New ‘get cash for testing Amazon items’ scam discovered in France
The trick came to light when fraudsters inadvertently targeted a fraud expert
The scam, which actually has nothing to do with Amazon, pretends to be offering the recipient ‘items to test’. Scammers then steal the victim’s details and moneypixinoo/Shutterstock
Gendarmes in France have warned against a new type of fraud, in which would-be victims receive letters pretending to be from global retail giant Amazon.
The letters or emails feature the Amazon logo and branding, and state some variation of: “We are offering every member a free item to test.”
The scam was uncovered after a fraud expert in Haute-Savoie - gendarmerie chief Nicolas Renaud - received one of the letters to his home in Annecy.
The letter read (in French): “We are offering each member a free item to test and a commission of a certain amount (the amount of the commission depends on the price of the item, up to €40)”. It had a QR code on it, and invited the recipient to use it to ‘access the test products’.
It is already unusual (and very unlikely) that Amazon would make such an offer out of the blue, but Mr Renaud said alarms also rang for him because of other signs of a scam.
He said: “What tipped me off was the quality of the paper, the printing, the closing words of the letter: 'all the best', and above all an email address that did not correspond to Amazon at all.
“It's the first time we've had to deal with this [scam],” he said.
#Escroquerie ⚠️ L'arnaque au travail de « testeur de produits Amazon ». Les escrocs proposent des tests de produits rémunérés... C'est une arnaque ! ❌Ne scannez pas le QR code 📲 Signaler les faux sites et profils sociaux : https://t.co/QUCe6JKXqa ✅ Sensibilisez vos proches pic.twitter.com/PHMgarNGQX
The gendarmerie have said that scammers are increasingly trying different ways to appear legitimate, including this ‘old method’ of sending real-life letters. In an age of email scams, sending a real piece of paper could trick some who may be more alert to online fraud.
Mr Renaud also said that scanning the QR code took him to a page that was asking for “a maximum of information”, including their full name, their email address, and - of course - their bank card details.”
Ad
This data can then be sold on the ‘dark web’ - an area of the internet that is much harder to trace, and does not appear on search engine results - or used to commit fraud now or later.
Delayed reaction
Sometimes, criminals can collect bank card details and use them later.
Not only does this mean that the scam may be harder to detect and trace - because money is not stolen immediately - it can also mean that scammers can try other tricks.
“[They] call their victims three or four weeks later and introduce themselves as their bank adviser, and say that they have detected atypical transactions on their victim's account, and mention the correct surnames, first names and bank details so as not to alert the victim,” said Mr Renaud.
This persuades the victim that they are really speaking to their bank. They then ‘validate’ all of their details, and the criminals then proceed to steal money.
Some may later move money between accounts, to launder money and move it out of the European Union entirely, the gendarmerie said.
It comes after figures from the Interior Ministry in France show that fraud investigations are becoming less successful, down 12% over the past five years (2017-22). It states that this is because of the “increasingly sophisticated modus operandi of criminals, which makes investigations more complicated”.
Mr Renaud said: “There has also been a change in the banking landscape, because now with just a few clicks, you can make almost instantaneous transfers abroad, whereas we, the gendarmes, need several days or even weeks to locate and try to block funds that may have gone abroad.”
This can also make it difficult for investigators to identify people who have fallen victim.
How can I avoid falling victim?
Firstly, be very aware of letters like this, and remember that such an offer is very unlikely, even if you are a regular user of a service. Any QR code or web address, especially to a page that asks you for personal details, is suspect.
These tips may also help:
Never reveal your personal details to anyone, especially if they contact you ‘out of the blue’ via email or phone, even if they say they are calling from your bank. If you do need to do banking online, log in using your own secret details, never reveal them to anyone, and go to the page or app yourself, not from a link.
Never reveal personal numbers, details, or authentication/confirmation codes - such as a text message code to authorise a transaction - with anyone, including your bank or the police.
Also, be aware that:
Your bank will never ask you to click on a link, nor to confirm your details over the phone, and they will never ask for the entirety of your personal details (for example, they may ask you for the answer to your security questions, but they will never ask for that as well as your account number, card number, PIN etc).
Your bank never needs your help to block a fraudulent transaction, and will never call to ask you to transfer money from one account to another. Nor will it ask you to carry out transactions or operations over the phone using any authentication details.
If you suspect you have been called by one of these scammers, even if you did not fall victim, you should still hang up, and call your bank to alert them, as the criminals may still have your details and could steal money that way later.
If you have fallen victim, hang up, and call your bank immediately. They may be able to stop the transfer or transaction, and get your money back.
You are also advised to file a complaint and report the attack on the official cybermalveillance.gouv.frsite.