bot icon indicating copy to clipboard operation
bot copied to clipboard
verified publisher icon lnp2pBot

Include a "beware of scams" section in the README?

Open knocte opened this issue 2 years ago • 1 comments

I've witnessed a scam when using LNbot and I think it could be useful to include a section about this in the README, because this kind of scams can be easily performed despite the escrow system.

The scam consists of the following steps:

  1. The seller (me) places a sell order (in this particular case it was 50EUR, and payment method chosen was Bizum).
  2. The scammer must have posted an ad for some days, in another platform (e.g. Wallapop?) where he poses as selling a Nikon camera. When someone reaches out to him about the camera and they agree on a delivery, the scammer tells the person interested in buying the camera that he needs to pay him first via Bizum.
  3. When the person interested in buying the Nikon camera agrees, the scammer takes my sell-order in LNbot.
  4. The bot contacts me, gives me a QR code, and I send the sats amount (worth 50eur) to the escrow. Then the bot gives me the telegram-username handle, and I tell the buyer (in this case the scammer) my phone number so that he can make the Bizum payment.
  5. The scammer tells the victim the seller's phone number (my phone number) to make the Bizum deposit.
  6. The victim deposits the money in my account via Bizum; I (the seller) see the money, so I release the escrow.
  7. The scammer deletes his telegram account and disappears.
  8. Some days later, the victim contacts me via whatsapp (because he has my phone number, as Bizum is a phone-number-based payment system) saying "your co-worker stopped taking my calls, he told me I should deposit the money in your account, how can I reach your co-worker?".

Well, the above is just a short-version of the story to make it more understandable. In my particular case it was a bit more nuanced because the scammer was selling the Nikon for 750 EUR, and my sell-order was 50 EUR only, so when making the first trade, the scammer already was telling me that he wanted to send me even more money, without the need to use escrow. Anyway, this finer details might be better just to explain to the police in case they reach out to me, but I wanted to put this in writing because maybe there's a way for LNbot users to prevent this in the future?

My first thinking was: if, after sending the amount to the escrow, I could have requested the buyer to contact me via whatsapp (to have his telephone number, not just a telegram username). But I guess this undermines a bit the privacy that LNbot provides when wanting to buy bitcoin without KYC.

knocte avatar May 14 '23 04:05 knocte

Another possible way to prevent the scam is to ask the buyer to use a particular "title" for the bizum payment (for example: to label it as "sofa"). This way the scammer has to tell the victim to label it as "sofa", when it's unlikely that the ad they were running was exactly for a sofa, but for something else.

knocte avatar May 14 '23 04:05 knocte

Completed at https://github.com/lnp2pBot/doc-site/pull/20

Catrya avatar Apr 16 '24 20:04 Catrya