You can increase earnings to the moon, cut expenses to the Ramen level, and invest like Buffett…but don’t forget to have a critical eye out for scammers. A woman lost over $2,000 selling on Craigslist, a business owner’s computer imprisoned, and a couple’s identity in jeopardy.
This is a letter to my children outlining three scam related stories, from folks we know, that occurred just this year. In each case, it cost them…
- cold hard cash
- …and peace of mind.
This page may contain affiliate links, please read our Disclosure for details.
3 Short Stories of Scammers in Action
Dear Potential Victims,
I’ve seen quite a bit in my career related to cyber crime, but I want to share with you a few situations close to home. Con-artists and scammers are not going away and the internet has made their job quite simple. You need to be mindful, recognize red flags, and protect yourself. The potential to lose Big TIME money is no joke.
How devastated would you be if your frugal lifestyle were all for naught? Say you postponed a family vacation to Disney and saved $2,000 going camping instead. Perhaps you pocketed that couple grand by cutting cable and only dining out a few times a year. What if all you saved from those sacrifices were wiped out in an instant?
Something similar happened to Liz, a coworker’s friend.
Scammed Out of $2,430 from a Fake Check
Liz runs a glass studio as a side hustle and markets her products on Craigslist. She was contacted by a guy named Steve who wanted to know if the item was still available. Liz responded to the email saying it was and told him to bring some cartons and bubble wrap for the glass pieces. He replied a few hours later with…
1st Red Flag – Very poor grammatical command of the English language. This guy sounds like an idiot.
2nd Red Flag – Sending a certified bank check before receiving the product is an odd sense of trust between strangers.
She provided her location details for Steve to send the check. His reply…
Liz received the check the next day and it looked entirely legit except for the amount (and this guy still sounded like and moron).
3rd Red Flag – The amount was significantly over the agreed upon sale and is a typical tactic of fake check scammers to take your money.
Steve called Liz shortly after receiving the check and explained that he sent her the wrong one. He instructed Liz to just deposit it and wire the difference back to him. He needed the money to finish deals on his “other properties.” When she cashed the “certified check”, the bank deposited funds after one business day…as required by law. It looked like the check cleared to Liz, so she wired $2,000 back to Stephen.
A week later, the bank finally discovered that the check was fraudulent and reduced Liz’ account balance the full $2,430. Steve never contacted her again and Liz still had her glassware to sell. Meanwhile, Steve is sipping lattes while enjoying a fully funded Disney trip…at Liz expense.If you’re side hustling or running a business that operates on platforms without transactional guarantees, you are your own safeguards.Click To Tweet
What should Liz have done differently?
- Recognized the behavioral red flags above.
- Contacted the issuing bank to validate the check.
- Never accepted an overpayment in the first place.
- Refused to wire money back.
- Only accepted cash in person.
- Used an online escrow service.
She has since documented the exchange and reported the scam to the FTC.
Holding a Small Business for Ransom
One of the fastest growing risks in cyber security is called “Ransomware”. It’s a piece of malicious software that encrypts data on a computer system and then denies access until payment is received.
Criminals typically use phishing attacks through email to solicit clicks to a website or download of an attachment. If the user takes action, the Trojan will execute code that renders all your files inaccessible without a decryption key. It’s nearly impossible to recover the data without offline storage.
My father fell for one of these phishing attempts after receiving a message he believed legit. The email appeared to be coming from one of his suppliers and contained an attachment titled “Invoice.” Naturally, he opened the file and BOOM!
Your pépère runs a small but successful Tool and Stamping shop. However, he does not have IT staff nor the wherewithal to understand cyber security risks. These small businesses are ideal targets for Ransomware developers and my Dad was in the crosshairs.
The email itself actually came from something like [email protected], but the From field was spoofed to look legit [email protected]. There’s multiple ways bad actors can manipulate the fields of an email, but I won’t get into that.
My dad was devastated. All of the drawings from his customers were locked up tight and business came to a standstill. He called me immediately to see if I could help. I went down after work, but there was nothing I could do. The Locky variant of ransomware took his system hostage. He had no offline backups or AntiVirus software.
Side note: Shame on me for not educating my own parents as I have you kids. Hey, maybe a new section on theFIway.com for letters to teach the previous generation about XYZ. I’m sure you already know more about a topic than I do *cough* Fortnite.
