Vehicle history reports are a critical part of the used car-buying process. Whether I’m buying from a random guy on Facebook Marketplace or at a flashy car dealer, I always make sure to run the car’s VIN through CarFax or AutoCheck to see the car’s service and crash histories. Not only does it provide peace of mind, but any discrepancies can give me leverage in the price negotiation. They don’t cost much, and they’ve saved my ass countless times.
Scammers, recognizing the importance of vehicle history reports, have begun taking advantage of unsuspecting sellers through a phishing scam. It involves messaging the seller and asking them to purchase a report from a specific website—likely one they’ve never heard of—by entering their credit card info and paying a small fee. After the seller generates the report, the buyer ghosts them, making off with their payment, their credit card info, and any other data they shared.
The swindle works because, usually, the scammer is a real individual posing as someone interested in buying the car. The best tricksters will ask the right questions and sound genuine about coming to take a look in person. Then, they’ll hit you with a message asking if you can buy a report so they can feel confident about their purchase. In some cases, they’ll badmouth reputable vehicle history report suppliers like CarFax to steer you to their website. And if you’re desperate enough to sell your car, you might just fall victim.
How To Spot The Scam
I know all of this because I’ve encountered scammers like this numerous times over my years of selling cars on Craigslist and Facebook Marketplace. These people will sometimes message you for days, asking very detailed, highly knowledgeable questions before eventually asking for a sham report. In the case of my old BMW M5, I even set up a time and location to meet up before getting a suspect link in my inbox. It’s disheartening and a reminder of just how far some people will go to defraud you.
Internet-savvy people will have an easy time spotting scams like this, but not everyone can spot when someone’s trying to pull a fast one on them. A recent post published to the /r/cars subreddit inspired me to look further into how widespread this scam has become, and it turns out that it’s been happening for years. The video above describes a version of the scam that was published a decade ago. It’s become so popular that the FTC put out a statement back in 2018, warning consumers to look out for signs you might be getting tricked:
The FTC has been hearing about a new scam targeting people who are selling their cars online. They’re getting calls or texts from people who claim to be interested in buying the car – but first want to see a car history report. They ask the seller to get the report from a specific website, where the seller needs to enter some information and pay about $20 by credit card for the report. The seller then sends it to the supposed buyer but never hears back. Weird, huh?
Well, it gets weirder. When the car sellers go to one of these websites, they’re automatically redirected to sites ending in ‘.vin’ – which seems like it might be related to your car’s vehicle identification number or VIN, right? Scammers hope you’ll think that, but no. In this case, .vin is a relatively new website “domain” – like .com or .org – that groups can apply to use. This domain was intended to be used for sites that relate to wine, since “vin” is the French word for wine, but others are not prevented from using it. So yes, that’s a clever take on .vin for cars, yes, but you still might want to think twice if anyone asks you to do car-related business on a site ending in .vin.
Of course, these sites are no longer limited to .vin domains. That Reddit post I linked above mentions a .com domain (that I won’t share here, because I value Autopian readers’ personal info) for the scam they were running. Swindlers don’t disappear when things get tough. They simply evolve, coming up with more complex, harder-to-spot tricks to separate you from your money.
What Else You Need To Watch For
The domain isn’t the only thing to keep an eye on. AAA published a helpful guide last year, giving tips on what else to check with potentially dangerous websites provided by buyers:
Scammers will often try to deceive consumers by creating websites that appear to be those of trusted sources but aren’t. To spot these fake sites, you’ll need to examine the URL.
All secure websites have URLs beginning with “https,” rather than “http,” along with a lock icon on the left side of the address bar. You should also examine the end of the URL to make sure the domain checks out. Legitimate websites have commonly used domains such as “.com,” “.org” and “.gov”.
To help you feel confident about whether a website is legit, the National Motor Vehicle Title Information System’s website, vehiclehistory.gov, has a full list of report providers approved by the government. The providers you’ve probably heard about—CarFax, Experian, vehiclehistoryreport.com—are all on this list. There are a bunch of others, too, including some that honestly sound fake; add123.com and vincheck.info do not sound like legit websites for checking car data, but they’re on the government-approved list.
It’s important to note that normal, real buyers will almost never ask you to buy a vehicle history report from a specific website. In my experience, they’ve asked if I have a report of any kind available, without specifying the provider. So if they absolutely need to have a report from a specific website, that’s a huge red flag. As my colleague Mercedes Streeter suggested while discussing this topic in Slack, whenever a prospective buyer asks for a history report, simply provide the VIN and tell them to buy it themselves. If they’re a serious buyer, they’ll do it. But if they’re a scammer, they’ll keep asking or stop answering.
