Like a dog seeing a squirrel, I can’t help but notice when a new text pops up on my iPhone. The little gray notification grabs my attention and I’m instantly pulled away from the task at hand. Plus, it looked important. It was, but only because it helped me identify a very dangerous and pernicious Amazon shopping scam.
With the Christmas shopping season in full swing, such scams are on the rise (opens in new tab) and most of us do at least some gift shopping through Amazon (the retailer reported more than $1 billion in sales (opens in new tab) during Black Friday).
It’s this Christmas mix of frenzied shopping, excitement, and a slight fear that someone is going to scam you that, of course, scammers use to invade your privacy and personal technology, all with the sole intent of stealing your identity, data, credit cards, logins and more.
While I was not successfully phished, I was playing along with a scammer on purpose so I could show you exactly how to identify and avoid a similar attack.
Like other warnings I receive from legitimate sources, this one was brief. It said:
“Your card charged $649 for XGIMI Elfin Mini Projector
Order ID #EMPY2219 on 05/DEC/2022
N0T ordered by you?
Contact us: +17204813408″
It will happen to you
I’m pretty sure you’ll all receive a text like this before the holidays are over. Take a good look at this one. It contains grammatical and typographical errors, including a zero instead of an “o” and a missing word. No legitimate company would send you such a text message.
What scammers rely on is the alarm that such an SMS can trigger. You may be so worried that you don’t read it carefully and just call the number instead. But which number? I noticed that the number in the text and the caller ID number listed do not match.
To be clear, I decided to call the number to better understand the nature of this scam – for science. My goal here is that from now on you read a text like this and immediately understand that Amazon, Best Buy and other online retailers don’t work this way.
I decided to call the number in the text, put the phone on speaker and waited maybe two rings before a rep picked up.
He started with, “How can I help you?”
“You called me,” I said, “to ask for an order.”
The rep quickly recovered and asked for my name. I hesitated but realized that my name isn’t exactly a trade secret, and besides, I had to drag him along so I could understand the endgame.
Oddly, he didn’t ask me to spell my name, but asked for the order number, which I dutifully took from the text.
“Oh, there’s an Amazon order from Ohio and you’re in New York,” he told me as I listened to the faint background chatter of dozens of scammers like him trying to reel in other callers.
“Have you been to Ohio?” he asked.
“No.”
“Have you shared your Amazon account with someone in Ohio?” he asked.
“No.”
“There have been several orders from Ohio,” he added, almost concerned for me. This man deserved an Oscar.
While he was talking to me, I logged into my Amazon account on my desktop. No weird orders, just the stuff I ordered for my wife’s Christmas presents.
“I’m sorry,” I said, trying to sound confused, “but if someone orders something on my Amazon account, shouldn’t I see those orders in my Amazon account?”
There was a long pause as if I pushed him off the script.
“Yeah…but they’re all on hold,” he told me.
Now it was time to get started. The scammer told me it was important for them to connect me to “Amazon’s Secure Server” to resolve this issue. During the call, he must have said “Amazon Secure Server” six times.
“Okay,” I said, still trying to sound, “how do I do that?”
First, he said, we need to know what kind of device you’re using. I told him it was an iPhone
“Great, I want you to put me on speaker and open the App Store,” he instructed.
I told him, “Sure,” put down my phone and started taking notes.
“I want you to download this app. Instead of telling me the name, he spelled it out and gave me a word for each letter, “‘A’ as in all, ‘N’ as in Nancy, ‘Y’ as in in yes, ‘D’ as in dog, ‘E’ as in any, ‘S’ as in Sam and ‘K’ as in Keep.”
My scammer buddy wanted me to download AnyDesk, which he said was for connecting to the Amazon Secure Server, but which I know is remote desktop software. It’s the kind of app that allows someone from all over the world to connect to and control your PC or phone to root and get all your stuff.
As we spoke, I searched “Amazon AnyDesk scam” and quickly found it a March 22 article that described this exact ruse in detail.
I decided to take it easy so I could deliver a message to my scammer friend.
“Wait, I just realized there’s a different name on the bill and I’m afraid if you don’t have it, this won’t work,” I told him with what I thought was genuine fear in my voice. Where is mine Oscar?
Return the favor
Scam buddy was annoyed. “No, no, just connect to the Secure Server. Download the app.”
I told him I wanted to make sure he had this.
“Good. Give it to me.”
“Okay, I’ll spell it. Finished.’
“Yes,” he said and I could hear the annoyance in his voice.
“N” as in no, “O” as in over, “F” as in pleasure, “U” as in under, “C” as in cable, “K” as in king, “I” as in within, ‘N’ as in Nancy, ‘G’ as in go, ‘W’ as in step, ‘A’ as in everything and ‘Y’ as in yes.”
At first there was no response. He spelled it out again, but since he’d misheard a few crucial letters, it didn’t make sense. We went back and fixed them. Then he spelled it out again and there was a moment of silence.
“Why are you saying this to me?” he asked plaintively.
“Because this is a scam and you are a scammer.”
He didn’t argue.
“Yes. yes,” he said quickly and then hung up.
If you ever see a text like this, your first stop is to log into your own account from a trusted PC or phone and check for erroneous charges. If you see one, contact the retailer or site directly. Never respond to any of these texts or install any software, regardless of what the person on the other end of the line tells you.
Believe me.
You can further protect yourself with some of the best security software of 2022.