If you are like most people, at some point, you have looked for a telephone number online. This is generally the case when you have to get in touch with a company like eBay or Amazon, which might not be easy to get in touch with. Hackers know that these numbers aren’t as easy to find as they should be, so they take advantage of it. How? Well, they set up new websites or edit websites that are already there. Then, they create fake telephone numbers. However, these numbers are simply a gateway to getting scammed.
What type of scam is this? Generally, the scan siphons cash from accounts in the form of gift cards or money transfers. Once a victim calls the fake number, they are manipulated into giving up sensitive information that allows the hackers to get right into their accounts.
I actually talked to a small business owner recently who just went through this. In her particular situation, she was trying to get in contact with Amazon Prime. She had an issue with an order, and she wanted to speak to someone who could help her solve her problem. She searched online for the phone number and saw a website with the Amazon Prime logo and a toll-free number. When she called the number, the scammers told her they could help, but she had to log into a special remote access service. This allowed them to access her PC.
What is remote access? Basically, it’s giving access to your computer to someone else who then controls it remotely. Many IT companies and departments do this to help people fix their computer issues. So, it’s not really that unusual that a company would ask to do this. In this particular case, the woman was asked to log into her Amazon Prime account, and then they used a service called GoToMyPC. This program is generally a legitimate and credible company. So, again, this wasn’t unusual to her.
How did she get caught up in this scam? Here’s how they do it:
The potential victim searches for a term like “amazon phone number,” and they see many pages of results. Some of these pages have the real Amazon phone number, of course, but many don’t. Instead, these phone numbers are made up and hackers are behind them. As you can see in the screen shot, below, these were the search results when I looked up “amazon prime phone number.”
Do you see the number 341 on the last result? That is the number that she called. You also should notice something else…the website there is called Creationkit.com and the page was added only 17 minutes before the search was done. A couple of days later, the page was deleted. Heres another site “Freshdesk” with a deleted page.
A similar website, Freshdesk.com, is also used by scammers to take advantage of people looking for phone numbers. The good guys try to keep up with these sites, but scammers are always one step ahead, it seems, and they use some pretty smart tactics. For instance, they frequently change the wording on the sites, and they use tricks like substituting an upper case “I” for the number one. In this case, the number 1-888-341-6551 is actually spelled like this: I-888-34I-655I.
Another thing that scammers do to make these schemes more legitimate is to use popular websites like LinkedIn as their base. For instance, look at this screen shot:
There is that fake phone number once again, but, since it’s posted to a website like LinkedIn, it looks very real, right? To be honest, I even blog on LinkedIn Pulse, so it is, indeed, a legitimate source. The scammers certainly know this, and they simply set up a LinkedIn Pulse profile, post the logo of Amazon, and add the phone number: it’s that simple.
Look at this screen shot: This is from a scammer who goes by the name of “Victor Alexis.” He posted similar verbiage eight times in a single day.
However, the day following, all eight posts were deleted, as you can see below:
That’s all great, of course, but there is a bigger issue here. Even though LinkedIn deleted these posts, whomever is behind “Victor Alexis” can simply make a new account. This means the scam can go on and on and on.
To prove this point, I did an internet search using the keyword phrase “Paypal phone number.” Unsurprisingly, on the first page of my search results I saw another fake page and fake number that was posted on Creationkit.com. If you look closely, you will also see that this page is only an hour old…a sure sign of a scam.
So, what does this mean for the woman who was having issues with her Amazon account? Well, she was certainly in a panic, and she was even having trouble sleeping. She was definitely concerned about malware as well as the possibility of her online banking account and PayPal account getting hacked. Remember, she blindly gave the hackers access to her account, and even watched them buy gift cards for themselves. However, it wasn’t until they wanted her to log into PayPal did she really realize what was happening.
Here’s what I said to her: I told her it wasn’t her fault, but she has to be very careful not to do this again. Now that she is aware of this scam, it is very unlikely that she would ever do something like this again. I told her to change every password and to scan her computer for malware. I also told her to reinstall her operating system, get identity theft protection, and to consider a credit freeze.