Someone called me a few weeks ago to introduce himself, saying he was my new “(bank) account manager.” I’d noticed that the call was identified as coming from out of state, which the caller confirmed when I asked. I hung up and reported it to my bank through a dedicated email address. My bank’s anti-fraud department confirmed that it was a scam but claimed that nothing could be done about it.
I can easily imagine someone else (very old, etc.) falling for it: The scammer establishes his false identity and calls a few weeks later to obtain sensitive information. It’s a damn shame is what it is.
I mentioned this back in October, and have gotten several since. Funny* thing is, my AT&T account is on autopay and the payment date is nowhere near when I get these “bonus” offers.
I just received an email, purportedly from PayPal, stating “some information on your account appears to be missing or incorrect”. I should click HERE to update my information.
Update your Driver’s License to date, as directive by the office of the Secretary of State of illiinois follow https ://thebookonadrenalfatigue.com/illionis
to update your information
I mean, they’re not even trying there. Bad English. Poor grasp of capitalization. And the Secretary of State has a URL beginning with The Book On Adrenal Fatigue? And a subdirectory of “illonis” [sic]?
That is almost standard form for two-factor authentication, though the hanging “reset your password?” sounding like it’s expecting a reply is non-standard. Also, specifically apple notifications for two-factor have shown up as a pop-up on my Apple device with the verification on it. It’s my other services (Bank of America, Stripe) that say “Your verification code is 123456. Don’t share this code with anyone; our employees will never ask for the code” with no call to action after it.
That kind of thing is a feature, not a bug. It weeds out the less credulous, who are not their target market anyway.
As a tactic it dates back to the original Nigerian scams; I got one by international post (!) in the late 70s, poorly spelt and capitalised in the classic style. They keep doing it because it works.
True, that is what they say about that. But usually they try a weeeee bit harder and at least obfuscate the URL. The usual secretary of state/drivers license scam is worded a bit better. And, in this case when you want somebody to click-through, why would you make it sloppier? In the typical 409 scam, it makes sense. Here, you want as many to click through as possible, and not really want to weed anybody out. The better scams look near indistinguishable from the real thing, and require hovering over the link to see the URL. Those get the credulous and a number of the less credulous as well.
Say something in Hindi. Esp. if it has something to do with their mother having a rather disreputable job.
They often claim that their name is Anglo. The scambaiters on YT often can ferret out their real name. So they esp. love it when you address them with that.
Wasting as much time as possible makes them mad enough. The kind of lasting mad that I hope makes them ineffective on the next (few) potential victims. Cussing them out doesn’t really do that.
Getting a $5 Forever 21 card instead of $3000 in Google Play cards does.
"One of these days in your travels, a guy is going to show you a brand-new deck of cards on which the seal is not yet broken. Then this guy is going to offer to bet you that he can make the jack of spades jump out of this brand-new deck of cards and squirt cider in your ear. But, son, do not accept this bet, because as sure as you stand there, you’re going to wind up with an ear full of cider. "
Years ago I got a scam email purportedly from Bank of America asking me for some information or other (it was a long time ago, I don’t remember the details). While I realized it was a scam right away - because I didn’t have any BoA accounts - it led to a very well-designed website that looked very much like the real thing.
The only tell was in the webpage address, which looked like “bankofamerica.com” - except the “o” in “of” was replaced by a zero. Very clever.
Got some more recently from “CenturyLink” saying their email servers had been updated and I should click “Here” to update my information and access my account.
I’ve seen a lot of scam attempts but I got one last week that really has me puzzled. It came through on Facebook Messenger from an elderly family member with whom I almost never interact – major life events like a death or wedding in the family only.
Here’s the message :
look what i found …. https://photo.dl4d.in/t0l3h29r7
It sure looked like something fishy to me, but with some apprehension I clicked on the link anyway. A dialogue box pops up, supposedly from Facebook, saying “Let’s make sure it’s you” and inviting me to enter my user name and password. Nope.
https://photo.dl4d.in/t0l3h29r7