Up Your Business - June - 2021

A Near-Perfect Scam

Up Your Business is an exclusive GEARS Magazine feature where I share stories, insights, and reflections about business and life.

Internet scams are running rampant. As we become more informed about them and learn how to avoid them, the scammers are adapting. Their schemes are becoming more and more sophisticated and believable. They come in all shapes and sizes. You’ve likely heard about many and may even know a victim.

Frankly, I arrogantly thought that I was too smart to fall into a scammer’s trap, but I did. I nearly lost almost $30,000. This story is embarrassing to write because, in retrospect, there were clues that I missed – some obvious and others more covert.

The perverse beauty of this scam is that it was perpetrated by scammers who misappropriated the name and logos of a well-known, trusted internet security company. I’ll not name the company because they weren’t directly involved. Ironically, the scammers counterfeited the identity of a company that provides internet security and identity theft protection. It also involved two steps occurring over two days, and it preyed on the fact that people don’t think clearly when they’re emotional.

I own a laptop that came with antivirus/security software provided by this trusted company. From time to time, I’d get a pop-up message warning me that I was exposed because the software wasn’t up to date or that the subscription had expired. While those messages weren’t part of the scam, they did contribute to setting the stage for me to become a victim.

It began on a Monday. I received an email advising me that the antivirus software had expired, but this time it asked me if I wanted to renew it. I clicked on NO. In retrospect, it probably didn’t matter which choice I made because by clicking on anything, I was entering the trap.

The following morning, I received an email thanking me for renewing my subscription. It contained a confirmation number and stated that I’d been charged a renewal fee of $399.49. It also stated that I could cancel at any time and receive a full prorated refund by calling the customer support team at the number provided.

Now, I know you’re probably thinking that you wouldn’t call the number in the email. Good for you if you’re thinking that. Normally, I wouldn’t have either. However, try to put yourself in my head at the time. I had just replied that I didn’t want to renew, and now I get an email stating that I’d been charged $399.49 for a renewal I didn’t want. I was angry and couldn’t wait to give them a piece of my mind, and that’s what they’re counting on.

When I called the number, a friendly fellow answered, “Customer support, I’m Frank Turner, and my employee number is ##########, how may I assist you today?” When I told him what had happened, he politely said, “I’m sorry this has happened. I’m going to take care of this for you right away. What’s the phone number associated with your account?” As I gave it to him, I could hear him typing on a keyboard. I remember feeling how nice it was that I’d gotten straight through to such a helpful fellow.

Next, he said, “Okay, I’ve found your account and canceled your subscription. Now I’ll help you complete your refund request. If you’re close to a computer where you can access our website, I’ll help you navigate to the form. Let me know when you have your browser open.” When I told him that I was on my browser, he said to type in the web address www.thecompanyname.support.com and hit enter. When I did, it went to what appeared to be a legitimate website for the company.

Now, he guided me through a series of clicks, each time, asking me what was on my screen. Ultimately, a “Refund Request Form” came up. He said that I just needed to complete the form and hit submit when I finished.

You’re probably thinking that the form asked for information that would compromise my security by providing information they could use to hack me. But it didn’t ask anything that hinted of that – no bank, credit card, or social security numbers. It only asked for my name, billing address, phone number, email, and the following Yes or No questions:

  • Do you wish to cancel your subscription? Yes __ No __
  • Are you requesting a refund? Yes __ No __
  • Is your refund request for $399.49? Yes __ No __
  • If the above information is correct, click here. (Submit)

After clicking (Submit), Frank asked me what I saw on my computer screen. I told him there were five different-colored squares arranged in an interlocking pattern on a black background. He replied, “Good. That means the request is being processed right now. It will be just a few more minutes. Don’t do anything else on your computer and tell me when the screen changes.” By now, I was beyond impressed. Blinded by how polite and helpful he’d been, I sat patiently watching my computer screen.

Then the feces hit the turbine. Even though I was speaking on my cell phone, thank goodness, I still receive visual message alerts. A message popped up from my bank alerting me of a transaction for more than my preset alert limit. I knew I hadn’t made any transactions that day. So, immediately, I put the call on speaker and opened my bank app. $20,000 had been transferred from my savings account to my checking account!

The light bulb finally went on! I shouted to my wife, “Sue, call the police and tell them I’m in the middle of being ripped off! Our bank accounts have been hacked!” Fortunately, she quickly got through to a fraud detective, who told me to immediately hang up on the call and turn off the computer. He said to call our bank’s fraud department, assuring me that he’d call back to complete a report later.

