There’s a certain inevitability in falling victim to a scam.
As potential victims, we fail to understand that the con artist is a professional; we, on the other hand, are amateurs.
They know where and when we will likely let down our guard; we tend to be caught by surprise when we discover we have been had.
I previously identified red flags, motivations and behaviors that lead to losses, yet, they have not been sufficient for everyone to stay protected.
Here is a prime example of what I mean.
The victim was a well-educated retiree with advanced college degrees and nearly 40 years of professional employment. Financially successful and socially connected, he considered himself capable of recognizing scams and possibly thwarting the scammers.
Recently, he received a text message from a major hotel chain. Not unusual, because he has membership in the hotel rewards program and has often booked rooms with the company. The text provided a link to the hotel chain, which, in turn, described a special survey program that would give members additional loyalty points and discounts, but it was necessary to respond to several questions.
So far, no red flags, and the webpages looked quite legitimate and utilized the hotel chain logos.
Clicking on the link opened a questionnaire page that asked for many standard items, such as full name, address, email address, gender, birthdate/age and loyalty/rewards number in the hotel program. Curious that the hotel chain solicited my involvement in this program so it would seem that all of this information would already be in their hands?
Well, it is, and the elaborate “offer” was a well-crafted phishing scam to collect, at a minimum, personal information that could be used at a later date to “hack” into the hotel rewards account and feed other attacks.
By the way, I am this unsuspecting victim.
After volunteering with AARP Vermont Fraud Watch for nearly seven years, writing this column for six years, producing and hosting a CATV series on fraud, and speaking to groups throughout New England and beyond, I now can count myself as one more person caught up in a scam trap.
Did I miss red flags? Did I ignore any obvious indicators? Was I lured by promises of wealth, perceived authority, social consensus, reciprocity, or fear? Not really. It was due to my interest in participating in “innocent” surveys from companies I patronize.
So, what did I lose and what did they gain?
Technically, I lost nothing. All that demographic information and much more is readily available on the internet (sometimes we forget that our lives are documented and that information can’t be blocked). I did provide connections to the criminals by linking all the information on one handy page. Additionally, I acknowledged and may have given access to a hotel rewards account — information that could be used at a later date to set a scam into play.
Did I lose anything? Probably not, but the lesson is clear. On the internet, even that which is familiar can easily become a trap.
There are steps I should have taken that are simple and go a long way to protect information. These steps are natural when the message comes from somewhere outside my usual contacts, such as Wells Fargo Bank or Bank of America. I should have examined the email address of the sender.
For example, if the message was from the Hilton hotel chain, it should have appeared as “@hilton.com,” not Gmail or Ymail. Second, when I clicked the link on the email, the webpage that appeared should have included www.Hilton.com, not Weebly or GoDaddy or Google.
Simple steps, but a matter of negligence on my part by not attending to the basics, but again, my familiarity and use of the hotel website led me to make a false assumption of legitimacy.
As noted in the past, constant vigilance is necessary. In this case, I do not believe anything was truly lost. What about the next time?
Questions? Comments? Contact me a email@example.com.