If you encounter a message like this, I wouldn’t even click on the website they send you. These are sites meant to scam you, which means they’re probably loaded with malware and keystroke trackers—stuff that can cause havoc on your computer and access sensitive info. Just block and/or report the buyer, and move on.
Top graphic images: depositphotos.com
Support our mission of championing car culture by becoming an Official Autopian Member.
This has been going on for a while. I remember one of these guys… Several years back. Didn’t fall for it then. Wasn’t thinking in terms of this kind of scam though.
Fucking scammers…I’ll never understand scammers in general…how can you even do that and live w/ yourself? I understand how they can (they don’t give a shit) I don’t understand why they even bother (well, because of the times they can get away with it) It’s not even worth it at all these days…and that’s for all crime especially w/ cameras everywhere now (Is it really worth it to rob some business, steal a car, or even petty misdemeanors? I don’t see a point in even bothering w/ getting into trouble and dealing w/ the cops) Also, some fool asking ME to buy THEM a fucking report? Get the fuck outa here…buy your own fucking report…that’s a red flag right there. I’ve never even bought a report for any of my shitboxes and would NEVER buy one for a buyer! Ha ha ha ha ha…that’s fucking ridiculous
I have never spent a nickel on any of these vehicle history reports from private companies because here in Ontario, you just spend $20 on the Ontario Used Vehicle Package that has mostly the same info.
It’s not perfect. Clearly any unreported collision/incidents won’t show up… but that’s the case for all these reports.
In my view, the best thing to do is do your own PPI by physically looking at the vehicle you want to buy thoroughly as well as test driving it.
The next best thing is to have a friend or local garage do that for you if you can’t do it yourself for whatever reason.
As for buyers who “want a vehicle history report” on a vehicle I’m selling, I tell them that I’ll get them the Ontario used vehicle package (as it’s required for selling a used car in Ontario), but if they want any of these other reports, I’ll give them the VIN and they can buy those other reports themselves.
I had a few of those and essentially told them to go pound sand.
I was selling my 1998 K2500 driveway plow truck that hadn’t been on the road in about 1000 years and my response to these scammers was a picture of that well endowed african american gentleman (you know the picture) and some of the responses were pretty hilarious.
Good advice. I’m trying to sell a car right now and have gotten a bunch of these scammers wasting my time.
REPORT ACCOUNT.
BLOCK.
I got a huge amount of that trying to sell a $1500 car. The copy paste I just kept giving back was, “the VIN is in the description.”
I told the scammer that the Pajero was from Japan and would never be able to be run on a vin site over here. it was funny how long he kept trying though.
OMG I would expect better information from AAA on this. Stating to look for https and only trusting .com/.org/.gov was great advice 20 years ago but absolutely worthless today. Any scam site can have a .com or .org and a free TLS cert quicker than I can type this comment. The vehiclehistory.gov link is good advice for this specifically but if you want a tip to avoid scam websites in general you need to run a ‘whois’ lookup. If you have linux or mac that’s easy enough to do from the command line but there are also websites out there. Godaddy has a free one at https://www.godaddy.com/offers/whois-b . Type in the domain of the site you’re concerned about and see when it was first registered, in the case of your add123.com example it was first registered back in 1999 so it has some reputation. The next step would be looking for other ppl’s experiences with that domain. But if it was registered last week, you can skip that step and go ahead and assume it’s garbage.
tldr; Having a .com and https means absolutely nothing these days.
I’ve told my mother (she turned 90 today) many many many …….. times to never click on a link in an an email from even a semi trusted source like a bank or pharmacy or … anything if you already have an independent link to those web sites. I set up those links/short cuts up for her. Does she always follow my advice? No she does not. Is it going to get better? Probably not.
Probably the best advice is to not trust strangers, especially in the online age.
“As my colleague Mercedes Streeter suggested while discussing this topic in Slack, whenever a prospective buyer asks for a history report, simply provide the VIN and tell them to buy it themselves. If they’re a serious buyer, they’ll do it. But if they’re a scammer, they’ll keep asking or stop answering.”
If they keep asking tell them they will get the money refunded with purchase, then internally set your bottom price that much higher. Worst case they stop wasting your time.
Oh yeah I had I think three of these when I tried selling my very distinctly dead Subaru that was (as noted in the description), and people were remarkably interested in a non-running car. Even when I asked them directly.
