snarke (snarke) wrote,
snarke
snarke

  • Mood:

Sad: An Incredibly Elaborate Mac Laptop Scam

After over a month of being trapped on our "emergency backup laptop," an older 667MHz TiBook, I finally managed to buy a replacement laptop. I just wish it would get here already! {bounce bounce}

As some of you know, my 1GHz 17" PowerBook's screen was damaged just after Christmas. I found an equivalent laptop on eBay with a dead logic board but a good screen; and tried to transplant my laptop's logic board late last month. The replacement machine's logic board came out of the case as expected. What makes it a bit dicey is that there are three chips that get extremely warm (the processor itself, the video chip, and one other big chip), so those three chips have 'heat sinks' attached to them. A heat sink is basically a chunk of metal that helps carry heat away from the chip. Often there's a fan to blow air across the heat sink to help keep it even cooler. However, a heat sink doesn't work very well if the chip itself doesn't make very good contact with the metal. In order to get as much heat as possible from the chip to the heat sink, "heat sink grease" is applied; a somewhat gummy substance that conducts heat well.

So the instructions for removing the logic board include lifting carefully in order to give the grease time to release the chips schllluuuuuuuuupop! Unfortunately, Apple apparently got a batch of heat sink grease that had been manufacturered by the makers of KrazyGlue. When I carefully pried up my laptop's logic board, the first two chips popped loose on cue, but the third one didn't let go until I'd carefully put quite a bit more pressure on it. In fact, so much pressure that when it finally popped loose, it was because that heat sink grease had ripped the video ship right off the logic board!

Naturally, it's the dead logic board that came out perfectly, and the (formerly) operable board that was destroyed. Sigh.

Well, I'd been planning to upgrade my laptop anyway, since the 1GHz PowerBook didn't have a fancy enough video chip to drive my birthday present at full resolution. (Said present being a beautiful 30" Apple Cinema HD display wider than most of our doorways! OK, that's not quite true. Our house has 2.5' doorways, so there's 29" from one side to the other, and the Cinema HD display is 27" wide side to side (30" refers to the diagonal measure of the screen), but it's still absolutely gigantic.) So, while my laptop's hard drive hangs out in this TiBook, which doesn't even have a DVI output (so I can't connect the giant screen to it at all), I've been shopping for a new laptop.

The options turned out to be a bit narrower than I expected. Any MacBook Pro, which is to say, any Apple laptop recent enough to have an Intel chip in it, would be able to drive the Cinema HD display. Well, that's not exactly correct. Before the Intel chips, the laptops were "iBooks" and "PowerBooks," and afterwards, they were "MacBooks" and "MacBook Pros." The fancier line has always been the one with the more sophisticated video. For example, if you hook an external monitor to an iBook, it "mirrors" the LCD display: both monitors show you the same thing. With a PowerBook, you can either mirror OR you can have the monitor show a separate picture. I love that, because in effect it doubles the size of the screen; you can put your word processor on the LCD screen, for example, and have all your browser windows with research you're writing about open on the other one.

So anyway, all the MacBook Pros can drive the Cinema HD display. None of the MacBooks can.

Worse, one of the reasons Eric (and all my lovely friends who pooled their funds to help purchase the Cinema HD, thank you thank you) got me this as a present in the first place is because I use all the screen real estate I can get. When I start researching something, I'll frequently have six or seven browser windows open, most of them with multiple tabs, and maybe an Excel spreadsheet or a text editor window for keeping notes. When the TiBook first came out, I drooled. When they upped the screen resolution from 1152 x 768 to 1280 x 854, that's when I got one. And when it came time to upgrade, the jumbo-sized 17" screens were the ones for me. But even an older 17" MacBook Pro is not cheap, and new ones are $3000+. Yikes. I could probably live with a 15"-er, but it wouldn't be as good.

The other fly in the ointment is the new "Mag-Safe" power connector. Now, I think the Mag-Safe connector is a really smart innovation. I've got a fair number of laptops or power supplies around the house with loose or broken power connectors because the laptop slid off something, or somebody hooked the cord with their foot, or whatever. So it's a good thing, in general. But I also have managed to collect at least ten of the older pin-in-a-collar power supplies, and I love being able to carry the laptop around the house without having to unplug and carry the power cable, too. There's one at my desk, one by the bed, one in my computer bag, one by the bathtub, one near the server rack, one at my workplace in Redmond, and a couple spares in the box. If I stick with the older PowerBook, then I can still use all my power supplies, and my two spare 17" PowerBook laptop batteries.

