Got Scammed and lost $1500 on Gumtree -_-"

LRNDM on 06/01/2020 - 22:09
Last edited 15/01/2020 - 11:35 by 1 other user

I thought I was being careful, but sadly not careful enough to account for the failures in lose implementation of JB Hifi's gift card policies.

  1. Had 3 x $500 gift cards from JB Hifi, from the promo in Dec last year
  2. Listed it here for a couple of weeks, no takers.
  3. So then I listed it on Gumtree.
  4. "James" contacts me, from ACT.
  5. Asks me "Do you have proof of balance picture? or receipts?"
  6. Not knowing any better, and assuming that a hidden "PIN" code is required to actually redeem these cards.
  7. I provided the card numbers, to allow him to check the balance on the cards.
  8. James says he'll pay at the end of the day.
  9. I get messaged here on Ozbargain, snowymatthew, so I decide to allow them to pay instead.
  10. I receive payment, via PayId.
  11. I send copies of the unscratched cards, and then again with the card numbers and PIN codes revealed.
  12. Following day, snowymatthew tells me there's issues with the card.
  13. Since the PIN codes are all revealed now, I confirm the balance on the cards.
  14. Discover they've been redeemed in ACT.
  15. Blah blah … I'm %^&*
  16. Returned the money back to snowymatthew.

So, it looks like James has been able to convince someone at JB HiFi to redeem the cards, with the PIN codes, and without the physical cards. I checked the terms and conditions: https://www.jbhifi.com.au/pages/how-do-i-use-a-gift-card-to-…. "Redeeming in-store at JB Hi-Fi … The actual gift card MUST be presented.". From responses from various stores, staff are not "meant to" accept anything by the physical cards … there lies the issue.

The presence of the PIN code in this instance gives a false sense of security.

Even retracing all the steps taken, I don't think I could have foreseen this - other than "don't use Gumtree". So, I guess this is a warning to others, that the card numbers only are enough to redeem a gift card. Meaning there's no real way for a buyer to validate available credit, or for sellers to have any form of security over the gift cards. This to me, is easier than counterfeiting money and JB accepting it, at another customer's expense.

Expensive lesson, and usually careful with these things. But, aw well, not expecting such a positive outcome. If anything, it just ruined my day.

Since then;

  1. Left my details with the store to follow up
  2. Filed a report with ACSC
  3. Emailed JB Hifi, asking how and why cards can be redeemed by the card number only, without the physical card which is contrary to their terms.
  4. Contacted Gumtree seeking assistance.
  5. I asked James to pay, as agreed and I would cease the police report.

So yeah, great first day back at work. -_-" And now have to deal with the missus.

And not that it means much, but this is the lovely guy that benefited from this all. https://www.gumtree.com.au/s-seller/1170622367193

I really didn't like the idea of having $1.5K in gift cards lying around, just didn't feel secure. And it really had to happen.

Update: So, it would seem kinda useless at this point. But because of the way that I shared the photo with James, it shows an account of his.

(Mod: removed personal information - please see commenting guideline)

Key updates:
* By RNDM on 07/01/2020 - 14:35
https://www.ozbargain.com.au/comment/8208345/redir
* By snowymatthew on 08/01/2020 - 16:47
https://www.ozbargain.com.au/comment/8213127/redir
* By RNDM on 14/01/2020 - 13:30
https://www.ozbargain.com.au/comment/8235494/redir
* By RNDM latest
https://www.ozbargain.com.au/comment/8239312/redir

General Discussion

Related Stores

Gumtree
Gumtree
JB Hi-Fi
JB Hi-Fi

Comments

                  • Arthur Dunger on 06/01/2020 - 23:59
                    -4

                    @JimmyF: Everyone knows the cards balance is zero. Just thought this was a good angle so the Op can try and get his money back.

                    What is this air travel you speak of?

                  • WoodYouLikeSomeCash on 07/01/2020 - 09:06
                    +1

                    @JimmyF:

                    Having it in your hand means nothing…… The cards balance is now $0. Who is to say I didn't redeem the physical gift card in the morning in ACT, jumped on a plane and at a Brisbane store a few hours later on the same day, now claiming someone else used it in a different state?

