 |
| Pic Courtesy Scamwatch |
Until a few days ago, gentle reader, I thought I was scam-proof. I've always avoided the usual traps (clicking on links in emails, etc) and am security conscious to the point of hypervigilance.
Not so.
Two days ago, I had my card refused at the bakery early in the morning, so paid cash, wondering what was going on.
I had been home only a few minutes when my bank phoned saying there had been suspicious activity on my card (overseas transaction). Once they knew it was an unauthorised transaction, they gave me the option of cancelling my card, or letting me monitor transactions closely.
I chose the latter because I didn't want to be lumbered with using cash until a new card arrived.
Then, almost on cue, an email arrived, telling me to contact PayPal because there was unauthorised activity on my account. I checked the account, and indeed there was a transaction (purchase of antivirus software) that I had not authorised.
(I use PayPal to sell my book).
I phoned the number on the email, and then began a long conversation with someone who sounded South Asian, was very polite, and had all my details at his fingertips.
The problem was, he wasn't working for PayPal. He was a very sophisticated scammer who had set up a successful ambush. If I had checked the number when I logged into PayPal and found it was different, I would have realised what was going on, but I didn't.
Over about twenty minutes he kept me on the line whilst he claimed he was ensuring my account was secure. He wasn't. He was moving funds from my account using money transfer Apps which he convinced me to download to my phone, on the pretext that he would use them to test the security settings.
At this point I became suspicious, especially when he heard me talking to my bride, who by this time, was also becoming suspicious. He asked me who else was on the call.
I hung up, and phoned my bank. After the usual identity process, they put me through to their security team, who confirmed that $5000 in two separate transactions had been removed from my account.
A prolonged conversation ensued, during which the bank agent sought as much detail as I could provide. It was a very thorough interrogation, and apparently useful.
The bank retrieved the funds overnight, but my card was cancelled, and access to my online banking denied until I could get the two devices I used (iMac and iPhone) certified cleaned.
This involved cost and inconvenience, and the technician involved told me he was getting an average of five jobs a week cleaning and certifying devices which had been used by scammed customers.
There are a couple of lessons. One is never to phone a number on an email, until you're absolutely certain it is genuine. It's easy to do so by checking the origin address on the email. I didn't - first time ever.
The other is to follow your instincts, which I subsequently did by terminating the call, but not before the damage was done.
I was very impressed by the thoroughness of the bank, and their persistence in securing the return of the funds. I'm not entirely sure how that was done. Readers may make suggestions through commentary.
I dodged a bullet...
1 comment:
Some of the scammers have become more convincing over time. Some of the email messages do look like the real thing until I look more closely at an email or web address. Glad you detected it and managed to get it wound back.
Post a Comment