Internet Scams

They’re always wanting your money, Part 3.

~ grant.gallagher

Author Ryan M. Chippendale has been in public safety/service for over two decades. He has held the roles of Police Officer, Firefighter, EMT, CPR Instructor, NRA Instructor, Glock Armorer, and Notary Public, among others.  He is the proud father of three girls (12, 10, 4) and has been married for thirteen years.  He is the son of a senior mother who keeps a running honey-do list for him, and he has expertise with firearms, electronics and computer systems.  He is an ordained minister, is fluent in sarcasm, and has been known to be found at a karaoke bar once or twice in his life. This is the final article of a series of three blog posts.

The Joys of the internet. In the third part of this series I am going to dip my toe into the senior scams that come through the internet.  We’ve seen soooo many different tactics in the category.  Some that would be embarrassing if you fell for and some that I personally have to second-guess their legitimacy.  Years ago I was excited to get an e-mail but it was super common to get tons of actual paper “snail mail.”  Today I’m happy if I get one personal paper letter from the mailman along with the 300 garbage e-mails I get.  No matter how much I unsubscribe, everyday there’s offers to get my gutters cleaned, purchase a vacation, or lose weight (not that I don’t need all of those services).

While those are all mundane and ignorable messages, what about the e-mails saying your personal information is being exploited on the dark web or a message from Amazon informing you that your account has been compromised and they want you to confirm your credentials.  As I was writing this article I received this very e-mail:

Oh my!  Did someone from Mexico try to log into my Amazon account?!? Onset panic-mode.  Quick, let me click this link and make sure someone didn’t order themselves a TV to Mexico.  But wait, deactivate panic-mode and lets actually read the e-mail.  The e-mail was sent from a nonsensical e-mail address which is too long to fit on the screen.  It was sent to an address that isn’t mine.  That seems suspicious.

Lets read further. In the subject line there appears to be some kind of error code maybe but I don’t know what MGLTVTHF-131630461 means.  Is that something official?  Let’s keep reading, a greeting that doesn’t have my name and a body that has spelling mistakes, improper grammar as well as improper English.  Too many red flags for me but here’s the kicker… the button they want you to click is not a link to Amazon’s actual website!

Had I actually clicked the link it probably would take me to a website that looks similar to Amazon asking for my e-mail and password.  It might even ask me for some common security questions – your mother’s maiden name, the street you grew up on, your first car.  All in the name of security, you enter all the information and get: “oops, your user name and password don’t match.  Please try again.”  We’ve all done this.  Fat fingers or just can’t remember which kid’s birthday you used for this password.  Either way, while you’re blaming yourself for typing it incorrectly, the imitation website has loaded the actual Amazon website.  Now again, you enter your user name and password only this time it logs you in and everything seems normal.  That was close, you may have thought you’d been victimized.  Here’s the problem, you WEREN’T a victim until you gave up your password and security questions.  But you don’t know that you’re a victim so maybe the scammer sits dormant with your information for a bit and then attacks your identity or your accounts or simply sells the information to someone who gets a credit card in your name.

Now you’re compromised.  I hope you don’t use the same password for your Amazon account as your e-mail account, do you?  So now that the scammer can get into your e-mail they send one to everyone in your contact list.  “Hey, I’m in trouble.  I went to Europe on vacation and my bag was stolen.  I lost my wallet AND my passport!  To make matters worse, I got just got a flat tire and I have no way to pay the guy from roadside assistance.  I don’t have international calling so the only thing I was able to do is send a desperate plea for help via e-mail.  The service guy said if you have “CashApp” you can send him $200 for the tire change and I’ll pay you back when I get home.  He said if you don’t that Appy thingy if you go get a gift card and take a picture of it, you can e-mail it to me.”  (Sound familiar?). Now think about everyone in your e-mail contacts…. Would someone fall for this?  They got an e-mail from “you” from your actual e-mail address.

Here’s another common one.  Imagine you get an e-mail from your boss and it says “I’m stuck in a meeting and I need a gift card for my nephew’s birthday party this evening.  Can you please run to Walmart and get me a $100 gift card.  Thanks”. By now these should sound like obvious scams but you might be inclined to do your boss a favor.