                    Maybe if there was cell phone records showing OP’s phone pinging off towers from Brisbane the whole day it may help…

            • macrocephalic on 08/01/2020 - 17:34

              @Arthur Dunger: They don't actively take it from you, and they normally just throw them in the bin when they're spent. It's not a secure disposal method.

        • H E B on 07/01/2020 - 11:20

          Don't forget helicopters! Quite popular method of transportation here.

  • elgrande on 06/01/2020 - 23:25
    +16

    I think the real culprit is snowymatthew.

    • RNDM on 06/01/2020 - 23:27

      It did cross my mind…

    • JimmyF on 06/01/2020 - 23:35

      Are they located in ACT? :)

      • RNDM on 06/01/2020 - 23:40
        +8

        Apparently not.

        If James responded or defended himself, then I may have gotten it all wrong. But so far, James remains silent … So …

        • Sigiriya on 08/01/2020 - 13:00

          May be one of them resold the card and whoever redeemed may be completely unrelated and wouldn't have a idea of the saga.

    • joungs on 07/01/2020 - 15:00
      +1

      No way it would be them, no scammer is going to give you 1500$ and rely on getting a refund for the scam to work. Only situation would be if they had a hacked bank account but then the charges would get reversed automatically anyway.

      • macrocephalic on 08/01/2020 - 17:36

        Maybe, maybe not. In this case if the scam fails then they still have $1500 of gift cards - so only a marginal loss. The worst case scenario for the scammer would be getting scammed in reverse by the seller.

  • RNDM on 06/01/2020 - 23:45
    +43

    I just wanna say, that its unfortunate that this has happened.

    This post is really just to inform and educate others. I don't like learning things the hard way, so this is just to help others from a similar situation.

    I'm happy to continue the discussion and know I made a mistake. I'll still continue this, as a challenge to see how far it goes. But this ain't going to ruin me.

    • JimmyF on 06/01/2020 - 23:49

      This post is really just to inform and educate others

      Thank you, it has been eye opening for sure…… Can't wait till you get to the bottom of it.

    • Sage on 06/01/2020 - 23:57
      +2

      Thanks for sharing.

    • forrester on 07/01/2020 - 00:06

      Thank you OP for sharing your story and I hope you can finally convince JB Hifi to fix this long-standing issue once and for all so innocent individuals don't fall victim to scummy thieves.

    • Melb69 on 07/01/2020 - 10:18

      Thanks for taking ownwership of your mistake. Gumtree and FB can be a nightmare if your not dealing with a real person for the transaction. Most of the threads I see with issues on these sites is because the dealing are not face to face. Sure you may miss out on a sale for a good price, but look what can happen.

    • elgrande on 09/01/2020 - 10:19
      +1

      How did u go with telling the Mrs

  • Sunny84 on 07/01/2020 - 00:17
    +1

    ACA? I'm sure they would love to cover a story like this.

    • RNDM on 07/01/2020 - 00:20
      +4

      Sent them a message. Keep the suggestions coming. :)

  • OzzyboyBargainHunter on 07/01/2020 - 00:22
    +1

    I redeemed gift cards at the Goodguys last week and they had to enter the pin for each card and then they took the cards off me. These were the those multi store gift cards that can be used at JB hifi, Goodguys and some other stores as well

  • Ughhh on 07/01/2020 - 00:28

    Definitely play dumb at JB Hifi check out instore, dont' mention anything about Gumtree.

    But even then, from their POV, you could have been in ACT.

    • Phreakuency on 07/01/2020 - 06:20
      -3

      That is theft to a degree sorry.

  • highdealer on 07/01/2020 - 00:43

    OP do you know how the website for gift card balance checking work?

    Does it lock you out after a certain number of attempt?

    It wouldn't be hard to guess the pin number of a card given it is only a 4 digit code, there is only 9999 possible combination, it the website doesn't lock you after a certain number of attempt it is only the matter of time before you can guess the right pin number and as far as the JB staff is concern they do have a gift card and a pin number to use it.

    • quirki on 07/01/2020 - 01:17
      +1

      Yes, there is a google reCaptcha on the card balance check page. There are also other ways, but they are quite technical. Perp would have to brute force 3x cards. This angle is not impossible, but highly improbable.

