Track a Scammer's Location

How a tracking link and a map exposed a 'local' seller who was 6,000 miles away

Advertisement

They Said They Were Local: Catching an Online Scammer With a Tracking Link and a Map

July 3, 2026 · 14 min read · Security

The listing looked perfect: a one-bedroom in a good part of Columbus, $950 a month, photos of a sunny kitchen, "available immediately." The renter I'll call Dana emailed, and the "landlord" wrote back fast and friendly. He was a pastor, he explained. He'd relocated abroad for a mission and couldn't show the unit in person, but the place was hers if she wired a $950 deposit plus first month by Zelle today — other people were interested. He'd FedEx the keys.

Every part of that story is a documented rental-scam script: the too-good price, the sympathetic reason the landlord can't meet, the urgency, and the irreversible payment method. But scripts are easy to rationalize when you need an apartment. Dana wanted one concrete fact before sending a dollar: was this man actually in Columbus, or anywhere near it?

So she didn't argue. She asked a normal question — "Could you send me a couple more photos of the bedroom and the lease?" — and delivered them as a tracking link to a shared folder. He clicked. The analytics map dropped a single pin. Not Columbus. Not Ohio. Not the United States. The click resolved to a residential ISP in Lagos, Nigeria — roughly 6,000 miles from the sunny kitchen he was pretending to own down the street.

A chat window shows you what a scammer wants to type. A map shows you where the packet actually came from. One of those two things is very hard to fake on the spot — and it's not the chat window.

This is a guide to doing what Dana did: using a tracking link and a map to test whether an online buyer, seller, "landlord," or romantic interest is really where they claim — responsibly, with the limits spelled out, and without turning a fraud-prevention tool into a weapon. Consumers reported losing more than $12.5 billion to fraud in 2024, a 25% jump over the prior year, according to the FTC.[1] A free location check before you pay is one of the cheapest defenses you have.

$12.5B
Reported to the FTC in fraud losses, 2024 — up 25%[1]
$16.6B
Losses in the FBI's 2024 Internet Crime Report[2]
$2.95B
Imposter scams — the top FTC fraud category, 2024[3]

The Case: A "Pastor" Landlord Who Was 6,000 Miles Away

Dana's case is a composite of a pattern that repeats constantly across Craigslist rentals, Facebook Marketplace, and dating apps, but the mechanics are exactly what a real check looks like. Here is what the map showed versus what the chat claimed.

WHAT THE CHAT SAID "I'm the owner here in Columbus, just away on a mission trip." "Zelle the deposit today, I'll FedEx the keys tomorrow." Claimed location: Columbus, Ohio, USA Payment: Zelle (irreversible) Will meet in person: no WHAT THE TRACKING LINK SHOWED Lagos, Nigeria Residential ISP · Android · Chrome ~6,000 mi from the "local" apartment

Nothing in the left panel could be disproved by arguing. The scammer had an answer for every objection — that's their job. The right panel didn't argue. It reported the one thing he couldn't rewrite in real time: the network his device connected from when he opened a folder he wanted to see. Dana stopped replying, reported the listing, and kept her $950.

Why a Map Catches a Liar the Chat Log Can't

Text is infinitely editable. A scammer can claim any city, spoof a local area code with a VoIP number, and even send a photo with the right skyline in the background. What they can't easily edit is the IP address their traffic actually originates from when they click something. That address is assigned by whatever network they're really on, and geolocation turns it into an approximate place on a map.

This is the same capture every website performs on every visitor; the tracking link just makes it visible to you and plots it. For the deeper mechanics of how a click becomes a marker — and why home broadband lands in the right metro while mobile and proxies wander — see our companion piece, IP Logger With a Map. Here we're focused on the narrower, higher-stakes question: is this person lying about where they are?

Create the tracking link before you send a cent

Paste the real folder, photo, or document they asked for, get a short link, and watch where the click lands on a map — city, ISP, and device. Free to start, no signup for your first link.

Create Your Tracking Link →

The Method: Send a Link They'll Actually Open

The whole technique rests on one principle: send something they genuinely want to open, for a reason they already have. You're not tricking anyone into clicking a fake prize. In a live negotiation there's almost always a natural document to share.

