We’ve followed tech support scammers for quite a while at Malwarebytes. They’ve been of particular interest because of their preference for scamming the poor, the elderly, and the developmentally disabled. But there’s a diverse spectrum of online scams a criminal can profit from, and today we’re going to take a look at one of the more despicable ones: puppy scams.
The basic gist of the scam is that the crook will find photos of beautiful purebred dogs, put them up on Craigslist or a private website, and advertise them for adoption. Once a buyer is found, they’re on the hook for fees including fake vet bills, registration, kennel fees, and transport to the victim’s location. Suffice it to say: there is no dog. Average losses for this scam run from US$800 to $5,000.
Shopping for a fake dogFor our investigation, we started with pomeranianhouse[.]com. Clicking on puppies for sale, we get Paulie, an unbelievably cute dog that looks happy to see us.
[caption id="attachment_20379" align="aligncenter" width="374"] This dog is not actually for sale.[/caption]
The "About us" page has extensive copy on the care and upkeep of these beautiful dogs designed to make your heart melt. But when we reverse image search on Paulie, we get another site entirely: www.thebombpoms.com.
This site has the same dog:
It includes the same copy, but contains identifying details of the breeder, along with a lengthy diatribe against scammers who steal her photos.
Having confirmed that the first site is a huge scam, we decided to give them a call and see what happens.
Unsurprisingly, instead of a woman from Oklahoma, we get a man with a south Asian accent requesting a Walmart-2-Walmart money transfer. If you’re unfamiliar, Walmart-2-Walmart is a money transfer that allows a recipient to collect funds with an ID and a reference number. Most commonly, scammers will recruit money mules to do the collections as part of a work from home scheme. This particular scammer wanted to take us for $850 for the non-existent dog, but that probably would have gone up over time with assorted “unforeseen” costs.
So what about the perpetrator? Pomeranianhouse.com is WHOIS protected, with no significant pDNS, but the email they used with us, dydydav849@gmail[.]com, was partially reused on their last scam iteration in July, as seen below on a scam information website:
Once pomeranianhouse[.]com is taken down for fraud, the scammer will most likely set up a new site with fresh stolen pictures in another three months.