Vehicle history reports are a critical part of the used car-buying process. Whether I’m buying from a random guy on Facebook Marketplace or at a flashy car dealer, I always make sure to run the car’s VIN through CarFax or AutoCheck to see the car’s service and crash histories. Not only does it provide peace of mind, but any discrepancies can give me leverage in the price negotiation. They don’t cost much, and they’ve saved my ass countless times.
Scammers, recognizing the importance of vehicle history reports, have begun taking advantage of unsuspecting sellers through a phishing scam. It involves messaging the seller and asking them to purchase a report from a specific website—likely one they’ve never heard of—by entering their credit card info and paying a small fee. After the seller generates the report, the buyer ghosts them, making off with their payment, their credit card info, and any other data they shared.
The swindle works because, usually, the scammer is a real individual posing as someone interested in buying the car. The best tricksters will ask the right questions and sound genuine about coming to take a look in person. Then, they’ll hit you with a message asking if you can buy a report so they can feel confident about their purchase. In some cases, they’ll badmouth reputable vehicle history report suppliers like CarFax to steer you to their website. And if you’re desperate enough to sell your car, you might just fall victim.
How To Spot The Scam
I know all of this because I’ve encountered scammers like this numerous times over my years of selling cars on Craigslist and Facebook Marketplace. These people will sometimes message you for days, asking very detailed, highly knowledgeable questions before eventually asking for a sham report. In the case of my old BMW M5, I even set up a time and location to meet up before getting a suspect link in my inbox. It’s disheartening and a reminder of just how far some people will go to defraud you.
Internet-savvy people will have an easy time spotting scams like this, but not everyone can spot when someone’s trying to pull a fast one on them. A recent post published to the /r/cars subreddit inspired me to look further into how widespread this scam has become, and it turns out that it’s been happening for years. The video above describing a version of the scam was published a decade ago. It’s become so popular that the FTC put out a statement back in 2018, warning consumers to look out for signs you might be getting tricked:
The FTC has been hearing about a new scam targeting people who are selling their cars online. They’re getting calls or texts from people who claim to be interested in buying the car – but first want to see a car history report. They ask the seller to get the report from a specific website, where the seller needs to enter some information and pay about $20 by credit card for the report. The seller then sends it to the supposed buyer but never hears back. Weird, huh?
Well, it gets weirder. When the car sellers go to one of these websites, they’re automatically redirected to sites ending in ‘.vin’ – which seems like it might be related to your car’s vehicle identification number or VIN, right? Scammers hope you’ll think that, but no. In this case, .vin is a relatively new website “domain” – like .com or .org – that groups can apply to use. This domain was intended to be used for sites that relate to wine, since “vin” is the French word for wine, but others are not prevented from using it. So yes, that’s a clever take on .vin for cars, yes, but you still might want to think twice if anyone asks you to do car-related business on a site ending in .vin.
Of course, these sites are no longer limited to .vin domains. That Reddit post I linked above mentions a .com domain (that I won’t share here, because I value Autopian readers’ personal info) for the scam they were running. Swindlers don’t disappear when things get tough. They simply evolve, coming up with more complex, harder-to-spot tricks to separate you from your money.
What Else You Need To Watch For
The domain isn’t the only thing to keep an eye on. AAA published a helpful guide last year, giving tips on what else to check with potentially dangerous websites provided by buyers:
Scammers will often try to deceive consumers by creating websites that appear to be those of trusted sources but aren’t. To spot these fake sites, you’ll need to examine the URL.
All secure websites have URLs beginning with “https,” rather than “http,” along with a lock icon on the left side of the address bar. You should also examine the end of the URL to make sure the domain checks out. Legitimate websites have commonly used domains such as “.com,” “.org” and “.gov”.
To help you feel confident about whether a website is legit, the National Motor Vehicle Title Information System’s website, vehiclehistory.gov, has a full list of report providers approved by the government. The providers you’ve probably heard about—CarFax, Experian, vehiclehistoryreport.com—are all on this list. There are a bunch of others, too, including some that honestly sound fake; add123.com and vincheck.info do not sound like legit websites for checking car data, but they’re on the government-approved list.
It’s important to note that normal, real buyers will almost never ask you to buy a vehicle history report from a specific website. In my experience, they’ve asked if I have a report of any kind available, without specifying the provider. So if they absolutely need to have a report from a specific website, that’s a huge red flag. As my colleague Mercedes Streeter suggested while discussing this topic in Slack, whenever a prospective buyer asks for a history report, simply provide the VIN and tell them to buy it themselves. If they’re a serious buyer, they’ll do it. But if they’re a scammer, they’ll keep asking or stop answering.
If you encounter a message like this, I wouldn’t even click on the website they send you. These are sites meant to scam you, which means they’re probably loaded with malware and keystroke trackers—stuff that can cause havoc on your computer and access sensitive info. Just block and/or report the buyer, and move on.
Top graphic images: depositphotos.com
Support our mission of championing car culture by becoming an Official Autopian Member.
Apparently if you put ” Carfax report in hand” on your ad it attracts the Vinfast people like flies to honey. Had between 5-7 people negotiate with me for varying amounts of time before hitting the vinfast request. After the second one it was Carfax or screw off.
My favorite Craigslist car ad:
“2013 Mercedes S500. 50k miles. Perfect condition. No rust. All options.
$10,000 cash only. Must meet me at the old abandoned factory in that part of town you never go to. I work 2nd shift so it has to be between midnight and 4AM.”
Oh, it’s not a swindle. What you do is, see, you give them all your credit card numbers, and if one of them is lucky, they send you a prize.
I’m just happy to talk to someone on the phone.
Hey! Someone tried to get me on this one, someone requested a vehicle history report, said they would reimburse me. To which I asked why they couldn’t just run it themselves with the VIN. They came back saying something about their money being tied up. Stopped responding to them after that.
If their money is tied up, how are they going to buy a car? The internet was great for a while, but now it’s just that one street in every medium to large city where those people just won’t leave you alone.
Yep! That didn’t pass the sniff test. They were also being weirdly pushy about the history report. I was trying to tell them a report wouldn’t capture most things since I did most of the work on it myself hence it wouldn’t show up in a report. Stay vigilant out there. Don’t click on sketchy links be careful where you give your info to.
“Oh, you’ll reimburse me? Looks like CarFax costs $X, if you could reimburse me by just paying for it yourself, I’d appreciate it.”
One I got recently ” my dad has gotten burned by Carfax before, so your report isn’t good enough, so you have to only buy this one or else he won’t give me the money”. Ok bud.
I had a scammer try it on a dirt bike I was selling. I smelled the scam right away but decided to have some fun and waste their time. They led with needing it to verify milage (again, on a dirt bike with no odometer) which was a dead giveaway. I played just as dumb as their ideal mark for a few days even going as far as to pretend to have problems with the site (using a spent Visa gift card for numbers).
I know it probably didn’t affect the scammer the way I hoped but it felt good giving them hope they had a sucker on the line only to call them out when I was done.
That’s why I only use the most trusted quick vehicle history site: VinFast
wait a second…
Yup, but that website hasn’t been fully developed yet and can be prone to glitching.
Joke’s on them, I only buy shitboxes.
Two problems with that thought–people get complacent or desperate and people believe themselves to be more savvy than they are. It’s best if we all believe ourselves to be gullible idiots and put forth an amount of mental energy checking things that reflects that starting point.
.vin – 1st wine then swindlers
Oh, there are plenty of swindlers in wine.
Apparently, .vin was originally created in the expectation that it would be popular with wineries and other wine-related businesses