But yeah, my response when the VIN question popped up was “The VIN is in the post, you can check it yourself.”
It ended up going to the pick n pull eventually, but being in that condition didn’t matter, “My husband will fix it.” Yep, okay. Bye!
Had this happen a few years back and it felt shady. Told them if they wanted a history report they were welcome to buy one, but I wasn’t doing it.
Apparently if you put ” Carfax report in hand” on your ad it attracts the Vinfast people like flies to honey. Had between 5-7 people negotiate with me for varying amounts of time before hitting the vinfast request. After the second one it was Carfax or screw off.
The Vietnamese car company? I guess when their own cars are all broken, they go looking elsewhere.
LOL. Vintrust*
My favorite Craigslist car ad:
“2013 Mercedes S500. 50k miles. Perfect condition. No rust. All options.
$10,000 cash only. Must meet me at the old abandoned factory in that part of town you never go to. I work 2nd shift so it has to be between midnight and 4AM.”
And come alone.
And don’t be alarmed by the clowns. There will be clowns…
Oh, it’s not a swindle. What you do is, see, you give them all your credit card numbers, and if one of them is lucky, they send you a prize.
I’m just happy to talk to someone on the phone.
Hey! Someone tried to get me on this one, someone requested a vehicle history report, said they would reimburse me. To which I asked why they couldn’t just run it themselves with the VIN. They came back saying something about their money being tied up. Stopped responding to them after that.
If their money is tied up, how are they going to buy a car? The internet was great for a while, but now it’s just that one street in every medium to large city where those people just won’t leave you alone.
Yep! That didn’t pass the sniff test. They were also being weirdly pushy about the history report. I was trying to tell them a report wouldn’t capture most things since I did most of the work on it myself hence it wouldn’t show up in a report. Stay vigilant out there. Don’t click on sketchy links be careful where you give your info to.
Don’t click on any link. Go to the website they claim to link to and decide if it’s worth pursuing.
“Oh, you’ll reimburse me? Looks like CarFax costs $X, if you could reimburse me by just paying for it yourself, I’d appreciate it.”
One I got recently ” my dad has gotten burned by Carfax before, so your report isn’t good enough, so you have to only buy this one or else he won’t give me the money”. Ok bud.
I had a scammer try it on a dirt bike I was selling. I smelled the scam right away but decided to have some fun and waste their time. They led with needing it to verify milage (again, on a dirt bike with no odometer) which was a dead giveaway. I played just as dumb as their ideal mark for a few days even going as far as to pretend to have problems with the site (using a spent Visa gift card for numbers).
I know it probably didn’t affect the scammer the way I hoped but it felt good giving them hope they had a sucker on the line only to yank the rug out when I was done.
I also like to answer spam callers and put the phone down so they waste time not talking to anyone and not bugging the next robo callie for a little bit of time.
Waaay back in the day when landlines were still a thing, my roommate and I had a game where we’d trick the other one into getting stuck on the line with spam callers. The rule was that if you fell for it, you were stuck. Kind of served the same point of wasting their time while being entertaining for us because you know there was some great improv work in torturing the caller.
I get my best announce voice going and reply with “Hello! Welcome to Moviefone! For movies in your area, press 1!”
They usually hang up.
“Why don’t you just tell me the movie you want to see”
“Rochelle, Rochelle”
That’s why I only use the most trusted quick vehicle history site: VinFast
wait a second…
Yup, but that website hasn’t been fully developed yet and can be prone to glitching.
Joke’s on them, I only buy shitboxes.
Two problems with that thought–people get complacent or desperate and people believe themselves to be more savvy than they are. It’s best if we all believe ourselves to be gullible idiots and put forth an amount of mental energy checking things that reflects that starting point.
I KNOW I’m an idiot, so I have that going for me.
.vin – 1st wine then swindlers
Oh, there are plenty of swindlers in wine.
Word. The biggest materials characterization company in the world got its roots in wine authentication:
https://www.eurofins.fr/food- food-category/wine/
Apparently, .vin was originally created in the expectation that it would be popular with wineries and other wine-related businesses
Should’ve gone with .wino
No worse than Dillon-Edwards Investments at clownpenis.fart
This reminds me of my favourite Mitch Hedberg joke.
I saw this wino. He was eating grapes. I was like, Dude… you have to wait.
Because vin is French for wine.
https://translate.google.com/?sl=en&tl=fr&text=wine&op=translate