Online Scam I Almost Believed

[+ Lucky]

Discussions here of online scams are too old to resuscitate, so I mention anew the one I almost fell for. I have purchased a couple   of appliances from Best Buy in the past, so when I received an email saying that my Protection Plan was automatically renewing, I thought it might be true- not that I remembered having any plan.

They were billing me for $349.99, a pretty stiff amount to pay. I haven't needed any repairs on the products I bought. One of them is 8 years old.

So I looked up the number for the Geek Squad customer service, a wise move rather than calling the number in the email. There I gave the information to the representative and she politely informed me that the email was a scam. If I called the number, they would try to get banking information from me. I was relieved that I didn't owe the money! Yet the email looked so official.

Anyway, I know seniors are often scammed, but not this time!

[Kevin Slater]

I get some very legitimate looking ones that I may well have fallen for, if only I had an account with, say, Wells Fargo.

What pisses me off is how often legitimate correspondence does require you to click on the link. When I run the world, the email will just include some unique code which you will then enter on your own on, say,  bestbuy.com to see what it’s all about.

Kevin Slater

[+ MysticMenace]

social engineering attacks - like phishing, vishing, and smishing have certainly evolved from having formatting issues to now copying templates of legit sites - but the same thing remains about these attacks - the sense of urgency these attacks seem to elicit in one's responses.

[RadioRob]

It's unfortunately very common.  Fraudsters know people in the US "generally" bank with one of about 15 banks...  and they know that a large percentage of people use the common retailers such as Amazon, Best Buy, Walmart, Best Buy, etc).  So it's easy to make a convincing message! 

I get messages all the time about my "Wells Fargo" account or my "Bank of America" account...  but I've never once had an account with those organizations.  I also receive them regarding my student loans!  

What's been especially interesting is getting automated phone calls claiming to be from the gas company saying my account is past due (it's not) and that I'm facing imminent disconnection...  press 1 to speak to a customer service agent!

And I even had a report at one of the urgent care clinics that I help manage IT for that they had someone show up saying they were there to turn off the electricity unless someone paid $200.  The clinic's bills are all on autopay and were current... but the scammer was attempting to hustle local small businesses actually in person!

It's a shame the amount of fraud that is happening now a days.  

[mike carey]

A few years ago I received a few texts purporting to come from my mobile phone company (at least it was the right one!) saying that due to service changes in my area I should click on a link in the text to arrange for them to send me a free new phone. Yeah, right.

Another text and I got curious. But I didn't click the link, I called customer service. And not on a number in the text. After chatting for a couple of minutes while the agent was looking at my file, turned out it was genuine and a week later the new phone arrived in the post. It was a basic Samsung 4G phone, but it lasted me five years, and it was a no-strings attached, no surcharge, free phone.

But, don't click on links that are the slightest bit suspicious or even most that appear not to be. You may be able to avoid giving personal or banking data but all they want may be to confirm that there is a person who uses that number as a mobile phone.

[RadioRob]

If you're ever proactively reached out to...  the safest thing to do is never click a link.  Instead reach out to them directly yourself and ask.  That might mean calling in, or opening a support case/online message.  But if they are trying to reach you, they should have a record of it and could route you to where you need to go if it's a legitimate request.  

[+ RJD]

Last year my 83-year-old aunt received a phone call from a gentleman claiming to be her grandson's attorney.  He informed her that her grandson, who he referenced by name, was arrested for DUI, was in jail, and needed $8,500 for bail.  I never found out what payment method he instructed her to use, but in a complete panic, my aunt was about to withdraw the funds when she decided to call her son (her grandson's uncle) to tell him about his nephew being arrested.  Thankfully, he smelled a scam and told her not to do anything while he checked on his nephew.  After a quick telephone call, he determined his idiot nephew was arrested for DUI but was already released on bail, which wasn't anything close to $8,500.   

Luckily, she wasn't out any money, but, aside from the fact that her grandson was stupid enough to drive while intoxicated, the more alarming part is the "attorney" knew her grandson's identity, had access to his arrest record and was able to link my aunt to him, even though they don't share the same last name.  They never figured out where it originated or who was responsible.  

There's a special place in hell where these scammers who prey on the elderly will eventually find themselves. 

[RadioRob]

Finding the identity of a person who has been charged with something is not hard.  In many (most?) locations, arrests are public record.  In fact, in the town where I went to college...  they published the info in the local paper!  It was sent out as a press release by the local authorities every few days.  Below is an actual screenshot of what was sent to some of the local media:

(In this case "city" refers to the local city, Maryville, MO.  If the person did not live there it would say what city such as the first marijuana case with the person living in St Joseph, MO).  

You now have the person's full name, age, and what city they live.  It's not overly difficult to map that to social media accounts and see lots of relatives in many cases.  

[jeezifonly]

If it is a notification from a service I do business with, I will not click on the link, but will contact customer service on their web page, or call them. Worth being on hold to verify, and a couple times I was able to report the number texting me or bogus email account, for their security dept to have on file. 

[SFSteve]

Thanks everyone for saving me with this posting. This morning I received an email from my phone service provider with a notice that the plans were changing and I needed to follow a link to select and change my service. I know better, but still almost selected the link, but then decided I would deal with it after work. 

Fortunately, I came by here first, and the light bulb went off. Of course, do not select a link in any email. I copied the link and pasted it into a text file. Wrong domain name, close, but wrong. 

Solid advice here. Never select a link from any email. Always go to the known location for any account you have. 

Thanks again for the refresher and save.

