Like a dog spotting a squirrel, I can’t help but notice when a new text pops up on my iPhone. The little gray notification caught my attention and I was immediately pulled from the task at hand. Plus, this seems important. It is, but only because it helped me identify a very dangerous and dangerous Amazon shopping scam.
With the year-end shopping season in full swing, scams like these in progress (opens in a new tab) and most of us are doing at least some gift shopping through Amazon (retailers reported more than $1 billion in revenue (opens in a new tab) on Black Friday).
It’s a mix of frantic shopping, excitement, and low-level fear that someone will scam you, which scammers naturally use to infiltrate privacy and personal technology your personal identity, all for the sole purpose of stealing your identity. data, credit cards, logins and more.
While I haven’t been successfully scammed, I did play with a scammer on purpose so I can show you exactly how to identify and avoid a similar attack.
Like other notices I receive from legitimate sources, this one is very brief. It says:
“Your card charged $649 for the XGIMI Elfin Mini Projector
Order number #EMPY2219 on 05/12/2022
N0T your order?
Contact us: +17204813408″
It will happen to you
I’m pretty sure you’ll all get a message like this before the holidays are over. Let’s look at this one. It has grammatical and typographical errors that include a zero instead of an “o” and a missing word. No legitimate company will ever send you a text like this.
What scammers rely on is the warning that such a text can trigger. You’ll probably be so nervous you won’t read it carefully and will just call the number instead. But what number? I noticed that the number in the message and the number listed in the caller ID did not match.
To be clear, I decided to call the number to better understand the nature of this scam – for the sake of science. My goal here is that from now on, you will read such a text and immediately understand that Amazon, Best Buy, and other online retailers do not operate this way.
I decided to call the number listed in the message, put the phone on speakerphone and wait, perhaps, two rings before an agent picked up.
He started with, “How can I help you?”
“You called me,” I said, “inquiring about an order.”
The agent quickly recovered and asked for my name. I hesitated but realized my name wasn’t exactly a trade secret, moreover, I needed to pull him further so I could understand the end of the game.
The strange thing was that he didn’t ask me to spell my name, but followed suit by asking for the serial number I had given earnestly from the text.
“Oh, there’s an Amazon order from Ohio and you’re in New York,” he tells me as I listen to the faint chatter of dozens of scam reps who look like him trying to entice customers. other callers.
“Have you been to Ohio yet?” he asks.
“Do you share your Amazon account with someone in Ohio?” he asks.
“There have been a lot of orders from Ohio,” he added, sounding worried for me. This guy deserves an Oscar.
When he spoke to me, I was logged into my Amazon account on the desktop. No weird orders, just things I ordered as a Christmas present for my wife.
“I’m sorry,” I said, trying to sound confused, “but if someone places an order on my Amazon account, should I see those orders in my Amazon account?”
There was a long pause as if I had pushed him out of the script.
“Yes…but it’s all hanging,” he told me.
Now it’s time to get to work. The scammer told me it was important that they connect me to the “Amazon Secure Server” to solve this problem. During the call, he had to say “Amazon Secure Server” half a dozen times.
“Okay,” I said, still trying to sound confused, “how do I do that?”
First, he says, we need to know what kind of device you’re using. I told him it was an iPhone
“Great, I need you to put me on speakerphone and open the App Store,” he instructs.
I told him, “Sure,” put down the phone and started taking notes.
“I need you to download this app. Instead of telling me the name, he spells it out, giving me one word for each letter, ”A’ is everything, ‘N’ is Nancy, ‘Y’ is yes, ‘D’ in dog, ‘E’ in every, ‘S’ in Sam, and ‘K’ in Keep.”
My rogue friend wants me to download AnyDesk, which he says is to connect to Amazon Secure Servers, but I know it’s remote desktop software. This is the kind of app that allows someone from halfway around the world to connect and control your PC or phone to hack in and get all your stuff.
As we talked, I searched on “Amazon AnyDesk scam” and quickly found a March 22 article describes this exact trick in detail.
I decided to slow things down a bit so I could deliver a message to my scammer friend.
“Wait, I just realized there’s another name on the account and I’m worried if you don’t have it, this won’t work,” I tell him in a voice that I think is really nervous. where mine oscar?
The scammer friend was very upset. “No, no, just connect to the Secure Server. Download the app.”
I told him I wanted to make sure he had this.
“Okay. Give it to me.”
“Okay, I’ll spell it out. Ready.”
“Yes,” he said and I could hear the exasperation in his voice.
“‘N” is no, ‘O’ is over, ‘F’ is fun, ‘U’ is under, ‘C’ is cable, ‘K’ is king, ‘I’ is inside, ‘N’ as in Nancy, ‘G’ as in go, ‘W’ as in walk, ‘A’ as in all, and ‘Y’ as in yes.”
At first, there was no response. He spelled it out again but because he misheard a few important letters it didn’t make sense. We went back and fixed them. Then he spells it out again and there’s a moment of silence.
“Why are you telling me this?” he asked wistfully.
“Because this is a scam and you are a scammer.”
He did not argue.
“Yes, yes,” he said quickly and hung up.
If you ever see a text like this, your first stop should be to log into your own account through a trusted PC or phone and check for erroneous charges. If you see any, contact the retailer or website directly. Never reply to one of these messages and never install any software, no matter what the person on the other end of the line tells you.
You can protect yourself further with some best security software in 2022.