Wednesday, November 6, 2019

A Sophisticated Scam That Almost Ensnared Me



I think we are all familiar with the garden-variety scams that are endemic on today's Internet. Sometimes it is a Nigerian prince or princess offering to send us millions to safeguard; other times it is an alert from Canada Revenue Agency that we will be arrested immediately for taxes owing unless we purchase and send iTune cards, or, conversely, we are in for a big windfall due to a recalculation of our tax return; my personal favourite, however, is notification that my PayPal account has been frozen due to irregularities that require a wealth of personal information to unlock.

Happily, most of us have sufficient wherewithal to smell the fraud immediately.

But the scammers are getting more sophisticated.

Recently, I was on the receiving end of one that, initially, I thought was legitimate for a very good reason. It contained an exchange my cousin and I had had about the recent election results, and it appeared to be from his email account. It was, as you will see, a strange request from his wife, who sometimes uses his email address.

I have stripped out any identifying information and changed the name of my cousin and his wife, but here is how it went, with additional commentary from me at specific points:

Hi Lorne, I have to agree with you regarding the outcome, and was also disappointed with the Greens 🥬 showing. I guess baby steps are to be expected. I do think that as we get more young people involved and interested in politics and their futures, that those numbers will go up. Looking forward to Friday as well to discuss more. Cheers, Rob

Sent from my iPhone


As you can see, the previously-mentioned exchange is part of the email, but it was followed by this:

I am sorry for bothering you with this mail, I need to get an Google Play gift cards for my Niece, Its her birthday but i can't do this now because I'm currently traveling and i tried purchasing online but unfortunately no luck with that.Can you get it from any store around you? I'll pay back as soon as i am back. Kindly let me know if you can handle this.

Await your soonest response.

Best regards

Grace


Intrigued, and with no suspicions at this point, I responded:

Hi Grace,

I got your email; what is the favour you are asking?

Lorne


I am sorry for bothering you with this mail, I need to get an Google Play gift cards for my Niece, Its her birthday but i can't do this now because I'm currently traveling and i tried purchasing online but unfortunately no luck with that.Can you get it from any store around you? I'll pay back as soon as i am back. Kindly let me know if you can handle this.

Await your soonest response.

Best regards

Grace


Well, my suspicions were immediately aroused for two reasons: one, Grace has no nieces, although I did entertain the possibility that she was speaking figuratively about someone in her family that she feels like an aunt towards. The second suspicious assertion was that she couldn't get the cards online. A quick internet check showed that such cards are easily obtainable online. Still, I was not entirely certain this was bogus, so I sent the following reply:

No problem, Grace. I will look at a grocery store nearby that I think stacks them. What denomination do you want?

To which she replied:

Thank you very much. Total amount needed is $200 ($100 denomination) from any store around you and I need you to scratch the back of the card to reveal the pin, then take a snap shot of the back

showing the pin and have them sent to me.


Once again thanks and God bless.


At this point I was almost certain this was a scam (it was unlikely she was travelling, since we were having lunch with them in two days), so I called my cousin to advise him that I thought his email had been hacked. However, I decided to string the scammer along for a while to waste his/her time. I started by not replying to the above email,. After a short time, I got this:

We're (sic) you able to purchase the card yet?

I received that message a second time within a couple of hours, at which point I wrote the following:

Would you like me to pick up a birthday card for her when I go to the store to get the Google Cards?

The response was a tad curt:

Just pick up the Google Cards, i need you to scratch the back of the card to reveal the pin, then take a snap shot of the back showing the pin and have them sent to me on here

Once again thanks and God bless.


Having more fun than I have had for a while, I decided to sound like a doddering old fool:

I don't have a Smartphone to take the pictures, So I have to go to the store to buy film for my camera.

Lorne


That netted this response:

Good morning,

I need you to scratch the back of the card to reveal the pin and write it out

Await your soonest response


Finally, I wrote what I knew would terminate this blossoming online relationship:

I am a little concerned about Internet security when it comes to sending sensitive information. May I call you with the numbers?

The scammer knew there was nothing more to do, and so sent me this:

Never mind keep the card for your [non-existent] grandchild.

The game was over, but I learned never to be too complacent about being able to detect Internet fraud. What bothers me now is that I have subsequently sent two messages to my cousin using his email address, and he has received neither. In the event that my email was compromised, I changed my password, but beyond that, I am at a loss. If anyone has any suggestions or insights, I'd be happy to receive them.










9 comments:

  1. I mainly use a landline like so many of we Geezers. So it came as a surprise when these scam artists somehow by my cell number. Since I don't give out my cell number (I use it mainly for navigation) I have to assume they hacked it from somewhere else, perhaps the cellular service provider.

    Reading your transcripts it's telling how poor the spelling and grammar is which should be an immediate red flag. Most of these buggers seem to be at least somewhat illiterate.

    We're obviously not doing an effective job at tracking them down, judging by their proliferation. Fortunately they're mainly a nuisance although there's always a segment of seniors who are susceptible to these scams.

