I ALMOST Fell For This Scam!

Jan Emming

This afternoon (Wednesday, June 15, 2022) I received a scam email, phishing for personal information. Most such emails are easy to recognize, especially if you don’t have any business dealing with the bank or business that the emails are supposedly from. But eventually random chance will dictate that you can come across a highly believable message, and you might fall for it. I crafted this album to show how I ALMOST fell into this trap, and what I did to figure out their game after the fact. Everyone should understand how these BS artists operate so that we can protect our online information.

1. I got this email today, informing me that my subscription to Geek Squad tech services was going to renew within 24 hours for $350 for a two year term. This surprised me because usually services like this warn you a few weeks ahead of time so that you can prepare. Not only did it surprise me, but it annoyed me.
2. Now one would think that I might have immediately suspected something being wrong, but unfortunately I do have a subscription to a different service, and I mistook it for them. I might not have had a Best Buy-related tech support subscription named Geek Squad, but I do have one by a similarly-named service which I won’t divulge publicly given the subject matter I’m discussing. This is what phishing emails rely upon – you forgetting your renewal dates, or the exact name of your service, or whether you recently placed an order somewhere. They try to trick you!
3. The computer service contract I do pay for renews in the summer months, so this scam email just happened to arrive at the right time to trick me. I’m not oblivious, nor am I stupid. I am just human and don’t always have total recall of every detail of my life at a moment’s notice. This is where I tripped up, as the scammers intended.

In retrospect and upon closer analysis, which I should have done sooner, I can see several typos and errors. One is that they say this is $349.99 for two years of auto-renewal, and then at the bottom of the email they say, “Please retain the copy of invoice as the proof of your service for one year.” To a fluent and fully literate native English speaker using business language, a more typical phrasing would be something like, “Please retain a copy of this invoice for your records as proof of payment for service for two years.” (Not one year – that’s the biggest error this scammer made.)

At the end they said “Thankyou”, which is not one conjoined word. Even the most basic spell check would have caught this mistake. These errors should have tipped me off, but I was acting with urgency so that they wouldn’t debit my account by tomorrow. As a result, I didn’t reread a suspicious email more carefully for the obvious grammatical and oddly-worded sentences typos that many non-native English speakers could easily make. Creating these false senses of urgency are a very standard trick these scammers use, and sadly it actually worked on me, too….
4. Another way that these con artists hook you is to make the number they are “charging” you a credible one. Not too high, not too low. About what you might to actually be paying for a monthly subscription tech service, in this case about $15 a month. Too high seems outrageous and fools very few people. Too low isn’t profitable enough for the scammers to bother with. A middle figure like $350 strikes a balance that makes the scam both credible and worthwhile, without necessarily tipping off the victim.

They also included some sort of attachment with the email. I did not open it, because I was suspicious of that, but it would be SO EASY to make that error and accidentally download malware or any other number of harmful viruses, trackers, spyware, or ransomware. Most people won’t click, but surely some do, even if only by accident.
5. Adding another layer of credibility to the scam is the presence of a warning to watch out for abuse and fraud, and to warn people to check before paying anything. This is hugely deceptive, like when a con man gets you to trust him by acknowledging that fraudulent intentions are possible and to verify things about him if you are worried. This is how these scam emails, businesses, and people appear trustworthy, and I hate to admit that initially it fooled me. It slipped past my starting skepticism, again because I am human and fallible.
6. So these a-holes provided me with a phone number to call to cancel my “subscription”. I recognized it was being a California area code and when I dialed it, it came up as Atascadero, CA. But the person who answered it had an Indian accent. That right there raised a red flag to me, but then again, lots of legitimate USA-based companies have migrated basic customer services to overseas call centers, so in and of itself this isn’t always a cause for worry. I decided to proceed with caution.

What happened next is that I almost, ALMOST did something potentially catastrophic and very costly! The Indian “support technician” instructed me to type in a particular URL into my browser, and once I did it automatically opened a “remote support session”. My true anti-viral/anti-malware software, the very one that I DO pay for from the legitimate service I subscribe to, blocked a pop up from opening and gave me a “malicious software” warning.

