IdentityForce Logo IdentityForce Logo
Protect What Matters Most.
Posted on September 5, 2017 by in Personal, Scam Alerts

At some point, we have all searched the internet to try and find a phone number. This is especially true when it comes to those hard-to-find phone numbers for large companies like eBay, Amazon, and other online retailers. Cyber criminals are beginning to use this to their advantage. They’re setting up websites, or using existing websites, to publish a functional toll-free phone number that many people are seeking out. But, that phone number isn’t what it seems.

When a potential victim calls that phone number, instead of being connected to the company that they were looking for, they are lured into performing actions or divulging information that could lead to financial fraud. The scam generally involves cyber criminals siphoning money from user accounts in the form of gift cards or getting direct access to their PayPal accounts. Then, they transfer the funds into their own accounts.

I was apprised of a similar scam recently involving Amazon Prime. The victim, who knew of my work from numerous blogs I’ve written, had reached out to me after she had unsuccessfully contacted her local police department for help. Unfortunately, most local law enforcement aren’t set up to deal with virtual crime effectively.

The victim in this situation had an issue with an Amazon order and wanted to speak to someone to resolve it. She did a search and found various resources that showed a toll-free number along with the Amazon Prime logo. When she called the number, the perpetrators then convinced her that she must log into a remote access service, which allowed the scammers to enter her machine.

A remote access service is something that many of us have used if we’ve ever had tech support log into our computer from a remote location to fix our machine or update something for us. In this case, they had the victim login to her Amazon account and then they took over her computer in front of her.

Here’s how the scam works: A quick search for “Amazon Prime phone number” serves up many options, including the legitimate Amazon Prime phone number along with a number of fraudulent phone numbers.

Below is a search query result for “amazon prime phone number”:

a screenshot of a google SERP showing the beginnings of a phone number scam.

The above 341 number is the scam phone number the victim called. You’ll also notice the Creationkit.com website hosting the scam added “17 minutes ago.” After a day or two, the page will be deleted. It’s more than likely because Amazon is aware of it and tells the website to remove it. But, the page will be re-added over and over again. Below is what a similar Freshdesk.com page looks like when the webpage is deleted:

an example of what happens when a phone number scam is removed from the web

Freshdesk.com is another website that scammers use quite a bit. But, in order to evade detection, they continually change up the web copy to avoid web crawlers from detecting their scam. For example, the 341 toll-free number appears to be all numeric, and I’m sure previous posts were numeric. But, this one, when copy/pasted, shows the number ones are actually upper case I’s.

an example of a phone number scam

What makes the scam more “legitimate” is when the scammer uses sites like LinkedIn for their home base. LinkedIn Pulse is where I, and many others, post content. The scammers in this example set up a LinkedIn profile and began posting the Amazon Prime logo along with the fake phone number.

This scammer, calling himself “Victor Alexis,” posted similar content, but altered, to avoid detection eight times on LinkedIn in one day.

an example of an Amazon phone number scam

A day after all eight posts went live, LinkedIn deleted them.

The problem here is that Victor, or whatever his really name is, will just create more LinkedIn/FreshDesk/CreationKit accounts and keep the scam going on into eternity.

On a hunch, I searched for “Paypal phone number,” and sure enough, on the first page of the search results came up another phone number scam.

Because the site is the CreationKit, which hosted the same scam for Amazon, I’d bet my life the phone number would lead to a scam. And again, you will notice that the post is only one hour old.

an example of a PayPal phone number scam

Back to the victim that initially contacted me about these phone number scams – when she contacted me, she was in a bit of a panic. There were tears involved and at least a couple of sleepless nights. Her concerns involved malware on her PC, which could impact all of her financial accounts and other sensitive information. From the moment she allowed the scammers to login to her PC, she was suspicious. Watching them go through her Amazon account and purchase gift cards for themselves set off all kinds of obvious alarms. But, it wasn’t until they asked her to login to her PayPal account that she freaked out, hung up the phone and shut down her computer.

Here’s what I told the victim: “This isn’t your fault, but don’t do it again.” Now that she is aware that such a scam exists, she won’t do it again. Know, right now, that a retailer will NEVER need remote access to your computer. If you need to call PayPal, Amazon, or any other business, only contact them using the phone numbers published on their official website.  Also, while it’s unlikely that any other accounts in her life are affected, I still recommended that she change all of her passwords. Scanning her device for malware is essential and even reinstalling her operating system might be a worthy adventure to completely rid her device of any malware that may have been installed. And, while identity theft protection services and getting a credit freeze won’t protect you from these scams they can help protect your identity from “new account fraud” – which is a common occurrence once cyber criminals have your personal information.