Got Scammed and lost $1500 on Gumtree -_-"

I thought I was being careful, but sadly not careful enough to account for the failures in lose implementation of JB Hifi's gift card policies.

  1. Had 3 x $500 gift cards from JB Hifi, from the promo in Dec last year
  2. Listed it here for a couple of weeks, no takers.
  3. So then I listed it on Gumtree.
  4. "James" contacts me, from ACT.
  5. Asks me "Do you have proof of balance picture? or receipts?"
  6. Not knowing any better, and assuming that a hidden "PIN" code is required to actually redeem these cards.
  7. I provided the card numbers, to allow him to check the balance on the cards.
  8. James says he'll pay at the end of the day.
  9. I get messaged here on Ozbargain, snowymatthew, so I decide to allow them to pay instead.
  10. I receive payment, via PayId.
  11. I send copies of the unscratched cards, and then again with the card numbers and PIN codes revealed.
  12. Following day, snowymatthew tells me there's issues with the card.
  13. Since the PIN codes are all revealed now, I confirm the balance on the cards.
  14. Discover they've been redeemed in ACT.
  15. Blah blah … I'm %^&*
  16. Returned the money back to snowymatthew.

So, it looks like James has been able to convince someone at JB HiFi to redeem the cards, with the PIN codes, and without the physical cards. I checked the terms and conditions: https://www.jbhifi.com.au/pages/how-do-i-use-a-gift-card-to-…. "Redeeming in-store at JB Hi-Fi … The actual gift card MUST be presented.". From responses from various stores, staff are not "meant to" accept anything by the physical cards … there lies the issue.

The presence of the PIN code in this instance gives a false sense of security.

Even retracing all the steps taken, I don't think I could have foreseen this - other than "don't use Gumtree". So, I guess this is a warning to others, that the card numbers only are enough to redeem a gift card. Meaning there's no real way for a buyer to validate available credit, or for sellers to have any form of security over the gift cards. This to me, is easier than counterfeiting money and JB accepting it, at another customer's expense.

Expensive lesson, and usually careful with these things. But, aw well, not expecting such a positive outcome. If anything, it just ruined my day.

Since then;

  1. Left my details with the store to follow up
  2. Filed a report with ACSC
  3. Emailed JB Hifi, asking how and why cards can be redeemed by the card number only, without the physical card which is contrary to their terms.
  4. Contacted Gumtree seeking assistance.
  5. I asked James to pay, as agreed and I would cease the police report.

So yeah, great first day back at work. -_-" And now have to deal with the missus.

And not that it means much, but this is the lovely guy that benefited from this all. https://www.gumtree.com.au/s-seller/1170622367193

I really didn't like the idea of having $1.5K in gift cards lying around, just didn't feel secure. And it really had to happen.

Update: So, it would seem kinda useless at this point. But because of the way that I shared the photo with James, it shows an account of his.

(Mod: removed personal information - please see commenting guideline)

Key updates:
* By RNDM on 07/01/2020 - 14:35
https://www.ozbargain.com.au/comment/8208345/redir
* By snowymatthew on 08/01/2020 - 16:47
https://www.ozbargain.com.au/comment/8213127/redir
* By RNDM on 14/01/2020 - 13:30
https://www.ozbargain.com.au/comment/8235494/redir
* By RNDM latest
https://www.ozbargain.com.au/comment/8239312/redir

Related Stores

Gumtree
Gumtree
JB Hi-Fi
JB Hi-Fi

Comments

                  • -4

                    @JimmyF: Everyone knows the cards balance is zero. Just thought this was a good angle so the Op can try and get his money back.

                    What is this air travel you speak of?

                  • +1

                    @JimmyF:

                    Having it in your hand means nothing…… The cards balance is now $0. Who is to say I didn't redeem the physical gift card in the morning in ACT, jumped on a plane and at a Brisbane store a few hours later on the same day, now claiming someone else used it in a different state?

                    Maybe if there was cell phone records showing OP’s phone pinging off towers from Brisbane the whole day it may help…

            • @Arthur Dunger: They don't actively take it from you, and they normally just throw them in the bin when they're spent. It's not a secure disposal method.