When I told the fake “Geek Squad” tech this, he said, “Oh, that is because your service from us has already expired. We need to download something different.” He then directed me to open a new browser tab and type in yet another URL, which led to the following page….
7. Edit: I wrote this photo caption before I looked into the “free version of Zoho Assist software” after finishing this album. This information is covered on the last photo of this post, and rather than retype it here, I’ll just write this addendum up front that this is not necessarily the fault of Zoho. I’ll leave the original text I wrote below, to show the way my thinking evolved with further research into how these scams operate.
______________________

This new page that the fake Indian tech directed me to was a different “remote support session”. Note how this page contains information that tries to appear legitimate. For example it warns you that you should only offer information to people you recognize and trust, and there’s a “report abuse” link. (I’m guessing that clicking it would lead you to bad things and more malware.) (Edit: Maybe not, since Zoho is likely a legitimate business management company which is used for dark purposes by bad people like my fake Indian dude posing as a Geek Squad technician.) Also they tell you not to offer any sensitive financial information. Which of course you shouldn’t. But this is a false reassurance designed to lure you into trusting them, all while you cede control of your computer to this fake “support technician”. (Edit: Again, I think my initial reading of this situation wasn’t accurate as far as Zoho itself is concerned.)

Of particular note is the disclaimer at the bottom. The permissions box comes pre-checked and denies responsibility for any “scam-related activities that might occur during use of the application”. It also claims that the app will be removed after the session ends. I highly doubt this! (Edit: Upon further investigation, maybe this is actually true. But it wouldn’t do any good once the scammers stole passwords, documents, log ins, and whatever else.)

By now I had multiple layers of anxiety running, and several loud alarms were going off in my head. I decided that it was safer to just hang up on the call and think about what I was doing. So I pretended to have a phone reception issue and that the call was disconnected. It is super weird how even in the midst of being scammed, the “politeness reflex” kicks in. Scammers often know that many people are hesitant to appear rude, and they try to utilize this ingrained response many of us have in order to keep our confidence and to trick us. The fact that I even felt the need to use an excuse to back out of the call rather than simply calling it a scam and provoking a conflict speaks to this impulse. Sincerely, this nearly cost me dearly.
8. After hanging up the call, I quickly googled for “Geek Squad scam” and immediately I came up with several articles covering the topic. After reading them, I concluded that I had literally almost become a victim of a very convincing-looking phishing scam. Here is a screenshot of part of one article by Windows Report. It shows how parts of the scam email can appear in your inbox – down to the very same email header of quickbooks @ notification . intuit . com. The article online said that if you are getting a Geek Squad email from this address, it is almost surely a scam. And to think that I was tricked by a combination of timing, random chance, and naivete into actually calling the number to cancel my service. Within minutes I was steered into a dangerous “remote support session” that would have given control of my computer to a fake tech with an Indian accent, leading to what could have been horrific consequences!
9. Here is a screenshot of part of the Windows Report article exposing the Geek Squad scam, showing how the fake support page appears. Indeed, the page I landed on where my anti-malware flagged a malicious download had this exact image on it, likely cribbed from the actual Geek Squad/Best Buy website in order to fool people like me. These guys did a very good job at fooling me, and I went way farther down the path than was wise. Fortunately my antiviral program caught something at a critical juncture and warned me, buying me about 2 extra minutes to think about what I was doing. Later, my intuition also helped save me. This is ironic, given how this scammer tried using the Intuit . com domain name as a platform to trick me!
10. Another screenshot from the Windows Report article, indicating what to do in case you did divulge sensitive information by accident. I don’t think I did anything that would have compromised my computer or financial security. I didn’t download the software or app or enable to tech to gain control of my computer, nor did I enter any banking information. But I was just ONE CLICK away from having done it, and that scares me because I am normally fairly aware of scams like these. I guess the moral of the story is, “Don’t be overconfident!”
11. This was the final link that I had to click before joining this deceptive “remote support session”. The fake Indian tech gave me this 10-digit code to enter a chat, which would have given them remote control over my computer. As you can see, I had already entered the 10 digits, and was just about to click the “join session” button, which would have allowed the scammer access to my computer. Once granted access, what on earth would these bastards have done? I shudder to think of what I could have been dealing with had I clicked accept. But I backed out at this point because my senses were shouting, “Don’t! It’s a scam!” I am glad I listened, paused, hung up the call, and decided to do more research first.