The older 17" PowerBook came in a fair number of variants. I'd been perfectly happy with my 1GHz model, until the Cinema HD revealed its hidden weakness. The 1.33GHz and 1.5GHz versions also didn't have the video muscle to let the HD realize its potential. The last speed released as a PowerBook was 1.67GHz, just before the big changeover to MacBooks. But even the 1.67PB couldn't drive the HD. Well, not at first. You see, there were two different 17" 1.67GHz PowerBooks. The later one has become known as the "hi-res" version, because the most obvious difference was, instead of having a screen resolution of 1440 x 900, this one jumped to 1680 x 1050. Wow! It also got a hard drive upgrade, from 80G or 100G at 5400RPM to 100G at 7200RPM or 120G at 5400RPM, and the DVD drive, although still an 8x drive, now could burn dual-layer DVD discs.

And if you plugged a Cinema HD display into this one, you would get the full 2560x1600.

The "hi-res" version was apparently available for only a brief period of time, since, once I started looking, I found that 80% or more of the 1.67GHz machines available were the older version. Worse, in 2 out of 3 cases, there was no way to tell which one it was. I sent a lot of messages to eBay sellers asking "What model?" (Especially exasperating was the fact that most 17" PBs have a 100G hard drive; the size that both versions have in common. People almost always include the size of the hard drive in their ad. They almost never include the </i>speed</i>. Argh!)

I also created a script for searching Craig's List. Once an hour, it does a search for Mac laptops (with the "hi-res" PB so rare, I was willing to get a 15" MacBook Pro if the price was right), and if it finds any new ads, it opens a page on my screen with the ad. In the past three weeks, there's been two MacBook Pros, one which seemed just a bit too expensive. The other one was extremely reasonable. I called less than 30 minutes after the ad was posted. I was too late.

Actually, there were three MacBook Pros offered for sale. The real jaw-dropper was a 2.4GHz 17" Pro with an asking price of $1200!!! Wow! I first saw this about three hours after it went up; I sent off a "By any chance, is this still available?" query with no real hope of a positive answer. But, miracle of miracles, it was!

Oddly, the seller told me that they were currently in London. Was the laptop still in Seattle? No, it was also in London. Although "Terri" never told me why a Londoner had posted an ad on the Seattle list, eventually the answer became pretty clear.

On top of the odd location, the subject line of Terri's response was "MacBook Pro, 17", 2.4GHz, 2GB RAM, 160GB HD - $1000‏" The price had inexplicably dropped another $200. I know that Macintosh laptops are the #1 item offered by scammers on eBay (they offer a laptop for sale, cancel the auction before it's over, then contact you directly and offer it for less than you would have paid for it. Then they require that you pay for it with a Western Union moneygram, take the money, and disappear, leaving you with no possible way to get a refund.) So when a laptop that was already around $1000 below normal street price gets even cheaper, I get suspicious. I told Eric at this point "I'm beginning to suspect this is a scammer. I'll bet they want to me to pay them with a 100% non-recoverable Western Union Money Transfer. I'm going to require we use an escrow service for this, to make sure I get a laptop before they get any money."

So the next message I got from "Terri" was actually a pleasant surprise. They sent me a link to a page on DHL's web site that described a special program where a seller would give a package like the laptop to DHL, I would pay DHL's designated agent who would hold the funds in escrow, DHL would deliver the package, then I'd have five days to return the package to them if it wasn't what I'd expected before they'd release the funds to the seller. At first, my budding concerns were stilled. Well, mostly.

While I was waiting for "Terri" to send me the message confirming that she'd given the box to DHL, I went to DHL's US site to find out more about this escrow program they had. I couldn't find anything that sounded even close. Their web site is rather complex, since they offer different kinds of services, so I wasn't totally certain I hadn't simply missed it. It also might have only been offered in Europe, although I tried looking around DHL's UK site as well, and still couldn't find it.

