Prolific Craigslist “Carfax” Scammer ExposedOct 14, 2021
Hucksters can exclusively reveal the man behind a years-long scam targeting thousands of Craigslist users who were buying and selling used vehicles, and asked to “order” a vehicle history report from one of dozens of temporary websites used in the scheme.
The mastermind is Hairuddin Ali, a Muslim Indonesian man who lives in Jakarta, Indonesia with his wife and young children, who moonlights as a technology blogger for websites theponsel.com and tabloidpulsa.id.
While it’s certain possible (and probable) that more than one person is involved with similar schemes, we were able to connect Ali with dozens of domains being used in the “Carfax” fraud, proving that he is one of the most prolific actors in this popular scam, including domains like autoquickrecords.com, bikeappraisalreport.com, premiumautochecks.com, and several others.
Interestingly, a quick-thinking Reddit user documented a similar rash of fraudulent domains last year with almost the exact same usage of keywords. Based on the private messages he published on Reddit.com that are worded very similarly to the private messages reviewed by Hucksters.net in October 2021, we strongly believe Mr. Ali is also connected to the domains exposed by that Redditor either directly or indirectly.
In fact, many of those domains exposed on Reddit used the Name.com registrar (which is not extremely popular), the same registrar that Ali used on some of his “newer” websites too. To stay ahead of abuse reports, he appears to have moved most of these domains around to different hosting providers at different times, which is how we connected the domains to him.
(To avoid tipping him off about exactly how we caught him, we are not going to explain every last detail of our OSINT research here.)
Although we reached out to Ali several times via email and social media, he refused to respond. However, immediately afterwards he changed the WHOIS data on some of his fraudulent websites to be public, listing the owner of the sites as “Suhiman Salman” from “Bandung, Jawa Barat, Indonesia”, an apparent desperate attempt at distancing himself from the scam, and/or perhaps one of his partners who is involved and accidentally set the WHOIS to be public while moving to a new registrar (WebNic.cc). Although we did find a man who uses that name and appears to be a web developer capable of putting together this type of scheme, he doesn’t appear to be very active online.
Ali continues a trend we see regularly especially from Pakistan and Indonesia, where devout Muslims have no problem committing extensive crimes online against Americans, apparently because they think it’s okay to steal from non-Muslims — even though they would never consider doing a similar thing against their fellow countrymen where the punishment would be severe.
The U.S. FTC agency has been warning the public about this very Craigslist scam since at least 2018, which begs the question why nobody in law enforcement has bothered to track down who was behind the scheme when it only took us a few hours to do so. In the comments section of the announcement, several Americans also mentioned specific URLs and domains that had been used to scam them, further expanding the list of websites likely connected to Indonesian scammers — again, why the government refused to list these does not make sense to us.