I managed to get scammed on Facebook

[andrewlen]

Thought I'd share this here as well because I think it's a good heads up to always keep your wits about you.

After many years of helping others who fell for scams, and even writing articles on how to spot them, I finally fell for one myself today.

One of my favourite Australian comedians, Isaac Butterfield, posted a video to Facebook that I liked so I left a comment.

A couple of hours later, I got the following reply. (Circled)



It felt genuine to me as Isaac Butterfield was running a promotion not long ago that was in the back of my mind. The above reply was posted by a fake profile, though.

Within minutes of my completing the information stated on the fake profile page, I got two automated alerts from my Debit Card provider that debits had been made.

I knew I hadn't authorised any debits, so I checked my Online Banking facility.

Sure enough, two transactions for $1.45 had been made, though still sitting in a Pending to be processed status. Two clicks and the card was Locked from any further use.

A quick phone call to my bank and that card is now cancelled and a different new one is on its way. No big deal. The $2.90 will eventually be refunded to me by my bank.

Analysing how it happened makes me realise the basic mistakes I made by missing (what are now) obvious signs that should have made me suspicious and now glare at me. Isn't hindsight a wonderful thing? :)

1. His name was all in Caps. His genuine profile isn't in all caps.
2. There was no Facebook Verified tick next to the name in the reply I got.
3. A credit or debit card should not be needed to win any sort of prize, despite the supposedly $0.00 transaction I entered on the fake profile page. (It was an excellent copy!)

The positives of this for me is the value of always using a "Debit Master or Visa card" rather than a credit card for online transactions.

I keep a maximum of $5.00 (or less) in my debit card account unless I'm purchasing from a store that I'm sure is legit, where I transfer the needed funds to before making an online purchase.

I'd love to know how much they tried to grab the first couple of times they tried before they dropped the amount to $1.45 per try.

The guy I spoke to at the bank confirmed there were two rejected transactions on the account minutes before the two successful ones went through but couldn't tell me for what amounts because of "privacy reasons".

How crazy is that?

I confirmed the two debits as fraudulent to him and even have a snapshot of the $0.00 receipt (see below) - but he still couldn't reveal the amounts that the scammer tried to withdraw first to protect the merchant's privacy.

Go figure! lol

Any useful information to scammers has been blurred for obvious reasons. I've also reported the domain as a possible scammer operated site.

The story was that this was one of his sponsors, so signing up for a free trial helps him out.



Anyway, lesson learnt.

Just goes to show, none of us is exempt from getting scammed.

Had I not been using the precautions I already routinely take, this could have been a lot more of a headache for me than just the mild inconvenience it caused.

Pays to stay vigilant all the time.

Cheers, Andrew

 

[andrewlen]

Further to the above, I've since DM'd Isaac Butterfield on his member site and note that the fake Facebook profile that replied to me has already been taken down.

The fake reply I got has also disappeared from my original post as shown in the first image I posted above.

He (or his staff) acted on the report like a rocket! Everything was gone in about 15 minutes of my making the report.

It's like it never happened now.

I can usually spot scams a mile away, but I got a bit distracted this time. The fact that a real promotion was recently run didn't help. <g>

I feel a little silly now :)

Cheers.

 

[xrobwx71]

Good information. Thanks for sharing this with us!

 

[axe0]

Sorry to hear you've been tricked into this; I would definitely use this as an opportunity to reinforce the basics, not just for yourself but also your audience because it just shows how important continuously practicing the basics is.

Funny thing here is that I immediately recognized this as a scam by how the reply was written, rarely do I see the real person posting a reply like that with fonts that are a bit out of place compared to the rest, bolted text and a checkmark somewhere. The real person, in my experience, does not need to use fancy fonts, italic/bolt text and all that. How I see it, all this does is get your attention in hopes they get you a bit emotional, or you might already be a little emotional, so you take the bait. From what I've learned over the years, being slightly emotional is already sufficient to get you to take action on something you would not normally do. That can 'easily' be counteracted by taking at least 24h to think about it before actually doing it, though try waiting a day before making a decision, usually not easy to do.

 

[Digerati]

Funny thing here is that I immediately recognized this as a scam by how the reply was written

Me too. Now of course, I say that, and 100% believe I would have immediately picked up on it, but... until something actually happens to us, we cannot be 100% certain.

Still, I am 99.9% certain because for me for starters, I don't believe 99.9% of what I see on Facebook (social media in general) to begin with. I have a FB account, but it is not active. I typically just use mine to see posted pictures of the grand and great-grandkids.

