June 17, 2021
By Teresa Murray, Consumer Watchdog
In the last few weeks, two residents from Greater Cleveland have been ripped off for thousands of dollars by con-artists claiming to be from Amazon. In one case, an elderly man lost more than $100,000.
It seems Amazon may be the new IRS or Microsoft. Not too many years ago (and it still happens occasionally today), consumers would get calls claiming to be from the IRS (supposedly about back taxes) or Microsoft (supposedly about a problem with your computer). Consumers would get swindled out of hundreds or even thousands of dollars.
In recent months, regulators and consumer advocates have seen a spike in complaints about scams invoking the Amazon name, as well as Apple. In May, in fact, YouMail, a call protection company, issued a warning about Amazon imposter calls. It said Americans are receiving 100 million to 150 million illegal robocalls per month from con-artists claiming to be from Amazon.
In a version of the ripoff that involves Amazon, consumers get a recorded message supposedly from Amazon that there’s a problem with their Amazon account -- maybe suspected fraud or a lost order, according to the Federal Trade Commission (FTC).
Here are tales of two recent victims:
- In one Cleveland-area case in May, an elderly man was defrauded out of $124,000. He told police he received a call from two men claiming to be from Amazon security, who told him someone had tried to purchase $900 worth of goods on his account, which was tied to a bank account. He was urged to open a new bank account online, and then, to protect his money, move money from his old account to this new account. The man told police that $124,322 had been stolen from him before he realized he’d been conned.
- In another Cleveland-area case this month, a woman said she got a call, supposedly from Amazon, that someone had bought a $649 cell phone on her account. It got crazier and more elaborate from there. She was given a phone number to call about the purchase. The con-artist told her Amazon needed to access her laptop to figure out how it got hacked and who made the purchase. She gave the man personal information that allowed him to access the computer. She was told it would take several days before the money would be refunded.
She then got a call from a woman who said the $649 would be refunded but she had to log in to her bank account, and then log into another web site and enter a password she could create. She got yet another call, from a man who said he was a supervisor, and told her to log into her bank account again and record her current balance in order to get the reimbursement. After a few more sets of instructions, she was told to enter the cost of the phone ($650), but her account on her laptop showed a reimbursement of $6,500, and then her screen showed her bank account had been emptied. She was told that to get her money back, she needed to go to a Target store and buy $6,000 worth of gift cards -- 12 cards for $500 each. She bought some at two different Target stores and read the numbers on the back to the con-artists. At her third Target stop, her transaction was declined by her bank. She called her bank’s fraud office and realized she’d been conned. Police didn’t say how much she lost.
Cases like these remain the No. 1 complaint to the FTC. Consumers filed 2.2 million complaints last year about fraud or identity theft and reported losing $3.3 billion last year, up from $1.8 billion in 2019.
In light of some of these newer cons, here is actionable information to help you avoid the aggravation, time and financial losses that come with sophisticated scams. These tips could help you avoid losses like the cases just described:
1. With any company that offers it, opt in for two-step authentication for online access. This requires more than just your username and password. To log in, you must have this one-time code that is sent almost immediately by text or email.
2. Never, ever, ever share these authentication/access codes with anyone.
3. Watch out for links in emails or text messages that you weren’t expecting that bait you to click on them out of fear or curiosity. Your bank, credit card, the IRS, FedEx, Amazon, Apple, Walmart, etc. will never send you links asking for your login password or Social Security number or anything like that. If you get an email or text unexpectedly that you think could be legitimate, contact the company or agency at a number you look up independently. Even if you don’t enter information, just clicking on the link could infect your phone or computer with a virus that steals your information.
The same advice applies to messages on social media, such as Facebook. It's common for information-stealing viruses to be sent with a message like, "Is this you in this video?" Your instinct is to click and look at what the sender is talking about. Don't give in to the temptation.
4. Be on the lookout for phone calls from people posing as your bank, the Social Security Administration, your health insurer, Amazon, etc. Don’t provide or confirm any personal information to a caller you weren’t expecting. Not even your name. Just hang up politely. If you think the call could be genuine, contact the company or agency at a number you look up independently (using the back of your credit or ATM card, your account statement, etc.)
5. Don't be fooled by what the Caller ID says. Bad guys can spoof their numbers to look like it's a local call or coming from a known business.
6. Sign up for transaction alerts with your financial accounts, so that you get instant or at least timely text alerts or email messages about any withdrawals or transactions above a certain dollar amount, new transfers, payees added or any changes in contact information.
7. Don't be tricked if a caller/ texter knows your name, address, family members' names or even your Social Security number. All of this and more was exposed for half of the adult population in the Equifax data breach of 2017.
8. On your outbound voicemail message, don't provide your full name. No sense in giving a scammer more information than they may have had.
9. For financial accounts online, don’t use the same password on more than one account. If there’s a breach or your account gets hacked, the thief can obviously do more damage if they can get into more accounts.
10. Ask your banks, creditors and investment firms whether you can put additional PINs or verbal passwords on your accounts that don’t involve any public record data, such as your date of birth or mother’s maiden name. You want to make sure someone can’t access your accounts for wire transfers or change your contact information without your secret password.