This story does have a happy ending and a boatload of lessons. The bank was able to freeze all my accounts before the scammers got any money. But they had gained access to my accounts and transferred money into my checking account, which would have enabled them to do an external transfer. It was only a matter of minutes before they could have swept the money out of my checking account.

Of course, I still had the hassle of establishing new accounts and changing all the automated transactions. I was surprised at how easy the bank made it, but it was still time-consuming, and I felt violated.

Between the conversation with the bank manager and the police detective, I learned a few things that I felt made this article worth writing and worth your time reading it. One of my objectives for this column has always been for you to learn from other people’s mistakes. While I’d prefer otherwise, this time it’s from my mistakes.

First, I’ll explain how the scam worked, and then I’ll share some tips on how to avoid scams like this one.

As I mentioned earlier, this scam worked primarily by getting my attention and using a well-known, trusted company as a ruse. Next, they played into my anger so I wouldn’t be thinking clearly. But the real con was the performance of the “Customer Support” agent.

When I asked the bank manager how they get access to my accounts, he replied, “You gave them access without even knowing it. The Refund Request Form was only an overlay. Your answers were hot-linked to give them permission to control your computer and gain access to your online banking. When that black screen with the colored squares came up, they were hacking away, and as far as the bank’s computers were concerned, it was you.” The detective put it this way, “It was like inviting a burglar into your home and then leaving.”

Here are some tips to help you avoid internet scams.

  • Believe it or not, money isn’t always what motivates scammers. Many are driven by an ideology. They may feel justified because they believe their country was somehow mistreated by our country, and this is just payback.
  • They also don’t care how many emails they have to send out to catch one vulnerable person who’s asleep at the switch.
  • Always confirm the source of any email. The email in my case identified the sender as “Support at the Company Name.” If I would have hovered my cursor over the sender’s email, this is what would have been revealed thecompanyname.support@gmail.com. No major company will use Gmail, Yahoo, AOL, or other such email service providers.
  • Never call a number that’s contained within an inbound email or inbound phone call. Always look up the number on the company’s website.
  • Likewise, don’t allow anybody to guide you to a website, and don’t click on links to a website. They can make a counterfeit website that appears legit, but the domain name is off by a dot or misplaced letter. The website Frank directed me to seemed as real as could be.
  • Don’t fill out forms that the so-called company sends you. You never know what’s going on with your keystrokes behind the scenes.
  • Set up alerts on all your financial sites. This is what saved my bacon. I have email and text alerts set on my credit cards and bank accounts for any transaction of $1.00 or more.
  • Consider setting up a separate email address that you use exclusively for financial purposes – banking, credit cards, insurance, mortgages, etc.
  • Don’t let your emotions control you. They’ll prey on your anger, loneliness, fear, greed, grief, and any other emotion that might affect your reasoning.
  • Learn as much as you can through articles, news stories, and other reliable resources. Your bank’s fraud department most likely offers some tips and coaching.

One resource I highly recommend is found on the AARP website, https://www.aarp.org/podcasts/the-perfectscam/. AARP’s weekly podcast The Perfect ScamSM tells the stories of people who were targets of scams. Host Bob Sullivan introduces listeners to those who have experienced scams firsthand, as well as professional con artists and leading experts who pull back the curtain on how scammers operate. It’s an entertaining way to learn how to protect yourself.

You are ultimately responsible for protecting yourself from internet predators. Since my experience, I’ve become more vigilant and aware. Hopefully, by me sharing my story, you’ll do the same. There are many helpful resources that before now, have gone unnoticed by me. Many of them are reaching out, and I’ve ignored them. Today alone, I’ve already received tips on avoiding internet scams from my bank, AAA, and my cable company, and I haven’t finished my first cup of coffee. Some of the tips are redundant, but the new ones make it worthwhile.

I’m reminded of the old Smokey the Bear slogan, “Only you can prevent forest fires.” In this case I’d reword it, “Only you can prevent getting scammed.”


About the Author

Thom Tschetter has served our industry for nearly four decades as a management and sales educator. He owned a chain of award-winning transmission centers in Washington State for over 25 years.

He calls on over 30 years of experience as a speaker, writer, business consultant, and certified arbitrator for topics for this feature column.

Thom is always eager to help you improve your business and your life. You can contact him by phone at (480) 773-3131 or e-mail to coachthom@gmail.com.