I Was Scammed!

© David Burton 2020

     I’ve always considered myself to be comparatively sophisticated with respect to technology and whatever is going on around me. In the age of the computer, the cellphone, the internet, etc. I’ve always been relatively on top of things, especially with respect to internet crime. In years past, I’ve had my credit card compromised and every so often have been contacted via phone to contribute to this or that charity, to take action because the IRS was coming after me, and so forth. On all previous occasions, I refused to be scammed. In some cases, I reported the attempts at fraud.

     Recently, I came to the realization that I am not as smart or as sophisticated as I thought. This realization came as I was being defrauded by some adroit scammers. The facts of the scamming are as follows.

     The sequence of events that took place started when I received an email from Discover that a charge on my wife’s Discover card had exceeded the limit that I had set for notification. I asked my wife if she had incurred the charge and she told me she had not. We immediately notified Discover that the charge was unauthorized. At that point Discover froze my wife’s Discover account and instituted steps to issue a new Discover card to her.

     The next event was an email, supposedly from Amazon, with which my wife has a frequently utilized account. The email asked if the purchase of a $250 Amazon gift card was valid. The gift card had been charged to by wife’s compromised Discover card. The email gave instructions, along with a phone number, for contacting Amazon if the purchase of the purported gift card was not valid. MISTAKE # 1: I called the number contained in the email.

ADVICE #1: If you are contacted about a potential security breach on a credit card or any other account and you are instructed to contact the company with a phone number or email address that they provide, Don’t! Instead, look up the company’s phone number or web site address and contact the company using that contact information. This information is always available on the back of your credit card. With a company like Amazon, it takes more effort. Finding a phone number for Amazon security was a challenge.

     When I called the number in the email, I was given instructions by the person at the end of the line to go to the “Amazon” web site. This web site appeared to be the genuine web site. It was not! This scam was not you average phone scammer. It was highly sophisticated with the false “Amazon” web site having every appearance of the real Amazon web site.

     We then went through a process wherein I told the person on the other end of the phone line that the $250 gift card purchase was a fraud, he duly noted that fact and informed me that he was freezing my wife’s Amazon account to prevent any further fraud. He next told me that he would institute the process of getting my wife a $250 credit to replace the money taken out of her Discover card account. But, since her Amazon account was now frozen, he couldn’t issue the credit to her Amazon account. He asked if there was some other account into which he could deposit the refund. MISTAKE # 2: I stupidly said that the refund could be sent to a Visa credit card account that my wife utilizes almost exclusively for gasoline purchases. The vast majority of her credit card purchases are made with her Discover card and that was now temporarily frozen. To compound my stupidity, I gave the “Amazon person” the Visa credit card number and security code.

ADVICE #2: Never, ever, give anyone critical information such as a credit card number, credit card security code, Social Security Number, etc. unless you are absolutely certain of the identity of the person with whom you are communicating.

     Over the next several minutes, the “Amazon person”: 1. gave me a "One Time Password (OTP)"; 2. gave me a “Refund ID”; 3. gave me a “Cancellation ID” for my use should I need to contact Amazon with any questions; 4. gave me a “Reference ID”; 5. gave me a “Google Confiration Code”; 6. told me was depositing the credit to my wife’s VISA account; 7. told me he was having a problem accessing the VISA account; 8. had me repeat the Refund and Cancellation ID's so he “could again try to deposit the credit to my wife’s VISA account.” This happened numerous times. The “Amazon person” also said that to compensate for the inconvenience we were experiencing, he was sending an Amazon $50 gift card to my wife. (It turned out that the the “Amazon person” had used my wife's Discover cashbasck bonus to pay for the Amazon $50 gift card.)

     I now became suspicious of what was happening and, while the phone conversation with the “Amazon person” was in process, I accessed my wife’s VISA account on my computer. What I found was that instead of depositing a $250 credit to my wife’s VISA card account, there was a series of six withdrawals pending from her account, in the amounts of $270.47, $157.72, $129.02, $106.47, $234.50, and $469.23, that were being used to send six Western Union money transfers to the same recipient. I also found out that the “Amazon person” was located in India. At this point, I had my wife contact VISA and apprise them of the fraud that was taking place.

     Over the next several weeks, I changed numerous account passwords and closely monitored all online accounts for any suspicious activity. Old credit cards were cut up and replaced with new ones.

COMMENT: I have had my Discover card compromised a few times. On each occasion, Discover notified me almost immediately of the problem. In one case, where my Discover card was actually stolen, Discover was able to have the perpetrator arrested in the shopping mall where he was using my stolen credit card. Similarly, my wife was immediately notified of the unusual purchase on her Discover card and the account was then frozen when she notified Discover that she had not made the reported purchase. Such prompt action did not seem to be the case with my wife’s VISA card. It seems to me that six $250 Western Union wire transfers, all within a space of 30 minutes and all to the same recipient, should have immediately raised a red flag. It did not. I had to notify VISA of the problem.

     What is needed to help combat all the credit card fraud, computer scamming and all the other illegal activities that have accompanied the widespread use of computers, the internet and cell phones is the equivalent of the 911 emergency phone number. This number could be called the instant a fraud is detected and whatever law enforcement agency is located at the other end of this fraud line could then instantly begin to trace the source of the fraud. Who do you call today when you suspect you are being scammed or defrauded? This is not a problem for your local police. Should you call the FBI? Who do you contact while the scam is being perpetrated so that tracing can immediately begin to identify, locate, arrest and prosecute the scammer(s)?