      • jorf on 07/01/2020 - 09:05
        +1

        reCaptcha doesn't necessarily stop it, just slows you down - while they could lock the gift card out after a number of attempts, it's pretty likely that that's not a thing (people who write these systems generally choose the path of least resistance - they're not banks). Also there may be other ways to check a balance that avoid the reCaptcha, such as via the app or something.

        It would probably only take a couple of hours to figure out the pin on a few gift cards - probability-wise, you wouldn't need to check all the numbers either.

        Remember people who scam others probably aren't doing anything productive with their lives, so I would say it's not highly improbable at all.

      • kiitos on 07/01/2020 - 12:02

        What are the other ways? Bypassing the captcha somehow?

      • deme on 07/01/2020 - 20:44
        +1

        Mate stop pretending you know stuff.

        What other ways?

        On the expensive side it costs $5 to solve 1000 recaptcha V3 attempts

        That's investing $150 to make $1500 illegally. Captcha ain't going to stop the criminal.

    • ZiyiW on 08/01/2020 - 11:23

      Shouldn't there be 10^4 combinations? Unless you count the one that is already displayed. You and quirki are right though. It is possible, but highly improbable.

  • utsc on 07/01/2020 - 00:44
    +34

    I think it's an insider job at JB Hifi.

    Also if you look at James profile Jame has been selling a lot of Brand New items and JB Hifi Gift Cards which suggest that James has has a hook up in JB-Hi Fi or JB Hi-Fi has a very weak system that James has been exploiting repeatedly.

    However since the card was redeemed without a PIN I am inclined to think that James has a partner in crime at JB Hifi.

    If I were you I would complain to the CEO of JB Hifi and also file a complaint with ACCC

    • neonlight on 07/01/2020 - 08:20

      Sounds like a drama go for it. Hipster partner in crime at JB

    • omgilia on 07/01/2020 - 09:09
      +2

      It would seem this James person would have a method in able to redeem gift cards without the pin. But lets think about it.

      Whether he has a hook up in JB-Hi Fi is not certain he could very well been scamming gift cards and redeeming purchases himself via in store/online.

      All we know right now is OP sent James the card numbers - just the numbers or a photo of the receipt without the pin?? OP can clarify - possibly if a photo of receipt maybe James was able to extract enough information about the transactions to JB staff to reveal the pin. Suggesting flawed system or badly trained employee or insider.

      or

      Snowymatthew and James are partners possibly same person. James has the card number from OP without pin. Snowymatthew pretends to be a potential buyer gets OP to reveal card number and pin. James redeems the gift cards. Snowymatthew claims card balance is zero. OP checks it was claim in ACT. All eyes on James.

      Elaborate scam but not impossible??

      At the end of the day we can only speculate what went wrong and we should use this as a case to protect Ozbargainers in selling future gift cards/vouchers.
      A few posters mentioned in redacting the last few digits of the card number like the reverse way of how credit card numbers are revealed on receipts purchases XXXXXXXX1234

      • RNDM on 07/01/2020 - 10:03

        No receipt was provided, I don’t even have one. The cards were given as part of a Telstra contract offer,

    • solidussnake on 07/01/2020 - 09:59
      +3

      I used to work for JB and you can't manually enter card details into their machines, even a manager can't the feature has been disabled on all machines so I would doubt its an inside job..

      • humbala on 07/01/2020 - 10:45

        If that's true, then neither James or snowymatthew can redeem the gift card - then who else could have done it?

        • solidussnake on 07/01/2020 - 10:55
          +3

          It's possible he's used it online (As that's the only way to enter card details) and collected goods from store. Or he could have emailed JB online support saying this pin area is scratched and they've given him the 4 digits code to the card number he has.

          I'm really interested to what happened now lol

          Edit it sounds like the second guy who was provided the pin has used it to buy goods then messaged back saying it's already been used so he refunded him

          • humbala on 07/01/2020 - 10:57

            @solidussnake: I remember doing click and collect in jb they always ask for ID. Hopefully it is recorded and trace it back to who that is

            • omgilia on 07/01/2020 - 11:10

              @humbala: Remember snowymatthew was the only one that saw the pin not James.

