Reflections, Observations, and Analyses Pertaining to the Canadian Political Scene
Wednesday, November 6, 2019
A Sophisticated Scam That Almost Ensnared Me
I think we are all familiar with the garden-variety scams that are endemic on today's Internet. Sometimes it is a Nigerian prince or princess offering to send us millions to safeguard; other times it is an alert from Canada Revenue Agency that we will be arrested immediately for taxes owing unless we purchase and send iTune cards, or, conversely, we are in for a big windfall due to a recalculation of our tax return; my personal favourite, however, is notification that my PayPal account has been frozen due to irregularities that require a wealth of personal information to unlock.
Happily, most of us have sufficient wherewithal to smell the fraud immediately.
But the scammers are getting more sophisticated.
Recently, I was on the receiving end of one that, initially, I thought was legitimate for a very good reason. It contained an exchange my cousin and I had had about the recent election results, and it appeared to be from his email account. It was, as you will see, a strange request from his wife, who sometimes uses his email address.
I have stripped out any identifying information and changed the name of my cousin and his wife, but here is how it went, with additional commentary from me at specific points:
Hi Lorne, I have to agree with you regarding the outcome, and was also disappointed with the Greens 🥬 showing. I guess baby steps are to be expected. I do think that as we get more young people involved and interested in politics and their futures, that those numbers will go up. Looking forward to Friday as well to discuss more. Cheers, Rob
Sent from my iPhone
As you can see, the previously-mentioned exchange is part of the email, but it was followed by this:
I am sorry for bothering you with this mail, I need to get an Google Play gift cards for my Niece, Its her birthday but i can't do this now because I'm currently traveling and i tried purchasing online but unfortunately no luck with that.Can you get it from any store around you? I'll pay back as soon as i am back. Kindly let me know if you can handle this.
Await your soonest response.
Best regards
Grace
Intrigued, and with no suspicions at this point, I responded:
Hi Grace,
I got your email; what is the favour you are asking?
Lorne
I am sorry for bothering you with this mail, I need to get an Google Play gift cards for my Niece, Its her birthday but i can't do this now because I'm currently traveling and i tried purchasing online but unfortunately no luck with that.Can you get it from any store around you? I'll pay back as soon as i am back. Kindly let me know if you can handle this.
Await your soonest response.
Best regards
Grace
Well, my suspicions were immediately aroused for two reasons: one, Grace has no nieces, although I did entertain the possibility that she was speaking figuratively about someone in her family that she feels like an aunt towards. The second suspicious assertion was that she couldn't get the cards online. A quick internet check showed that such cards are easily obtainable online. Still, I was not entirely certain this was bogus, so I sent the following reply:
No problem, Grace. I will look at a grocery store nearby that I think stacks them. What denomination do you want?
To which she replied:
Thank you very much. Total amount needed is $200 ($100 denomination) from any store around you and I need you to scratch the back of the card to reveal the pin, then take a snap shot of the back
showing the pin and have them sent to me.
Once again thanks and God bless.
At this point I was almost certain this was a scam (it was unlikely she was travelling, since we were having lunch with them in two days), so I called my cousin to advise him that I thought his email had been hacked. However, I decided to string the scammer along for a while to waste his/her time. I started by not replying to the above email,. After a short time, I got this:
We're (sic) you able to purchase the card yet?
I received that message a second time within a couple of hours, at which point I wrote the following:
Would you like me to pick up a birthday card for her when I go to the store to get the Google Cards?
The response was a tad curt:
Just pick up the Google Cards, i need you to scratch the back of the card to reveal the pin, then take a snap shot of the back showing the pin and have them sent to me on here
Once again thanks and God bless.
Having more fun than I have had for a while, I decided to sound like a doddering old fool:
I don't have a Smartphone to take the pictures, So I have to go to the store to buy film for my camera.
Lorne
That netted this response:
Good morning,
I need you to scratch the back of the card to reveal the pin and write it out
Await your soonest response
Finally, I wrote what I knew would terminate this blossoming online relationship:
I am a little concerned about Internet security when it comes to sending sensitive information. May I call you with the numbers?
The scammer knew there was nothing more to do, and so sent me this:
Never mind keep the card for your [non-existent] grandchild.
The game was over, but I learned never to be too complacent about being able to detect Internet fraud. What bothers me now is that I have subsequently sent two messages to my cousin using his email address, and he has received neither. In the event that my email was compromised, I changed my password, but beyond that, I am at a loss. If anyone has any suggestions or insights, I'd be happy to receive them.
Subscribe to:
Post Comments (Atom)
I mainly use a landline like so many of we Geezers. So it came as a surprise when these scam artists somehow by my cell number. Since I don't give out my cell number (I use it mainly for navigation) I have to assume they hacked it from somewhere else, perhaps the cellular service provider.
ReplyDeleteReading your transcripts it's telling how poor the spelling and grammar is which should be an immediate red flag. Most of these buggers seem to be at least somewhat illiterate.