  1. Find the honest pretext. The buyer wants more photos? Host them and send the link. The "landlord" needs to send a lease? Ask them to review yours in a shared doc. A "recruiter" wants your resume? Send a link to it. The click has to feel like part of the conversation.
  2. Open the IP Logger and pick "Link tracker." Paste the real destination — the photo folder, the Google Doc, the portfolio page. This matters: the link must land them somewhere real, or the ruse collapses and you learn nothing.
  3. Get your short link and your private analytics link. Share the short one. Keep the analytics one to yourself.
  4. Send it naturally. "Here are the extra bedroom pics: [link]." They click, they see the photos, and they're none the wiser — the redirect happens in milliseconds.
  5. Open your analytics link and read the pin. Country first, then the ISP, then the city.
Don't impersonate anyone or fabricate bait. Sending the photos a buyer asked for is fair game. Building a fake "your package is delayed, track it here" page to lure a specific person into revealing their location is deceptive and, depending on intent and jurisdiction, can cross into illegal territory. The goal is to protect yourself from a transaction, not to surveil a human. More in the responsible-use section.

Reading the Pin: The Four Tells That Matter

A location check is only as good as your ability to read the result. In a scam context, four fields do the work — and you weigh them in this order.

1. Country mismatch — the loudest signal

Country-level geolocation is the most reliable layer there is, accurate in the high-90s percent range. If someone insists they're a local buyer in Chicago and the click resolves to Ghana, Nigeria, the Philippines, or India, you are almost certainly talking to an overseas operation running a domestic-sounding script. This one tell alone reversed Dana's decision.

2. The ISP field — is it a home, or a hiding place?

Before you trust the city, read who runs the network. A residential provider (Comcast, Spectrum, AT&T) or a mobile carrier suggests a real consumer connection. A hosting or cloud company or a named VPN provider means the click came through a data center — the person is deliberately masking their location. For an "ordinary local," routing through a commercial VPN is itself suspicious. You won't get their true city, but you've learned they're hiding it.

3. The city — useful, but the softest layer

City-level accuracy is good on home broadband and shaky on mobile, so treat the exact city as supporting detail rather than a verdict. "Same country, wrong city" is far weaker evidence than "wrong country entirely," because a regional mobile hub can legitimately misplace a real person by tens of miles.

4. The device — the quiet corroborator

The device and browser come from the user-agent, not geolocation, so routing doesn't distort them. A "professional US property manager" whose clicks always come from an Android phone on a foreign network, at 3 a.m. your time, paints a consistent picture. Across repeat clicks, a stable device signature also tells you whether two messages came from the same person.

One more move worth making when the ISP looks like a data center: take the resolved IP and run it through a reputation check. If the address already appears on abuse and proxy blocklists, you've got independent confirmation it's associated with anonymized or malicious traffic. Our IP reputation check guide walks through exactly how to read that.

Advertisement

Know the second they click

Timing matters in a live negotiation. On the free logger you get one link a day, 5-day retention, and an hourly digest. InfoSniper Pro is a one-time $7 pass that unlocks unlimited links, the exact IP, city, ISP, and full map on every click, and — the part that matters here — an instant on-click email alert. The moment your "local landlord" opens the lease, your phone buzzes with where they really are, while you're still in the chat. Plus 1-year retention, custom link codes, and no ads.

Unlock instant on-click alerts →

The Decision Flow: Signal, Not Verdict

A location tell is one input, not a courtroom. The reason it's so powerful in fraud cases is that scams almost never fail on a single flag — they light up several at once. Here's the flow Dana ran, and the one I'd suggest for any "are they really local?" situation.

They claim to be local / nearby but won't meet in person Send a real link they'll open the photos / lease / doc they asked for Country matches their claim? NO YES Strong fraud signal walk away ISP = hosting or VPN? YES Actively hiding = caution flag NO Location plausible — still verify payment, insist on in-person / escrow, trust your gut

Notice that the flow never ends at "the pin proves they're honest." A matching location just clears one hurdle; a mismatched one, or a data-center ISP, is where you stop. The payment method is the other non-negotiable: any push toward Zelle, wire transfer, cryptocurrency, or gift cards for a stranger you can't meet is a scam tell independent of geography. The FTC found that in 2024, bank transfers and payments accounted for the highest aggregate fraud losses, followed by cryptocurrency — precisely the irreversible rails scammers steer you toward.[4]

The Honest Limits: When the Map Lies Back

I'd be doing you a disservice to pretend this always works. A location check is a strong filter, not a lie detector, and a competent fraudster knows the countermeasures. Here's exactly where it fails.

