Showing posts with label email scams. Show all posts
Showing posts with label email scams. Show all posts

Wednesday, November 6, 2019

A Sophisticated Scam That Almost Ensnared Me



I think we are all familiar with the garden-variety scams that are endemic on today's Internet. Sometimes it is a Nigerian prince or princess offering to send us millions to safeguard; other times it is an alert from Canada Revenue Agency that we will be arrested immediately for taxes owing unless we purchase and send iTune cards, or, conversely, we are in for a big windfall due to a recalculation of our tax return; my personal favourite, however, is notification that my PayPal account has been frozen due to irregularities that require a wealth of personal information to unlock.

Happily, most of us have sufficient wherewithal to smell the fraud immediately.

But the scammers are getting more sophisticated.

Recently, I was on the receiving end of one that, initially, I thought was legitimate for a very good reason. It contained an exchange my cousin and I had had about the recent election results, and it appeared to be from his email account. It was, as you will see, a strange request from his wife, who sometimes uses his email address.

I have stripped out any identifying information and changed the name of my cousin and his wife, but here is how it went, with additional commentary from me at specific points:

Hi Lorne, I have to agree with you regarding the outcome, and was also disappointed with the Greens 🥬 showing. I guess baby steps are to be expected. I do think that as we get more young people involved and interested in politics and their futures, that those numbers will go up. Looking forward to Friday as well to discuss more. Cheers, Rob

Sent from my iPhone


As you can see, the previously-mentioned exchange is part of the email, but it was followed by this:

I am sorry for bothering you with this mail, I need to get an Google Play gift cards for my Niece, Its her birthday but i can't do this now because I'm currently traveling and i tried purchasing online but unfortunately no luck with that.Can you get it from any store around you? I'll pay back as soon as i am back. Kindly let me know if you can handle this.

Await your soonest response.

Best regards

Grace


Intrigued, and with no suspicions at this point, I responded:

Hi Grace,

I got your email; what is the favour you are asking?

Lorne


I am sorry for bothering you with this mail, I need to get an Google Play gift cards for my Niece, Its her birthday but i can't do this now because I'm currently traveling and i tried purchasing online but unfortunately no luck with that.Can you get it from any store around you? I'll pay back as soon as i am back. Kindly let me know if you can handle this.

Await your soonest response.

Best regards

Grace


Well, my suspicions were immediately aroused for two reasons: one, Grace has no nieces, although I did entertain the possibility that she was speaking figuratively about someone in her family that she feels like an aunt towards. The second suspicious assertion was that she couldn't get the cards online. A quick internet check showed that such cards are easily obtainable online. Still, I was not entirely certain this was bogus, so I sent the following reply:

No problem, Grace. I will look at a grocery store nearby that I think stacks them. What denomination do you want?

To which she replied:

Thank you very much. Total amount needed is $200 ($100 denomination) from any store around you and I need you to scratch the back of the card to reveal the pin, then take a snap shot of the back

showing the pin and have them sent to me.


Once again thanks and God bless.


At this point I was almost certain this was a scam (it was unlikely she was travelling, since we were having lunch with them in two days), so I called my cousin to advise him that I thought his email had been hacked. However, I decided to string the scammer along for a while to waste his/her time. I started by not replying to the above email,. After a short time, I got this:

We're (sic) you able to purchase the card yet?

I received that message a second time within a couple of hours, at which point I wrote the following:

Would you like me to pick up a birthday card for her when I go to the store to get the Google Cards?

The response was a tad curt:

Just pick up the Google Cards, i need you to scratch the back of the card to reveal the pin, then take a snap shot of the back showing the pin and have them sent to me on here

Once again thanks and God bless.


Having more fun than I have had for a while, I decided to sound like a doddering old fool:

I don't have a Smartphone to take the pictures, So I have to go to the store to buy film for my camera.

Lorne


That netted this response:

Good morning,

I need you to scratch the back of the card to reveal the pin and write it out

Await your soonest response


Finally, I wrote what I knew would terminate this blossoming online relationship:

I am a little concerned about Internet security when it comes to sending sensitive information. May I call you with the numbers?

The scammer knew there was nothing more to do, and so sent me this:

Never mind keep the card for your [non-existent] grandchild.

The game was over, but I learned never to be too complacent about being able to detect Internet fraud. What bothers me now is that I have subsequently sent two messages to my cousin using his email address, and he has received neither. In the event that my email was compromised, I changed my password, but beyond that, I am at a loss. If anyone has any suggestions or insights, I'd be happy to receive them.