“I had no idea that I was a vulnerable person, and I found out that I was very vulnerable,” my friend Kay told me.
Kay is her middle name; she didn’t want to be fully identified. You’ll see why.
In late April, Kay received an email purporting to be from McAfee, the big company that sells anti-virus and other kinds of software. It said the company was charging her bank account $499.99 for something she’d purchased.
She called a phone number she found in the email to let McAfee know she’d made no such purchase. Except, the man who answered wasn’t with McAfee.
“The guy immediately took me to ‘Here’s how we do the refund.’ “
And that started her down a costly road.
Kay, 81, is an educated woman. She has an undergraduate degree in psychology and a masters degree in clinical counseling, both from Ohio State University, and she worked in clinical counseling until she retired a few years ago.
Paralympic hopefuls:‘These guys deserve to be recognized’: Paralympic hopefuls aiming for 2028 event
Something about the “refund” process felt off to her but the man on the phone was a master manipulator. “He got me under his emotional control,” she said.
He directed her to a website and told her all she needed to do was enter $500 in a certain place and she’d be refunded her $499.99 (plus a penny, presumably). But when she attempted to enter $500, the amount that showed was $5,000 instead.
Parking meter hubbub:Joe Blundo: A look back at the uproar over parking meters arriving in Columbus
“And when he saw it, he got all flustered and (said) ’Oh my golly, my boss is going to be really upset with me’ ” Kay said. “I thought it was my mistake.”
But he had a plan: if Kay would purchase $4,500 worth of gift cards from local retailers and read him the registration and PIN numbers, his company would get its money back quickly and he wouldn’t get fired.
“And I (Kay) said, “Why can’t I just send you the money from my bank?’ ”
He told her that would take too long. Instead, he directed her to several retailers to buy the gift cards. It took several hours, and he was on the phone with her the whole time, making sure nothing went awry.
By the next morning, Kay knew the truth. The email was a fake. The number she called took her to a scammer. The website he directed her to was designed to trick her into thinking she’d mistakenly entered “$5,000.” It also enabled him to gain control of her computer, which led him to her three bank accounts.
Book censorship:Joe Blundo: Welcome to Book Censors of America, where we judge a book by its cover
By transferring money between those accounts, he made it appear that she had, in fact, received a $5,000 refund — which initially reassured her that he wasn’t tricking her.
She, of course, will never regain the $4,500 she spent on gift cards. I asked her how she felt when she realized what she’d done.
“Depressed, foolish, scammed, taken advantage of. I would say that the biggest one was foolish. I was kind of suspicious the whole way through. I want to be clear about that.”
But something in the scammer’s demeanor overrode her caution.
The scam is called “phishing.” It’s been around a long time. (Check out the Federal Trade Commission’s advice on how to avoid falling victim to it at ftc.gov.)
My own email account gets several bogus messages a day trying to convince me that I’ve ordered something I didn’t. Maybe yours does, too. If you think you’re too smart to fall for a scam, remember: That’s what Kay thought, too.
Joe Blundo is a Dispatch columnist.
Tips to help protect consumers
No one is immune to phishing scams but there are some tips and tricks for how to spot, avoid and investigate emails that you may think are scams, courtesy of the Federal Trade Commission.
What is phishing?
Phishing scams are email or text messages that look like they are from a person or company that you are familiar with. The messages can ask you to interact in some fashion whether it be clicking a link, giving your password to an account or any other confidential information.
It is extremely easy for scammers to fake a logo or their identity. Phishing scammers also inject their messages with a tone of urgency, prompting that if you don’t interact or respond to the message quickly enough, an opportunity will be lost or something bad will happen.
However, do not interact or respond if you have any doubt or suspicion about the message. Clicking links that a phishing scammer sends you may allow them to hack into your computer system and other personal information.
How can I investigate a potential phishing scam?
Look up the website, email or phone number trying to contact you to verify they are who they claim to be.
If you aren’t sure after you look up the information, call the phone number associated with the person or company who contacted you to confirm the information given to you. Do not use the contact information provided in the suspicious message, but rather a number you know to be true, such as a customer-service number or a personal phone number.
Ask a trusted friend or family member to take a look at the message or information given to you to seek their opinion about whether it could be a phishing scam.
What do I do if I fall for a phishing scam?
Do some damage control and change as many passwords as you can. Consider even disconnecting your computer or device from your internet connection to try and contain the spread of malware.
Tell other people. Phishing scammers like to cast a wide net so they don’t really target individuals but rather a larger group of people. Ask your coworkers, friends and family if they have received any messaging similar to yours and warn them if they have.
Forward any phishing scams you receive — or fall for — to email@example.com. This email address is used by the Anti-Phishing Working Group. You can also report phishing scams to the Federal Trade Commission. Finally, let the person or company being impersonated know that they are being used as a disguise for a phishing scam.
— David Kwiatkowski, firstname.lastname@example.org