Yes, given how almost impossible it gets , specially as a non paying user, to even initiate a human response from the likes of Google, Microsoft etc (one usually has to resort to posting on (semi) official forums) and routine compromised accounts in the millions , why would they single anyone out for special personal treatment.
Thanks for sharing this experience Yascha. I’ve always thought that, if the “scammers” ever hired an English major, they would be difficult to detect. Seems they have.
Yascha, I got the same exact call a week ago from "Google" 2 weeks ago and from "Coinbase" last week. Since I work in Cybersecurity, I knew it was a scam from the first second but I played along until I got him to send me a link he wanted me to click. I copied the link and pasted it into a secure virtual sandbox. You can use Joe Sandbox or ANY.RUN. it redirected me to a look-alike copy of Google's and Coinbase's websites under newly registered domains. I then emailed the abuse department at the registrar of each of these domains, provided a recording from the sandboxz along with the phishing email and the domains were suspended within 24 hours.
Always pay serious attention to your instincts, no matter how muted they may be because of the psychopath's camouflage...the older one gets, the more this makes sense. It is now doctrine in my household.
Former/Always 82nd Airborne Infantryman, Disabled Veteran for Life, & Author of the book, "The Separation of Corporation and State" subtitled "Common Sense and the Two-Party Crisis" Available on Amazon.
I had a similar thing last month, though they said they were from my bank. The only reason I got out of it without fully getting scammed was that I was driving and their questions were too detailed to answer while also navigating Beltway traffic. So I asked for a callback number and they hung up. These guys are getting better all the time.
Well done indeed. I am personally very paranoid about this sort of thing - it's really the only way to be these days, unfortunately. The default must be a high level of paranoia and vigilance. It's not our natural state, for most of us. People need to have simple, hard and fast rules to follow, and be disciplined. A protocol. First, (1) whenever a human reaches out to you - likely scam, because humans from companies don't do that anymore. (2) And ANY text, phone call, email, must not be responded to, never click a link someone you don't know sent to you. That's not how legitimate entities operate. Always stop, and find a way to contact the entity involved to confirm whether any inquiry is legit. Be wary of clicking on links in every case, but don't be fooled if a scammer sends you a link and it connects to what looks like a legitimate website from Google or any other entity. So easy to fake that. It's very hard to avoid, and they're very good. And this is a bit of a digression, but LOCK YOUR CREDIT. I do it with Experian. Check your accounts at least every 48 hours. It's the price of operating in the modern world. Be paranoid, because your information is out there. All of us - our social security numbers, all of it.
Again recently, a particular "Data Broker" ELIMINATION service has received multiple top prizes (Consumer Reports, CNET, PC Magazine and from international experts in scamming) for being "real," effective and efficient. That service is called "Optery." We subscribed for an annual account and within weeks our scam calls and emails plummeted. (Optery scored far higher than Incogni AND DeleteMe). Just saying: getting your data OUT OF THE HANDS of the over 600 data broker "companies" is part of the solution.
The fact that the "victim" (Yasha) felt compelled to be courteous to the scammer and even prolonged the agony by giving time and, weirdly, credence to them points rather worryingly to Stockholm Syndrome.
Exactly why I have no google accounts. Or none that I sign into. When these bums tell you "time is of the essence", you know it is a scam. To protect your account, they could put some kind of hold on it, I would expect...if the threat was indeed real.
Everything digital can be hacked. With A/i, the threat of spammers and scammers will only get worse, much worse. One thing that makes this easier for scammers is that probably over 80% of the people online have google accounts. That makes for a gigantic target base.
Interesting read. But it really looks like paid PR content to force people to activate two-factor authentication for Google. Recently, I came across too many aggressive attempts by Google to force me to give it my phone number and activate two-factor authentication. This read is really intended to scary people into doing this. Maybe the author describes real situation, but it really reads a lot like fake paid PR. Especially with description how the author rushed to activate everything Google pushes its users do and provide Google with even more personal information.
Good job handling that. The irony is that Google doesn't call people—that type of personal attention is only going to come from phishers.
You are absolutely correct. That should be the tip off right off the bat.
Yes, given how almost impossible it gets , specially as a non paying user, to even initiate a human response from the likes of Google, Microsoft etc (one usually has to resort to posting on (semi) official forums) and routine compromised accounts in the millions , why would they single anyone out for special personal treatment.