In hindsight, it seems so stupid that I fell for it and even called them in the first place. And then I followed passively while the fake Indian tech guided me to what would surely have been a disastrous position, all within less than 4 minutes. Had this been a legitimate cancellation of a subscription service, why would they need to gain access to the inner workings of my computer? They should just cancel the service and not require anything more than my name, address, and account number.

Only once I exited the situation and did more research did I recognize how close I came to falling into a huge trap. Instead they very nearly duped me into revealing only god knows what! This seems so blatantly obvious to me now, but at the time it did not. Again, don’t underestimate how devious these phishing scammers are, and don’t underestimate your ability to be fooled by them!
12. I didn’t know what Zoho is, so I decided to look it up. It is an Indian business management company based in the city of Chennai, Tamil Nadu State, which offers a variety of free and paid solutions to help small businesses run their operations. Evidently this includes scamming people by bad operators, which now explains the disclaimer on one of the earlier photos I posted. Zoho itself appears to be legitimate, but as a platform it can be utilized by shysters to trick people like me into a “remote support session” that enable nefarious activities. If this is correct then Zoho itself shouldn’t be blamed for how bad actors use it. This is why they put that disclaimer of responsibility at the bottom of that prior box.

All of this goes to reinforce the idea that you really do have to be very careful out there. Given the proper combination of circumstances, even fairly smart and conscious people can fall for dirty tricks. Almost no one believes in Nigerian Princes anymore, but I’ll be damned if I didn’t nearly fall into the frightening trap laid by this one.

7 thoughts on “I ALMOST Fell For This Scam!

  1. Good thing you listened to all those alarm bells. These scammers are the scum of the earth. And you are correct, they are getting harder to detect. A scammer managed to get all the private emails from the Board of directors of our Master Gardener group and sent ‘requests’ from our president for money’. I even asked a verification question which the scammer had the correct answer for. Unfortunately, one of our Board responded and lost quite a lot of money. It’s a sad state of affairs when you always have to be on alert and suspicious.

    Reply

  2. I got scammed today and living in Sweden, I called the number cause it said that I had started a subscription, that I didn’t had. So they said someone has started it for fake and charged me for it, They wanted the order id on the email, so I gave it to them. They insisted there after for me to get to a computer or iPad, I don’t own one, and I said I called from a iPhone, they wanted me to install a app. I said I can’t, they finished up by saying we’ll cancel your subscription and I hang up.

    They didn’t get my name or my personal number, just the fake order ID from the mail. But did you had to pay later on for the call, like a serious amount of money?

    Reply

    1. These scammers use an amazing number of different ways to trick you into giving out personal information, or downloading malicious apps and software to steal your data with. I did not give them anything important either, and it did not cost me any money because I woke up to the threat in time. Sounds like you had a close call too!

      I did have a bunch of spam emails come into my inbox for weeks after this incident. They all were similar to the original one I nearly fell for, but of course I recognized them as scams afterwards. It took a number of times to report and block every single email that came in, but they finally stopped. That’s one more consequence of engaging with scammers – they now have proof that your email is active and valid, and they will try again and again. Plus I am sure they will sell it to other scammers. We all have to be so careful out there, so beware!

      Reply

  3. Great article. Good comments too. I almost fell for the Geek Squad Scam this morning, but thanks to my antivirus software got the warning that the site does not support https. Thank you.

    Reply

    1. It’s a pretty convincing scam the first time you run across it. Glad you avoided it too! Thanks for your input.

      Reply

Leave a Reply