Main Menu

Search

Try searching for

Identity theft

Social security protection

Credit monitoring

Reputation management

Blog > Internet Scams > Can You Confirm This Big Purchase?
 June 23, 2021

Can You Confirm This Big Purchase?

A frustrated woman sitting on a living room sofa looking at her smartphone.

Beware requests to confirm big purchases!

The first text—this one’s from Amazonasks you to confirm you bought an iPhone 12 for $1,130. “Just let us know if you did not make the purchase, and we’ll cancel it,” the text reads. A second message asks for confirmation of a $499 splurge on a dating service subscription. What? Scam confirmation requestswhether they arrive by text, phone call or emailhave surged as hackers tap the recent dump of phone numbers and email addresses leaked onto the internet.

Remember Facebook’s latest data leak in late April that exposed 32 million U.S. telephone numbers? LinkedIn experienced a similar attack that month after public client data was scraped from its website then bundled for sale by hackers. In LinkedIn’s case, thieves obtained data from over 500 million user accounts.

Telltale signs

Imagine receiving a text asking you to confirm a 75″ television purchase. Maybe that text arrives late at night or even wakes you up after midnight. Or you’re exhausted when an email pops up asking you to confirm a four-figure transaction. What emotions would you feel if you believed the charge had hit your credit or debit card?

Panic, fear, anger, and disbelief are all likely reactions to these confirmation scams. What are the odds that you’ll click to learn more? It’s easy to imagine someone falling for this scam. Just don’t be a victim.

Subscription expiration notices for services you never bought, shipment delivery difficulties and other variations are common too.

Keep calm and thank the feds

Would your reaction to a confirmation communication on a $2,350 purchase be any different if you knew the federal government had your back? The Federal Credit Billing Act (FCBA) protects consumers against unauthorized credit card charges. It should be reasonably simple to check that card and dispute any unapproved fees, but these confirmation requests are totally bogus. It’s the link in the message they want you to click. So keep calm and don’t.

If you’re antsy or alarmed, ask a friend to check the message. Never panic. If you let emotions guide your decision, it will probably be harmful.

Haste is another enemy that scammers try to trigger. Read the communications carefully. Twice. If your credit card was actually charged, you have weeks before the bill is due—plenty of time to clean up the mess.

A second federal law, the Electronic Funds Transfers Act (EFTA), governs debit cards, and the protections here are slightly different. With debit cards, funds instantly leave your account.

Financial institutions get up to two weeks to restore funds after an investigation. Not great news if your rent’s due tomorrow. That’s one reason why some data security experts prefer the more robust protection of credit cards. EFTA covers online usage, payment transfers like Zelle and ATM withdrawals.

If you know the worst that could happen and can fix it quickly, you’ll worry far less about scam texts and other deceitful transactions, giving you time to react and make a sound decision. You’ll sleep better, too.

Be aware of other warning signs

Hackers don’t have graphic design degrees, but they know how to imitate genuine websites, and the communications customers will recognize. Watch for these tricks:

  • Hackers will imitate the design and color scheme of Amazon, Walmart, Facebook and other genuine firm communications you might expect
  • Check for oddities in the communication, including a return email address that doesn’t look quite right. It may be customersupport@amazoontactics returns.com, and a hasty individual sees “consumer support” and the first letters of Amazon, then clicks.
  • For bogus texts, check the return phone number. Often it’s missing a digit or two, so you cannot call the sender. You can only click.
  • Don’t count on “External Sender” warnings from Outlook and other mail programs to protect you from spam; these can be easily disabled.

Shield yourself

IDShield monitors user emails, phone numbers and other vital data that con artists love to exploit. If we detect an email where it shouldn’t be, you’ll receive an alert, but tracing this sort of compromise back to the source can be difficult.

You can also check out haveibeenpwned.com, a website run by security researcher Troy Hunt in Australia. He knows a great deal about pwnage a.k.a. hacking. Hunt manages a massive database of compromised emails and passwords. The website recently added those 32 million compromised phone numbers in the wake of that recent Facebook leak. Even the FBI shares data with his site.

Of course, there’s the occasional legitimate message to confound your efforts in detection, like this one Twitter distributed in April 2021:

“Some of you may have recently received an email to “confirm your Twitter account” that you weren’t expecting. These were sent by mistake and we’re sorry it happened. If you received one of these emails, you don’t need to confirm your account, and you can disregard the message.” Twitter Support (@TwitterSupport).

It’s far better to suspect a legit communication than to trust a scammer’s message. In this Twitter case, the risk did not demand haste. So keep calm, sleep well and guard your data.

IDShield is a product of Pre-Paid Legal Services, Inc. d/b/a LegalShield (“LegalShield”). LegalShield provides access to identity theft protection and restoration services. For complete terms, coverage, and conditions, please see an identity theft plan. All Licensed Private Investigators are licensed in the state of Oklahoma. This is meant to provide general information and is not intended to provide legal advice, render an opinion, or provide any specific recommendations.

ESS

Related Post

Traveling woman in an airport wearing a backpack and looking at her cell phone to avoid a travel scam.

How to Spot and Avoid Travel Scams

Originally published March 3, 2021. Blog post updated for accuracy, comprehensiveness and freshness on June 27, 2024. As travel season peaks, fraudsters ramp up their efforts to deceive unsuspecting travelers. Being informed, proactive, and vigilant are ways to...

View from behind of a large wedding party outside in a garden by a fountain while a photo is being taken. Shows cybersecurity wedding success.

Cybersecurity Tips for Wedding Success

The big day is on the way! You’ve been planning your wedding with love and care, and finally all your hard work is about to pay off. Or perhaps you are a wedding guest, prepared to attend this exciting event. Whether you are a member of the bridal party or a...

Man looking at a woman's photo on his phone via a dating app

Avoid These Common Romance Scams

It’s a universal truth that most people want to find love. The problem is, online fraudsters use that desire against unsuspecting, vulnerable people on dating apps and dating sites. Not to burst Cupid’s bubble, but dating and romance scams are blooming like love in...