Like a dog spotting a squirrel, I can’t help but notice when a new text pops up on my iPhone. The little gray notification caught my attention, and I immediately pulled away from the task at hand. Plus, this one looks the part. It is, but only because it helped me identify a very dangerous and harmful Amazon shopping scam.
With the holiday shopping season in full swing, such scams is rising (opens in a new tab) Most of us buy at least some gifts through Amazon (the retailer reports more than $1 billion in sales (opens in a new tab) during Black Friday).
It’s this mix of shopping sprees, excitement, and low-grade fear that someone is going to scam you, and scammers naturally use their way to hack into your privacy and personal technology, all with the sole purpose of stealing your identity, data, credit cards, login etc.
While I haven’t been successfully phished, I’ve deliberately played with scammers so I can show you how to accurately identify and avoid similar attacks.
Like other alerts I’ve received from legitimate sources, this one was brief. it says:
“Your card has been charged $649 for XGIMI Mini Projector
December 5, 2022 Order ID #EMPY2219
NOT ORDERED BY YOU?
Contact us: +17204813408”
it will happen to you
I’m pretty sure all of you will be getting text messages like this before the holidays are over. Take a good look at this. It had grammatical and typographical errors, including a zero instead of an “o” and a missing word. No legitimate company will ever send you a text message like this.
Scammers are relying on the alerts that such texts can trigger. Maybe you paid too much attention to it and dialed directly instead of looking carefully. But which number? I noticed a mismatch between the number in the text message and the number listed on the caller ID.
To be clear, for the sake of science, I decided to call this number to better understand the nature of this scam. My goal is that, from now on, you will read a text like this and immediately understand that this is not how Amazon, Best Buy, and other online retailers work.
I decided to call the number embedded in the text, put the phone on speaker, and after about two rings, a representative answered.
He started, “What can I do for you?”
“You call me,” I said, “to ask for an order.”
The rep quickly came to his senses and asked my name. I hesitated, but realized my name wasn’t exactly a trade secret, plus I needed to pull him further so I could understand the endgame.
Strangely, instead of asking me to spell my name, he asked for my order number, which I dutifully provided from the text.
“Oh, there’s an Amazon order from Ohio, and you’re in New York,” he told me as I overheard the faint background chatter of dozens of scam reps like himself trying to lure other callers.
“Have you ever been to Ohio?” he asked.
“Do not.”
“Have you shared your Amazon account with anyone in Ohio?” he asked.
“Do not.”
“There are multiple orders from Ohio,” he added, almost sounding concerned for me. This one deserves an Oscar.
While he was talking to me, I was logged into my Amazon account on the desktop. No weird orders, just something I ordered for my wife’s Christmas present.
“I’m sorry,” I said, trying to sound confused, “but if someone orders on my Amazon account, shouldn’t I see those orders on my Amazon account?”
There’s a long pause, like I’m pushing him away from the script.
“Yeah…but they were all put on hold,” he told me.
Now is the time to get down to business. The scammers told me they had to connect me to “Amazon’s secure servers” to fix the issue. He must have said “Amazon Secure Server” six times during the entire call.
“Okay,” I said, still trying to sound confused, “how do I do this?”
First, he said, we need to know what kind of device you’re using. I told him it was an iPhone
“Great, I need you to put me on the speakerphone and open the App Store,” he instructed.
I told him, “Of course,” put down my phone, and started taking notes.
“I need you to download this app. Instead of telling me the name, he spells it out and gives me a word for each letter,” ‘A’ for all, ‘N’ for Nancy, ‘Y’ for yes, ‘D ‘ stands for dog, ‘E’ stands for every, ‘S’ stands for Sam, and ‘K’ stands for Keep. “
My scam buddy asked me to download AnyDesk, which he said was used to connect to Amazon Secure Server, but I knew it was remote desktop software. An application that lets someone from the other side of the world connect to and control your PC or phone to search around and get all your content.
As we speak, I searched for “Amazon AnyDesk scam” and quickly found An article on March 22 described This exact trick is detailed.
I decided to slow down so I could message my scammer friend.
“Wait, I just realized there’s another name on the account and I’m afraid this won’t work if you don’t have it,” I told him in what I thought was genuine anxiety in my voice.where mine Oscar?
Give back
Scam partner is angry. “No, no, just connect to a secure server. Download the app.”
I told him I wanted to make sure he had this.
“Okay, give it to me.”
“Okay, I’ll spell it out. Ready.”
“Yes,” he said, and I could hear the irritation in his voice.
“N” means no, “O” means over, “F” means fun, “U” means under, “C” means cable, “K” means king, “I” means inside, ‘N’ means Nancy, ‘G ‘ stands for go, ‘W’ stands for walk, ‘A’ stands for all, and ‘Y’ stands for yes. “
At first, nothing happens. He spelled it back, but it didn’t make sense because he misheard a few key letters. We went back and fixed them. Then he spelled it out again, and there was a moment’s silence.
“Why are you telling me this?” he asked plaintively.
“Because it’s a hoax, and you’re a liar.”
He didn’t argue.
“Yes. Yes,” he said quickly, before hanging up.
If you’ve ever seen a text message like this, your first stop is to log into your own account from a trusted PC or phone and check for incorrect charges. If you see any, please contact the retailer or website directly. Never reply to these texts, and never install any software, no matter what the person on the other end of the phone tells you.
Believe me.
You can further protect yourself with some of the best security software in 2022.