now the gullible will follow their instructions, whether that be to go to a certain website (phishing) or pass over credit card details (never understood why anyone would give those over on a unsolicited call). Any sensible person puts the phone down.

If you really want to be safe then don't buy/sell out of your own country, that will cut down some of the risk, but not all.

[KJ5XX]

I agree completely with the idea that if you want to deal safely over the internet, deal with someone in your own country, preferably locally. Skype isn't a bad idea at all and if you request a Skype call and your dealer is hesitant, then that is how you flush them out. The are very seditious, some of them are very smooth and they are definitely learning the ham lingo.

Personally I enjoy playing the dumb, confused person that really isn't very good with technology, and ask them the same questions over and over, and then do the wrong things. apologize profusely and keep stringing them along letting them think that they have a live one and that they actually going to get a transaction done. Of course, it's all just designed to waste as much of their time as possible. Nothing funnier than a very frustrated "Lad" that realizes that you've been screwing with him for weeks on end.

[AD6KA]

Remember to check the IP address in the email

Unfortunately, emails sent from Gmail have the IP Address unavailable.
However you CAN get a GMail IP Address this way:
Go "Readnotify.com" and get a 30 day trial sample of their
tracking software. It will tell you a GMail IP %95 of the time.
It will ALSO tell you when the receiver openedyour email, how
long he had it open, AND the IP's of anyone he forwarded it to.
(Many scammers work in gang's. The low level "catchers" fish for
bites, then turn the lead over to a more experienced scammer.
The "catchers" get a cut of any money scammed.

About ReadNotify: It is good software, but PLEASE read the instructions
thoroughly before using it. It isn't difficult, but if you do not format
it properly to your outgoing emails, it could be detected.
BUT once you set it up it's very easy to use.

Another tip while we're on the subject:
Often scammers will claim that they are from the UK
and will give you a UK phone number starting with 044, the
UK Country Code.
IF THIS NUMBER is followed by a 70x, it means that number
is being forwarded to another number, usually in Nigeria or
East Africa.

[K6TEP]

One more thing that can help is to actually go and "claim" your identity on some of the more popular web email sites.

I immediately grabbed CALL@gmail.com when I got my first license, just in case. Years and years ago I "claimed" first.last@gmail.com, even though at the time I never planned to use gmail, as I had always run my own domains and mail servers. For a while I had the same for yahoo and a few other sites.

So, if you have the time and are inclined, go and get CALL@ and first.last@ (if available) from the usual places. It can preempt someone else from easily becoming you. It's definitely not the final answer, but at least raises the bar a tiny bit for a scammer.

If your call is short, you may have to add something to it to make it long enough to be available, try your first name or initials to extend a short call into an acceptable email address.

That reminds me, I should probably get over to that other ham radio site and sign up there.

If you're worried about too many email addresses, there are plugins for Firefox and Chrome that make managing and switching between multiple email accounts mostly painless.

I will also be making sure that my email address is in my QRZ bio, as recommended.

You can also use your QRZ bio to indicate when you are (or not) selling anything. If you're selling, a quick list of items may serve as an "out of band" confirmation (or not) to match (or not) your ads. Unless the scammer can post to your bio, it will be a good way for others to tell whether or not they are dealing with you or someone else.