Few days ago, Mark Rober posted a video of how he and his partner Jim investigated and located the scammers and gave them a funny little prank. (Of course they were also caught by the police at last)
Although the video was presented wittily, it is also extremely informative and educational to all of us.
It shows us how advanced and well-organised a scam can be nowadays and how people can fall into the trick easily.
Check out the video right here:
We have thoroughly examined the scamming flow and would like to explain to you step by step as follows:
Step 1: Start with a fake Amazon email and pretend there was an incorrect charge
It all started with a phishing email. The email looks pretty legitimate which informs the targets and says that they have been wrongly charged hundreds of dollars and provides a cancellation opportunity.
The attack here starts with a very legitimate reason as the victims clearly have bought items through Amazon recently. This gives the victim no time to judge if it was a scam as the victim obviously purchased something right before the email scam.
Step 2: Pretend to offer a refund
When victims call back the phone number in the phishing email, the scammers then pretend to help walking them through the refund process on the victims' computers and trick them into downloading a malicious software which can give them full access to victims’ computers.
The scammers make everything so legit as they start with giving victims a huge amount of (fake) money in their bank accounts. Usually scammers start a scam by asking for money instead of offering it. This really lowers their guards.
Step 3 Con victims into sending back cash by pretending to overefund
Scammers then fool victims into believing that the victims have mistakenly typed more money than they are supposed to get. Then, the scammers tell the victims to send money in cash to save their jobs.
The scammers build trust by saying scripted lines such as “you are like my granny, do you know this?”. Therefore, when they fool the victims into thinking their mistakes might have cost someone’s job, they would feel more guilty and would easily believe the whole thing.
Step 4 Use AirBnb as a temp address to collect money
In order to cover his tracks, the scammers would book a room on Airbnb and hire a “mule” to collect the money for them. That way, he is a lot more difficult to catch.
TRICK USED HERE:
The scammers create a new account with fake information on Airbnb and hire people to collect money for them. That way there is no address that can be traced. Even when private investigators in this video are only able to locate a Airbnb address and a “mule” they hire to be a fall guy for them.
KEY TAKYAWAYS:
1. Awareness and education are always the most important
People who underestimate phishing scams are the ones who are more vulnerable. The best way is to keep learning new tricks the scammers use and catch up with the trend. A scam fails most of the time because the targets have already heard of the trick and stay away from it.
You might think you will never believe in this kind of scam. But the elderlies who are not familiar with technology would easily be fooled to do whatever the scammers tell them to, especially when they think they are in trouble, all they want is a way out.
Even the most advanced phishing attacks like this one, still require email as a tool to start the scam. As there are many different channels and communication methods, people nowadays are starting to be more negligent about email scams.
Email scams is also a relatively effective approach as they can be sent massively with a very low cost.