It seems impossible not to have spam and scams show up in your email inbox. The longer you’ve had your address, the more likely these will show up. And sometimes they’re pretty well done. Here’s how one scammer tried to sucker me out of $200…
Because I write about scams and online safety, I’m much more alert to potential scams than most people. This means that I’m extremely skeptical and endlessly curious. Scammers are an ugly group and I hate reading stories of retirees who’ve been scammed out of their life savings, or even just a few hundred dollars. The most common approach? Email. To be fair, email programs are getting more sophisticated, but it’s ultimately up to each of us to be vigilant for common scams and ensure that we aren’t victims. Scams are going to become harder to detect in the next few years, as AI shows up, making it even more critical that you’re both skeptical and vigilant.
Any time you get a message from someone you ostensibly know, either a family member or a friend, the first rule of online safety is verify their message through an independent channel. Just got a text from your grandson saying he’s in jail and needs you to wire money? Call him — or his parent — to verify that’s what’s actually happening. A message via Facebook Messenger that your old high school sweetheart is in a tough spot and needs you to front them $500 for rent? Dig up their phone number and call them to ensure it’s true (or text them via your phone, not Facebook, to confirm the situation).
EMAIL FROM A FRIEND
At a minimum, ask questions of the other party to confirm that they are who they say they are. That’s what I did when I received this email message yesterday:
This is a valid email account for my friend Sandy, so that passed basic test #1, but the message itself is completely inconsistent with how she communicates. There would have been some personal greeting and and update about how her family is doing at a minimum.
The bigger red flag here is how they spelled “Amazon”. That space? It’s to ensure that a spam filter wouldn’t automatically filter out the message as bogus.
Without going any further, I already was completely confident that this was a scam, but… why not respond? I opted to ask a very basic question:
This puts the scammer in a bind, particularly for a low-value hustle like this (as you’ll see in a bit): Do they do the research to try and ascertain the answer to the question, or do they just ignore it? In this instance, they ignored my query.
BE AWARE: In the future, they’ll have more sophisticated AI systems that will easily answer these sorts of questions, so beware even if they can respond accurately, that it still might be a scam.
THE SCAM IS REVEALED
Here’s how “Sandy” responded, revealing the first part of the real scam:
There’s so much wrong with this message, not the least of which is that “my” Sandy would never have written anything in such technical detail as she’s not so tech savvy. But here’s the ask: 2 * $100 Uber Eats gift cards. Scammers love gift cards because they can quickly transfer balances and hide behind the shield of anonymity. Gift cards can’t be canceled either, so if I did send these and then realize it was a hustle, canceling the transaction would be pointless and ineffective.
Did you also notice that they didn’t respond to my question about how we know each other?
Also notice the sense of urgency here, another hallmark of scammers. It’s not a gift for a friend whose birthday is a week from now, but someone who celebrated yesterday. We’re late! Act, don’t think. It’s the goal of every scammer and hustler. To fight this aspect of scams, teach yourself to always stop, think, even wait 24 hours to respond to emails asking for you to share personal information, buy something, or similar.
In the meantime, reach out through another channel to confirm it’s a legit query from the person they purport to be in their communication.
I, however, kept interacting:
Might as well get a bit more information. This time, the email address of the scammer, since, of course, it’s to them the gift cards would go, not some “friend” or third party:
Law enforcement could ostensibly reach out to Comcast to shut down this email address, but the scammer will just move to another one. That’s why you need to be vigilant, not rely on others to keep you safe online.
A followup email a few minutes later included a handy Amazon link straight to the UberEats gift card area, in case I found that step confusing for any reason. I ignored the link.
I PRESENT AN OBSTACLE
Instead, I presented an obstacle to see if they’d just shut down the interaction or proceed:
The response took quite a while to arrive, suggesting a shift change at scammer hq or similar:
At this point, I could have responded by pointing out that if “Sandy” was locked out of her Amazon account, then she too could use the uber.com link and buy things directly.
AND A SECOND OBSTACLE: PAYBACK
I took a different tack:
Not a big obstacle because, hey, “the check’s in the mail”, right?
That’s too easy. Instead, I invented a fictitious backstory to see if it, again, would be ignored or not:
At this point, we’re finally at the end of this email adventure, as is obvious by the final response…
This is particularly interesting because it would have been easy to the sender to use another common scammer technique: guilt. Imagine an “I thought I could count on you but it seems you won’t help. Very disappointing.” or similar. Would that have motivated me to click the link and buy those gift cards? It might work with someone who might reluctantly overlook the lack of answers to any of the questions because they don’t want to disappoint anyone. Who does?
At any point in this exchange things could have gone differently. The scammer could have done some searches and tried to ascertain our relationship, they could have made up answers to the personal questions, or they could have cooked up reasons why they couldn’t use the uber.com link, etc. I could have also been less skeptical and emailed $200 worth of gift cards to the supplied Comcast email address.
STAY SAFE OUT THERE
What I hope you get out of this interaction is a greater awareness of how a dialog can be one-sided and how a scammer can seem to be friendly and even behave similarly to the person they’re spoofing, without actually answering any of your questions. A handy link? Convenient, for sure! But also highly questionable.
As I started out by saying, it’s up to you to learn skepticism and vigilance to protect yourself from scammers. It’s easy to use a different communication channel to confirm the facts; do so, don’t just assume. Even if it’s legit and it really is a friend or family member, you’ll be able to proceed knowing you’re not being scammed.
Pro Tip: I’ve been writing about online scams for many years. Please check out my spam, scams and security help area while you’re visiting for more informative articles on how to stay safe online. Thanks!