How cyber crooks are tricking you into picking up the phone & putting down your guard

This tricky email claims your card has been charged and you have to call to cancel. Image: Trellix

BY KERRY TOMLINSON, AMPERE NEWS

November 29, 2022

You may have heard the advice that you shouldn't give sensitive information to someone who calls you on the phone. But what if you are the one calling them? Crooks know your guard is down.

That's one reason why they're sending out fake emails saying your debit card has been charged more than $350. You don't recognize the charge, so you call to cancel.

That's when the thieves launch their next rather elaborate trap --- and it has nothing to do with credit cards. Here's how it works in our latest episode of Cyber Tricks Revealed.

Watch here:

Surprise Charge

This email might grab your attention.

It says your account has been debited with a charge of $349.99 for the "Auto-Renewable plan of Norton LifeLock Protection." If you didn't authorize it, you have 24 hours to cancel. And you have to do it by phone.

Since you most certainly did not approve this charge, you might just grab your phone and call the number.

The charge is fake. But so is the email. And crooks are standing by to take your call.

They'll first ask you for the invoice number in the email, according to cybersecurity company Trellix. They'll pretend to check the system, find nothing, and tell you the email is spam.

But that's not all.

“Here to Help”

"Is your system slow?" they ask. "Are you having any computer problems?"

"That's probably why you got the spam email," they'll tell you. "Let's have one of our executives call you back to help out."

On the next call, they send you to a customer support site designed to look like the real thing. You need this free anti-virus software, they may say.

Enter this code, download this file, and we'll scan your system.

Reality Check

They are scanning, however, not for viruses, but for your passwords to things like your bank accounts, and for personal info they can sell on the underground market. Now they can take over your computer and run it from afar.

The real surprise is not the fake charge but the complex and manipulative way they convince you to give them control over your laptop and bank account.

What to do?

This attack mostly targeted people in the U.S. and Canada, Trellix said, as well as India and China to a lesser extent.

Ampere News called the number listed in the email, but the call did not go through. For anyone else thinking of calling the number, Trellix has this warning:

“Any attempt to recreate part or all of the activities described is solely at the user’s risk, and neither Trellix nor its affiliates will bear any responsibility or liability.”

If you get an email that you want to verify, go to the company site separately, without clicking on the link in the email. If you want to call, look up the company number separately. Do not call the number in the email.

Some experts recommend you always go to the company site directly instead of clicking on links in email, text messages, and ads. It will take an extra step, but it will also prevent many attacks and scams.

More in Cyber Tricks Revealed:

More from Ampere News

 

FEATURED Stories

Featured
Scammers are stealing people's faces for live video calls
Scammers are stealing people's faces for live video calls
Learn to detect a deepfake voice with an Elon Musk clone
Learn to detect a deepfake voice with an Elon Musk clone
Would you fall for this fake email written by AI?
Would you fall for this fake email written by AI?
Here's how easy it is for scammers to use PayPal to trick you
Here's how easy it is for scammers to use PayPal to trick you
Thieves are running illegal travel agencies with your stolen points
Thieves are running illegal travel agencies with your stolen points
Patrick Miller