    ReplyDelete
    Replies
    1. I just saw a report about how CRA scams net many people across the country. They are a blight upon the landscape, but people really need to start using their critical faculties to discourage their proliferation. And I see by this link, Mound, they have found their way to your coast as well. https://www.straight.com/news/1321776/canada-revenue-agency-and-rcmp-phone-scam-spreads-surrey-and-kelowna

      Delete
  2. It's more sophisticated than that, Lorne. I live in an area dominated by retirees. These characters seem to know that and, from what my neighbours experience, they appear to work their way from one end of my short street to the other. It's real "call centre" stuff only weaponized.

    ReplyDelete
  3. .. expect this.. it will get worse..
    I get a couple of phish attempts per month
    I screen grab only..
    Purge any related or active apps or software
    of cookies, history, cache ASAP, reboot

    I do not delete or click anything whatsoever
    that is in the body of such emails
    even the delete button may be the trigger

    only after the basic purging and reboot,
    then will delete only from my mail server inbox
    never opening the mail again

    I have 3 devices that sync to & via icloud
    that ends shortly.. as I will re install systems
    to two of them.. the only one I want connected
    to icloud is Bear Pro.. my fiction & memoir writing app
    I can export all text formats including to mail or text etc

    My photo & video archives are triple backed up
    on external Firewire and USB external LaCie drives
    oh maybe 18 terrabytes in total

    None of those drives are EVER connected to Internet
    via a computer connected to the internet..
    I avoid apps or other with fine print
    giving away access to contacts, loading cookies
    and went to a new cel service and phone
    Will again as it always becomes evident my number
    and personal data has made it into databases
    held by who knows who.. its open season

    The Boss disconnects Alexis.. as she only uses briefly
    I aint interested in Alexis.. got a mouse, headphones
    & powerful laptop with smart sniffing utilities onboard
    but since we share browsing wifi .. gotta be smart
    That wifi is a portal for invasion of privacy and data
    Boss only uses her office re business
    Only her client, her mom & moi
    share her cel number for emergency
    if you don't know any of us or our number
    you're shit outta luck
    Even if The Rapture is upon us
    or the creek is rising & ya lost your paddle

    i protect home IP address viciously via various means
    have two comfy remote locations with wifi
    I can use via cel or ipad
    a public library is one.. a fab coffee shop in the AM
    which has a wonderful bar for the PM.. The Only Cafe
    which is also a hostel for international visitors
    run of course by a wonderfully smart Irishman
    sharing the same last name as moi..
    I bike to either in 5 minutes or walk in 10
    another minute gets me to Motorama
    for bacon n eggs with home fry potatoes
    in my fave sunny window seat
    and a sweet old waitress with Hell's Angels
    tattoos and lotsa skin piercing..
    Life is interesting.. so I tip generously

    Practice smart computer sex.. always

    ReplyDelete
    Replies
    1. It sounds like you are taking an array of precautions, Sal. My digital hat off to you.

      Delete
  4. Hi Lorne. Since the emails came from your cousin's address it's more than likely his security is compromised. He should change his password immediately and may want to make a new email. The scammer could have also gone through his inbox to collect personal information.

    Worst of all, there's a very good chance that his contacts were sent messages in the same manner as yourself. He should reach out to others to make sure they havn't fallen for the ruse.

    Did you know that crooks can even spoof phone numbers these days? They'll have your local police station or hospital's # come up on caller ID... Scary stuff.

    Hope this info helps.

    -MC

    ReplyDelete
    Replies
    1. Thanks, MC. I have suggested the password change to him as well as the possibility of getting a new email address. I am aware of the spoofing of numbers. We have call display, and I remember one purporting to come from the Government of Canada. The young lady sounded quite sincere, but I told her that with all of the scams out there, I would not give her even the most basic information. I told her if she was legit to send me a mailed request for that information. Never heard another thing from her.

      Delete
  5. .. I'm confident you're aware I often rail about the 'invasion of privacy' perpetrated by 'our' political Parties.. Let me paint a scenario for you to consider. Though I read your excellent Indy blog.. I don't really 'know you' do I ? I do not have your phone number, home or cel, your email addy, your family if any, nor your address, your voting record over say the last 40 years, where you worked, your higher education studies or grades, your parents, or names of your neighbors, if any, on either side of you, whether you rent or own, your age, any spouse, sexual inclinations, drivers license transcript, charitable donations, grocery bill, disposable income, TV viewing preference or holiday destinations and airflights, credit card status

    In short, I know dick.. perhaps I surmise a lot.. You know where I am going with this.. that's an educated guess or surmise on my part..

    Hamish Marshall can have an intern access all that previous background in a hearbeat.. approx 10 or 15 letters and a keystroke 'go'

    Hell, man.. even you cannot access all that info in a heartbeat.. but the political parties, especially the Conservatives with literally unlimited $$ can do so.. what Elections Canada does not give them after every election, they can buy or borrow or share or sell.. or lose track of. Should we trust political parties.. that are simply not required to be transparent or accountable with your personal data ? Or mine ?

    ReplyDelete
    Replies
    1. Big brother comes in many forms, Sal, but money seems to be the common denominator. To the well-heeled go all the info and data they could ever need or want.

      Delete