The crazy way cyber crooks are pulling refund scams on you

*Attackers have found a way to trick people into thinking they are getting refunds. Image: Ampere News*

BY KERRY TOMLINSON, AMPERE NEWS

You think you're getting a refund. But in this scheme, cyber crooks are locking up your screen, messing with your bank account, and making off with your money --- all right in front of you.

The attackers are mailing out their fake messages to people in the U.S. and Canada, among other countries, according to cybersecurity company Trellix.

Here's how it works and how to protect yourself in this latest episode of Cyber Tricks Revealed.

Watch here:

How It Begins

This attack starts with a fake email, as many do.

For example, it may claim that you've automatically paid $459.98 for the antivirus Windows Defender to protect you from hacks, and you should call what looks like an 800 number for help if you want to cancel, said Trellix researchers.

But they're adding in a crazy twist that includes freezing your computer screen and putting up fake pages to fool you out of your money.

If you call, the helpful crooks may tell you the antivirus that was on your laptop when you bought it has expired, thus the renewal. To cancel, you have to connect to their "cancellation server and download a file. But that allows them to control your computer from afar and carry out the next phase of their scheme.

Email from cyber attackers that claims you have paid $459.98 for Windows Defender 2022 — *Trick email claims you’ve been automatically charged $459.98 for the antivirus Windows Defender. Image:* *Trellix*

Phase 2: Locked UP

They start by secretly locking your screen so you can't do anything. Then they put up a fake cancellation and refund form for you to fill out, researchers said.

When you're done up pops a message saying something like "Congratulations, your refund is being processed."

But there's more. "Please log into your checking account and look for the money link from support team," it may say. "Once you see that click on accept to credit the amount in account."

This is when things get even trickier.

Phase 3: NUMBERS GAME

They unlock the screen so you can log into your bank account, then freeze it again so you can't see what they're doing.

Invisible to you, they start a payment from you to their account for the same amount as the refund, in this case, $459.98. They unlock the screen for you to approve the transfer and enter any approval codes, if needed. You see the amount and may think it's the refund, so you approve.

Then they throw up a 'refund successful' page and may even send you a refund message on your phone for good measure. By the time you figure it all out, your money is gone.

What to do?

Check the sender's name and email address for clues. Does it match what the sender is claiming?

In the example from Trellix, the sender is "Miropshireu Cornowsm," definitely not Microsoft as the email shows. The address is armandourowey125@gmail(dot)com, also not a Microsoft match. Many people skip over that part of the message, especially if it's just a few letters off.

Cyber crooks can also use more realistic names and address and/or break into real email accounts in order to send messages, so the name and address is not a guarantee of reality.

Another important step is to look up the company's site and number on your own without clicking on links or calling the number in the email. Then you can find out if it's real or fake without getting robbed in the process.