Friday, December 18, 2015

Yuletide Phishing and other Seasonal and Unseasonal Scams

I got an email from Amazon, which happens a lot in the weeks before Christmas. This one looked very much like a normal Amazon mail, but it was from Amazon.UK.

"We thought you'd like to know that we've dispatched your item(s). Your gift order is on the way."

The gift is a £68.93 ($103) "Garmin Forerunner 10 GPS Running Watch." And it was "Paid by gift card."

As I did not recognize the item and could not imagine that anybody in my family would buy or want a GPS Watch I mailed my wife who answered that "we've been scammed!"

I opened my Amazon account, but not through the email, and changed my password and removed my credit cards that were linked to the account.

Then I checked out the email purporting to be from Amazon.UK., but it was actually linked to a URL with "goodtogreatgolf" as its centerpiece.

The scam was clever on several levels, but that URL pops the bubble. Many who get an email from Amazon that looks real, but tells them that they have bought something strange will probably be upset and want to log in immediately to find out what's going on. If they do, they will give the crooks their login information, and then the next email about something they "bought" may be matched with real charges on their credit cards.

I reported the phishing expedition to Amazon and deleted the email.

An hour later we get a phone call:

"Hello, this is the technical department of Windows," says the guy calling from Bangalore or wherever. Not the first time. This must be one of the more stupid scams out there.

Computerworld wrote about this type of scams in May 2014:
Aggressive, persistent Windows tech support scammers continue to stalk consumers

I've gotten similar calls before, sometimes claiming to come from "the Windows operating system."
“I am calling you from Windows”: A tech support scammer dials Ars Technica

Knock, knock...