One fateful evening I received a call from a number bearing an area code from Arkansas. I answered, suspecting it would be a scam, and as fate would have it, it was! Everytime these clowns call me, I try to keep them on as long as possible.
This is for two reasons, one is that the longer I keep them on the phone, the less time they have to ruin other people's lives. And the other is that I get to learn their tactics so that I may educate others. The tactics used in this instance were actually pretty decent and probably worked a number of times before.
The scam started out with a "Junior Tech" who would tell me that someone had purchased a $499 gift card using my Amazon account. He went on to say that the purchase had been made by someone in California, I live in Florida, so that's weird I guess. When I confirmed that I indeed did not make the purchase, he explained to me the importance of keeping my account secure and not sharing my passwords.
He did this to reassure me that he was only there to help and cared about my security. Just your friendly neighborhood scammer! Once he finished his lecture, it was time for him to transfer me to the "Senior Tech". Here is where the magic started happening.
The senior scammer got on the phone and further attempted to establish his legitimacy by stating that I should not give him any personal information. This was his attempt at establishing himself as a knowledgable, trustworthy security practitioner. From there, he told me to go to my phone's browser and search for "show my ip address". He also made sure to tell me not to give him this info either.
Next, he asked me if the text under the IP address was a public or private one. I said "public" and he responded with "well, that's how they got your information". I had to mute my phone to laugh a bit. This is obviously a lie, when you use your phone to connect to the internet, it always uses a public IP allocated by your access point.
Your private IP is only used within your network to communicate to other devices on said network. But anyway, it does sound believable if you aren't in the tech industry. Now that the "root cause" of my breach was discovered, my scammer friend then gave me a solution to the problem...to use Amazon's "internet".
This is where things got really interesting. I was told that Amazon's internet is the only secure way for me to cancel that fraudulent order. He then instructed me to go to the Play Store and search for "Amazon Connect Support" (the app that would allow me to use Amazon's Internet). I complied, and of course, no such app exists.
What does populate are links to TeamViewer. Teamviewer is an app that allows remote control of another computer. So I told him that I couldn't find any Amazon app and he proceeded to tell me to click TeamViewer anyway. At this point, he switched from playing the role of savior to that of the authoritarian.
I didn't comply as I used TeamViewer enough to know he would need my ID and password but I continued to play along. I told him I downloaded it and waited about 9 or 10 minutes for it to "finish downloading". This only made him angrier and he began to tell me about the urgency of the matter.
When his aggression started to escalate, I began laughing. I revealed to him that I'm an engineer with a tech blog that talks about Cyber security and how to avoid idiots like him. I thanked him for revealing the details of his scam and told him he was a national treasure.
He then replied with a Samuel L. Jackson-style swear word and hung up on me. This scam was one of the more sophisticated ones as the scammers actually informed me not to give them any information. Of course in the end they contradicted themselves by asking for an ID and password from Teamviewer.
But I can see how someone less familiar with the tech world could fall for this. Had I given him control of my phone, he could've wreaked havoc and caused immense damage. It's imperative that we educate others about this scam, especially the elderly, disabled, and other at-risk populations.
Education is the best way to combat scams like this. Feel free to share. Protect yourselves and your families, always.
Subscribe to my blog!