Part Two: The Refund Scam
Continuing our four-part article series on online fraud/scam prevention and information, with the popular Refund Scam.
This scam typically starts just like the “Tech Support Scam” and involves the “right” of the victim to receive a refund. The victim usually receives an email from fake websites disguised as E-Bay, Amazon or even phone-calls from fake Microsoft or another company with the aim of making the victim understand that, because of a reason, the victim should get refunded. Then, the scammer accesses the victims’ computer through remote access software and asks whether the victim has online banking in order to transfer the victim his refund. Once the scammer has access to the victims’ online banking, he then proceeds to black out the victims’ screen (and keyboard) while the “transaction” is happening. During that time, the scammer sees how many accounts are connected on the victims’ online banking and then proceeds accordingly by “adding” money into the victims’ account through the “inspect element” function of the website.
Tip: In every website, when you “right click”, there is a function on the bottom of the results stating “inspect” or “inspect element” which allows you to make changes in the HTML of the website. However, simply speaking, even though changes could be made at the website through inspection of the HTML, they are never permanent (money cannot be transferred like this) and everything is restored with a simple refresh of the page.
When the scammer seemingly “adds” the refund to the victims’ account (though “inspect element” function), he makes a “mistake” and adds way more money than the initial “refund” amount which he subsequently asks the victim to refund him back because it is the “company’s” money that were transferred “by mistake”.
Important note: Scammers will usually ask for refund (or payment) through gift cards (apple store gift card, google play store gift card, amazon gift card etc.) which are untraceable and are typically resold online on auction websites (a gift card worth €200 can be sold for less but nonetheless the scammer makes profit). The scammer directs the victim to the physical store closer to the victims’ home and once the cards are purchased, the victim is asked to give the codes to the scammer so the “refund” to the company is achieved. Unfortunately, once the scam is successfully pulled of and the codes are given, most of the time, it is impossible for the victim to get the money back.
Important note: If the victim refuses to act as told by the scammer who has remote access to the computer, then the scammer might frighten the victim by (falsely) stating that he can steal all of the money in the account (which makes it very weird why the scammer couldn’t just take back normally the amount back and instead asked for gift cards) and that he can delete all files of the computer unless the victim follows the instructions, in which case it is then very visible that the seemingly “company worker” now has more sinister intentions. Scammers will do anything to persuade the victim that they are not trying to defraud and that they are legitimate.