Pépère asked if he should pay the ransom. I said no based on previous discussions with the FBI in my professional career. They don’t support paying the ransom as it doesn’t guarantee you’ll ever get the decryption key.
“Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.” – FBI
This particular attacker requested payment via the cryptocurrency Bitcoin, which is nearly untraceable.
Instead of rolling the dice and paying… we spent the night rebuilding his system from scratch, installing the latest updates for Windows, getting him setup with a proper Antivirus software, and providing some long overdue education.
Unfortunately, he had to reach out embarrassingly to his suppliers and customers in order to rebuild his drawing archive. In all, it cost him a few days of operating time and a heap load of credibility. I’m not sure how much in dollar value that is, but it’s substantial for a small business owner.
What should Pépère have done differently?
- Kept regular offline backups of critical business data.
- Installed a suitable AntiVirus solution and spam filter.
- Virus scan all incoming files before opening.
- Called the vendor if he wasn’t expecting an invoice.
- Check the meta data of emails that are suspicious to validate originating address.
The In-Laws vs Microsoft Imposter
While watching a riveting DVR’d episode of Survivor, your Grandfather was rudely interrupted by a phone call from an apparent Microsoft Support representative. The caller claimed that Microsoft had been alerted that their computer has a very dangerous virus. Immediately concerned, he logged into his machine and followed the instructions being provided explicitly.
He disclosed username / password and downloaded a remote desktop application so the technician could “fix the problem”. The caller now had control of the system and popup alerts were flying onto the display. Grandpa was then told that the issue was more severe than initially anticipated and he would have to buy the “Gold Support Plan” for the low cost of $299.
Meanwhile, Grandma was not far away chatting with your mother on the phone. She overheard the conversation Grandpa was having and gave your Mom a play by play. I may have failed in teaching my elders about these types of threats, but your Mom’s a rockstar. She told her mother to “Get Dad off the phone and call Kylven immediately.”
I got the call at work from a panicked father in law who quickly explained what happened. I told him to disconnect the system from the internet and shut it down until I get there this evening.
I arrived with multiple offline virus scanning tools and spent an hour cleaning up his machine. We changed his username and password and uninstalled the remote desktop software. “Thanks, you just saved me 300 bucks” he said… but that wasn’t the end.
I noticed he had spreadsheets and software with all this business financials and personally identifiable information, such as Social Security Numbers. He also had bookmarks to his banking and investment sites. Out of curiosity, I asked if his computer username and password were the same on all these sites. To my horror, he said “yes.”
We went to every site where he had an account and changed the passwords…this time with something complex and unique. Before I left, I told him to freeze his credit by calling the three credit agencies. This will protect them from identify theft (to an extent) in case the Microsoft imposter had recorded enough information to open new lines of credit under Grandpa’s name.
My in-laws were a bit naïve to scams like this, but they’re getting better now.
What could your Grandfather have done differently?
- Understand that Microsoft will never send unsolicited emails or phone calls.
- Hang up and call a company’s legitimate support line.
- Use different passwords for every account…so if one is compromised, they aren’t all at risk.
- Keep your credit locked or frozen when you do not intend to borrow.
- Sign up for Identity Theft Protection
Simply Spend Less by not Getting Ripped OFF by Scammers
In all three cases, innocent people were taken advantage of. Liz lost money, my Dad lost business, and Grandpa’s hair went grey. There are thousands of scams out there to be aware of. Keep yourself continually educated as technology evolves and new threats materialize.You can be doing everything right financially, but lose big time if you’re not mindful of interactions that just don’t smell right.Click To Tweet
Keep a vigilant eye out,
Please let us know in the comments below if you or someone you know has fallen victim to such nefarious activities.
Kylven Ross is the owner and primary contributor of theFIway.com. He has been married for 17 years and is father to a son and daughter living in New England. Professional accomplishments include a bachelor’s degree and industry certifications in the cyber sector. He has spent the last 18 years working in the U.S. Defense Industry and as a Military Police Officer.
He discovered the concept of Financial Independence (FI) during a rather stressful year in the compliance space. After fully absorbing the benefits of FI, he has since committed to turning his household’s finances in the right direction. His experiences are documented as a series of letters that are used to educate his children and others about money. He does not want the next generation to make the same mistakes, but rather achieve financial freedom and find happiness.