Here’s why you probably shouldn’t use a regular Yahoo e-mail address when potentially hundreds of thousands of dollars is on the line.
Tyler Hoover of Hoovies Garage is clearing out a good chunk of his “Hooptie Fleet” by making 40 of his cars available for sale.
According to Hoover in a Tweet posted earlier today, it looks like a scammer took advantage of one vulnerability in Hoover’s plan and scammed a potential buyer out of $2,000.
Here’s Hoover’s tweet below.
SCAM ALERT. Some dirtbag going by Chris Gums set up a spoof email buyhooviesCARS (instead of CAR) and collected a $2000 deposit on my 348 through Zelle. I would not take such large deposits, and don’t use Zelle. Do not fall for it! pic.twitter.com/qXWJ5gf0eO— Tyler Hoover (@HooviesGarage) November 2, 2021
If you didn’t already know, Tyler Hoover is a Youtuber known for buying and selling severely depreciated cars. By documenting the trials and tribulations he encounters between taking ownership and subsequently selling these arguable nightmares of a vehicle, Hoover has amassed quite a following.
Earlier this week Hoover, as mentioned, decided to sell off a good chunk of his fleet. Hoover did this by announcing as such on his most recent Youtube video, listing all the cars available in the video description.
The cars on this list run the gamut of affordability from a $6,000 BMW Z3 to a Lamborghini Countach worth over $450,000. There’s life-changing amounts of money at stake here.
The one chink in Hoover’s plan was that he used a regular Yahoo e-mail address to facilitate communications.
According to Hoover,
“Please only email email@example.com if you are serious about purchasing. I don’t check or respond to other DM accounts or email nearly as often, Thanks!”
The problem is, as he soon found out, that anyone can register a Yahoo e-mail including e-mails like BuyHooviesCars@Yahoo.com or BuyingHooviesCar@yahoo.com, addresses that are very similar to the one Hoover specified.
Since Hoovies Garage’s videos drum up millions of views, lots of people would be interested and inquire about his list of cars for sale. A good number would, by human nature, mistakenly enter his e-mail address incorrectly, entering a similar one already registered by the scammer.
This scammer used Zelle, a peer-to-peer payment service only meant to be used between trusted family and friends, to secure $2,000 from someone inquiring about Hoover’s Ferrari 348.
Once scammers get your money, they cease communications and often close linked bank accounts.
How Tyler Hoover could’ve avoided this
As many replies on his Tweet mention Hoover could’ve (and should have) used an e-mail address with a custom domain.
Most hosting platforms, like Google or GoDaddy, offer free-email forwarding attached to your domain. It’s as simple as inputting what custom e-mail address you want linked to domain you own and forwarding all e-mail received to whatever e-mail address you already use.
For example, since Hoover owns HooviesGarage.com he could’ve created and forwarded e-mails to firstname.lastname@example.org to a Yahoo e-mail address.
Hoover also could’ve linked to a good ol’ contact form on his website or a customizable survey via Google.
Since the sale has the potential to run for a long time, considering this vulnerability and that someone already got scammed, it would probably behoove Hoover to cancel the current sale and reissue new instructions with a more secure e-mail address.
I’ll be surprised if he doesn’t.