Then, as you did, though a bit too late, I noticed the all caps when previously, he had used "Title Case" (upper case first letters).

I probably would not have picked up on the check mark because I don't use Facebook.

But the biggest most glaring, slap-in-the-face, wake-up-stupid clue was them asking for a credit card number. I am leery and red flags go up when any site even asks for my zip-code.

The positives of this for me is the value of always using a "Debit Master or Visa card" rather than a credit card for online transactions.

Sorry but this is totally incorrect. It is always better to use a credit card rather than a debit for on-line transactions.

With a debit card, the bad guys have direct, and nearly immediate access to YOUR money.

With a credit card, they only have access to the issuing bank's money. HUGE difference. The bank will fight tooth and nail, and has the resources to do it, to get their money back. Plus, typical consumer protection laws in most countries protect consumers from fraudulent charges on credit cards only. For example, in the US, there is a $50 liability limit if reported right away. This is not just for fraudulent charges, but if the card is lost or stolen as well. This protection is not mandated by laws or regulations for debit cards.

In your particular case, "IF" you only keep $5 in your debit card account, then great. But that is NOT how debit cards work for most consumers. Typically, debit cards are tied directly to the consumer's checking or savings account. In some cases, users have tied their savings account to their checking for "overdraft protection". So a fraudulent charge there could result in emptying out the entire checking account, and the users savings account too.

Now for sure, some banks do provide some protection from fraudulent charges on debit cards. Most don't and even when they do, those protections generally are no where as close to that for credit cards. Why? Obviously because there are no laws or regulations requiring banks do that - and we all know how much banks enjoy providing free services for their customers.

So as a general rule, a credit card is always safer for e-commerce.

 

[andrewlen]

Sorry but this is totally incorrect. It is always better to use a credit card rather than a debit for on-line transactions.

With a debit card, the bad guys have direct, and nearly immediate access to YOUR money.

To each their own, but I consider my own experience to be a most satisfactory one that worked well.

Had I used a real credit card account, the withdrawal could have been potentially thousands of dollars instead of the $2.90 they managed to take out of the $2.92 balance that was in the account, and even that small amount will be refunded within two weeks because just the idea of a scammer fraudulently getting even a few cents out of me is unacceptable.

In your particular case, "IF" you only keep $5 in your debit card account, then great.

What was the huge bolded and underlined "IF" supposed to mean or insinuate?

What possible reason could I have to lie about that?

The two following images were snipped from my online Bank a couple of moments ago.





As you can see for yourself @Digerati, there's actually no "IF" about it. It's how I said.

Now for sure, some banks do provide some protection from fraudulent charges on debit cards. Most don't and even when they do, those protections generally are no where as close to that for credit cards. Why? Obviously because there are no laws or regulations requiring banks do that - and we all know how much banks enjoy providing free services for their customers.

So as a general rule, a credit card is always safer for e-commerce.

That link may be relevant for the US and other countries, but here in Australia, I get the same protection from my bank when using the credit card tied to my debit account as I do with an issued regular credit card. Given that it's almost impossible to get a credit card these days with a lower limit than about $500.00, then I still say my using a debit card is far safer and less of a risk than using a credit card for online purchasing.

With a Debit credit card, I am always in complete control of how much can come out of the account. Transferring money into and out of it when needed takes less than a minute using my banks iPhone App or online via computer.

Cheers, Andrew

 

[andrewlen]

Sorry to hear you've been tricked into this; I would definitely use this as an opportunity to reinforce the basics, not just for yourself but also your audience because it just shows how important continuously practicing the basics is.

Thanks, @axe0 - But in all honesty, I'm kind of glad it happened. After so many years of safe transacting many thousands of dollars online, maybe I needed this kick in the pants to remind myself of what I often keep telling everyone else to be wary of online. It's also reinforced for me that the protections I devised many years ago actually worked as intended.

Funny thing here is that I immediately recognized this as a scam by how the reply was written, rarely do I see the real person posting a reply like that with fonts that are a bit out of place compared to the rest, bolted text and a checkmark somewhere. The real person, in my experience, does not need to use fancy fonts, italic/bolt text and all that. How I see it, all this does is get your attention in hopes they get you a bit emotional, or you might already be a little emotional, so you take the bait. From what I've learned over the years, being slightly emotional is already sufficient to get you to take action on something you would not normally do. That can 'easily' be counteracted by taking at least 24h to think about it before actually doing it, though try waiting a day before making a decision, usually not easy to do.

