What are they?
Anti-Virus gift card scams are probably one of the most common scams out there today. They primarily prey on the elderly who may be confused about what programs they’re using on their computers, and think that what they’re being told is factual, and not just lies. These scams are also some of the most dangerous because they allow a scammer access to many things such as your files, your tax returns, personal photos, and even your bank account information. They will take you through a whole process just to get you to purchase gift cards from a store to provide them payment, and in the end, could end up taking thousands from your account. This scam is scary on many levels because not only does it deal with you financials, it deals with anything and everything personal on your computer, and scammers can even continue to retain that level of access days and weeks after they’ve scammed you out of money.
How do I know if I’m a target or a victim?
There are actually a few ways this scam can start, but the verbiage used is honestly all very similar, whether someone dials you up, or they send you an email. The three most common ways that I as well as others have seen this scam manifest, are through text message, email, or a phone call. The call, email or text will often start out by telling you that your subscription to your favorite anti-virus program has expired, and it’s time to renew, or they will tell you that the subscription has already renewed at a rate of (something ridiculous) something like 480 dollars per year, and that the Visa (most commonly used card) on file was charged for this. You, of course like anyone else would frantically scramble to call these people and cancel your antivirus subscription because no reasonable person wants to pay almost 500 dollars for a virus program on a single PC for a year.
Once the scammer has you in their crosshairs, they will strike. The idea is that you will call the number that was provided to you in the email, and once you do, the scammer will ask you to remote into your computer to remove the antivirus software since you supposedly haven’t “paid for it.” After they’ve convinced you download the remote support software (Usually AnyDesk , LogMeIn, or TeamViewer) they will then request access to your computer. After the scammer is in they will typically take you through a couple of arbitrary commands or other things in an attempt to scare you into thinking that you have a virus on your machine. You may see the scammer open up your command prompt, and type in “tree” which will start branching out all of your directories in command prompt, giving you the impression that something is overtaking your PC while you watch. The scammer will then tell you that you have a virus, and for an extra charge they can remove this from the computer for you. After they’ve “eradicated” the virus is when you get into the real meat and potatoes of the scam.
They want into your bank account.
The next step in the process is to attempt to get you into your bank account, so they can do a little creative manipulation. They will ask you to log in to your online banking, and then as soon as they see that you’ve done so, they will black out your screen. Sounds scary, right? Well…it should because it definitely is. Not only does this scammer now have access to your banking records, but they also now have full reign of your accounts, and passwords while you sit helplessly behind the keyboard. I should also mention the scammer will likely not actually touch any of the funds inside your bank account. The goal of every scammer is to create the illusion of an issue, and while they have access to your accounts without you there, they are doing some simple behind the scenes work to only make it appear as though they’ve transferred you a large sum of money. For example, if you supposedly had a 500-dollar piece of software, and you were supposed to be getting that 500 dollars back, they would right click on the number, inspect it, and manually change the values in your browser to make it look like they transferred 5000 dollars back to you instead, essentially tacking on an extra zero. This is when they will unblock the screen to reveal to you what has happened, and where their terrible acting starts to kick in. Your scammer will likely tell you that they accidentally transferred you too much money, trying to put you in a panic. They will act like they need you to send them back that 4500 dollars, and they’ll ask you to reimburse them by going to the store to purchase them gift cards.
What should I do?
If you ever reach this point in the scam, your next step is actually going to the store. Fortunately, many employees at retail establishments have been well-trained in this issue and are now aware that this scam exists. Because this awareness is out there, they are the last line of defense against these scammers, who would likely be trying to get you to purchase these gift cards and read them back the numbers. Most retail establishment employees at places such as Wal-Mart, Target, Walgreens, Hyvee, or anywhere else these gift cards are sold will ask you many times at the register if you’ve been on the phone with someone who’s asked you to purchase cards for them. This is your final warning and is a good time to quit talking to the scammer if you haven’t already.
If you didn’t quite make it this far but gave up when the person asked you to buy them gift cards, congratulations! You stopped at the same point most other people do, but sadly you’ve compromised a fair bit of data already. It’s important at this point to be vigilant and call your bank. You’ll likely want to cancel your account or at least go have a conversation with your bank about changing your account numbers, your passwords, and more. After this, whether it’s me or not, please reach out to your nearest and most trusted IT person to have them do a once over on your computer. This will ensure that the remote software that was used to access the computer can’t be used again, and that all of your information is safe. I also personally recommend that you reset your router by pulling the power on the modem for 10-15 seconds, and then plugging it back in. This will reset your public IP address if it’s assigned to you by your Internet Service Provider such as CenturyLink or Mediacom.