Unfortunately, phishing scams seem to be the new normal. Most recently, an elderly woman in the tri-state area almost got scammed for $25,000. According to Patch.com, what began as an average phishing scam turned even more sinister when the scammer turned up at this elderly victim’s house to retrieve money physically.
Geek squad scammer caught in elaborate phishing scheme
While this Geek Squad scam isn’t new, this scammer took it to new lows and got caught in the process. In this particular scam, scammers send their victims phishing emails pretending to send them a large invoice for their Geek Squad subscription. The email recipients usually panic at the large charge and call the customer service telephone number listed in the scam email and invoice.
The scammer then pretends to be the customer service representative helping to cancel or refund the charge. They’ll usually use that moment as an opportunity to confirm bank account information with the victim to steal their money later. Even if you simply click on their links or download the invoice from the email, there is a potential risk that viruses or malware have been downloaded onto your device.
MORE: THE ‘UNSUBSCRIBE’ EMAIL SCAM IS TARGETING AMERICANS
Elderly victim foils scammer’s elaborate plot
The elderly victim gave her bank account number and remote access to her computer. The scam, however, doesn’t just stop there. The scammer went a step further and proceeded to convince this elderly woman that they had accidentally refunded a fake $25,000 into her bank account by mistake and that he needed her to withdraw $20,000 in cash initially for him to pick up with arrangements to pick up the remaining $5,000 the following day. This is when the elderly woman called her local authorities. Thankfully, the authorities set up surveillance and apprehended the scammer when he came to collect the $20,000.
Perhaps the elderly victim lucked out that this scammer had an extra level of greed: combining multiple scams into one.
MORE: 7 EFFECTIVE WAYS TO MAKE YOUR LIFE MORE SECURE AND PRIVATE ONLINE
How do you prevent this scam from happening to you?
Know your subscriptions: The better you know what active subscriptions you currently pay for, the less likely you are to realize such emails are fake.
Organize your invoices: If you’re still receiving emails or physical invoices, keep track of when they usually arrive. Invoices, for better or worse, come regularly and on a consistent schedule. If something shows up in an unusual form (an email instead of a letter in the mail per usual) or at a particular time, you are more likely to stop yourself from falling for this type of scam.
Go to the official website for contact information. If the scammers happen to pick a company that you do subscribe to, it can be even easier to fall for this type of scam. But before clicking any links, downloading any invoices, or calling the number listed, you can google the company’s official website and use the contact information there. If the company did indeed send you a bill, they should be able to help you with the refund or confirm whether you were sent legitimate communications.
Watch for language and tone of voice: Most legitimate companies go out of their way to specially train their employees to provide their customers with excellent service. They are trained not to lose their temper, so if you happen to be on a call with a scammer, they often don’t use professional language or have a professional demeanor. If you push back on providing certain information, a real customer service agent wouldn’t make any threats or demands. Providing social security numbers or bank account information is usually frowned upon for security reasons by legitimate companies. Legitimate companies typically have other ways to validate your identity and account information. You can always hang up the phone if you get overwhelmed on a call! After all, an honest company doesn’t disappear after one disconnection.
Setup payments electronically: If you have your subscriptions paid electronically on a regular basis, you’ll know that you shouldn’t be receiving an additional invoice for a subscription service. Additionally, if you are paying with a credit card, you can try to use a specific card for all your subscriptions so you know where and when to expect the charges. You’ll also know that certain bank information shouldn’t be relevant to paying an invoice if you get one of these phishing emails. For instance, why is the scammer asking for bank account information when you charge your subscriptions on a credit card, etc.?
MORE: DON’T CLICK THAT LINK! HOW TO SPOT AND PREVENT PHISHING ATTACKS IN YOUR INBOX
What to do next if you’ve been scammed?
These scammers could’ve obtained your email address through various methods, from email harvesting to purchasing it from the dark web, below are some action steps you can take to protect yourself if you feel you have been scammed:
1) Change passwords: For any accounts that might have been accessed or mentioned to or by the scammer, you should log in from a secure, virus—and malware-free device and change your password immediately. It is best to create unique and complex passwords, including letters, symbols, and numbers, for each separate online account. If you need help generating and storing complex passwords, consider using a password manager.
2) Keep an eye on all your accounts and credit consistently: Contact the financial institution and explain the situation for all accounts impacted by the potential scammer. They can help you freeze or lock your account so these scammers have little or no access to your money. Contact the three main credit bureaus to freeze your credit. This will prevent anyone, including hackers, from wreaking havoc on your credit. Make sure to report any errors on your credit reports with the credit agencies. Remember that you are allowed a free annual credit report. If there are too many accounts for you to keep track of regularly, a credit monitoring service can help by constantly monitoring and alerting you of any account changes or problems.
3) Setup alerts for financial accounts: Most financial institutions offer financial alerts or restrictions for all transactions for checking accounts and cards. Do use them so you can be notified of any fraudulent transactions immediately. The faster you can report these charges to your financial institution, the more likely you can stop the scammers in their tracks.
4) Enable two-factor authentication for any account impacted by the phishing scam: This would include your financial accounts and email address. If you have this additional layer of security on, the hacker or scammer would have to send a code to another device or account to gain access, even with your password.
5) Get Identity Theft Protection: While getting an identity theft service seems overkill, many identity theft protection services can help you when your accounts get compromised. They continually monitor the dark web and your financial accounts to see if any crucial personal information like your email addresses or bank account information is compromised or up for sale on the dark web. Getting those alerts immediately allows you to act faster and take the abovementioned steps. If you have already given out your information to a potential scammer, you should follow these steps to ensure that your identity hasn’t been stolen.
My top recommendation is Identity Guard. One of the best parts of using Identity Guard is that they might include identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.
CyberGuy’s Exclusive Offer: Get the Identity Guard Ultra protection to protect your identity and credit through tax season and beyond for as little as $9.99/mo (lowest offered anywhere) for the first year.
See my tips and best picks on how to protect yourself from identity theft.
6) Use strong antivirus software: If you have antivirus software installed on the device where the scam email was received and any links clicked or attachments downloaded, run a scan on that device to identify suspicious software, delete it, and restart your device.
My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
7) Call the local authorities: While you hope never to encounter a scammer like the elderly woman who was victimized, if you feel unsafe and uncertain about how scammers will use your information, definitely reach out to local authorities.
Kurt’s key takeaways
While there is little you can do about your digital information swimming around the internet, there are active steps you can take to protect yourself from these types of phishing scams. In the worst-case scenario, there are also ways to prevent further compromise if you fall victim.
Have you been a victim of a phishing scam? How did you find out it was a scam? Let us know in the comments below.
TO GET MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER
Copyright 2024 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.
1 comment
My son thought he was having an online relationship with Sandra Bullock. He sent copies of his SS card, Drivers License and ATM card but wasn’t sure if it all went through. We got a new ATM card. Fortunately he did not and does not have any funds. He then panicked and started deleting all the messages. Nothing has happened (yet), not sure what to do now. It’s been months. Warm others about this scam.