The email smelled as bad as week-old fish: It was a screenshot of a $1,000 cell phone I had supposedly bought on Amazon.
I quickly checked my Amazon account. No purchase was recorded. Then I checked my credit card account. Ditto.
This was clearly a scam, and the real action was the “Amazon” order number and phone number, with a Philadelphia area code, included on the email. I dialed the number.
The man who answered sounded unprofessional, but he was all business: He wanted to know my credit card information to “verify.” I asked him how he got my email. Agitated, he repeated his demand for a card number. When I told him I knew he wasn’t legit, he hung up.
I had been caught up in one of the largest ongoing scams on the planet. It’s estimated that hundreds of millions of potential marks are targeted by the confirm-your-Amazon-transaction ruse each month by email or robocall, according to YouMail, a phone security company.
Although media attention focuses on high-tech operations, such as the recent spate of ransomware attacks on big enterprises, these consumer-based scams appear far more ubiquitous and are less sophisticated than the headline-grabbing cybercrimes. They illustrate how cons preying on people’s trust have evolved from one of the oldest tricks in the book—brand fraud—which used to mean knockoff Rolexes, Louis Vuitton handbags and, much earlier, cattle rustling. Caveat emptor, pilgrim.
Now, after the global coronavirus pandemic made people more homebound, scammers have turned to trusted brands including Amazon, Apple, and warehouse retailer Costco as decoys in their relentless quest. The torrent of fake online inquiries and offers reached spectacular levels during the last year when millions were stuck at home and ordered online.
The scammers don’t require much more than a cheap router to blast out emails and robocalls—it costs $100 to $200 to make 1 million calls—and the unauthorized use of corporate logos.
These frauds are part of an unrelenting, metastasizing cybercrime trend that targets consumers, businesses, and government 24/7. And there’s plenty to be worried about: Online consumer threats rose 82 percent in 2020, according to Atlas VPN, a cybersecurity firm.
Apple’s website warns consumers about fake calls or emails that pretend to alert potential victims through “pop-ups and ads that say your device has a security problem.”
They may also issue bogus warnings of an “iPhone calendar virus,” “iCloud locked email,” or a “breached” account, according to scam-detector.com.
The core emotional trap of these scams typically is to scare and implore you to call, click, or email to reveal account information. Criminals may even send fake texts with the same intent, a practice known as “smishing.” They may also pretend to be from Apple, Costco, or other large retailers.
Although exact numbers are difficult to come by—since the majority of these come-ons are never reported—scammers took advantage of the blizzard of online commerce during the pandemic lockdown.
Plugging “Amazon” into the Better Business Bureau Scamtracker site, which tracks complaints made to the organization, shows reported scams more than doubling between March 14, 2020 through June 14, 2021 from the comparable period starting in 2019—the rise coming roughly from the start of the pandemic to the reopening date for most businesses and organizations. This is just a tiny sampling of the larger problem, though: Online purchase scams made up 38.3 percent of all scams reported to the BBB site in 2020, up from 24.3 percent in 2019.
The swindles are a numbers game. Even though the vast majority of people do not take the bait, even a tiny fraction of hundreds of millions is still large. Since consumers do so many transactions online, it can be hard for distracted shoppers to keep track of their online retail orders, even those made by people using their stolen information.
John Breyault, vice president of public policy telecommunications and fraud for the National Consumers League, said that three Amazon-linked scams his organization hears from consumers often involve “clicking on [email phishing] links, compromised accounts and updating payment information.”
The Federal Trade Commission has frequently warned against the scams—and is empowered to police them—but they are too numerous to crack down on or shut down.
All government watchdog agencies have been overwhelmed by the sheer volume of scams, many involving relentless robocalls and even fake unemployment claims.
“The FTC’s resources are woefully inadequate” to shut down these frauds, Breyault notes. “People were stuck at home and disconnected from their social networks during the pandemic while these complaints increased.”
Johnson would like to see technical solutions that could block robocalls, except in emergencies. “We’d like to see stronger enforcement,” Johnson says. “They’re destroying lives when they clean out accounts.”
On its website, Amazon makes clear that it’s concerned about all this. “We take fraud, scam, phishing and spoofing attempts seriously,” says the retailer. “If you receive correspondence you think may not be from Amazon, please report it immediately.”
This article was adapted from a RealClearInvestigations article published July 7.