        • Don't forget helicopters! Quite popular method of transportation here.

  • +16

    I think the real culprit is snowymatthew.

    • It did cross my mind…

    • Are they located in ACT? :)

      • +8

        Apparently not.

        If James responded or defended himself, then I may have gotten it all wrong. But so far, James remains silent … So …

        • May be one of them resold the card and whoever redeemed may be completely unrelated and wouldn't have a idea of the saga.

    • +1

      No way it would be them, no scammer is going to give you 1500$ and rely on getting a refund for the scam to work. Only situation would be if they had a hacked bank account but then the charges would get reversed automatically anyway.

      • Maybe, maybe not. In this case if the scam fails then they still have $1500 of gift cards - so only a marginal loss. The worst case scenario for the scammer would be getting scammed in reverse by the seller.

  • +43

    I just wanna say, that its unfortunate that this has happened.

    This post is really just to inform and educate others. I don't like learning things the hard way, so this is just to help others from a similar situation.

    I'm happy to continue the discussion and know I made a mistake. I'll still continue this, as a challenge to see how far it goes. But this ain't going to ruin me.

    • This post is really just to inform and educate others

      Thank you, it has been eye opening for sure…… Can't wait till you get to the bottom of it.

    • +2

      Thanks for sharing.

    • Thank you OP for sharing your story and I hope you can finally convince JB Hifi to fix this long-standing issue once and for all so innocent individuals don't fall victim to scummy thieves.

    • Thanks for taking ownwership of your mistake. Gumtree and FB can be a nightmare if your not dealing with a real person for the transaction. Most of the threads I see with issues on these sites is because the dealing are not face to face. Sure you may miss out on a sale for a good price, but look what can happen.

    • +1

      How did u go with telling the Mrs

  • +1

    ACA? I'm sure they would love to cover a story like this.

    • +4

      Sent them a message. Keep the suggestions coming. :)

  • +1

    I redeemed gift cards at the Goodguys last week and they had to enter the pin for each card and then they took the cards off me. These were the those multi store gift cards that can be used at JB hifi, Goodguys and some other stores as well

  • Definitely play dumb at JB Hifi check out instore, dont' mention anything about Gumtree.

    But even then, from their POV, you could have been in ACT.

    • -3

      That is theft to a degree sorry.

  • OP do you know how the website for gift card balance checking work?

    Does it lock you out after a certain number of attempt?

    It wouldn't be hard to guess the pin number of a card given it is only a 4 digit code, there is only 9999 possible combination, it the website doesn't lock you after a certain number of attempt it is only the matter of time before you can guess the right pin number and as far as the JB staff is concern they do have a gift card and a pin number to use it.

    • +1

      Yes, there is a google reCaptcha on the card balance check page. There are also other ways, but they are quite technical. Perp would have to brute force 3x cards. This angle is not impossible, but highly improbable.

      • +1

        reCaptcha doesn't necessarily stop it, just slows you down - while they could lock the gift card out after a number of attempts, it's pretty likely that that's not a thing (people who write these systems generally choose the path of least resistance - they're not banks). Also there may be other ways to check a balance that avoid the reCaptcha, such as via the app or something.

        It would probably only take a couple of hours to figure out the pin on a few gift cards - probability-wise, you wouldn't need to check all the numbers either.

        Remember people who scam others probably aren't doing anything productive with their lives, so I would say it's not highly improbable at all.

      • What are the other ways? Bypassing the captcha somehow?

      • +1

        Mate stop pretending you know stuff.

        What other ways?

        On the expensive side it costs $5 to solve 1000 recaptcha V3 attempts

        That's investing $150 to make $1500 illegally. Captcha ain't going to stop the criminal.

    • Shouldn't there be 10^4 combinations? Unless you count the one that is already displayed. You and quirki are right though. It is possible, but highly improbable.

  • +34

    I think it's an insider job at JB Hifi.

    Also if you look at James profile Jame has been selling a lot of Brand New items and JB Hifi Gift Cards which suggest that James has has a hook up in JB-Hi Fi or JB Hi-Fi has a very weak system that James has been exploiting repeatedly.

