Wednesday, September 28, 2022

A new PayPal scam

We're going off-topic here for something I think is important, and may be a new scam. At least, it's new to me. I've never seen this, and I can see people falling for it.

Last night, a family member received an email from PayPal about a charge against her account. It was for $899 for an iPhone, or so it said.

What seems to have happened is that someone submitted a PayPal charge against her PayPal account, and PayPal sent an email notifying her.

To be clear, the email itself was legit. The problem was twofold, however, and it was within the email.

The first problem was, of course, that she had not ordered an iPhone. The seller/scammer had submitted an unauthorized charge. PayPal has no idea if it's legit or not, so they sent the email notifying her of the submission, for her to decide to pay it or cancel it.

The second problem was within the body of the email, and that's the other part of the scam.

Note the part in the "Seller note to customer." That is content that the seller/scammer sent along with the submitted charge. It's for any communication a normal PayPal seller wants or needs to communicate to the buyer.

However, look at the contents of that:

We've detected that your PayPal account has been accessed fraudulently. If you did not make this transaction, please call us at toll-free number +1 (888)-224-7574 to cancel and claim a refund. If this is not the case, you will be charged $499. 00 USD today. Within the automated deduction of the amount, this transaction will reflect on PayPal activity after 24 hours. Our Service hours:(06:00 am. to 06:00 pm. pacific Time, Monday through Saturday)

Again, and this is important, that is not legitimate! DO NOT CALL THAT NUMBER!

That reads like a message from PayPal, right? Only, it's not a message from PayPal. That is a message from the seller/scammer pretending to be from PayPal.

Note that it also has several of the earmarks of a scam email. First, the amount in the note does not match the amount of the charge. Next, the punctuation is incorrect in many places. And the capitalization is wrong in several places.

Finally, and it says it right in the email but can easily be overlooked, that is A MESSAGE FROM THE SELLER, not from PayPal. The seller is saying the transaction is fraudulent and to call the number.

That last bit got past her briefly (understandable) and she called the number. The person who answered pretended to be from PayPay. Then he gave her a lot of BS about needing her to sign a form but he couldn't email it for security reasons. To get her to sign it, he wanted her to connect to their servers.

I'm gonna stop for a second and bring up a point some might miss here. If an item cannot be sent via email for security reasons, there is no way on earth that any legitimate company is going to let someone's home computer connect to their servers. That would truly be a security risk. Rather, they'd have her connect to a secure Website, not download some software that gave full access to a server.

As an alternate note, the software they asked her to download, TeamViewer, is a legit software package, but it would have granted the person on the phone full access to her computer. Nobody ever needs full access to someone else's computer.

Anyway, this is when red flags started going off and I became a part of the conversation. She added me to the call, and I listened to the scammer tell me the story of why he was needing this. And, like most scammers, was getting pushy.

People who know me know that I don't care for pushy types. And since I'm quite capable of being a little pushy myself, can deal with them on an equal basis. I was calm and polite and said the whole thing was bullshit and suggested to her that she end the call. So the call ended.

She had sent me a copy of the email (you saw a screen shot of that earlier) and noted the note from seller. We had a discussion, and she gave me permission to log in to her PayPal account.There, I found the legitimate way to dispute and cancel the submission. It was easy and only required a single click, much to PayPal's credit.

We both learned something about a new -- well, new to us, anyway -- type of scam. And I thought it might be worth sharing.

Again, this doesn't have anything to do with your or my Streaming Life, but I thought it was worth sharing.

No comments:

Post a Comment

Your comments are welcome. Abusive or off-topic comments will be removed.