              With that said OP said at 14. "Discover they've been redeemed in ACT." Only we know James lives in ACT but so can snowymatthew

              CC they would had paid online using their real credentials but then it would fall under JB HiFi if they care enough to investigate.
              but if its purchase online delivered then the culprit could had used fake details to any burn house

  • chriise on 07/01/2020 - 01:21

    This is surely an inside job. Make noise and JB should be equally incentivised to get to the bottom of it too.

  • brandogs on 07/01/2020 - 02:23

    Wow what a scumbag. Sorry to hear about this OP. But thank you for posting about this to inform the rest of us that this can happen. I too would think the card numbers are useless without the pin. I wonder how many attempts it allows you online with the pin. If it's unlimited then there's the problem as with persistents or the use of a tool, 9999 combinations isn't that much.

    • solidussnake on 07/01/2020 - 11:04

      Most likely the actual buyer who was provided with both the card and pin has used the funds then the next day has said funds have already been used and wants a refund..

  • KozieSeller on 07/01/2020 - 05:17

    Can you check the history balance of purchase to see specifically which store it was purchased from? call the store, sounds like dodgey staff!
    edit: seems u already did that lol

  • Bourb on 07/01/2020 - 05:26

    The only security feature of these cards is the PIN, and I really don't think that a lowly JB HIFI worker can override the PIN in store.
    Whoever used the cards also used the PINs.

    • orson on 07/01/2020 - 17:04

      Interesting…David Jones gift cards don't even need the pin number.

  • Ash-Say on 07/01/2020 - 06:14
    +1

    It sounds devil bit what's stopping snowymatthew to share cards with their friend in ACT and then make a claim with you once they are redeemed?

    Did you check balance after scratching the pins and before sharing the card details with snowymatthew?

    • RNDM on 07/01/2020 - 07:24

      No, I didn't check the balance.

  • Phreakuency on 07/01/2020 - 06:26
    +2

    Gift Cards can be redeemed online FYI.

    He has likely just bought stuff online and done click and collect.

    I know it sucks OP but you should have just bought a few Nintendo Switch's or a phone or something and sold them.

    Too risky for buyer and seller with gift cards.

    • RNDM on 07/01/2020 - 07:25

      Yah, too many points to go wrong.

    • notfrodo on 07/01/2020 - 07:47
      +1

      THIS. I am surprised that the OP thinks in-store purchase is the only way to redeem the card.

      • RNDM on 07/01/2020 - 07:53
        +1

        I do realise this.

    • WoodYouLikeSomeCash on 07/01/2020 - 09:09

      done click and collect.

      There’s a small possibility the persons ID was taken when picking up the items.

      • Phreakuency on 07/01/2020 - 10:20

        But OP has nothing to go on. If you've revealed the numbers and PIN (albeit the PIN to a supposed different person) and not physically sold the cards in person, you have nothing. No one is going to help, not the store, not Australian Cyber Security Centre, no one I'm sorry.

        It's a harsh lesson to learn but there's no going back.

  • trankillity on 07/01/2020 - 08:02
    +1

    So just to provide some clarity on this, there's two ways that "James" likely found out your PIN codes.

    1) JB's fraud system may not be smart enough to prevent brute force attempt attacks, so they could have just used a script that tried every 4 digit combination. This is highly unlikely as any decent retailer would have a fraud system that would flag a card after X number of attempts.
    2) You provided the scannable barcode, which includes the PIN encoded in the barcode.

    While the number displayed on the back of gift cards does not show the pin, the barcode itself always includes the PIN. This is the way that most POS systems can redeem a giftcard just by scanning the barcode.

    So in future if you want someone to be able to check a giftcard balance, purely supply the giftcard number - not a photo of the giftcard.

    • RNDM on 07/01/2020 - 08:04

      1) Yah possible.
      2) No, a bar code as such, is not visible.

      • abb on 07/01/2020 - 09:24

        a bar code as such, is not visible.

        Since the cards are already spent, could you share the pics (the ones with the hidden PIN)?

        • westzod on 07/01/2020 - 09:48

          I was gonna say I'm also keen to see how or if there's any way he could get through.

    • blurn on 07/01/2020 - 08:39

      When I used my jb hifi cards, the staff scanned the bar code and manually entered the pin code so number 2 likely isn't the case. I also had to show my id as it was their scam prevention policy.