We're obviously not doing an effective job at tracking them down, judging by their proliferation. Fortunately they're mainly a nuisance although there's always a segment of seniors who are susceptible to these scams.
I just saw a report about how CRA scams net many people across the country. They are a blight upon the landscape, but people really need to start using their critical faculties to discourage their proliferation. And I see by this link, Mound, they have found their way to your coast as well. https://www.straight.com/news/1321776/canada-revenue-agency-and-rcmp-phone-scam-spreads-surrey-and-kelowna
DeleteIt's more sophisticated than that, Lorne. I live in an area dominated by retirees. These characters seem to know that and, from what my neighbours experience, they appear to work their way from one end of my short street to the other. It's real "call centre" stuff only weaponized.
ReplyDelete.. expect this.. it will get worse..
ReplyDeleteI get a couple of phish attempts per month
I screen grab only..
Purge any related or active apps or software
of cookies, history, cache ASAP, reboot
I do not delete or click anything whatsoever
that is in the body of such emails
even the delete button may be the trigger
only after the basic purging and reboot,
then will delete only from my mail server inbox
never opening the mail again
I have 3 devices that sync to & via icloud
that ends shortly.. as I will re install systems
to two of them.. the only one I want connected
to icloud is Bear Pro.. my fiction & memoir writing app
I can export all text formats including to mail or text etc
My photo & video archives are triple backed up
on external Firewire and USB external LaCie drives
oh maybe 18 terrabytes in total
None of those drives are EVER connected to Internet
via a computer connected to the internet..
I avoid apps or other with fine print
giving away access to contacts, loading cookies
and went to a new cel service and phone
Will again as it always becomes evident my number
and personal data has made it into databases
held by who knows who.. its open season
The Boss disconnects Alexis.. as she only uses briefly
I aint interested in Alexis.. got a mouse, headphones
& powerful laptop with smart sniffing utilities onboard
but since we share browsing wifi .. gotta be smart
That wifi is a portal for invasion of privacy and data
Boss only uses her office re business
Only her client, her mom & moi
share her cel number for emergency
if you don't know any of us or our number
you're shit outta luck
Even if The Rapture is upon us
or the creek is rising & ya lost your paddle
i protect home IP address viciously via various means
have two comfy remote locations with wifi
I can use via cel or ipad
a public library is one.. a fab coffee shop in the AM
which has a wonderful bar for the PM.. The Only Cafe
which is also a hostel for international visitors
run of course by a wonderfully smart Irishman
sharing the same last name as moi..
I bike to either in 5 minutes or walk in 10
another minute gets me to Motorama
for bacon n eggs with home fry potatoes
in my fave sunny window seat
and a sweet old waitress with Hell's Angels
tattoos and lotsa skin piercing..
Life is interesting.. so I tip generously
Practice smart computer sex.. always
It sounds like you are taking an array of precautions, Sal. My digital hat off to you.
DeleteHi Lorne. Since the emails came from your cousin's address it's more than likely his security is compromised. He should change his password immediately and may want to make a new email. The scammer could have also gone through his inbox to collect personal information.
ReplyDeleteWorst of all, there's a very good chance that his contacts were sent messages in the same manner as yourself. He should reach out to others to make sure they havn't fallen for the ruse.
Did you know that crooks can even spoof phone numbers these days? They'll have your local police station or hospital's # come up on caller ID... Scary stuff.
Hope this info helps.
-MC
Thanks, MC. I have suggested the password change to him as well as the possibility of getting a new email address. I am aware of the spoofing of numbers. We have call display, and I remember one purporting to come from the Government of Canada. The young lady sounded quite sincere, but I told her that with all of the scams out there, I would not give her even the most basic information. I told her if she was legit to send me a mailed request for that information. Never heard another thing from her.
Delete.. I'm confident you're aware I often rail about the 'invasion of privacy' perpetrated by 'our' political Parties.. Let me paint a scenario for you to consider. Though I read your excellent Indy blog.. I don't really 'know you' do I ? I do not have your phone number, home or cel, your email addy, your family if any, nor your address, your voting record over say the last 40 years, where you worked, your higher education studies or grades, your parents, or names of your neighbors, if any, on either side of you, whether you rent or own, your age, any spouse, sexual inclinations, drivers license transcript, charitable donations, grocery bill, disposable income, TV viewing preference or holiday destinations and airflights, credit card status
ReplyDeleteIn short, I know dick.. perhaps I surmise a lot.. You know where I am going with this.. that's an educated guess or surmise on my part..
Hamish Marshall can have an intern access all that previous background in a hearbeat.. approx 10 or 15 letters and a keystroke 'go'
Hell, man.. even you cannot access all that info in a heartbeat.. but the political parties, especially the Conservatives with literally unlimited $$ can do so.. what Elections Canada does not give them after every election, they can buy or borrow or share or sell.. or lose track of. Should we trust political parties.. that are simply not required to be transparent or accountable with your personal data ? Or mine ?
Big brother comes in many forms, Sal, but money seems to be the common denominator. To the well-heeled go all the info and data they could ever need or want.
Delete