Many people will be doing Christmas and holiday shopping in the days ahead, hoping to find some Black Friday deals, but beware if you get phone calls from someone claiming you have false charges on your credit card.
In the past, criminals would try to convince people to hand over their credit card information, but now, in a new twist, they are trying to get people to download an app on their phone that would give the scammer remote access to almost everything on it.
While generally it’s a good idea to ignore calls from unknown numbers or hang up if you get a suspicious phone call, I recently was contacted by someone claiming to be from Amazon, saying I had a charge on my credit card for a new iPhone.
I was able to record the call, and here is a sample of how it went.
Recorded message: your transaction page, press one now to report this transaction or two to authorize this order.
Scammer: Thank you for reaching out to Amazon. How can I help you?
Pat: Oh, hi, I just got a call that said there is a problem with a credit card and an Amazon order.
Scammer: Yes, sir, there is a purchase for an iPhone 13, which costs you $749, so is that you who has that purchase?
Pat: No, I didn’t do that. I didn’t make that purchase.
Scammer: OK, so I believe that you like to cancel the charges.
Pat: Yeah, I want to cancel the charges. I didn’t buy that phone.
Scammer: OK, now I just want you to look for the application named App Store over there, sir.
Scammer: A-P-P S-T-O-R-E
Pat: You want me to go to the app store?
Scammer: Yes, open the app store, sir.
The scam caller wanted me to download an app that would allow them to take over my phone and have access to my banking, e-mail, and basically every piece of information on it.
Cybersecurity expert Ritesh Kotak said anyone who downloads an app that gives a scammer remote access to their smartphone is putting their bank accounts, emails and all other applications on their phone in a vulnerable position.
“What the hackers are trying to do is get you to download something from the app store that allows them to have a remote desktop application,” said Kotak.
I strung the scammer along as she tried to get me to download the application.
Pat: OK, I’ve got it open.
Scammer: Tap on it and tell me what you see on your screen.
Pat: OK, but will that let you take over my phone?
Scammer: It’s an official application from where you will get connected to the Amazon security server. Once you will get connected to the server, you can cancel the charges and secure all the information, all right.
Pat: OK, can’t you cancel without me doing that?
Eventually, the scam caller grew frustrated when I wouldn’t download the app, and she hung up.
Kotak said a phone is now like a computer that contains so many aspects of our lives and financial information; if a scammer uses an app to gain control of it, they will have access to everything on it.
“If fraudsters and hackers are able to gain access to it, they eventually have access to your entire life, your transactions and all of your data,” said Kotak.
