In case you haven’t noticed, the holiday season arrived early this year (right after Labor Day) and once again the Grinch in the form of a con-artist is working hard to ruin your celebrations. In this two-part series, we’ll look at a number of ways criminals are working to separate you from your money.
Black Friday and Cyber Monday sales have become a major part of the shopping season on the con-artist calendar. A “new” twist seen this year is the use of email messaging to obtain Amazon account and credit card information. The message states that “your account has been accessed from a different device” and mentions “suspicious” activity, asking you to click a hot link – underlined text – “to Regain Access.” The link takes you to a browser page displaying the Amazon logo and looking remarkably like a normal Amazon sign in page requesting your Amazon log in email address and Amazon password. Clicking on the sign-in button opens a new web page which also looks quite legitimate requesting credit card information and a Social Security Number and is followed by another page to verify driver’s license and other personal information. Once you have entered all of this information, the fraudulent web site actually deposits you on the “real” Amazon web site.
I note that this is a new twist because it is the first time I have seen this scam on an imposter web site for a commercial vendor. Similar attempts frequently use imposter bank or credit card email notices and bring into question the legitimacy of other email messages received from businesses.
One basic understanding – legitimate commercial enterprises are well aware of on-line security and do not send this type of message. If you receive one, the best first step is to examine the address of the sender. For Amazon, the address would be Amazon.com; an email from a credit card company address would be from an issuing bank such as citigroup.com or bankofamerica.com. Legitimate commercial web sites display the letters HTTPS or a padlock in the address line of a web page and display the name of the company such as https://Amazon.com. A second step is to determine if there is any problem with your account. Contact the company that is the assumed source of the email by using a phone number or web site you know is correct. Use the phone number on the back side of a credit card or the one that appears in a commercial web site listed in an internet search or stored in your computer contacts. The third step is to report the scam. Businesses such as Amazon and credit card companies want to know if there are imposter messages in circulation so report the incident to them. In addition, report the attempted scam to your State consumer protection agency: Vermont – (802) 656-3183 https://www.uvm.edu/consumer/
Traveler Alert: Booster Bags! Never heard of them? Many business owners and managers know them – shoplifting tools! A booster bag is a hollowed-out tote, shopping bag, suitcase that has the bottom removed and a clutching device or adhesive material installed. The shoplifter places the bag on a counter or over an item on the floor, activates the clutching device, and walks out of the store with the stolen merchandise. What does this have to do with travelers? Identity thieves have been arrested at some major transportation hubs including airports using booster bags. Travelers put a briefcase, carry-on, or purse on the floor as they shop in a newsstand or grab food or a beverage. The thief moves next to the victim, places the booster bag over the other item and walks away. The victim suspects nothing. Booster bag thefts are becoming more common and the best way to thwart the thief is to physically maintain control of your bags at all times when traveling.
Questions – contact me, firstname.lastname@example.org. We’d love to have you join us as a volunteer Fraud Fighter.
Elliott Greenblott is a retired educator who serves as the Vermont AARP Fraud Watch Network Coordinator.