    However since the card was redeemed without a PIN I am inclined to think that James has a partner in crime at JB Hifi.

    If I were you I would complain to the CEO of JB Hifi and also file a complaint with ACCC

    • Sounds like a drama go for it. Hipster partner in crime at JB

    • +2

      It would seem this James person would have a method in able to redeem gift cards without the pin. But lets think about it.

      Whether he has a hook up in JB-Hi Fi is not certain he could very well been scamming gift cards and redeeming purchases himself via in store/online.

      All we know right now is OP sent James the card numbers - just the numbers or a photo of the receipt without the pin?? OP can clarify - possibly if a photo of receipt maybe James was able to extract enough information about the transactions to JB staff to reveal the pin. Suggesting flawed system or badly trained employee or insider.

      or

      Snowymatthew and James are partners possibly same person. James has the card number from OP without pin. Snowymatthew pretends to be a potential buyer gets OP to reveal card number and pin. James redeems the gift cards. Snowymatthew claims card balance is zero. OP checks it was claim in ACT. All eyes on James.

      Elaborate scam but not impossible??

      At the end of the day we can only speculate what went wrong and we should use this as a case to protect Ozbargainers in selling future gift cards/vouchers.
      A few posters mentioned in redacting the last few digits of the card number like the reverse way of how credit card numbers are revealed on receipts purchases XXXXXXXX1234

      • No receipt was provided, I don’t even have one. The cards were given as part of a Telstra contract offer,

    • +3

      I used to work for JB and you can't manually enter card details into their machines, even a manager can't the feature has been disabled on all machines so I would doubt its an inside job..

      • If that's true, then neither James or snowymatthew can redeem the gift card - then who else could have done it?

        • +3

          It's possible he's used it online (As that's the only way to enter card details) and collected goods from store. Or he could have emailed JB online support saying this pin area is scratched and they've given him the 4 digits code to the card number he has.

          I'm really interested to what happened now lol

          Edit it sounds like the second guy who was provided the pin has used it to buy goods then messaged back saying it's already been used so he refunded him

          • @solidussnake: I remember doing click and collect in jb they always ask for ID. Hopefully it is recorded and trace it back to who that is

            • @humbala: Remember snowymatthew was the only one that saw the pin not James.

              With that said OP said at 14. "Discover they've been redeemed in ACT." Only we know James lives in ACT but so can snowymatthew

              CC they would had paid online using their real credentials but then it would fall under JB HiFi if they care enough to investigate.
              but if its purchase online delivered then the culprit could had used fake details to any burn house

  • This is surely an inside job. Make noise and JB should be equally incentivised to get to the bottom of it too.

  • Wow what a scumbag. Sorry to hear about this OP. But thank you for posting about this to inform the rest of us that this can happen. I too would think the card numbers are useless without the pin. I wonder how many attempts it allows you online with the pin. If it's unlimited then there's the problem as with persistents or the use of a tool, 9999 combinations isn't that much.

    • Most likely the actual buyer who was provided with both the card and pin has used the funds then the next day has said funds have already been used and wants a refund..

  • Can you check the history balance of purchase to see specifically which store it was purchased from? call the store, sounds like dodgey staff!
    edit: seems u already did that lol

  • The only security feature of these cards is the PIN, and I really don't think that a lowly JB HIFI worker can override the PIN in store.
    Whoever used the cards also used the PINs.

    • Interesting…David Jones gift cards don't even need the pin number.

  • +1

    It sounds devil bit what's stopping snowymatthew to share cards with their friend in ACT and then make a claim with you once they are redeemed?

    Did you check balance after scratching the pins and before sharing the card details with snowymatthew?

    • No, I didn't check the balance.

  • +2

    Gift Cards can be redeemed online FYI.

    He has likely just bought stuff online and done click and collect.

    I know it sucks OP but you should have just bought a few Nintendo Switch's or a phone or something and sold them.

    Too risky for buyer and seller with gift cards.

    • Yah, too many points to go wrong.

