Fun with Scams

Early this morning, I see an email from my realtor in my inbox:

Note: I blocked out her name in all the captures.

Right away, I noticed something; something aside the fact she wouldn’t ask me for “urgent help”. I noticed her signature was missing her phone number and realtor info.

I correctly surmised her e-mail had been hacked, and this was someone running a scam. So, I answered.

Again, I blocked out her name. Hint, if you are in e-mail contact with me, I always have a signature under my name; a saying that’s easily recognized as coming from me.

Anyway, it went on . . .

Two things to note:

  1. The return email changed from the actual email to a fake email.
  2. Notice the two different fonts. The first one is (likely) the canned “help” message. The last line is the “personal touch” of the scammer.

Now, I thought the request was pretty ballsy. That’s $800; most people would be hard-pressed to drop that kind of money for an “urgent” request for help involving iTune gift cards.

The good thing about this instance is we easily recognize the request as a scam but know that some messages are more convincing.  Here’s my reply:

I mean, I could have sent back this:

. . . but I figured I’d see how long I could string this person along. Saying I could only do three gift cards lent — I thought — a measure of realism to the reply.

Also, I knew they don’t have the phone since I’d texted my realtor to let her know about the hack.

So, this was interesting because “urgent plea for help” and “it’s fine” don’t quite mesh.

Engaging these scammers in conversation makes it clear English is not their native language.

So, here’s where I mix a bit of truth in my responses:

Not calling them out, but asking them to reassure me, which they do:

An opportunity for more fun . . .

Actually, the person has an Apple phone and pad, but the scammer doesn’t know that.

This should raise flags as sending from someone else’s device is not exactly trivial as you’d have to log into your own e-mail on their device. Easy, but most people would be reluctant doing so. Again, note the poor language composition for longer sentences (just like me!).

Also, if you can’t use your phone, how is it you can use an iPad?

I enjoy throwing in actual events into my fiction to lend a measure of realism. I’m also now doing what most people who are friends (good enough friends to ask $800 from) do; share other interests and refer to prior conversations.

I’m hoping this lends more weight to the idea I bought this scam hook, line, and sinker, to use a hunting term.

So, they conveniently ignore the question. I give them a few good marks for that. So, a little while later, while I’m supposedly at the optometrist:

So, consistent timeline, decent personal details, reference to prior events . . . I could write a book.

Short and sweet response; two can play that game . . .

A little later:

Kind of pushy, but they did say they needed urgent help . . .

Unfortunately, I have bad news for them . . .

Again, a mix of fake news (it works for politicians) and I throw it back on their court.

They show remarkably low concern for my plight:

I waited a while and then . . .

Yes, I laid it on kind of thick . . . because I was tired of playing. It’s been over four hours and they haven’t answered so I assume they got wise . . . or don’t want to guarantee my medical bills.

When I do these kinds of things, Melisa worries there might be retribution. I suppose, but I doubt it. It takes time and effort and there’s no gain to it. It’s just as easy moving on to a more gullible fish.

I mean, I suppose they could try hacking me email . . . but, they would have to install a keylogger on my machine so they can steal the login credentials. But, even if they manage that, they would also have to get my phone since almost at all of the places where I have accounts of any kind, I’ve turned on two-factor authorization.

Some might consider it a pain, having to enter a random code whenever logging on to places, or receive a text with a code, or use other methods to verify one’s identity.

I mean, I suppose it’s possible for someone to break into my house and install a keylogging program on my machine, but since they would be in the house, they could just bop me over the head with a baseball bat.

Otherwise, they would need to rely on my clicking on a malicious link at a malicious site. Also, rely on the various safeguards I have installed to fail and allow me to get to a malicious site and then allow said malicious code to load on my PC.

I suppose it could happen. The odds, though, are small.

Anyway, next time someone tries to scam you, have some fun; waste some of their time.

I should do a picture, just for kicks . . . how about two? 

I might have used these before, but who’s gonna object?

That’s it. This post has ended . . . except for the stuff below.

<><><><><><><><o><><><><><><><><><o><><><><><><><>

Note: if you are not reading this blog post at DisperserTracks.com, know that it’s copied without permission, and likely is being used by someone with nefarious intentions, like attracting you to a malware-infested website.  Could be they also torture small mammals.

<><><><><><><><o><><><><><><><><><o><><><><><><><>

If you’re new to this blog, it might be a good idea to read the FAQ page. If you’re considering subscribing to this blog, it’s definitively a good idea to read both the About page and the FAQ page.