How does this phone scam work?

I got an automated robocall today. I’m virtually certain it was a phone scam but I’m curious how it was supposed to work.

It was a recording telling me it was from Amazon. It said somebody just ordered a thousand dollars IPhone using my account and wanted to know if I had authorized this purchase. If not, I should press 1. If yes, I should press 2.

I’m guessing that the intent of the scam was to scare people into pressing 1. But how does the scammer translate people pressing a button on a phone into money?

Obviously, they could rig up some system where they had a different recording saying something like “If you would like to donate a thousand dollars to this Nigerian prince, please press one” and then have the recording of that number being pressed. But if they were going to fake all that, why not just add the tone from pressing 1 as well? Calling your target and getting them to press 1 seems to just create the risk of alerting them a scam is occurring.

And how would just pressing a button transfer money. They would still need my genuine account information. And if they had that, why call me. Just use my account information without making me aware of it.

Or was this just the first step? If I had pressed 1 like I was asked, would I have been transferred to another scammer who would have pretended to be the Amazon fraud department and asked me for more information about my account? Was this recorded message just a screening device to separate out the gullible people and direct them on to the real scam?

What would have happened if I had pressed 2 and authorized the supposed order?

I didn’t press either button. I just said “I do not authorize this order” and hung up. Was speaking a bad idea?

I don’t think that’s it at all. “Please press 1 if you’re in shock and very much want to tell us that no you didn’t make any freaking $1000 purchase, so we can get your credit card info from you. Press 2 if you recognize this as a scam and are pretending that you did too make such a purchase”.

Pressing 1 just connects you to the scammer who will ask you for things you should not tell them. Cred card number associated with your Amazon acct. Expiry date. CVV number. “Okay, we will cancel that purchase for you then”.

The scammer claims he needs to connect to your computer so the “Amazon Refund Server” can process your refund by connecting to your bank account.
This is done by getting the victim to download/install screen sharing software, the scammer opens a command prompt and claims it’s the secure server. The victim is told to fill in the refund amount, the scammer types an extra digit to change the 1000 to 10000, alters the displayed bank balance to show the transfer and tells the victim they can only send back the extra money via gift cards.

There’s a lot more steps but that the basics. Watch Kitboga to see it in action.

I received one of those calls. I just told the guy that it was an authorized purchase and not to cancel the charge. Not at all what they were expecting.

For that kind of scam they ask you to say ‘Yes’ and record that, then claim you agreed to something else on the phone.

I’ve gotten several of these, tho they always go to voicemail. Unfortunately for the scammers, my VISA texts me for any on-line purchase. I set this up after having 3 cards compromised. Since I didn’t get any texts, I knew it was a scam. But I figure they’d want me to give them my credit card info so they could “refund” the fraudulent purchase.

They obviously called the wrong guy.

When I talked to one of them I said hysterically, “Ohmygod! I don’t have a thousand dollars! You gotta help me!” He hung up.

I think I oversold it.

I’ve got an old VISA preloaded debit card with twenty-five cents left on it and a list of “test” VISA numbers (ones that pass the first stage of validity checks but don’t have any account attached to them, intended for testing purposes). I once managed to string along one of these scammers through two “wrong” cards and onto a third before he figured out I was jerking him around and started cussing me out.

I’d like to see that list. Is there a website that has such numbers?

This is the one I use. You come up with your own CVV and exp. date.

We used to have some at work, when we were testing new payment systems. They weren’t closely guarded or anything, because you couldn’t actually buy anything with them (at least I assume that’s the reason). We had, if I remember, one for Amex, one for Mastercard, and two or three for Visa.

A couple of weeks ago my phone rang and the caller ID said Bank of America. I am a BoA customer so I thought I should answer it. It was a call like the OP described. The recording said it was Amazon, and I had ordered two iPads. I pressed 1 and a guy answers the phone, “Hello, Amazon Customer Service” in a distinctly Indian accent. I said, “What? I thought I was talking to Bank of America customer service.” He seemed a little thrown off by this but went by the script and started talking about the iPads. Then I said, “Well, my caller ID said Bank of America.” Then he said, “OK, here’s what you do. First, when you get up in the morning, fuck your mother. Then fuck your sister.” I said, “That’s OK, I already fucked yours” and hung up.

That’s interesting. It’s not hard to generate a credit card number that has a valid format, but how do they know that these cards have not actually been issued?

They’ll find out when they try to charge the card. Which might be right away, later, much later or they sell the number to others. The only purpose is to pass initial validation.

At the very least, whether you press 1 or 2, they know they’ve got a live number and someone gullible enough to believe it’s not a scam. Same idea as those purposely misspelled and grammatically incorrect emails. They may not get you this time, but they’re patient and you’ll be put on the hot list for more calls.

I would think that would throw fraud alerts at the bank and could possibly cause inconvenience to the card holder, such as freezing the card, or even reissuing with a new number.

It’s a fake card. Never issued, no actual account. For every number in use, there’s potentially 100s of 1000s of possible numbers, might be in the millions.

It’s similar to the phone scam claiming they are issuing a warrant for your arrest and to press ‘1’ to speak to an officer. Nothing happens until you press ‘1.’ Pressing ‘1’ just lets them know they’ve “got a live one.”

Note that was there was some news about this being a possible scam a couple years ago, I don’t think there was ever any evidence of this actually happening.

I saw news reports about this happening, still not real hard proof though. I did receive a call one time asking me to say ‘yes’ to sign up for something but I just hung up. So I don’t know it ever succeeded. It would just be a way of finding a sucker anyway, a recording of someone saying ‘yes’ doesn’t make a contract.