This Situation Involving A Refund #Scam Could Have Been MUCH Worse For This Client
Just last week a friend of mine who reads this blog said “you haven’t had to rescue a client from a scam lately”.
Little did I know that he’d just jinxed my existence.
Yesterday afternoon I got a panic call from a client while I was driving from a data recovery facility on behalf of another client. (That’s a story for another day) The client in a panicked voice described getting an email saying that she had been charged hundreds of dollars for buying Bitcoin using PayPal. She phoned the number and that’s where things went rapidly downhill. I diverted myself from Markham Ontario to downtown Toronto to deal with this. And I’ll give you a bit of a spoiler, she was lucky.
When I arrived, I looked at her Mac and I tried to reverse engineer what happened. Here’s what I found.
She got an email from a random gmail.com account claiming that she had bought Bitcoin using PayPal. There was nothing on the email identifying her other than an email address. That along with the random gmail.com email address should have been the hint that this was a scam. But she didn’t check those details because of how professional the email looked.
Top tip: No matter how professional an email like this looks, if you know that you didn’t buy something from a vendor, and there’s nothing identifying you as being the purchaser, it’s likely a scam and you should just delete the email. In this case, this is called the refund scam. You’ll see why it’s called that in a moment.
She then called the number and the scammer at the other of the line then started to weave a story about her PayPal account being hacked and how they needed to connect to her computer to “secure it” as well as to “generate a cancellation form” to refund her money. That’s where the refund part of the refund scam comes from. The scammers have zero intention of refunding anything and are instead focused on stealing everything they can.
They then connected to her Mac using Team Viewer and then blanked out the screen to cover up their attempt to install ConnectWise Control on her Mac. But for reasons that I cannot discern, they failed at doing that. I’m guessing that it was because she never provided the scammers her computer’s password as I asked her about whether she gave them her password several times. But if they had succeeded, it would have given the scammers the ability to control the Mac and watch what was going on at will and without her knowledge.
In any case, she was told to log into her PayPal account. And she did. However she hadn’t used it in years and it not only had no funds in it, but wasn’t linked to a credit card or bank account.
Fun Fact: The client asked me to help her to cancel the PayPal account because of this incident and because she didn’t use it.
That’s when the scammers pivoted to trying to get her to log into her bank account. Her husband was nearby and got suspicious. When he started to try and intervene, the scammer then started to weave a story to get her husband to leave the room and take his devices (laptop, phone, etc) as they would get taken over by the hackers. Now this illustrates how scammers can use psychological techniques to advance their goals of stealing your money. Which in turn illustrates how dangerous they can be. Because what the scammers were trying to do is to keep them apart so that he couldn’t put an end to the scam. But that didn’t work and when he mentioned that he was going to call me and the scammer heard that, the scammer flipped out on her claiming that “computer guys know nothing and are out to steal your money.” That’s when my client clued in that this was a scam and hung up the phone.
By the time I had arrived, the client had frozen their credit cards and bank accounts. That’s a good idea in a situation like this as you don’t know what info the scammer might have stolen from you. They were also able to validate with their bank that no money was taken and no charges were on their credit card. In terms of their Mac, Team Viewer was installed on it and I removed it. I also found the installer for Connect Wise Control and nuked that too. I spent a fair amount of time looking at the Mac and found no evidence that the scammers had set anything else up. So I felt confident that the Mac was safe to use. As part of this, I was able to discover the ConnectWise instance that the scammers were using. So I reported that to ConnectWise in order to have them kill it. On top of that, I turned over the other information to the scam bait community so that they can extract some “vigilante” justice as I know that this is the only type of justice that these scammers will get.
At this point it appears that no money was stolen from the client, and her Mac is clear of anything “evil”. So other than a bit of wounded pride, the client survived this incident. But it highlights the need for people to stay vigilant. Trust any phone call that is unsolicited, or any email that seems weird to be a threat and do not engage with it. That’s the best way to stay safe. Especially during these times where scams seem to be out of control.