    • John Kimble on 07/01/2020 - 09:00
      +7

      Source for 2? It's highly unlikely the PIN is embedded in the barcode… Otherwise what's the point of a PIN?

      • [Deactivated] on 07/01/2020 - 10:27

        Worked for a retailer who at one point had a system where any PIN would work. What was the point of the PIN? Who knows! Logic doesn't always apply for some reason.

      • trankillity on 08/01/2020 - 09:27

        I've worked for 2 retailers where this was the case due to the way their POS was able to use gift cards.

        The PIN isn't in the barcode number, just in the actual barcode image - so you'd need to know what you were doing to decode that. Of course, any fraudster definitely knows what they're doing, so it's definitely not secure.

    • [Deactivated] on 07/01/2020 - 10:26

      Speaking as someone who did some work for one of the top 10 retailers that used one of the major gift card providers, they didn't have a system in place to prevent brute forcing until it one day became apparent as it was causing a major issue with site load (guessing numbers and pins). So yeah, 1) is extremely likely as the fix was only for that retailer :\

    • solidussnake on 07/01/2020 - 11:01
      +2

      Or snowy has used the card number and pin(provided), then said it doesn't work I want a refund 🤷‍♂️

  • neirboca on 07/01/2020 - 08:09

    Why spend that much on egift cards if you didn't intend to use them?

    • RNDM on 07/01/2020 - 08:22
      +3

      They came as part of Telstra plan offer.

  • [Deactivated] on 07/01/2020 - 08:13
    +2

    Just go to the police.

    They can prosecute these people even when small amounts are involved. e.g. this piece of @#!@# https://www.qt.com.au/news/gumtree-used-to-scam-victims-of-c…

  • neonlight on 07/01/2020 - 08:16
    +2

    Don't use gumtree and don't sell gift cards.

    End of story

    Buy what you use don't buy to try to earn a buck

    Police cant do jack about these scams. It's minor crime and hard to catch these crooks

    Sorry but move on and know anything happens these days.

    Appreciate to let others know about this. No security at all

  • emblurr on 07/01/2020 - 08:24
    +1

    Something else that might help you is the company that provides the Gift cards for jbhifi.

    https://www.vii.com.au/JBhifi.asp

    • RNDM on 07/01/2020 - 08:29

      Thanks, reached out to them too.

  • Thrawn on 07/01/2020 - 08:38

    The JB gift card check balance function requires a PIN to work.

    So I don’t see the point of supplying only the numbers without the PIN to a buyer asking to confirm value.

    You must’ve somehow given James the PIN

    • RNDM on 07/01/2020 - 08:47

      I definitely did not give James the pin. Because at that point I had not even scratch the codes/pin. It was only after I had received payment that I scratch the pin.

      And I do know that you require the pin to check the balance online. Which is why I hadn’t checked the balance until I had received payment. I was kinda uncomfortable not knowing what balance was on the card, or if JB hi-fi had even made a typo or clerical error of some sort.

      I had sold one other card, previously, On a separate occasion to what has played out in the last two days. On that instance the JB hi-fi store was able to validate the balance on the card without actually scratching the pin code.

      • HighAndDry on 07/01/2020 - 13:37
        +2

        And I do know that you require the pin to check the balance online.

        But at 7 you said:

        I provided the card numbers, to allow him to check the balance on the cards.

        • Danstar on 07/01/2020 - 13:39
          +1

          Yeah I thought I read those contradicting statements, but didn't look back to verify. You just did :P ;)

        • blurn on 07/01/2020 - 14:26

          He also said

          On that instance the JB hi-fi store was able to validate the balance on the card without actually scratching the pin code

          So he was expecting the guy to go into the store to verify the balance.

      • nguyentran on 08/01/2020 - 18:23

        JB can check the value of the card without the pin. but they need the physical one. If anyone can try when paying by gift card, press the function button in the eftpos machine to see whether it allows we manually type the code
        Source: working for the retailler that using the same gift card system as Jb

  • oscall on 07/01/2020 - 08:42
    +3

    I thought that JB HIFI would ask for ID such as a driver's license when picking up items such as redeeming gift cards. I recently ordered a mobile phone online and printed out the order. When I went to the JB HiFi store I had to show my ID confirming my name. If one of the conditions of JB HiFi is to present the cards at the store then I believe that you will be reimbursed as it appears the staff has made the error.