  SF Steve

[RadioRob]

6 hours ago, SFSteve said:

Thanks everyone for saving me with this posting. This morning I received an email from my phone service provider with a notice that the plans were changing and I needed to follow a link to select and change my service. I know better, but still almost selected the link, but then decided I would deal with it after work. 

Fortunately, I came by here first, and the light bulb went off. Of course, do not select a link in any email. I copied the link and pasted it into a text file. Wrong domain name, close, but wrong. 

Solid advice here. Never select a link from any email. Always go to the known location for any account you have. 

Thanks again for the refresher and save.

  SF Steve

NerdSquad wins!  Yeaa!  

I always learn something here. The wealth of knowledge among our members is amazing!

[+ Pensant]

I’m generally too paranoid to fall for any of these scams.

[+ Cash4Trash]

My bank has a fraud department and I forward any suspicious e-mail to them. Other businesses might as well.  

[+ poolboy48220]

5 minutes ago, Pensant said:

I’m generally too paranoid to fall for any of these scams.

Agreed.  I've snarked at friends and family for texting or emailing me links without any accompanying text to indicate they really meant to send it.  

[Rudynate]

There's always something about them that smells.  The email address is usually the giveaway.  I haven't been taken in but eventually they will get smart enough to fool me.   I don't think it's just the elderly they target - it's anybody who is taken in by their fake emails.

[+ sync]

5 minutes ago, Rudynate said:

There's always something about them that smells.  The email address is usually the giveaway.  I haven't been taken in but eventually they will get smart enough to fool me.   I don't think it's just the elderly they target - it's anybody who is taken in by their fake emails.

I got taken about three years ago.  The link took me to a phony but legitimate-looking Norton security site for an upgrade of my computer protection services.

A little too late I realized what it was, and after freezing and cancelling the credit card I used I escaped with only a $140.00 loss.

Since then, I'm link-phobic and grateful for it.

[Rudynate]

I see that one all the time.  Fortunately, I have used the Norton software and think it sucks so I never bite.

[Gadfly22]

On 4/20/2022 at 10:13 AM, sync said:

I got taken about three years ago.  The link took me to a phony but legitimate-looking Norton security site for an upgrade of my computer protection services.

A little too late I realized what it was, and after freezing and cancelling the credit card I used I escaped with only a $140.00 loss.

Since then, I'm link-phobic and grateful for it.

Whenever I buy anything online, even from a website I know is legit I use a virtual credit card number. You can set spending limits, make then single use, single vendor, and you can cancel the number instantly with the click of a mouse. Other nifty features too. Give it a try.

[+ Lucky]

I gave it a try once, but the feature disappeared later.

[Gadfly22]

Most of the big banks stopped offering this service "because of the proliferation of online providers who offer this service free of charge". I use privacy.com. Never had any problems. The only drawback is that the bank version worked like a real credit card - you have a month to pay the bill and you get whatever benefit you get (cash back, ff miles, etc.). Privacy.com works like a debit card - the money is instantly deducted from your linked bank account.

Edited May 2, 2022 by Gadfly22

[Gadfly22]

My dad keeps getting letters either from Toyota or the dealer where he bought the car saying his warranty is about to expire and he needs to sign up (and pay) for "extended warranty protection." I tell him its a scam and to throw them in the trash. 

[+ RJD]

28 minutes ago, Gadfly22 said:

Whenever I buy anything online, even from a website I know is legit I use a virtual credit card number. You can set spending limits, make then single use, single vendor, and you can cancel the number instantly with the click of a mouse. Other nifty features too. Give it a try.

My everyday credit card is through Capital One.  They offer Virtual Card Numbers (VCN) through an extension for the Chrome browser.  Whenever you do on-line shopping and come to the payment screen, the extension kicks in.  The first time you purchase from a site, it will create a unique VCN for that specific site with a unique expiration date (5 years to the month it’s created) and a unique 3-digit security code.  If you purchase from the site again it will bring up the existing VCN and ask if you’d like to use it.  You can save the VCN on each site, so if you log in from your phone or another device, the VCN is already stored.  All of the VCNs are tied to your actual credit card number.  If one of those sites is hacked and the VCN for that site is used, you don’t need a new card, only need to change the saved VCN for that site, and you don’t have to provide new payment information to all the sites you use. 
 

Prior to using the VCN my card was compromised twice in as many years, which required me to get a new card and update all of my payment information on every site I use.  

[Gadfly22]

22 minutes ago, RJD said:

My everyday credit card is through Capital One.  They offer Virtual Card Numbers (VCN) through an extension for the Chrome browser.

I don't trust Google either.  😜

[+ RJD]

10 minutes ago, Gadfly22 said:

I don't trust Google either.  😜

You don’t need to use the extension.  You can open the Capital One site on your browser of choice and generate the VCN.  The Chrome extension is convenient and reduces the number of steps needed.    

[Gadfly22]

48 minutes ago, RJD said:

You don’t need to use the extension.  You can open the Capital One site on your browser of choice and generate the VCN.  The Chrome extension is convenient and reduces the number of steps needed.    

You know come to think of it I don't trust Capital One either. This happened so long ago I almost forgot but back in the day when you had to mail a check to pay your cc bill I had a Capital One card and whenever they got your check a day or 2 before the due date they would hold on to it till it was past due so they could charge you a late fee. This happened a couple of times with other banks but if I called and complained they would refund the fee. Capital one never did which led me to believe this shady practice was part of their business model. After the 3rd or 4th time I told them to go f themselves and cancelled the card. Has your experience with them been ok?