Yep, I see all sorts of reasons not to fall for it now that it's happened. I considered the text formatting myself too, just after I'd already posted the story here. lol

Live and learn. With almost two decades of transacting online, though, I'd say getting a $2.90 lesson isn't a bad track record and you can bet I'll be more careful next time because of the experience! :)

Cheers, Andrew

 

[plodr]

It is drilled into us in the US to always use Credit card instead of Debit card. Things might be different in Oz.
Why?
Credit cards offer more robust fraud protection and offer a degree of separation from your checking account, which serves as an added safety measure.
Debit cards are connected directly to your checking account. Whenever you make a purchase — whether that purchase is processed as credit or as debit — funds are drawn immediately from that account and transferred to the merchant. In that way, it's like an electronic check.
One source: 4 reasons why you should use a credit card instead of a debit card

Years ago I got a credit card with a permanent low limit that I use for online purchases. Despite being careful, this card was hacked and used to purchase some X-box games. We don't have children nor obviously grandchildren and we don't own an X-box so there is no reason why either of us would buy anything for an X-box. The card was locked but not immediately cancelled until all the legitimate bills had been paid. We were issued a new card and the charges were dropped.

If I'd keep only a low amount in checking because of using a debit card tied to a checking account, I'd be paying a monthly fee of $10 - $15 depending on the bank that issued the card.

 

[britechguy]

With a Debit credit card, I am always in complete control of how much can come out of the account. Transferring money into and out of it when needed takes less than a minute using my banks iPhone App or online via computer.

The problem being that your presumption about how you manage your debit card applies broadly, and it doesn't.

From everything you've described, it sounds like you have a debit card that withdraws from a dedicated account that is completely separate from all of your usual funds, and you transfer into it only when you intend to have a transaction for a given amount.

That is, quite simply, not how most people who have debit cards have theirs setup. For most, a debit card works for them pretty much like checks did in the past. The card is connected directly to their "pool of funds" account and every transaction pulls from that account. If this is the case, the use of a debit card can and will allow fraudsters to wipe out the entire balance of an account in mere seconds if they're successful in a scam such as this one, and getting funds back is very difficult indeed.

Your setup is great, but it is in no way typical. That's why your setup worked, and why the typical setup would result in a far worse disaster.

 

[andrewlen]

It is drilled into us in the US to always use Credit card instead of Debit card. Things might be different in Oz.
Why?
Credit cards offer more robust fraud protection and offer a degree of separation from your checking account, which serves as an added safety measure.
Debit cards are connected directly to your checking account. Whenever you make a purchase — whether that purchase is processed as credit or as debit — funds are drawn immediately from that account and transferred to the merchant. In that way, it's like an electronic check.

From everything you've described, it sounds like you have a debit card that withdraws from a dedicated account that is completely separate from all of your usual funds, and you transfer into it only when you intend to have a transaction for a given amount.

Yes, I guess my own circumstances might be out of the ordinary in that case.

Because I have an equity facility with the bank, I get access to two free debit accounts that attract no bank fees. Tied to that debit account is what they call a Platinum Debit Card which works *exactly* the same way as a regular Mastercard credit card, with the big difference being that only cleared funds already in the Debit account will be honoured for any purchases made with the debit Mastercard. One cent over and the transaction gets automatically rejected for lack of funds.

There is no credit facility tied to the card itself and it's not linked to any of my other accounts. Of course, the flip side of the above is that it also pays peanuts in interest for money held in there, but as that's not what I use it for, it doesn't affect me.

 

[britechguy]

Yes, I guess my own circumstances might be out of the ordinary in that case.

I can assure you that they are. This is why I have often said, in different contexts, that one really needs to decide if one is actually an outlier rather than somewhere near the median in a given "circumstantial bell curve."

If someone were to do as you do, then what you did makes perfect sense. The possibility of loss is so close to zero as to not be worth worrying about.

But most don't do as you do. That matters. And the probability of someone going that route who isn't already on it is small indeed.

 

[Digerati]

Edit: Oops! Links deleted.

To each their own, but I consider my own experience to be a most satisfactory one that worked well.

But its anecdotal - and an exception. And exceptions don't make the rule. The fact of the matter is, using a credit card for ecommerce transactions, for the vast majority of consumers, is the safer method for making payments.

What was the huge bolded and underlined "IF" supposed to mean or insinuate?

What possible reason could I have to lie about that?