This entry was posted on October 3, 2024 at 8:58 am and is filed under Commentary with tags Scam. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
This Situation Involving A Refund #Scam Could Have Been MUCH Worse For This Client
Just last week a friend of mine who reads this blog said “you haven’t had to rescue a client from a scam lately”.
Little did I know that he’d just jinxed my existence.
Yesterday afternoon I got a panic call from a client while I was driving from a data recovery facility on behalf of another client. (That’s a story for another day) The client in a panicked voice described getting an email saying that she had been charged hundreds of dollars for buying Bitcoin using PayPal. She phoned the number and that’s where things went rapidly downhill. I diverted myself from Markham Ontario to downtown Toronto to deal with this. And I’ll give you a bit of a spoiler, she was lucky.
When I arrived, I looked at her Mac and I tried to reverse engineer what happened. Here’s what I found.
She got an email from a random gmail.com account claiming that she had bought Bitcoin using PayPal. There was nothing on the email identifying her other than an email address. That along with the random gmail.com email address should have been the hint that this was a scam. But she didn’t check those details because of how professional the email looked.
Top tip: No matter how professional an email like this looks, if you know that you didn’t buy something from a vendor, and there’s nothing identifying you as being the purchaser, it’s likely a scam and you should just delete the email. In this case, this is called the refund scam. You’ll see why it’s called that in a moment.
She then called the number and the scammer at the other of the line then started to weave a story about her PayPal account being hacked and how they needed to connect to her computer to “secure it” as well as to “generate a cancellation form” to refund her money. That’s where the refund part of the refund scam comes from. The scammers have zero intention of refunding anything and are instead focused on stealing everything they can.
They then connected to her Mac using Team Viewer and then blanked out the screen to cover up their attempt to install ConnectWise Control on her Mac. But for reasons that I cannot discern, they failed at doing that. I’m guessing that it was because she never provided the scammers her computer’s password as I asked her about whether she gave them her password several times. But if they had succeeded, it would have given the scammers the ability to control the Mac and watch what was going on at will and without her knowledge.
In any case, she was told to log into her PayPal account. And she did. However she hadn’t used it in years and it not only had no funds in it, but wasn’t linked to a credit card or bank account.
Fun Fact: The client asked me to help her to cancel the PayPal account because of this incident and because she didn’t use it.
That’s when the scammers pivoted to trying to get her to log into her bank account. Her husband was nearby and got suspicious. When he started to try and intervene, the scammer then started to weave a story to get her husband to leave the room and take his devices (laptop, phone, etc) as they would get taken over by the hackers. Now this illustrates how scammers can use psychological techniques to advance their goals of stealing your money. Which in turn illustrates how dangerous they can be. Because what the scammers were trying to do is to keep them apart so that he couldn’t put an end to the scam. But that didn’t work and when he mentioned that he was going to call me and the scammer heard that, the scammer flipped out on her claiming that “computer guys know nothing and are out to steal your money.” That’s when my client clued in that this was a scam and hung up the phone.
By the time I had arrived, the client had frozen their credit cards and bank accounts. That’s a good idea in a situation like this as you don’t know what info the scammer might have stolen from you. They were also able to validate with their bank that no money was taken and no charges were on their credit card. In terms of their Mac, Team Viewer was installed on it and I removed it. I also found the installer for Connect Wise Control and nuked that too. I spent a fair amount of time looking at the Mac and found no evidence that the scammers had set anything else up. So I felt confident that the Mac was safe to use. As part of this, I was able to discover the ConnectWise instance that the scammers were using. So I reported that to ConnectWise in order to have them kill it. On top of that, I turned over the other information to the scam bait community so that they can extract some “vigilante” justice as I know that this is the only type of justice that these scammers will get.
At this point it appears that no money was stolen from the client, and her Mac is clear of anything “evil”. So other than a bit of wounded pride, the client survived this incident. But it highlights the need for people to stay vigilant. Trust any phone call that is unsolicited, or any email that seems weird to be a threat and do not engage with it. That’s the best way to stay safe. Especially during these times where scams seem to be out of control.
Share this:
Like this:
Related
This entry was posted on October 3, 2024 at 8:58 am and is filed under Commentary with tags Scam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.