Thanks for sharing this experience Yascha. I’ve always thought that, if the “scammers” ever hired an English major, they would be difficult to detect. Seems they have.
Yascha, I got the same exact call a week ago from "Google" 2 weeks ago and from "Coinbase" last week. Since I work in Cybersecurity, I knew it was a scam from the first second but I played along until I got him to send me a link he wanted me to click. I copied the link and pasted it into a secure virtual sandbox. You can use Joe Sandbox or ANY.RUN. it redirected me to a look-alike copy of Google's and Coinbase's websites under newly registered domains. I then emailed the abuse department at the registrar of each of these domains, provided a recording from the sandboxz along with the phishing email and the domains were suspended within 24 hours.
There’s a special place in hell for scammers. These bottom-feeders deserve harsh punishment .
Always pay serious attention to your instincts, no matter how muted they may be because of the psychopath's camouflage...the older one gets, the more this makes sense. It is now doctrine in my household.
I am blessed, because I am too poor to scam.
Lebo Von Lo~Debar
Former/Always 82nd Airborne Infantryman, Disabled Veteran for Life, & Author of the book, "The Separation of Corporation and State" subtitled "Common Sense and the Two-Party Crisis" Available on Amazon.
https://a.co/d/fy5rSdW
I’m gonna fall for one of these someday, I just know it. Thanks for posting!
I had a similar thing last month, though they said they were from my bank. The only reason I got out of it without fully getting scammed was that I was driving and their questions were too detailed to answer while also navigating Beltway traffic. So I asked for a callback number and they hung up. These guys are getting better all the time.
Well done indeed. I am personally very paranoid about this sort of thing - it's really the only way to be these days, unfortunately. The default must be a high level of paranoia and vigilance. It's not our natural state, for most of us. People need to have simple, hard and fast rules to follow, and be disciplined. A protocol. First, (1) whenever a human reaches out to you - likely scam, because humans from companies don't do that anymore. (2) And ANY text, phone call, email, must not be responded to, never click a link someone you don't know sent to you. That's not how legitimate entities operate. Always stop, and find a way to contact the entity involved to confirm whether any inquiry is legit. Be wary of clicking on links in every case, but don't be fooled if a scammer sends you a link and it connects to what looks like a legitimate website from Google or any other entity. So easy to fake that. It's very hard to avoid, and they're very good. And this is a bit of a digression, but LOCK YOUR CREDIT. I do it with Experian. Check your accounts at least every 48 hours. It's the price of operating in the modern world. Be paranoid, because your information is out there. All of us - our social security numbers, all of it.
For awhile I was getting emailed PDFs of Geek Squad and PayPal invoices. I don't use either so I deleted the emails without opening the PDFs.
Yup...my sister got a "bill " from geek squad recently.
Again recently, a particular "Data Broker" ELIMINATION service has received multiple top prizes (Consumer Reports, CNET, PC Magazine and from international experts in scamming) for being "real," effective and efficient. That service is called "Optery." We subscribed for an annual account and within weeks our scam calls and emails plummeted. (Optery scored far higher than Incogni AND DeleteMe). Just saying: getting your data OUT OF THE HANDS of the over 600 data broker "companies" is part of the solution.
For the record:
Email header spoofing exists too and is semi-common! Don't trust the "from" address when the stakes are high!
The fact that the "victim" (Yasha) felt compelled to be courteous to the scammer and even prolonged the agony by giving time and, weirdly, credence to them points rather worryingly to Stockholm Syndrome.
No, it just shows that people have a basic reflex to be polite almost all of the time to people they don’t know.
Exactly why I have no google accounts. Or none that I sign into. When these bums tell you "time is of the essence", you know it is a scam. To protect your account, they could put some kind of hold on it, I would expect...if the threat was indeed real.
Everything digital can be hacked. With A/i, the threat of spammers and scammers will only get worse, much worse. One thing that makes this easier for scammers is that probably over 80% of the people online have google accounts. That makes for a gigantic target base.
Interesting read. But it really looks like paid PR content to force people to activate two-factor authentication for Google. Recently, I came across too many aggressive attempts by Google to force me to give it my phone number and activate two-factor authentication. This read is really intended to scary people into doing this. Maybe the author describes real situation, but it really reads a lot like fake paid PR. Especially with description how the author rushed to activate everything Google pushes its users do and provide Google with even more personal information.
Thanks for sharing. That was an ingenious one indeed