My apologies. I did not mean to suggest or imply that you were lying. I was (in my head) talking to the crowd at that point. And it was a BIG IF because the vast majority of users don't have a dedicated debit card account with only $5 in it.

 

[andrewlen]

But most don't do as you do. That matters. And the probability of someone going that route who isn't already on it is small indeed.

Fair point. Agreed.

My apologies. I did not mean to suggest or imply that you were lying. I was (in my head) talking to the crowd at that point. And it was a BIG IF because the vast majority of users don't have a dedicated debit card account with only $5 in it.

Ah OK, no probs then. Thanks for clarifying.

In my case though, there's rarely more than two or three bucks in there anyway lol The only reason it had as much as it did was probably that the last transaction was from out of the country and I wasn't sure what the International Transaction Fee would be so I would have transferred a few bucks extra in to make sure the purchase wasn't declined. The system works well for me :)

Best, Andrew

 

[britechguy]

I was (in my head) talking to the crowd at that point.

And for the record, that's precisely how I took it. You were, to me, pointing out the "exceptionality" of the situation as described. Essentially, you were emphasizing that if that is indeed what you, the generic you, are doing then there's no problem. Also, and correctly, making the implication that if that's not what you're doing it could be a huge problem.

This is not a criticism of @andrewlen, but it does amaze me how often people seem to suppose that every reply in a topic is strictly and directly aimed at either the original poster or something someone else said immediately prior. Anyone who's been reading me over time, and across multiple forums, knows that I will often make posts that are aimed "at the crowd" and with the express intent that future readers of a given topic won't be left with incomplete/incorrect/whatever impressions that I feel need to be clarified.

Forums are about "the readership" over time, not only the active participants in a given topic at a given moment in time. "The historical record" often needs to be made adequate, at the very least, to fully correct and clear.

 

[Digerati]

I will often make posts that are aimed "at the crowd" and with the express intent that future readers of a given topic won't be left with incomplete/incorrect/whatever impressions that I feel need to be clarified.

^^^This^^^

I agree that, sadly, many think forum topics are two-way conversations. Even more sad, IMO, is when someone other than the OP, who joins a thread later, feels that.

A forum, by definition, is a place where everyone can share and participate.

But to your last point, because I'm ancient and have worked in IT support... well... forever, I'm here mostly to teach and share, rather than to learn (though learning something new frequently happens and is something I relish - especially here at Sysnative). So I tend to speak to the crowd, or "classroom", if you will, with the understanding that future readers may not have the experience or expertise as this current thread's participants. This is actually a tricky challenge, BTW. You don't want to lose or insult folks by speaking over their heads. At the same time, you don't want to insult others by sounding arrogant or condescending by explaining something they feel is common knowledge.

As for the historical record, I agree. These are "technical" forums. Therefore, the data presented needs to be "technically" correct - at least for the vast majority of readers.

And of course, “Everyone is entitled to his own opinion, but not his own facts.”

 

[britechguy]

@Digerati

We are of precisely the same mind.

What I'm finding more and more difficult these days is that, it seems to me, both the expert answerers and the neophytes are both taking insult where none is intended than was characteristic in the past.

I simply presume that those who know as much, or more, than I do know that I'm not trying trying to address them when they are also participants in a given topic. I presume that the "expert answerers" are all aiming their replies at the questioner, and are attempting to fill in blanks that they feel need to be filled in at the moment they're posting. They don't post because they think I, or another participant, have been woefully inadequate but because they believe that there is something else that should be in the mix that has not, as yet, appeared.

On the neophyte end, I find that a very great many these days seem to expect that expert answerers should be able to divine just precisely what they do and do not know. I've had people pitch fits because I presumed they knew more than they did, or less than what they did. And in all of those cases, they seemed to have the belief that, without their having offered anything of substance about "where I'm at" that I am supposed to know that or to do an entire interviewing sequence before cutting to the chase. Sorry, but no.

My signature quote on ToyotaNation really applies everywhere, but was most necessary (and seems to stay necessary) there:

It is impossible to help individuals who will not listen to advice unless they like that advice. Being a good assistant is not about making the person assisted "feel good," but about both asking the right (and sometimes hard) questions as well as giving the information necessary to achieve the desired result. Getting help is a two-way street, and those asking for help have work they must do, too, when asked. They also need to be ready to let go of what they'd prefer to do, and instead do what's asked for.

 

[Digerati]

What I'm finding more and more difficult these days is that, it seems to me, both the expert answerers and the neophytes are both taking insult where none is intended

Seems to be society as a whole.