Skip to main content

How I almost fell for a scam myself

It's quite ironic that I wrote a blog post a mere ten days ago about why do people fall for (refund) scams. I almost fell for a scam just a few days ago myself. Goes to show that no matter how much one educates oneself about these things, and how smart one thinks one is about it, one can still fall for them, especially when acting too hastily and in eagerness. (Well, almost fall for them in this case, luckily.)

I was recently browsing amazon.de for new graphics cards. I semi-regularly do this to see if there happens to be some kind of sale or bargain for them. I noticed that there seemed to be a quite awesome bargain for an EVGA RTX 2080 Super card: Just a mere 419€ (compared to their normal price of 800€+.)

I did have immediately in mind the adage "if an offer seems too good to be true, it probably is". However, I was lured into believing it by several factors:

Firstly, this was Amazon, not some dubious Chinese website like AliExpress or Wish. Amazon is more reputable than those.

Secondly, this seller had a whopping 13 thousand user reviews, spanning years, 90% of them positive, and apparently a huge catalog of products (I checked). It appeared to be a rather big seller selling all kinds of products.

Thirdly, I did google the name of the seller company, and did not find any warnings online of it being some kind of scam. Although, in retrospect, I also did not really find many other sites mentioning this seller. Google did return results that seemed to indicate this seller to be located in Germany (map directions and all.)

Fourthly, Amazon offers very strong guarantees against fraudulent transactions, so it's relatively safe to buy through them.

My cursory research did not find anything particularly suspicious about this particular offer, other than the very unusually low price. Everything else seemed to be ok. I was, of course, still puzzling how a company could sell an RTX 2080 Super, new, for such a low price, but perhaps there was an explanation for it.

However, when I proceeded to purchase the card, Amazon informed me that the seller does not ship to my country. This is, apparently, how the scam sneakily works, and it certainly worked on me.

You see, I wrote an email to the address given in the company's Amazon page asking if they could make an exception and deliver it to Finland anyway... And I got quite soon a reply that yes, it's possible. If I provide my name, address and telephone number, they will create an order through Amazon.

I had written my email in English. The reply was in German. This seemed a bit strange to me, but at this point I didn't think much of it. I foolishly provided my name, address and telephone number.

Some time later I received an email that looked like it came from amazon.de, with all the logos, graphics and so on. However, it was immediately very, very suspicious. Not least because it ended up in gmail's spam folder.

Firstly, the email didn't actually come from amazon.de, but somewhere else. All emails from amazon.de always come from that address. The scammer hadn't even tried to spoof the sender's address. Secondly, the email, while looking like something that could be sent by Amazon, asked for a money transfer directly to some bank account.

I checked my account at amazon.de, and there was absolutely nothing anywhere about such an order.

This immediately triggered some alarm bells in my head. Amazon displays a warning that says: "Do not do business with a seller that directs you off Amazon. A legitimate purchase, protected via Amazon A-Z Guarantee would never occur outside of Amazon." However, even without that warning it was still highly suspicious to bypass Amazon completely in this payment process.

I immediately backed off from this, as it seemed way too much a scam to be legitimate. I also went to report this incident to Amazon customer service. And, indeed, in the page to do so there is quite a warning about this exact thing:
"If you received an e-mail regarding an order you don't recognise, please check Your Orders in Your Account. If you can't find a matching order, the e-mail you received wasn't from Amazon.de. Please do not click on any links on such emails. To report a suspicious e-mail, please forward the e-mail to stop-spoofing@amazon.com and then delete it. Please also note that Amazon will never ask for your personal information or to verify your data by clicking on a link in the message. Never respond to requests to transfer money directly to a seller for a Marketplace order. You can get tips on safe online shopping from our Help pages and watch a short Help video on identifying phishing e-mails."
For a moment, they really had me. It was just that direct money transfer to some bank account that triggered alarm bells in my head, even without having seen those warnings from Amazon.

I did provide them with my email, name, address and telephone number, though. I can only hope those are not enough for something nefarious.

I really have to wonder how this could happen. I suppose all those 13 thousand user reviews could be spoofed or faked. Or, perhaps, it actually is a genuine seller, whose account was perhaps hacked?

Although I find that latter possibility less likely due to the fact that a couple of days later I saw the exact same offer still on amazon.de, but under a different company name. Still same amount of user reviews and everything else, just a different company name. This would tell me this isn't an actual existing big seller.

Comments