Ray Postell works with clients who have sometimes lost hundreds and even thousands of dollars due to internet and email scams. Lately, the online ruses have followed a similar pattern.
“You get an email from Amazon or eBay telling you that you have a package purchase for $500 to $800 — this outrageous number, to get your attention — and thanking you for it, but if you want to decline or refuse the order, then call this number,” said Postell, the owner of North Georgia Computer Brokers in Ellijay. “Otherwise, it will be charged to your bank account or credit card.
“I had three (customers call) last week and one today (Dec. 22) that have answered, and they just want to argue with the people, (saying) ‘I did not order that!’ They get you in a conversation, and that’s where they can turn you right around and get you to give them remote access to your computer.”
If the recipient of the email takes the bait, they potentially allow access to personal financial records stored on their hard drives.
“The scammers will say they’re going to refund this money to your account or your credit card that they claim to have taken it out of, but that’s just to get into your account,” he confirmed. “And while they’re talking to you and you’re arguing with them, they are transferring money out of your account or getting set up so they can transfer it.”
In the nick of time
One client was fortunate.
“A couple of weeks ago a guy came in (and told me) they were getting him set up for a $17,000 (transfer),” Postell shared. “They told him it was $800, but they took money out of his wife’s account, out of his savings account and put that into his little account that he had. When he saw that, he then went to (his bank) and they said yes, it’s getting ready to be transferred. So they stopped that one, they didn’t get him. But I see many for $700, $800 to $2,000 or $3,000 (amounts) over the last six months that have been scammed.”
A local woman related how an email, allegedly from eBay, told her she’d purchased an expensive product and she could have the charge declined with access to her bank records.
“She told them, ‘But I don’t have an eBay account’ and they kept telling her, ‘Well, it’s here and (the money) is going to be withdrawn from your bank account’ and she allowed them to go in so they could refund the money,” Postell said. “(The scammers) just get you confused, and a lot of people are easy to confuse (about computers). Unfortunately, there’s a lot of people that will fall for that ploy.”
He was asked to describe an email that may be fraudulent.
“It will say ‘Amazon account’ or ‘from Amazon,’ but if you will look at the return — the reply address — it will have ‘Joe Blow @’ or just a series of numbers or letters that don’t mean anything,” he said. “That would be a giveaway if you knew to look there. Other than that, you might look for misspelled words, words in all caps or in the wrong place — that’s a giveaway too.”
Are the current scams holiday oriented?
“No, this scam has been going on for a long time,” Postell replied. “This year, I’ve noticed it seems more than usual. I don’t know if it’s because some people are staying home more because of the coronavirus and are more susceptible to get this.”
He said 25-30 percent of his business is dealing with scams.
Jamie Cantrell, a systems engineer in the Internet Technology (IT) department at Ellijay Telephone Company, believes holiday buying with the big-name companies drives some scams.
“Around this time of year especially, the traffic to those sites is just so much higher,” he said. “That’s when this kind of thing escalates. We’ve seen similar scams over the years, and to take it a step further, I would include not only Amazon and eBay but some of the big-box stores like Walmart and Target as well. Those seem to be the ones that get targeted the most, just because of those big names.”
Ellijay Telephone’s IT employees also see gift-card scams.
“The recipient will get an email, sometimes it will be generic, or (relate to) a person’s social-media page. The sender may have gotten ahold of a friend’s name or something off their profile, and will send them a gift card that looks like it’s from one of their friends. And when they click on the link, it will take them to what looks like a (store) page and they’ll punch in their credentials to log in to Walmart, Target, Amazon, whatever it may be,” he explained. “At that point, you’re actually going to a fraudulent page — (the scammers) have gotten very good at building these pages to look like the real thing — and they’ll unknowingly provide their log-in credentials to the scammer.
“As everything is moving to the Cloud and online, unfortunately these scams have gotten more sophisticated.”
Phone call red flags
Fraudulent phone calls are often from someone “claiming to be from a government agency,” Cantrell pointed out.
“Like the IRS or the Social Security Administration, something like that,” he specified. “It’s a fear tactic. They’re warning the recipient that if they don’t address something or do something about this right now, they risk either hefty financial penalties — or in the case of Social Security, an interruption in their benefits.”
Do seniors then need to be especially aware?
“Yeah, with these types of scams, unfortunately, that seems to be who are predominantly the targets — especially the threatening scams where they’re claiming to be from a government agency,” Cantrell said. “They target that older demographic. I hate to stereotype, but by and large, they’re not as tech-savvy as the younger generation.”
An easy response would be to “just terminate the call” and contact the agency being misrepresented.
“Government agencies are not going to play these fear-type games or try to scare you into paying something,” he noted. “That would be one red flag, if they’re threatening immediate action — your financial well-being — that’s a pretty good red flag this is not a legitimate call. Reach out to the agency, don’t just respond to an unsolicited call.”
Cantrell said unusual email addresses of the sender are often a “dead giveaway.”
“It’s real easy to fake an address if you’re just looking at the sender, because they can type in how they want their email address to appear,” he said. “So they could send it to you and it would actually appear like it’s from a legitimate source like Amazon.com or IRS.gov. But if you hover over that address (with your mouse cursor), that’s when it will show you the real address it originated from … (or if) it looks like something crazy or ends in one of the foreign extensions like ‘ru’ for Russia or something like that, it’s a pretty good indicator that’s not going to be on the up and up.”
Cantrell said another scam even some employees in the ETC office have received are phone calls from someone claiming to be from Apple or Microsoft.
“They’ll call to tell you they’ve noticed some strange activity on your machine and you’ve been compromised,” he detailed. “That’s kind of a low-tech way that they’re trying to do the same thing as the email scam. They’re trying to get the end-user to go to a website and download a program to, quote-unquote, ‘fix’ their computer. What happens is the user ends up downloading malware (a program with malicious intent) or ransomware (that encrypt a user’s files, then holds them hostage and demands payment), thinking they’ve been contacted by a legitimate source when they’re not.”
Tips on avoiding internet scams
Following are some general guidelines to follow to help prevent falling victim to an internet scam:
﹣ Treat any unsolicited communication with a certain degree of skepticism.
﹣ Don’t blindly click on links or attachments in unsolicited emails.
﹣ Don’t take for granted that institutional contact information in an unsolicited email is legitimate (email address, phone number, etc.). When in doubt, look up the information on the institution’s website.
﹣ Use two-factor authentication when available for any accounts that could result in financial loss if compromised.
﹣ This adds an extra layer of security by requiring the user to enter a secure PIN sent to their mobile device, in addition to their normal login credentials.
﹣ This additional step is typically only enforced the first time a device connects to an institution’s network, and not on every login attempt as many believe.
﹣ This extra step can prevent a user’s personal account from being breached, even if their password is compromised.
Source: Jamie Cantrell, Ellijay Telephone Co.