Like a dog detects a squirrel, I can’t help but notice when a new text appears on my iPhone. The little gray notification caught my attention and I immediately pulled away from the current task. In addition, this seems important. It was, but only because it helped me identify a very serious and malicious Amazon shopping scam.
With the holiday shopping season in full swing, these scams are on the rise (Opens in a new tab) And most of us do at least some gift shopping through Amazon (the retailer reported over $1 billion in sales (Opens in a new tab) during Black Friday).
It’s this Christmas mix of frantic shopping, excitement, a low-level fear that someone is going to scam you, and, of course, scammers exploit their way into personal privacy and technology, all with the sole intent of stealing your identity, data, credit cards, logins, and more.
While I wasn’t successfully phishing, I intentionally played with a scammer so I could show you how to identify and avoid a similar attack.
Like other alerts I receive from legitimate sources, this one was brief. He Said:
Your card has been charged $649 for the XGIMI Elfin Mini Projector
Application No. EMPY2219 on 05/DEC/2022
N0T ordered by you?
Call us: +17204813408
It will happen to you
I’m pretty sure all of you will receive a text like this before the holidays are over. Take a good look at this one. Contains grammatical and typographical errors that include a zero in place of an “o” and a missing word. No legitimate company will send you a text like this.
What scammers are counting on is the alert such a text might trigger. Maybe you will be so worried, you won’t read it carefully, instead you will just call the number. But what number? I noticed that the number in the text and the number listed for the caller ID do not match.
To be clear, I decided to call the number to better understand the nature of this scam – for the sake of science. My goal here is that from now on, you’ll read such text and immediately understand that Amazon, Best Buy, and other online retailers don’t work that way.
I decided to call the number included in the script, put the phone on speaker, and waited, perhaps, for it to ring before a rep picked up.
He began by asking, “How can I help you?”
I said, “You called me, and asked about an order.”
The delegate quickly recovered and asked for my name. I hesitated but realized my name wasn’t exactly a trade secret, plus I needed to push it forward so I could understand the end game.
Oddly, he did not ask me to spell out my name but followed it up by asking for the application number, which I duly provided from the text.
“Oh, there’s an Amazon order from Ohio and you’re in New York,” he tells me as I listen to the faint background of dozens of scam actors like himself trying to woo other callers.
Have you been to Ohio? Asked.
“no.”
“Did you share your Amazon account with someone in Ohio?” Asked.
“no.”
“There have been multiple requests from Ohio,” he added, sounding almost anxious to me. This guy deserves an Oscar.
While he was talking to me, I logged into my Amazon account on my desktop. No weird orders, just things I ordered for my wife’s Christmas gifts.
I said, trying to sound confused, “I’m sorry, but if someone orders on my Amazon account, shouldn’t I see those orders on my Amazon account?”
There was such a long pause as he was pushed out of the script.
He told me: “Yes…… but they are all on hold.”
Now is the time to get to work. The scammer told me it was important for them to connect me to the “Amazon secure server” to resolve this issue. Throughout the call, he must have said “Amazon Secure Server” six times.
“Well, how do I do that?” I said, still trying to sound flustered.
First, he said, we need to know what kind of device you’re using. I told him it was an iPhone
“Cool, I want you to put me on speakerphone and open up the App Store,” he said.
“Sure,” I told him, “put down my phone and started taking notes.”
“I need you to download this app. Instead of telling me the name, he spells it out, and gives me a word for each letter, ‘A’ as in all, ‘N’ as in Nancy, ‘Y’ as in yes, and ‘D’ as in dog , “E” as each, “S” as Sam, and “K” as Keep.”
My cheating friend wanted me to download AnyDesk, which it said was to connect to an Amazon Secure Server, but I knew it was remote desktop software. It’s the kind of app that lets someone halfway around the world connect to and control your computer or phone to root and get all your stuff.
While we were chatting, I researched the “Amazon AnyDesk scam” and quickly came across an article dated March 22nd that described this exact scam in detail.
I decided to slow things down a bit so I could get a message across to my cheating boyfriend.
“Wait, I just realized there’s another name on the account and I’m worried if you don’t have it, this won’t work,” I tell him with what I think is genuine concern in my voice. where Mine Oscar?
beautiful comment
Cheating boyfriend was upset. “No, no, just connect to the secure server. Download the app.”
I told him I wanted to make sure he got this.
“Fine. Give it to me.”
“Okay, I’ll say it. Ready.”
“Yes,” he said, and I could hear the anger in his voice.
‘N’ like no, ‘O’ like over, ‘F’ like fun, ‘U’ like under, ‘C’ like cable, ‘K’ like king, ‘I’ like inside, ‘ N’ like Nancy, ‘G’ like go, ‘W’ like walk, ‘A’ like everything, ‘Y’ like yes. “
At first, there was no reaction. He spelled it again, but since he hadn’t listened to some important letter, it didn’t make sense. We went back and fixed them. Then he said it again and there was a moment of silence.
“Why are you saying this to me?” he asked sadly.
“Because this is a scam, and you are a fraud.”
did not argue.
“Yes. Yes,” he said quickly, then hung up.
If you see a text like this, your first stop is to log into your own account with a trusted computer or phone and check for the wrong charge. If you see any, contact the retailer or location directly. Never reply to one of these texts and never install any software, no matter what the person on the other end of the line tells you.
Believe me.
You can further protect yourself with some of the best security software for 2022.