So I called DHL. The agent I talked to had never heard of anything like what I described, although she couldn't say categorically that there wasn't such a thing in Europe. She gave me a different number to call to get an international specialist. Before I called that number, I did a bit more research on line, and watched the scam unravel before my eyes.

I'd gotten this very official-looking email from "DHL Customer Service <customerservice@global-dhl.com>" which told me that they'd gotten a package from Terri Hewitt, 31 Nevern Square in London, that contained a 17" Mac PowerBook blah blah blah. It had DHL logos and all that jazz in it. But, taking advantage of my computer-savvy nature, I found that the Official Owner of "global-dhl.com" was "Fiona Malone, 1941 Wilmette Avenue, Wilmette, IL" and the technical contact of record was one "Microsoft Office Live, One Microsoft Way, Redmond, WA" Wouldn't DHL use their corporate address?

Why, yes, they would. The owner of "dhl.com" itself was "Deutsche Post AG, Charles-de-Gaulle-Strasse 20, Bonn, DE", and the tech contact was "Technical Administrator, DHL, 8701 East Hartford Drive, Scottsdale AZ 85255" Further, "dhl.com" was first registered in May of 1989, but "global-dhl.com" was first registered December 2007.

Oh, reaalllllly. Hmmmmmmm.

Further, the website that she'd first sent me to had also sounded very plausible. The link LOOKED like
http://dhl.co.uk/globalfreight/publish/gb/en/eshipping/webship.high.html
but when clicked on, it ACTUALLY went to
http://globalfreight-dhl.co.uk/publish/gb/en/details/eshipping/webship.high.html

"DHL.co.uk" would be, in fact, exactly what I'd expect for DHL in Britain. ".co.uk" is the same as ".com", but for a British company. In fact, because DHL did a somewhat incompetent job of setting up their servers, you need to include the www or it won't work. But www.dhl.co.uk is, in fact, DHL's UK web site. However, "globalfreight-dhl" is not the same as "dhl". As a matter of fact, until I wrote this, I hadn't even noticed that "Terri" had spoofed the web site. I'd always been working off the link as it appeared in my browser, which was the globalfreight-dhl version.

Again, as with the first example, while "dhl.co.uk" belongs to "DHL World -Wide Express UK, The Bunker Secure Hosting Ltd, Ash Radar Station, Marshbourgh Road, Sandwich, Kent, CT13 0PL, GB", first registered 13-Jan-1997, the registration for "globalfreight-dhl.co.uk" says it's owned by "Jadidian" a "Non-UK Individual" with an address of "104-40 Queens Blvd., forest hill, NY, 11375, US" and was first registered January 9, 2008.

Oh, and "Terri's" home address? That's actually a London hotel.

The second message from "DHL Customer Service" told me I'd need to pay for it with [wait for it] . . . a Western Union Money Transfer! to "First Name: Linda Last Name: Moore Address: 17 Ponton Road City: Vauxhall, London Zip(City Code): SW8 5BA Country: United Kingdom" I was unable to confirm the existence of that address, although I did find Ponton Road. It's probably real, but I'll bet it's short-term-rental office space or maybe a condominium or apartment building. Also, the email warned me "Important Note: The Payment must be made at one of Western Union's Agent Locations, in person by the Buyer. The payment must not be made using Western Union's Send Money Online Service due to the high Credit Card fraud risk. We will not confirm any payments made online or by phone."

"...high fraud risk..." Indeed.

Although I did find the time to have a nice chat with somebody in DHL's IT department to confirm that they had not, in fact, registered those other domains, I have nonetheless somehow become far too busy to get down to a Western Union office and wire that money to London, despite "Terri's" kind reminders. Whether DHL attempts to deal with these hoodlums who are committing fraud with their trademarks or not, I don't know. It's their problem now.

By the way, it's exactly this kind of research that leads me to open a couple dozen browser windows (and a command line/Terminal window, in this case, for typing "whois global-dhl.com" and the like). I must admit, these criminals had put some effort into creating their bogus web site with all the graphics and even a few clickable links and forms and such. I wonder how many people actually fell for it?
Tags: criminal, fraud, laptop, macintosh, scam, theft
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 46 comments
Previous
← Ctrl ← Alt
Next
Ctrl → Alt →
Previous
← Ctrl ← Alt
Next
Ctrl → Alt →