The following incident recently happened to some elderly acquaintances of mine and, with their permission, I am providing the details of what happened and how easy it is to get caught up in these online scams. Even for someone who is typically cautious of unsolicited emails and phone calls, sometimes one will come along that is presented in such a way that it seems real.
Follow along as I go through how this happened and what can be done to prevent it.
The Start
I have changed the names of the people involved for privacy reasons.
The other day I received a frantic call from Bob and as soon as I picked up the phone he said “I think we have a problem!”.
“Why, what’s going on?” I replied.
“We got an email about some money that was taken out of our bank account, and Sue called the number and she was told that our information was hacked, and we needed to go to the bank right away and withdraw the rest of the money” Bob replied excitedly.
“How much money was supposedly taken?”
“$249. The hackers are involved in child pornography and if we don’t withdraw the rest of the money, the hackers will get that also and then we will be arrested for child pornography because it was our money. They want us to deposit it into a Bitcoin ATM”.
I could hear Sue in the background talking on the phone with someone, saying that she doesn’t feel comfortable withdrawing any money and depositing it into a Bitcoin ATM. She repeated that several times, and it was obvious the scammer was trying hard to convince her to withdraw the money and send it to him.
By this point they had been on the phone with the scammer and his associate for over an hour.
I didn’t need to hear any more than that, what was going on was obvious to me. “You’re being scammed, tell her to just hang up on them”, I told Bob. “You don’t need to explain why, it’s a scam and they don’t need an explanation, just hang up. And if they call back, don’t answer”. Sue immediately hung up.
When their phone call with the scammer ended, and I found out that no money was actually lost, we could all relax a little. I was anxious to get the details of how this episode escalated to almost losing $20,000.
How it Happened
Over the years I have preached to anyone who would listen about being vigilant against various scams, explaining how they work, who they target, and what to watch out for. This includes how to determine who an email is really coming from, being suspicious of the content, and the dangers of clicking on a link or calling the phone number provided in the email.
After Sue took a breather from being on the phone with the scammer for over an hour, she explained to me how the whole thing happened. The first thing she said was “I can’t believe I fell for that, there were so many red flags that I ignored while it was happening”.
Everything is crystal clear – in hindsight.
It all started with a spam email which stated that $249 was taken from their Wells Fargo account, and if this was done in error, then call the number provided to dispute it. Through the ensuing hour the scammer, Harry Smith, who claimed he was with the fraud department at Wells Fargo, convinced Bob and Sue that this money was stolen from their account by a hacker, and the hacker also stole their personal information.
He went on to say that if the rest of the money wasn’t withdrawn from that account, and other accounts they have, the hacker was going to steal the rest of it. Because the hacker was associated with child pornography, then they would be arrested because it would appear they were helping him.
A second scammer came on the line and claimed he was with their other bank, and through a series of questions (social engineering), that scammer was able to find out how much money they had in that account.
Harry Smith stayed on the phone with Bob and Sue while they drove to their bank to withdraw the money. When they got to the bank, Harry Smith told them to leave the phone in the car, but don’t hang up, and don’t tell the bank teller what is going on because he thinks this is an inside job and doesn’t want them alerted.
Sue went into the bank and, through a misunderstanding with scammer Harry Smith, she transferred money from one account to another instead of withdrawing it. When she told Harry Smith this, he wanted her to go back into the bank and withdraw the money and then go to a nearby Bitcoin ATM and deposit it.
It was at this point I received the phone call from Bob stating he thinks they are in trouble.
Hindsight
It’s easy for someone to look at the whole scenario after it’s over and pick out any number of red flags that are easily seen, and think to themselves ‘How could that happen, I wouldn’t fall for that’.
However, for the person going through the scam, it is actually a very fluid situation that starts with one tidbit of information that seems believable and progresses into a story that, when told after the fact, does not appear believable at all.