     Every company doing business via the internet needs to prominently provide contact information on their web site where any suspicious activity can immediately be reported and help obtained. This information should be clearly identified as the company’s security/fraud point of contact. It would be even better if all companies could agree on a common format and the same location on the web site page where this information is provided.

     Scammers are highly sophisticated today. Like me, many targets are senior citizens, who are often softer targets than younger and more technically savvy individuals. Recently, the targeting of America’s older population by scammers has come to the attention of the government.

     “What’s the biggest fraud facing seniors today? A scam in which callers attempt to trick them into giving them money or handing over their Social Security numbers.
     “Senators said Wednesday {29 January 2020} that Americans reported losing close to $38 million last year to this Social Security scam, which they said is a relatively new scheme targeting seniors that has grown at an alarming rate.
     “Sens. Susan Collins, R-Maine, and Bob Casey, D-Pa., chairman and ranking member of the Senate Aging Committee, stated at the Wednesday hearing, titled ‘That’s Not the Government Calling: Protecting Seniors from the Social Security Impersonation Scam,’ that the Social Security Scam has become the most-reported fraud to the Federal Trade Commission and the Aging Committee’s Fraud Hotline.
      - - -
     “The scammers mislead victims into making cash or gift card payments for help with purported identity theft, or to avoid arrest for bogus Social Security number problems . . .
     “ ‘To be clear, the scams we are discussing today are not Social Security program fraud,’ Social Security Commissioner Andrew Saul told the committee in his Wednesday testimony. ‘Rather, they are schemes to trick people into thinking a credible organization — a bank, a utility company, a credit card company or the government, including SSA — is calling so that they give up their personal information, pay money or both.’
     “Said Saul: ‘There are many variations. Scammers play on emotions like fear to get people to act without thinking.’
     “For example, a caller may say he is from SSA and that a senior’s Social Security number is suspended or has been used in a crime.
     “ ‘The caller identification may be spoofed to appear to originate from a government number. The caller may ask you to provide information like your SSN to reactivate it,’ Saul said. ‘The caller may tell you your bank account will be seized and direct you to send money or gift cards for safekeeping. If you comply, your money is gone. If you don’t comply, the caller may threaten you with arrest.’
     “Since creating an online reporting form less than three months ago, the Social Security Administration has received more than 115,000 complaints. The form can be accessed at oig.ssa.gov.
     “A new version of this scam is also emerging, Saul reported, in which fraudsters email fake documents in attempts to get people to comply with their demands. ‘Victims have received emails with attached letters and reports that appear to be from Social Security or the OIG,’ he said. ‘The letters may use official letterhead and government jargon to convince victims they are legitimate; they may also contain misspellings and grammar mistakes.’ “ (Ref. 1)

     The Federal Bureau of Investigation (FBI) has a web site related to credit card fraud. The web site contains the following information.

     “Credit card fraud is the unauthorized use of a credit or debit card, or similar payment tool (ACH, EFT, recurring charge, etc.), to fraudulently obtain money or property. Credit and debit card numbers can be stolen from unsecured websites or can be obtained in an identity theft scheme. Visit the FBI's Identity Theft webpage for additional information.

Tips for Avoiding Credit Card Fraud:

• Don’t give out your credit card number online unless the site is secure and reputable. Sometimes a tiny icon of a padlock appears to symbolize a higher level of security to transmit data. This icon is not a guarantee of a secure site, but provides some assurance.
• Don’t trust a site just because it claims to be secure.
• Before using the site, check out the security/encryption software it uses.
• Make sure you are purchasing merchandise from a reputable source.
• Do your homework on the individual or company to ensure that they are legitimate.
• Obtain a physical address rather than simply a post office box and a telephone number, and call the seller to see if the telephone number is correct and working.
• Send an e-mail to the seller to make sure the e-mail address is active, and be wary of those that utilize free e-mail services where a credit card wasn’t required to open the account.
• Consider not purchasing from sellers who won’t provide you with this type of information.
• Check with the Better Business Bureau from the seller’s area.
• Check out other websites regarding this person/company.
• Don’t judge a person or company by their website; flashy websites can be set up quickly.
• Be cautious when responding to special investment offers, especially through unsolicited e-mail.
• Be cautious when dealing with individuals/companies from outside your own country.
• If possible, purchase items online using your credit card. You can often dispute the charges if something goes wrong.
• Make sure the transaction is secure when you electronically send your credit card number.
• Keep a list of all your credit cards and account information along with the card issuer’s contact information. If anything looks suspicious or you lose your credit card(s), contact the card issuer immediately.” (Ref. 2)

• ”Don’t click on any links you’re not sure about and don’t email unencrypted personal financial information, even if you trust the recipient.
• ”If you’re contacted by phone, rather than email, don’t divulge any sensitive information to anyone unless you have initiated the contact.
• ”Never call the number or click on a link that suddenly pops up on your computer screen, especially if it claims that your computer has been infected with a virus.
• ”Keep your antivirus and anti-malware programs updated.