The online version of my column doesn’t appear to be up on the Kitchener Post website yet, but here’s the column I wrote this week. I would like to post this as far and wide as I can:
Have any of you wondered if you could fall for a scam?
Many of you have heard reports of people phoning up residents, trying to trick and intimidate people into sending them money. Many of you may even have encountered such calls personally. Hopefully, many of you weren’t taken in.
Some may wonder who could be taken in, and the image of someone elderly or somebody not savvy enough to put up the trust shields comes to mind
This past week, I almost fell for a complex and well-executed scam. It ate up almost two hours, and though I figured things out before money changed hands, I ended up sending the perpetrators a copy of my driver’s license.
The perps found my resume online on a job site I use to look for work. They sent me an e-mail, supposedly from a reputable company, suggesting that they liked my qualifications, and could I contact them for an interview?
Without thinking anything was wrong, I reached out, and had an interview over instant messenger.
Perhaps I should have been suspicious, but the perpetrators had done their research. They’d tailored their job to my resume. They asked all the questions you’d expect from a professional job interview. They made me work for this, so when I learned that I’d gotten the job, I was happy and ready to commit.
However, they told me that I needed to purchase some equipment before I started work. They said that they would pay for it, and offered to send me a copy of a cheque by e-mail that I could print out, snap a photo of, and deposit it to my bank over my cellphone.
That’s when alarm bells started ringing. They rang even louder when the cheque arrived. Looking up the address on the cheque on Google Maps brought up an image of an empty field.
I broke contact, looked up the company and called its head office and asked for human resources. The person I reached could guess what had happened before I finished my story.
There was no job offer. There was no interviewer. Representatives of the company only ever e-mailed using the company’s domain name, not a g-mail account.
The company took what information I could give them because they want to defend their reputation against scammers who are piggybacking off of it. I also sent information to the job website, although I deleted my account immediately.
I called the Waterloo Region Police, but because the meeting hadn’t happened face-to-face, and no money had changed hands, fortunately, there was little they could do.
Because I had sent the perpetrators a copy of my driver’s license, I got in touch with my bank, my credit cards, and other credit agencies to put an identity theft alert on my accounts. Hopefully, I’ve done enough, but only time will tell.
If you think that you cannot possibly be taken in with a scam, remember that I knew about some of these scams, and yet I was taken in by these perpetrators for over an hour.
On Twitter, I discovered that these perpetrators had tried the same trick with a writer in Texas, who fortunately managed to escape without giving up any information.
Be careful out there, especially in situations like job hunts where you make yourself vulnerable. I count myself lucky that I only lost a couple of hours and now only have to worry about identity theft from my driver’s license.
Hopefully, this column can prevent something worse from happening to someone else.
James Bow is a writer and a father of two in Kitchener, Ontario. You can follow him online at bowjamesbow.ca or on Twitter at @jamesbow.
So, that was what I was comfortable writing about on the Post, and here are some additional details that I hope will catch the attention of anybody else plagued by these guys, looking to see whether or not they’re being scammed (you are).
The company these two were impersonating was the SAS Institute, an analytics software company that has a reputation for being a fantastic place to work. This is another element of the honeypot — one I wasn’t quite aware of at the moment. But, as the kind person at human resources tells me, any contact by people in the company on official company business is done via e-mail addresses containing the company’s domain name, such as @sas.com, and not @gmail. That’s a good thing to remember in any scam of this type: where are the official contacts?
The addresses used by these people were email@example.com and firstname.lastname@example.org. They also messaged me from the phone number (647)793-8294, which now that I Google it, suggests a connection with a number of shady escort services. So, these guys have a number of things on the go.
It’s too much to hope that we can shut down people like these permanently, but I hope others will learn a lesson from my near miss, and that I can do my part in making their work at least a little bit harder.