INDIANA – Even typically savvy consumers are falling victim to a new scam in which they are emailed that they must unsubscribe from free-trial services in order to avoid charges on credit card accounts, Attorney General Todd Rokita warned today.
The new scam is distinctive from others because the email instructs recipients to phone a call center for more information rather than providing links in the text of the message itself. (In some variations of this scam, the fraudsters may phone consumers rather than email them and leave callback numbers.)
Operators at the call center direct callers to a fake company website and lead them through a series of online steps that install dangerous malware onto the victims’ computer systems.
“Scammers are constantly becoming more clever and cunning in their tactics,” Attorney General Rokita said. “Our office is committed to making sure Hoosiers are aware and prepared to avoid these kinds of traps.”
Victims are less likely to suspect scams when they are the ones taking the initiative to gather more information, Attorney General Rokita said — such as having to phone a call center.
Further, email messages that contain malware links are often detected by computer security applications. The attackers in this case avoid such detection by leading victims to those links over the phone.
During the conversations, the scammers may ask callers to download a spreadsheet and follow other instructions. When callers say they do not recall ever signing up for any free trial offers, operators often explain that it appears someone else signed up for the offers using the callers’ information.
“The paradox is that these scammers pretend to be helping protect their victims,” Attorney General Rokita said. “In reality, they are preying upon them.”
At the end of the calls, the operators assure callers that nothing will be charged to their credit card accounts. By that time, the unsuspecting victims already have downloaded malware onto their computers that may enable the scammers to remotely control the victims’ computer systems or install ransomware.
Anyone receiving emails such as those described above should refrain from calling the phone numbers provided — and be especially sure not to navigate to any websites provided to you on the phone.
Instead, if you receive such an email, you should call your credit card company and explain the nature of the email you received. For peace of mind on the off chance the email is legitimate, simply instruct your credit card companies not to accept any such changes.
In addition, if you are concerned about the possibility of unknown charges or debts accrued in your name, you should consider obtaining regular credit reports from Equifax, Experian, and/or TransUnion.
If you suspect that your computer has been compromised by a hacker, you should:
- Quarantine your device by unplugging from the network and disabling Wi-Fi. As long as you’re connected to the internet, the hackers may be accessing your device.
- Change your passwords. Make your passwords longer — ideally at least 12 characters.
- Let your family and friends know that your device or email may have been hacked so that if they notice anything suspicious appearing to come from you, they don’t fall prey to a scam themselves.
- Scan your device for any malware, deleting anything suspicious, and restart your device.
- To be better prepared for such events, install security software from a company you trust and set it to update automatically. Use a password manager to keep track of your passwords.
Report any scam attempts you encounter to the Consumer Protection Division of the Indiana Attorney General’s Office, which works every day to safeguard the rights of Hoosiers. Visit www.IndianaConsumer.com for more information.