A simple trick to limit the amount of messages you get is to unsubscribe from any many of the unwanted e-mail lists that you can.  You’ll scrutinize the messages better if there’s less of them bombarding you. 

My mother regularly calls me about something computer related.  Some of those phone calls are asking if something is real or a scam.  It’s almost always a scam.  Her litmus test is “what’s Ryan going to say if I click this and something goes wrong?”  Feel free to use that mentality… take a moment, escape panic-mode and evaluate the situation.

How to Spot an Internet Scam

~ grant.gallagher ~ 2 Comments

Author Michael Lindner is a software developer living in Monmouth County, NJ, with his beautiful wife and the youngest of his three sons. His interests are faith, family and freedom, which makes him an anachronism.

The term “Spam” is used to describe any unwanted or unsolicited email or text. Often these “spam” messages are also “scam” messages – messages designed to con you out of money or personal information that can be used to rob you. If you’re like me, you get text messages and emails almost every day from scammers. As a long-time computer professional I can share some tips to spot them and avoid getting scammed. Here are some of the things I look out for – do any of these seem familiar?

Getting messages from a company you don’t do business with. Almost every day, I get a message with a link to a gift for being a loyal Verizon cellular customer. The problem is that Verizon is not my phone carrier.

If you receive a message claiming you are a customer of some company you know you are not a customer of, chances are it is someone trying to trick you into either trying to accept a “free” gift or trying to tell them you are not their customer. Sometimes the message is from a company you have an account with, but is referencing something fake. For instance “Thanks for paying your December bill, here is a gift” when you paid your December bill weeks ago (or haven’t paid yet). Check the source of the email or text, it is probably wrong.

Getting email messages from a suspicious email address. Email and web addresses work from right to left. If you google Verizon you will find their web address is www.verizon.com. The important part is the last two parts, “verizon.com”, which is called the “domain name”. Every web site the company has, and every email the company uses, will end in that same domain name, “verizon.com”. Scammers will usually use email addresses and links that are similar, but different. Some examples might be “verizon.xyz.com”, “verizon.xyz”, “verison.com” or “verizon.com.xyz.org”. Note that they do not end in “verizon.com”.

Most email programs will show you the actual email address if you hover the mouse cursor over the “From” email address on the screen. A few will make you right click or click on “show headers” to see it. But if an email is suspicious, take the extra time to see who it’s actually from, and whether it is legitimate.

Getting text messages from a suspicious phone number. Most large companies use “short codes” to contact their customers. This is a five to seven digit number. If you receive a text message allegedly from your phone carrier or similar that is from a “normal” 10 digit phone number, it is likely a scam. Be careful.

Getting message with a link that doesn’t go to the right web site. Links to web sites look like “https://www.verizon.com/support”. The part after the “://” and before the next “/” is the important part, and just like the email addresses, it must end in the proper domain name, in this case “verizon.com”. An email might have a link that says “click on Verizon customer service” to claim your gift. If you hover your mouse cursor over the link, most browsers will display, at the bottom of the window, where the link actually goes. If that link is not going to the domain you expect, odds are the email is a scam. If the email looks suspicious but you want to go to the site the email allegedly goes to a safer way is to google the address (for example, google “Verizon customer service”) and click on the search results.

Web sites that ask for personal information. Suppose the email looked ok, but when I click on the link the site I go to is asking for my name and birth date, or other personal information, to “verify” who I am? That’s likely not a legitimate site. If you are uncomfortable with the site asking for personal information, look up the phone number of the company it’s supposed to be from, call their customer service and ask if the email and site are legitimate. Most companies are happy to help, and grateful to find out about scammers using their name.

What to do with scam emails, texts, etc. What should you do with a suspicious message? First off what not to do. Do NOT respond to it, even to say “rot in hell you scammer”. The more information they get from you, even just the fact that you are a real person, the more they can do. Ignore ignore ignore.

Most email clients have a “Spam” button that you can click on. Use it. Not only does that keep you from having to see the message, but it gives the email program information on catching future scam messages. Use spam filters if your email/phone provides has them. These take feedback from other users reporting spam to stop such messages from getting through to your inbox in the first place.

Most of all, remember the adage “if it sounds too good to be true, it probably isn’t.”