Details of an Internet Scam
Interesting details of an Amazon Marketplace scam. Worth reading.
Most scams use a hook to cause a reaction. The idea being that if you are reacting, they get to control you. If you take the time to stop and think things through, you take control back and can usually spot the scam. Common hooks involve Urgency, Uncertainty, Sex, Fear or Anger. In this case, it’s all about Urgency, Uncertainty and Fear. By setting the price so low, they drive urgency high, as you’re afraid that you might miss the deal. They then compound this by telling me there was an error in the shipment, trying to make me believe they are incompetent and if I act quickly, I can take advantage of their error.
The second email hypes the urgency, trying to get me to pay quickly. I did not reply, but if I had, the next step in a scam like this is to sweeten the deal if I were to act immediately, often by pretending to ship my non-existent camera with a bonus item (like a cell phone) overnight if I give them payment information immediately.
Of course, if I ever did give them my payment information, they’d empty my checking account and, if they’re with a larger attacker group, start using my account to traffic stolen funds.
officerX • January 7, 2013 7:43 AM
“Of course, if I ever did give them my payment information, they’d empty my checking account and, if they’re with a larger attacker group, start using my account to traffic stolen funds.”
The attacker asked for a bank transfer, which is initiated by the payer so there is not much an attacker could do with it (apart from taking receipt of the payment of course). And even if the attacker was to obtain the account details of the victim, there still is nothing he could do with it. Bank account numbers and sort codes are quasi-public and you cannot do anything with it really, and certainly not trafficking stolen funds because you cannot make any outbound payments. These things are published on letterheads, websites, during eBay checkouts….
I think the statement above is exaggerated. The attacker depends on the victim making the payment, not disclosing any “payment details”.