    • +1

      THIS. I am surprised that the OP thinks in-store purchase is the only way to redeem the card.

      • +1

        I do realise this.

    • done click and collect.

      There’s a small possibility the persons ID was taken when picking up the items.

      • But OP has nothing to go on. If you've revealed the numbers and PIN (albeit the PIN to a supposed different person) and not physically sold the cards in person, you have nothing. No one is going to help, not the store, not Australian Cyber Security Centre, no one I'm sorry.

        It's a harsh lesson to learn but there's no going back.

  • +1

    So just to provide some clarity on this, there's two ways that "James" likely found out your PIN codes.

    1) JB's fraud system may not be smart enough to prevent brute force attempt attacks, so they could have just used a script that tried every 4 digit combination. This is highly unlikely as any decent retailer would have a fraud system that would flag a card after X number of attempts.
    2) You provided the scannable barcode, which includes the PIN encoded in the barcode.

    While the number displayed on the back of gift cards does not show the pin, the barcode itself always includes the PIN. This is the way that most POS systems can redeem a giftcard just by scanning the barcode.

    So in future if you want someone to be able to check a giftcard balance, purely supply the giftcard number - not a photo of the giftcard.

    • 1) Yah possible.
      2) No, a bar code as such, is not visible.

      • a bar code as such, is not visible.

        Since the cards are already spent, could you share the pics (the ones with the hidden PIN)?

        • I was gonna say I'm also keen to see how or if there's any way he could get through.

    • When I used my jb hifi cards, the staff scanned the bar code and manually entered the pin code so number 2 likely isn't the case. I also had to show my id as it was their scam prevention policy.

    • +7

      Source for 2? It's highly unlikely the PIN is embedded in the barcode… Otherwise what's the point of a PIN?

      • Worked for a retailer who at one point had a system where any PIN would work. What was the point of the PIN? Who knows! Logic doesn't always apply for some reason.

      • I've worked for 2 retailers where this was the case due to the way their POS was able to use gift cards.

        The PIN isn't in the barcode number, just in the actual barcode image - so you'd need to know what you were doing to decode that. Of course, any fraudster definitely knows what they're doing, so it's definitely not secure.

    • Speaking as someone who did some work for one of the top 10 retailers that used one of the major gift card providers, they didn't have a system in place to prevent brute forcing until it one day became apparent as it was causing a major issue with site load (guessing numbers and pins). So yeah, 1) is extremely likely as the fix was only for that retailer :\

    • +2

      Or snowy has used the card number and pin(provided), then said it doesn't work I want a refund 🤷‍♂️

  • Why spend that much on egift cards if you didn't intend to use them?

    • +3

      They came as part of Telstra plan offer.

  • +2

    Just go to the police.

    They can prosecute these people even when small amounts are involved. e.g. this piece of @#!@# https://www.qt.com.au/news/gumtree-used-to-scam-victims-of-c…

  • +2

    Don't use gumtree and don't sell gift cards.

    End of story

    Buy what you use don't buy to try to earn a buck

    Police cant do jack about these scams. It's minor crime and hard to catch these crooks

    Sorry but move on and know anything happens these days.

    Appreciate to let others know about this. No security at all

  • +1

    Something else that might help you is the company that provides the Gift cards for jbhifi.

    https://www.vii.com.au/JBhifi.asp

    • Thanks, reached out to them too.

  • The JB gift card check balance function requires a PIN to work.

    So I don’t see the point of supplying only the numbers without the PIN to a buyer asking to confirm value.

    You must’ve somehow given James the PIN

    • I definitely did not give James the pin. Because at that point I had not even scratch the codes/pin. It was only after I had received payment that I scratch the pin.

      And I do know that you require the pin to check the balance online. Which is why I hadn’t checked the balance until I had received payment. I was kinda uncomfortable not knowing what balance was on the card, or if JB hi-fi had even made a typo or clerical error of some sort.

      I had sold one other card, previously, On a separate occasion to what has played out in the last two days. On that instance the JB hi-fi store was able to validate the balance on the card without actually scratching the pin code.

      • +2

        And I do know that you require the pin to check the balance online.

