Gone Phishing!

It all started on Monday, May 13th, when the PayPal app popped up and told me someone was asking for money (A large amount, more than $600). It was supposedly from a woman whose name I didn’t recognize. The app said that if I didn’t recognize the request to call PayPal at 1 (803) 430-9033.



I wanted to be sure it was authentic, so I looked up my account on the PayPal website. I saw the same request and another one with a similar amount. The payment request mentioned in the message appeared to have been paid. The same message as popped up in the app was also on the website with the same number (1(803)430-9033), so I called, thinking it was legitimate. A man with an accent (possibly Asian?) answered. While I was talking with him, I could hear other people talking in the background. I got the impression it was a call center, possibly working for PayPal offshore, or so I thought. He went through the normal things, establishing who I was and what the charge was, verifying my account. I was told not to worry, the money would be returned. This was when I realized that PayPal had already paid the amount. The man said they were denying the one they hadn’t paid yet. By then, my husband was nearby and I had the phone on speaker. The man said PayPal would transfer the money back into my account and decline the one that hadn’t been paid yet. 

He had me download an app called “Support Client.” so he could refund the money. It looked like this:



It took a while to download the app. The man complained about how slow our internet connection was, and I agreed, it was often slow. When it was done, he had me open it and it showed me my bank account on my laptop. He made a comment about how I didn’t have much money, which I took as a joke. Then he suggested maybe we had another account, and I told him we had my husband’s credit union, so he asked me to go to that one. I never do anything with it, so I suggested my husband might have to do it. My husband tried typing in the address on my computer, but he isn’t used to my laptop, and he kept making mistakes, so he suggested doing it from his.

(At some point in here the first person transferred us to someone he said was his manager. That person didn’t appear to have an accent. Later, I think, he transferred us to his manager, who sounded a lot like the first person. However, we were always talking with only one person at a time.)

The man from “PayPal” agreed to start over with the other computer, so we went to that one. We downloaded the app and it opened up his account. Then the “PayPal” representative showed him a screen with a place to input the amount of the refund. He tried typing it in, but it didn’t put in the right number, and when he tried to backspace to start over, it went to $10,000 and submitted as it was. The $10,000 appeared in the checking account. The man on the phone started yelling excitedly, oh, no, the whole amount in the refund account had gone into the account! He said he was going to lose his job. We suggested he could just reverse the process, but he said it was illegal for “PayPal” to take money out of our account. It was also illegal for us to keep it, but I doubted that.

By then, I was beginning to suspect something wasn’t legitimate, but I wasn’t sure. I started passing notes to my husband to that effect. The man said they had overpaid the reimbursement by $9301.00, and they needed to get it back. We started trying to figure out how we could return the balance. The man wanted us to go to our bank and withdraw the cash, but we told him our banks are in another state. This really upset him. We said we have another credit union account here in town, but it had only a small balance. What he wanted us to do was withdraw cash and for both of us to go to a list of stores (Walmart, CVS, Walgreens, Target, Lowe’s, a Kroger store) and each buy gift cards of the maximum amount. He said we could each get $500, but only $300 from Target.

While my husband was getting ready to go, he was still talking to the man on the line, who kept saying to keep the phone open. He asked if we had a charger in the car. Somewhere during this, I took my husband’s phone and went into another room to call PayPal at 888/221-1161, a number I knew was real. It always takes a few minutes to get to an actual person, but when I did, I briefly described what was going on and asked if this was legitimate. The person told me, no it wasn’t. That isn’t how they handle refunds. “Tell him not to buy the gift cards!” My husband went back to his computer and continued talking with the man for a bit. When the “PayPal representative” realized we weren’t going to buy the gift cards, he started yelling about how we were breaking the law, and they were going to have to report it to the authorities.

I opened up PayPal’s website again and discovered there were ten new requests for $600.99 each, for a total of 12 requests that were not legitimate. Each of the new ones had an email address as the person making the request. 

My husband disconnected the phone after I finished talking with the real PayPal.

We decided we should call our credit unions and ask for help. We started with the bank they had transferred money into, where we learned that $10,000 had been transferred from our line of credit to checking.(That was where the money came from, not from outside.) They transferred that back. The person we were talking with at the bank said the perpetrators would have removed the money from checking within a few minutes. I called my bank, and everything else was OK there. 

Both credit unions froze online banking for several days. We closed our checking accounts and opened new ones. I cancelled my credit card and will get a new one. We had another credit card associated with PayPal, but we just removed it from PayPal and are keeping that one, as the people we were talking with seemed adamant that we not use credit cards to buy the gift cards. Apple helped me check my computer for spyware online. I thought I had deleted the app, but they found it and helped me delete it permanently. Nothing else was amiss. My husband followed the same procedures on his computer.

Since this happened, I’ve had 8 calls from 402/935-7733. I use the YouMail app to screen my calls. If the number isn’t in my contacts, the phone doesn’t ring. You Mail identified the number as PayPal. I thought it might be PayPal’s fraud or phishing department, but wasn't taking any chances. On Wednesday, I called the number I knew was PayPal and talked with another representative. I asked if that was one of their phone numbers. The representative checked and said it was not. I went into the YouMail app and reported the number as spam with the comment that it was phishing/fraud. That blocked the number.

This was a slick operation. We're both older people, but we aren't dummies when it comes to internet issues. We know not to open attachments or call numbers from emails without knowing the source. This was very convincing, and I'm not sure how they got the PayPal app to open with the message. I'm not sure how they got their phone number onto the PayPal website or how they could have switched me to an alternative website that had the same information as the real PayPal. I'm not sure I had the PayPal app, but I could have. (Needless to say, I don't anymore.) Once they got us past that, it was easy for them to get us to download the app and have access to our computers.

A few days later, I went back into my PayPal account. The fraudulent request for money and phone number was still there. I took a screen shot. 



All of the other fraudulent requests were also there, as were the accounts we used to pay (two of which were no good anymore). When I called PayPal to close my account, I found out that they want to leave the account open while they finish investigating. That's fine. My wallet with them is empty. 

I have to say, as unfortunate it was that these people were able to get into PayPal to do this whole thing, the representatives I talked with there were very helpful. It's almost as if they've done this before! 

I want to get the word out to prevent this from happening to other people. I keep thinking about all the voices I heard in the background when we were talking with the phony PayPal reps. Are they calling other people? Did they target us because they knew we were both over 80? How did they know?

It will take us weeks to clean up the mess. They got a lot of personal information from us, and the aftereffects could go on for years, but we were very lucky. They didn't get any money.


PS. As of Saturday, they are still trying to call, but YouMail is blocking them. 





 

Comments