    • RNDM on 07/01/2020 - 08:50
      +2

      Yeah, from every JB hi-fi store that I have talked to have mentioned that ID, drivers license, is required, especially when it comes to redeeming high value gift cards and purchases.

      So I do hope that they have taken a copy of the drivers license. But if that fails then JB hi-fi has failed on two points of security measures.

      • neonlight on 07/01/2020 - 09:10
        +2

        This is the reason why post above suggested partners in crime insider job not checking ID for James.

  • pyramid on 07/01/2020 - 08:58

    You are suspecting James but snowymatthew may be culprit because snowymatthew is the only one apart from you who knew card number and PIN.

    To play devil's advocate, you may be the only one running this story of being scammed and want to make some more JB giftcards or $$$…who knows….

    • RNDM on 07/01/2020 - 09:03

      I may be, but no, I have no intention on doing so. And have already returned snowymatthew‘s payment. And these things waste a lot of time and effort … so hate to be the one involved in this thing.

      • pyramid on 07/01/2020 - 09:05

        Is there any slim possibility that JB screwed these card and $$$ were not loaded into it?

        • RNDM on 07/01/2020 - 09:06

          Transaction history is available when checking the balance, it shows that they’ve been redeemed

          Displaying day of transaction and location and value.

          • pyramid on 07/01/2020 - 09:09
            +1

            @RNDM: Did you speak with store where those transactions occurred? They may have CCTV footage which shows whether they took ID details for person who redeemed it.

            • RNDM on 07/01/2020 - 09:11
              +1

              @pyramid: Yah, that was yesterday.

              Need to wait for them to get back to me now. Gonna follow up later today.

              • pyramid on 07/01/2020 - 09:13

                @RNDM: Another possibility,
                1. snowymatthew got pin and card number from you.
                2. He bought stuff only from JB Hifi website and put pickup location as ACT.
                3. someone from his team picks up goods from ACT.

                • RNDM on 07/01/2020 - 09:30

                  @pyramid: Yeah, as mentioned above in some of the previous comments and responses. From the discussion with snowy, and they provided me with full name address phone number and equivalent details of their husband. It is unlikely, and from the general comment history, it seems unlikely. But I know it is not impossible also. Again at this point even though I have all the details I don’t want to jump to any conclusion.

                  • Danstar on 07/01/2020 - 09:43

                    @RNDM: Ring up husband and see if name they gave matches

                    • RNDM on 07/01/2020 - 09:50
                      +1

                      @Danstar: Bank transaction screenshots match the names provided. I don’t want to unnecessarily burden another innocent user - as far as I can tell.

                      • pyramid on 07/01/2020 - 10:18

                        @RNDM: At this point in time, you will have to doubt both James and snowy. You are giving clean cheat to snowy raise some other red flag.

                      • Danstar on 07/01/2020 - 10:36
                        +1

                        @RNDM: I’m not doubting that the ozb user is real.

                        If something usually looks sus, feels sus and everyone is telling you the same. It’s usually true.

                        I’m heavily leaning towards the gumtree and ozb user are the same person / friends or family and have done this before.

                        Sometimes it may work, sometimes it might not. But even when it doesn’t work, they still didn’t lose any real money

  • ozbjunkie on 07/01/2020 - 09:14
    +3

    In for updates.

  • [Deactivated] on 07/01/2020 - 09:16

    Gumtree is the home of scammers, I wouldn't use this site again after being scammed myself. There is zero support from Gumtree and this is why scammers love using it. Easy to set up a quick fake account and close it after you've been scammed with no repercussions.

    • Ughhh on 07/01/2020 - 09:31
      +8

      There's a reaaon why people have been recommending "cash in pick up only" for gumtree for the last decade.

      If you follow that, your chance of being scammed is much much lower.

      • JimmyF on 07/01/2020 - 09:38
        +1

        "cash in pick up only" for gumtree for the last decade.

        Agreed…… No paypal, no posting, pure cash on pickup.

    • RNDM on 07/01/2020 - 09:26

      She made that post when she was trying to use my cards. And so that post continued to the point where we had discovered that the cards had been already redeemed.

Login or Join to leave a comment
Login Join