How to Make a Scammer Sorry They Bothered You (nonviolently)
I don’t typically get to play detective—but one recent morning, I received a priority morning FedEx delivery containing a check for just under $6K from a company I’d never heard of. No note. No trace of this company or even the dollar amount when I searched my email. Some other red flags, too, like a total mismatch of sender and company (different states), the misspelling of the bank’s name and the absence of any branch address—although it had several security features that seemed to check out.
Having trained as a journalist and been online since 1994 (not counting a brief experiment with Compuserve in 1987), I have pretty decent research skills. So the first thing I did was call the phone number on the check, where I got a recording about the “text subscriber” not being available (not a company phone, in other words). Second, I googled the bank routing number, which came up empty—so I flipped it around, searched for the routing number for this bank’s Pennsylvania branches, and got a match. I was expecting it to be the group of numbers on the left, but it was the middle set, which is why I didn’t find it the first time. Next, I searched for the company name. It’s a real company, it’s in the green energy industry, and it is located where it says on the check. And then I left a voicemail for the accounting department.
The company controller called me back about two minutes later, confirmed that the check was bogus, and was thrilled that I was willing to send pictures of the check and the FedEx envelope. She said it was the second call like this she’d received today. So, hopefully, we’re catching a crook. It was actually kind of fun, and not hugely time-consuming. Plus, since I’m a consultant to green and socially conscious businesses, I mentioned that I’d be happy to send information on how I help companies like hers, if she wanted to pass it on to her marketing people—and in her thank-you note, she mentioned that she’d passed the correspondence to the company president. It would be such sweet irony if this ended up netting me a real client.
And later in the day, I got a note from someone who had been in discussion with me about writing an article—and with whom I was treading cautiously (including requesting payment ahead in full via teller’s check) because there were definitely some yellow flags in his correspondence. It was the scammer! So I wrote back to him, “I only received the check this morning with no note, drawn on the account of a company I’d never heard of, and for an amount almost triple what I had requested. I didn’t even know it was from you until just now (there was a sticker over the return address so I couldn’t see it until I pulled it off). The phone number on the check was bogus, so I called the company, and they said the check was bogus as well. Needless to say, we will not be doing business.” And then I forwarded the entire email correspondence to the company whose check he forged! Now, the company has the phone number the sender gave FedEx, the one on the check, and the crook’s working email address. I’m hanging on to the original check and envelope for now, in case they are needed for a mail fraud case.
This shortcuts the typical interaction, where scammers say they accidentally overpaid, you refund the difference, and then you’re out of luck when the first check bounces :-).
I still believe that most people are basically good—but there are enough bad apples in there that you really do have to be careful. When I punch my security code into an ATM or card terminal, I always shield the keyboard with my other hand. My passwords are not guessable and the cheat sheet I’ve made for them not only uses a non-obvious file name but has nicknames that are only meaningful to me. I will instantly understand what “1stdaupobhse” means, but it would be meaningless to anyone else. And I keep a virus scanner on my computer, as well as file backup to the cloud. And when I get a Facebook friend request from someone who is already my friend, I post publicly on their timeline to warn people, give the URL of the scam profile, and suggest they change their password and report the scammer. In rare instances, it turns out the person found it easier to start a new profile than to get a new password for the existing one (yes, I have some seriously technophobic friends)–but usually, it’s an attempt at identity theft.
In short, we can all take little steps to ensure security and make us all safer, without getting compulsive about it. If you’re still using any passwords that are really easy to guess, change them! And if you’re suspicious, listen to your intuition and take some basic precautions. Don’t send money or give cc information to anyone who contacts you by phone or email with a crazy story (like your grandkid is stranded in a foreign country with no money). If someone claims to be from a government agency (especially a tax department), verify by calling the agency through the number on their official website (NOT a number they give you over the phone or in an email). Don’t panic and do verify. If you get the “grandkid” call, call your grandkid’s cell phone, and if you don’t get an answer, call their parents. And remember: a foreign prince doesn’t need your help to facilitate an illegal money transfer, an award that requires you to pay anything is not an award but a scam, and if it sounds too good to be true, it probably is. Snopes and Google are your friends. So is AARP’s fraud research, if you’re a member. A little due diligence can save a lot of heartache.