        But at 7 you said:

        I provided the card numbers, to allow him to check the balance on the cards.

        • +1

          Yeah I thought I read those contradicting statements, but didn't look back to verify. You just did :P ;)

        • He also said

          On that instance the JB hi-fi store was able to validate the balance on the card without actually scratching the pin code

          So he was expecting the guy to go into the store to verify the balance.

      • JB can check the value of the card without the pin. but they need the physical one. If anyone can try when paying by gift card, press the function button in the eftpos machine to see whether it allows we manually type the code
        Source: working for the retailler that using the same gift card system as Jb

  • +3

    I thought that JB HIFI would ask for ID such as a driver's license when picking up items such as redeeming gift cards. I recently ordered a mobile phone online and printed out the order. When I went to the JB HiFi store I had to show my ID confirming my name. If one of the conditions of JB HiFi is to present the cards at the store then I believe that you will be reimbursed as it appears the staff has made the error.

    • +2

      Yeah, from every JB hi-fi store that I have talked to have mentioned that ID, drivers license, is required, especially when it comes to redeeming high value gift cards and purchases.

      So I do hope that they have taken a copy of the drivers license. But if that fails then JB hi-fi has failed on two points of security measures.

      • +2

        This is the reason why post above suggested partners in crime insider job not checking ID for James.

  • You are suspecting James but snowymatthew may be culprit because snowymatthew is the only one apart from you who knew card number and PIN.

    To play devil's advocate, you may be the only one running this story of being scammed and want to make some more JB giftcards or $$$…who knows….

    • I may be, but no, I have no intention on doing so. And have already returned snowymatthew‘s payment. And these things waste a lot of time and effort … so hate to be the one involved in this thing.

      • Is there any slim possibility that JB screwed these card and $$$ were not loaded into it?

        • Transaction history is available when checking the balance, it shows that they’ve been redeemed

          Displaying day of transaction and location and value.

          • +1

            @RNDM: Did you speak with store where those transactions occurred? They may have CCTV footage which shows whether they took ID details for person who redeemed it.

            • +1

              @pyramid: Yah, that was yesterday.

              Need to wait for them to get back to me now. Gonna follow up later today.

              • @RNDM: Another possibility,
                1. snowymatthew got pin and card number from you.
                2. He bought stuff only from JB Hifi website and put pickup location as ACT.
                3. someone from his team picks up goods from ACT.

                • @pyramid: Yeah, as mentioned above in some of the previous comments and responses. From the discussion with snowy, and they provided me with full name address phone number and equivalent details of their husband. It is unlikely, and from the general comment history, it seems unlikely. But I know it is not impossible also. Again at this point even though I have all the details I don’t want to jump to any conclusion.

                  • @RNDM: Ring up husband and see if name they gave matches

                    • +1

                      @Danstar: Bank transaction screenshots match the names provided. I don’t want to unnecessarily burden another innocent user - as far as I can tell.

                      • @RNDM: At this point in time, you will have to doubt both James and snowy. You are giving clean cheat to snowy raise some other red flag.

                      • +1

                        @RNDM: I’m not doubting that the ozb user is real.

                        If something usually looks sus, feels sus and everyone is telling you the same. It’s usually true.

                        I’m heavily leaning towards the gumtree and ozb user are the same person / friends or family and have done this before.

                        Sometimes it may work, sometimes it might not. But even when it doesn’t work, they still didn’t lose any real money

  • +3

    In for updates.

  • Gumtree is the home of scammers, I wouldn't use this site again after being scammed myself. There is zero support from Gumtree and this is why scammers love using it. Easy to set up a quick fake account and close it after you've been scammed with no repercussions.

    • +8

      There's a reaaon why people have been recommending "cash in pick up only" for gumtree for the last decade.

      If you follow that, your chance of being scammed is much much lower.

      • +1

        "cash in pick up only" for gumtree for the last decade.

        Agreed…… No paypal, no posting, pure cash on pickup.

    • She made that post when she was trying to use my cards. And so that post continued to the point where we had discovered that the cards had been already redeemed.

Login or Join to leave a comment