A reliable rule:
If a friend emails or texts you, asking you to send a gift card to some third party, DON'T.
It's a scam.
You aren't really communicating with that friend. And that money would go to the scammer.
Some of my friends and acquaintances got a scam email exchange yesterday. It looked like it came from me. It didn't. It came from an old email account that I don't use any more. Emails sent from that account look legitimate. They have my name and a plausible email address (petersage@charter.net -- an account that is now completely disabled by the company) and a nice photo of me taken 15 years ago. But a person who received the email would not see some obvious mistake, like a misspelled name.
The scam started with an email, to test the waters and see who would respond. Everyone got this: "Just wanted to check in and see if I could ask for a favor? Peter"
One friend, who sent me her email exchange responded, "Well, you can always ask. What's up?"
Another friend responded to that email with: "Sure. What do you need?"
People who responded got this email, which I present exactly as they got it:
Thanks for the response. I need to get an Amazon e-gift card for my friend's daughter who is diagnosed with Stage 3 metastasized breast cancer, she had lost both parents to the disease (Covid 19.) She needs to buy medicine. It's her best chance at surviving. My efforts to buy it for her on line proved abortive. Could you get it on line and have it sent to her email address. I will reimburse you. Let me know so I can provide you with her email address. Awaiting your response.
Peter
Fortunately, apparently almost everyone was wary. I received numerous emails and texts asking me if this was legit. There is an inherent implausibility that somehow I am unable to buy a gift card to help out someone, but that I would need someone else to do it. Then the run-on sentence. And the vagueness of the sentence about buying it "proved abortive." Weird. But the email appeared to come from me and there was a bit of urgency here, "Awaiting your response."
One wonderful friend, both generous and incautious, followed the scammer's instructions, and sent a $300 gift card. The scammer got greedy and made a mistake. He immediately asked for more, with this email, with a subject line "Response needed!!!"
Again, I present it exactly as written:
Am so glad you are able to help; my friend Daughter sent her warm regards and love to you in the purchase of the Amazon e-gift card. I believe I'm not asking much from you, Apologies, can you help me to get more Amazon e-gift card of $500 for Her son who shares the same month with Anna, it is a House full of double celebration of life.
There, Total Money to be transferred to you is $850 plus charges fees. Your ability to help with this will be highly appreciated.
Peter
This one tipped the scammer's hand: the language looks like a non-native speaker of English, the erratic capitalizations, the "warm regards and love to you," the "I'm not asking much from you, Apologies. . . " This doesn't sound like me.
The friend called me on my phone. I told him it was a scam. He immediately called Amazon and was able to stop the transfer of any money before it had gone through. Whew.
The scam had the possibility of working because people who clicked "reply" to the original inquiry had good reason to think their emails would go to me, but they didn't. They went to the scammer. If an email's content seems suspicious, checking an email's "from" often reveals the scam. Anyone can open an account, perhaps at Hotmail or Yahoo, in your name if that name isn't already taken there. Everyone is vulnerable. Letters from it appear to come from you because they have your name in the heading. However, if a skeptical recipient clicks on the name in the sender box one gets the detail of the sender's reply address, not just the name in the heading. One can see that it goes to some strange address.
But that is not a reliable safeguard because, as in this case, my then-existing charter account had been hacked the day before. A recipient needed to look at the email's content and reflect on whether it was plausibly from me. Did it make sense that I would be asking friends to buy something to send to someone else? Does it make sense that I would ask for a favor of that kind out of the blue?
The real safeguard if one gets a scam email or text is to phone the supposed sender. Get a positive identification. But heads up: even this might get harder in the months and years ahead. A person's voice can be recorded and then repurposed using AI, and the result is very plausibly a familiar voice, but one spoken by someone else. Maybe today it would be hard to maintain the fiction if the person had a real conversation of any length, but the technology is changing quickly.
[Note: To get daily delivery of this blog to your email go to: https://petersage.substack.com/ Subscribe. Don't pay. The blog is free and always will be.]
4 comments:
My 9 year old granddaughter recently warned me about scams. She said “they target old people like you Papou!” A younger me would have been a little insulted for her to think I’m that gullible. In fact Im quite grateful for her concern :)
Great. Next we can look forward to cross examining AI impersonating a relative about subjects which only the actual relative should know. Which is why I’m not giving any biographical information to AI.
Everyone should be using password manager software. I use 1Password, and it is excellent.
Everyone should also transition from passwords to passkeys as soon as your account with that provider makes it possible.
Spamming retirees is a national problem and a rising source of financial loss for our generation of older, less computer-savvy individuals. I attended a retiree luncheon last fall with a guest speaker from AARP. The topic: How to protect yourself from scams aimed at retirees. Peter speaks to one where the hacker has obtained a list of contacts from an email account, such as Peter's Charter account. Your information is readily available and for sale on the Dark Web. Hackers are looking for all your personal information that will allow them to spoof your identity. It's not limited to computer attacks; spam phone calls are another avenue for them to follow. They make their money by collecting your information (i.e., passwords, SSA and Medicare numbers, and credit card info, etc) and then selling it on the Dark Web. Take steps to protect yourself today; be aware that this is happening. This is the message I took away from the AARP presentation. Spamming retirees is a growing concern and a significant source of financial loss for older individuals who may not be as computer-savvy. Last fall, I attended a luncheon for retirees where a guest speaker from AARP discussed how to protect ourselves from scams targeting older adults.
The speaker highlighted how hackers can acquire contact lists from email accounts, such as those from Charter. That personal information is often available for purchase on the Dark Web. These criminals seek personal information that allows them to impersonate others.
It's essential to recognize that threats are not limited to computer attacks; spam phone calls are another method they use to target potential victims. Hackers profit by collecting sensitive information, including passwords, Social Security and Medicare numbers, and credit card details, which they then sell on the Dark Web.
To safeguard yourself, take proactive steps and stay informed about these issues. This was the key message I took away from the AARP presentation.
Post a Comment