Fraud
July 26, 2018

Rental Scams Are Pervasive, Even Years After the Housing Recession

blog
3 min. read
By Joyce Wu

Interest in rental scams peaked in the summer of 2010, but the topic continues to be of interest even after the recession. The graph shown in Figure 1 shows the relative interest in the search term “rental scam” on Google over time.

Figure 1. Google results on search term “rental scam,” from January 2004 through December 2016

You might have been scammed without even knowing it. A 2016 NYU study1 found that many scammers used affiliate programs from background check companies to earn a commission every time they referred someone to the program. So, let’s say you found a rental you were interested in on Craigslist and you emailed the owner. The owner sent you a link to rentalverified.com (now defunct) to do a credit report and background check. You paid for the report, and rentalverified.com sent $18 to the lister. The twist is that there was never any rental available. The listing was just a ruse for the scammer to get the affiliate check from rentalverified.com.

Lately, scammers have gotten harder to detect and can make far more money than just $18 per victim. They use public records to find the real names of the owners of listings for rent or sale and then use them in listings to collect security deposits and first month’s rent, which can easily amount to more than $1,000. Here are two examples from June 2018:

  • In Tampa, Florida, a scammer pulled the legal name of an owner from public records, created a fake email account, and then listed the real owner’s property as a rental on Craigslist.2
  • In Colorado Springs, a local news reporter listed his house for sale. Within days, a scammer reposted it on Craigslist as a rental ad using the real owner’s name obtained from property records.3

Beyond harming victims, these scams can have negative consequences for the real property owners. A couple in Provincetown, MA has had “renters” turn up at their door four times in the last year.4 A woman in Sooke, BC had 197 different groups of people come to view her rental based on a scammer’s Craigslist ad.5 A few had already paid the scammer the security deposit and first month’s rent and showed up with their personal belongings, ready to move in. “When I had to explain to all of them that they had been scammed and would not be moving in, most were very understanding, but others got extremely angry and said I was the one scamming people,” said the owner.

Although less insidious, the problem for apartment hunters now is that they can’t tell what’s real from what’s fake. Cluck users (https://cluckcluck.co) use https://www.reddit.com/r/SuspectedScams/ to ask others about listings they’re unsure of. Some that might appear to be scams are legitimate listings, like the one that partitions a large room with dividers and rents out each side as an individual “unit.”6 But, a lot of these listings are verifiably scams, for instance, those that include images from other locations or images that are stolen from much more expensive listings.

As always, consumers need to be on the lookout for scams of all type, whether it’s phishing, telephone, fake charities, real estate, or many others. When it comes to rental scams, landlords need to clearly signal that they actually own the properties they have listed, and be vigilant about preventing other people from stealing their listings.

Need-to-Know

Expertly picked stories on threat intelligence

Hundreds of apps will be attacked by the time you read this.

So, we get to work. We obsess over effective attack methods. We monitor the growth of IoT and its evolving threats. We dive deep into the latest crypto-mining campaigns. We analyze banking Trojan targets. We dissect exploits. We hunt for the latest malware. And then our team of experts share it all with you. For more than 20 years, F5 has been leading the app delivery space. With our experience, we are passionate about educating the security community-providing the intel you need to stay informed so your apps can stay safe.

Every

9 hrs

a critical vulnerability—with the potential for remote code execution—is released.