A VPN masks the real country entirely

If the scammer routes through a VPN, the pin lands on the VPN server's city — which might be a convincing US location. VPN use is mainstream now; Surfshark's research puts adoption at roughly a third of internet users worldwide.[5] The saving grace is the ISP field: a VPN exit almost always reads as a hosting company, not a residential provider. So a "local buyer" whose IP maps to a data center in the right city is arguably more suspicious than one who's honestly overseas — a real neighbor has no reason to hide.

A careful scammer simply won't click

Professional fraud operations coach their people to avoid links. If your "landlord" flatly refuses to open the photos or lease he supposedly wants you to see, you won't get a pin. But read that refusal for what it is: someone with a reason to dodge a completely ordinary link is telling you something.

Mobile and privacy relays fuzz the city

Cellular traffic can route through a regional hub far from the user, and privacy features like Apple's iCloud Private Relay deliberately keep only your general region while hiding the precise address.[6] These blur the city, not usually the country — which is why country mismatch, the tell you can most trust, sits at the top of the decision flow.

Treat the map as a filter that catches the lazy and the honest, and reveals the careful by what they hide. Country says the most, the ISP says whether they're masking, and the city says the least. In that order, it's very hard for a "local" scammer to come out clean.

Doing This Responsibly (and Legally)

This is a security tool, and the difference between self-defense and harassment is entirely in how you use it.

Reasonable and appropriate:

Off-limits — and potentially illegal:

The one-sentence rule: use a tracking link to decide whether to trust a stranger with your money — never to decide what to do to a stranger.

Run the location check before you pay

Turn the photos or document they asked for into a tracking link, and see where the click really lands — country, ISP, and device on a map. Free to start; upgrade to Pro for an instant alert the second they open it.

Create Your Tracking Link →

Frequently Asked Questions

Can I find a scammer's real location with a tracking link?
You can find the approximate location of the network their click came from, which is often enough to catch a lie. A tracking link captures the visitor's IP address and geolocation drops a pin on the city that IP is routed from. If a "local" seller's click lands in another country, that's a strong fraud signal. But it's a signal, not proof of identity: a VPN or proxy will show the server's location instead, and a cautious scammer may not click at all.
What does it mean if the scammer's click shows a hosting company or VPN?
If the ISP field reads like a data center or a named VPN provider rather than a residential or mobile carrier, the person is routing through a relay to hide where they really are. For a supposedly ordinary local buyer or seller, that concealment is itself a red flag. It doesn't reveal their true city, but it tells you they're actively masking it — and a real neighbor has no reason to.
The map shows a different country than the person claims. Is that proof of a scam?
It's powerful evidence but not standalone proof. A single click that geolocates thousands of miles from where someone claims to be, combined with a refusal to meet in person and a push toward an irreversible payment method, is about as clear as a fraud pattern gets. Weigh the location tell together with the other behaviours rather than acting on the pin alone.
Is it legal to send a suspected scammer a tracking link?
Logging the IP address of someone who clicks a link you control is generally legal and is what every website already does. The safe, honest approach is to share a genuine link they have a reason to open, such as photos or a document they asked for. Don't impersonate anyone, don't use the result to harass, confront, publish, or threaten, and remember geolocation is approximate. Use it to protect yourself and to inform a decision to walk away — then report the account to the platform and, if you lost money, to the authorities.
What if the scammer refuses to click the link?
Refusing to open a normal link they asked for — photos of the item, a shared document — is itself informative. Experienced fraud operators are trained to avoid trackers, so a flat refusal to open anything is consistent with someone who has something to hide. You won't get a pin, but the behaviour still supports the decision to disengage.

Sources

  1. Federal Trade Commission — "New FTC Data Show a Big Jump in Reported Losses to Fraud to $12.5 Billion in 2024" — ftc.gov
  2. FBI Internet Crime Complaint Center — "2024 Internet Crime Report" (total reported losses $16.6B) — ic3.gov
  3. Federal Trade Commission — Consumer Sentinel Network Data Book / 2024 fraud category totals (imposter scams $2.95B) — ftc.gov
  4. Federal Trade Commission — 2024 fraud data by payment method (bank transfer highest, then cryptocurrency) — ftc.gov
  5. Surfshark — "VPN adoption and usage statistics" — surfshark.com
  6. Apple — "About iCloud Private Relay" (exit IP maintains only your general region) — support.apple.com
  7. Federal Trade Commission — "What to know about rental listing scams" (consumer guidance) — consumer.ftc.gov