Anatomy of a survey scam -- plus a yard-sign text warning: Internet Scambusters #932
We have two new and very sneaky scams this week about completing product surveys and receiving text messages about signs you might have planted in your front yard.
With the help of Internet security firm Sophos, we'll walk you through the way a survey can be used to steal all your confidential information.
And then, we unveil the details of a clever trick using text messages to suggest that a sign in your yard has been defaced in some way.
Let's get started...
How a Great Deal Lures You Into a Survey Scam
Since many of us are spending more time at home these days, you might be tempted to take a more favorable view of one of those survey or feedback requests that either arrive randomly in your online mailbox or appear in an online ad.
Usually the lure comes in the guise of an ad for a well-known consumer brand that you use and for which you have an online account. It has all the relevant logos etc. to make it seem genuine.
The ad will basically offer a small discount on your next purchase -- say 5% off. All you have to do to get the price cut is "click here" for your coupon. So, you click.
Suddenly, you learn that you're "one of the lucky few" to qualify for a much more valuable prize, perhaps a discount of up to 90% or a gift of your choice, if you'll just complete a quick survey.
Usually, the message says only a handful of people will get this -- and you're one of them! They may even give you a bonus code you're supposed to key in at the end of the survey to secure your special prize.
Uh-oh. A scammer is reaching out to try to trick you.
But if you don't realize it's a trick, you might be tempted. After all, you have a few minutes to spare and now there's a mouthwatering prize on the end of the line. You're hooked.
When you complete the survey of seemingly innocent questions about your buying or shopping experiences with this well-known brand, you get a message saying your survey responses are being processed, so "please wait."
Now you're told that there are quite a few people at the same stage as you but only a handful of prizes left. Note how the urgency is starting to build. You may not be one of the lucky ones after all!
Next, says Internet security firm Sophos, who recently tracked such a scam, comes the sting.
The prize gets even bigger -- in this case a cell phone for a dollar. But, heck, there's only one left now. Time to grit your teeth and move fast.
This time, they want the email address and password for your account to accompany your entry.
Finally -- last gasp -- you just have to pay a nominal shipping and handling fee and you get the phone. So, your screen now tells you to just key in your credit card details and that phone will be on its way.
Now do you see what you would have done?
You've given your account sign-on details and your credit card info to the scammers, and before you know it they'll order all types of stuff to go to a mailbox or "pigeon" forwarder and max out your credit card wherever they can.
And the final indignity: You click the "pay now" button and end up on a meaningless Google search page.
If you realize what's happened, you might be able to act fast enough to change your account details and warn your credit card company.
Ultimately, of course, your card company will likely pick up most of the tab for your mistakes, but there's still a lot of unraveling for you to do to finally put things right.
How to Spot the Scam
Apart from the obvious fact that offering a big prize for a small task is suspicious, there may be a few other hints that you're being scammed.
For example, the wording of the promotion may not seem to match the brand's products. That's because, in the Sophos example, the scammers had copied questions from a genuine survey for totally different products and just pasted them into their questionnaire.
Also, having promised you a prize at the outset, you suddenly find yourself seemingly competing for the last big gift. That simply doesn't add up.
And finally, as we always warn, you should never give confidential sign-on and financial information without being 110% sure you really are on the page of the company/brand you thought you were dealing with.
You can get more tips and read the full survey scam report from Sophos: Anatomy of a Survey Scam – How Innocent Questions Can Rip You Off.
Yard Sign Text Scam?
A recent incident involving a member of the Scambusters team has sparked an alert about those front yard signs many of us plant -- for the elections or even a yard sale.
There have been several reports of people defacing signs and, in one reported case, planting razor blades at the top of the sign so anyone touching it would cut themselves. And that apparently did happen.
But in the case of our team member, it seems the signs may also be being used to scam their owners.
Both he and many of his neighbors all received text messages that seemed to come from another neighbor. It said something like: "Sorry about your sign. I'm going to buy one myself in solidarity with you and I'll get one for you too."
Neither our man nor several neighbors actually had a sign, so he was alert to something weird happening -- and it may spread to others in the countdown to the election, or even beyond.
Our best guess is that the neighbor who "sent" the text had their address book hacked, either on their phone or PC. And then the hacker targeted all the addressees at random, whether they had a sign or not.
It could have just been mischief, even a trolling incident. Or it could have been the first step in a malicious attempt to identify cell numbers that were "hits" and use them to send other text messages, perhaps with dangerous links. Or they might simply sell the number and user identity on the black market.
It might be an isolated incident but we suspect something more sinister could be afoot. If it is, we'll let you know.
Meantime, if you get a text message seemingly from a neighbor, check that the phone number from which it is sent is correct. If it isn't, don't reply -- call the real number instead and check with your local friend.
In our case, our team member spotted that the sender's number wasn't right, although it bore the neighbor's name.
Time to conclude for today -- have a great week!