But the casual listener wasn’t going through it from the beginning. He or she wasn’t told something that caused a reaction of fear that something terrible was going to happen if they don’t act quickly. It all seemed plausible in the moment. In their mind, Bob and Sue had to stop this quick, with no time think about it. It was real to them at that time.
Nobody knows how many people received this same spam email, but I would venture to guess tens-of-thousands. And with each person who called the number to get their money back, that phone call may have started the ball rolling on their own personal nightmare, although their story would have unfolded differently. We are all unique, and we all have different items that trigger us and cause us to react, and the scammer can figure out what those triggers are very quickly
Before you react, there are some things you can do if you find yourself in a situation like this:
- Take a few deep breaths
- Call someone you trust and talk it over with them
- Ask yourself what you would tell someone who came to you for advice
- Consider the plausibility of this really happening
- This is a false sense of urgency they are creating so you will react quickly. Take your time and slow down
Phishing Emails and Spam
Let’s break down the actual email that was received and go over a few simple steps that can be taken to greatly reduce or eliminate your chances of getting duped by a spam or phishing email.
Rule #1: Never trust the From: line in an email.
These are easily spoofed and can be made to appear like the email is coming from anyone the sender wants it to be from. In this case the sender is ‘vannoy doug’, which is the display name the sender sets up. Most of us use our real name as the display name, but it can be set to whatever we like. The email program I am using, Thunderbird, automatically displays the actual email address of the sender, but most email programs only show the display name. As you can see this email came from roederzjer9i@gmail.com, not from the Wells Fargo Customer Support Team, as the body of the email actually suggests.
Safeguard: Hovering over the display name with your mouse will usually show the actual address the email came from. While viewing the email on a cell phone you may have to expand the From: line to show this information.
Rule #2: Does the Subject line make sense?
The subject line is ‘CAR LOAN STATEMENT REQUEST =4#’. The subject line is there simply to inform the user what the content of the email is about in the hopes the recipient will open it, and it may have nothing to do with the message of the email. This particular one could get someone’s attention if they have a car loan, so then the email will be opened by the recipient.
Safeguard: If the Subject line is confusing, or doesn’t pertain to you, be suspicious. Also look at the grammar and formatting of it. If the font looks completely different than most emails in your In Box, or if the subject line has some peculiarities, it is more than likely spam. This one was written in all capital letters, not the typical format most people use when sending emails, and the grammar appears suspicious.
Rule #3: Does the body of the email make sense?
Is the email addressed to someone specific or could it apply to almost anyone? Are there grammar/formatting errors in the email? Are there links to click on or a phone number to call? The line ‘A $249.00 charge has been made on your Wells Fargo account’ may get your attention if you have a Wells Fargo account, but there are no other specifics.
Safeguard: If the body of the email looks generic, is not addressed to a specific person, or has spelling/formatting errors, it is more than likely spam. In this case the scammer is creating urgency by stating that money was taken out of the user’s account, and provides a solution to remedy the issue. Never click on a link provided in an email and never call the number provided in the email. If you do you will be directed to a website operated by the scammer or you will be calling the scammer directly.
To reiterate, never click on a link in an email. If it is a phishing email that states you need to change your password and you click the link provided, you just gave the scammer your password.
Rule #4: Be weary of attachments.
This email contained an attachment titled ‘xxxxxx=[0000].pdf’. It certainly looks suspicious just based on the filename.
Safeguard: Never open an attachment to an email unless you were expecting it and you have verified the legitimacy of the email. If you do you open yourself up to having malware such as spyware, keyloggers, or ransomware installed on your computer, to name a few.
In Closing
Spam and phishing emails continue to be a threat, and we need to be vigilant at all times. Taking an email at face value could place us in crisis mode because of some type of perceived threat that the scammer has caused us to believe is happening, or will happen, if we don’t act quickly to take care of the issue.
Don’t take the email at face-value and click on a link or download an attachment without taking the time to determine the validity of it. All it takes is a little awareness and a few extra steps to avoid being placed in a situation where you put your personal information or finances at risk.
Leave a Reply