Computer Security: Blind trust means money lost
We acknowledge that finding decent accommodation near CERN in the Geneva area or the Pays de Gex is difficult. Particularly difficult if you’re trying to organise such accommodation from abroad. Demand wildly exceeds supply. And where customers are in (desperate) need of supply, fraudsters are never far away.
And indeed, this spring has seen two fraudulent transactions on the CERN Marketplace – your private flea market – a place to sell books, music or electronics, buy a new (used) car or find accommodation. In both cases, the fraudsters were advertising vacant apartments that they didn’t own. Using fake identities, hardly traceable email addresses and even, in one case, a stolen passport, they engaged with potentially interested tenants and provided details, photos and a location. A seemingly plausible story. But a fake one. And they pushed their victims into signing a lease and talked them into paying a deposit – which can easily be a few thousand euros – money that was subsequently lost.
As with any other online market platform (Amazon, eBay, etc.) or real-life flea market, a sales/purchase contract is also an expression of trust. The seller trusts that the money you pay is genuine, that the transfer you make is non-revocable, that the cheque is covered. The buyer trusts that the seller will really hand over or ship the merchandise and that the merchandise is as described and without any unmentioned flaws or faults. This is why, usually, face-to-face transactions using cash are preferable. As a buyer, you can see (and test) what you buy. As a seller, you can take comfort in the fact that counterfeit money is hard to come by (while uncovered cheques are easily possible). And this is why, in the online world, payments should usually be made through a trusted partner – an escrow service like eBay offers them. Or transactions should be backed up by insurance (like with Amazon or PayPal).
The CERN Marketplace is an unmoderated forum for private transactions – sales, purchases, etc. Other than providing the platform, CERN does not engage further nor take any responsibility for its contents. Participation just requires an email address as a handle. Those participants are neither vouched for nor vetted. In addition, while posts must comply with CERN’s Computing Rules and the dedicated rules of the CERN Marketplace, they are generally not moderated, verified or approved. Of course, any violation of those rules will be followed up by the CERN Computer Security team and might lead to posts being deleted, participants being blocked, and sanctions (including calling the local police) ─ as happened in the aforementioned cases.
But don’t take a chance. BE VIGILANT. Like in real life. Unless you know the seller/buyer, don’t fully trust them. If you’re looking for an apartment to rent, it’s advisable to either seek input from your peers (“Does anyone know that landlord? Are they trustworthy?”) or do an in-person visit, ask for a live video tour of the apartment or ask a local friend to do a visit for you. In any case, avoid transferring money to unknown parties. Perhaps set up an escrow account where money is transferred only under certain conditions. Remember: “Blind trust means money lost”.
_____
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.
anschaef