The latest twist in the check-forwarding scam hit someone close to me this month (March 2020). It started when my friend, who is just an average Internet user (and not a security pro like I am) got a call saying her Amazon account has been compromised.
She checked her bank account and saw an unauthorized charge for $100. When she went into her Amazon account, she saw a $100 order for an Xbox gaming gift card. She also got a legitimate email from Amazon stating the same:
|
||||||||||||||||||
Alarmed, my friend continued talking to the caller, who was the very same scammer that had hacked into her Amazon account and made the fraudulent charge.
“They (the scammer) said Amazon was going to pay for me to secure my phone and Amazon account. They had me set up team viewer on my phone and then remotely controlled my phone,” she said.
Promising Money in Return
Here’s where the check forwarding scam comes in. When the scammers went into her bank application and saw only $20, they said Amazon was putting $2,000 into her bank card to reimburse her for paying for her new Amazon account security. They sent her an email confirmation of the pending deposit of $2,000. They said she’d see that clear in a couple of days.
They then directed her to purchase two $500 physical gift cards from Best Buy, staying on the phone with her the whole time.
“After I got the gift cards, they had me scratch off the back and read them the numbers. Then he said my account was only 30% protected from these hackers and I need to get them six more gift cards,” she adds.
That’s when she wised up and called Amazon directly from a different phone and found out it wasn't Amazon doing this. Now, she’s filed a police report and is trying to get her $1,000 back.
Scammers asking for gift cards is a common way for attackers to cash in on their attacks without leaving a trace, according to the Federal Trade Commission. They will ask for cards to pay your utility bill, buy large merchandise or enter a sweepstakes. But asking my friend to give up gift card numbers scratched off to pay for Amazon security is a new type of scam I can’t find on searches. So, if you see any of these, please report them to the FTC.
No Caller ID
This all happened on her smart phone – the criminals who called her had already hacked into her Amazon account to get her details. Then they called her and accessed her banking app through her phone. The manipulation was harder to see because the email type was small and harder to read the return addresses from her phone.
It would have been difficult to verify where the caller was truly from because she only saw a number. And since she did see the $100 Xbox gift card order in her Amazon account, the call seemed legit.
However, follow-up emails from the scammer tells a different story. Below I’ve highlighted the danger signals in the email itself:
From: Amazon Prime <amazonrefund75@yahoo.com> (this return address does not use the legit Amazon extension “@amazon.com”)
Date: 3/12/20 5:29 PM (GMT-08:00)
Subject: Amazon Funds For Security
Dear (NAME BLOCKED OUT)
A refund of $2000.00 has been initiated in your Master Card ending in (# BLOCKED OUT) with Reference code GFTKGH121.
It has been credited in your card with in 24 hours. (basic English language mistake using past instead of future tense “will be”)
If you have any trouble accessing your account, call Customer Service at:
Customers within U.S. and Canada: 1-858-771-8533
Sincerely,
Account Specialist
Amazon.com
Looking up the scammer’s number on whitepages.com takes you to a Rancho Santa Fe, CA address and also shows that it’s a VOIP (voice over IP number). However, the time stamp lists General Mountain Time so it’s hard to tell where the call is really originating.
Change All Passwords & Close Hacked Account
After learning of this hack, my friend changed all her passwords to her phone, Yahoo, bank and Amazon account and any traces of the remote support tool the attacker used to see her device. Since most of these accounts use email addresses as usernames, I advised her to use unique passwords for every site, and deploy a password manager or the password vault on to manage them all.
Finally, I suggested she report the criminal’s Yahoo email address to Yahoo. But Yahoo doesn’t make it easy to report things like this. The link they provide is pretty useless: https://help.yahoo.com/kb/identify-legitimate-yahoo-websites-requests-communications-sln2070.html. And now, the COVID virus has shut down all Yahoo chat helpers. So, criminals like this are going to continue to take advantage of us without getting caught.
Wish I could help my friend more, but maybe this blog will help others who run into the same or similar scams.