Fake Amazon Prime calls a new twist on ‘Windows support’ scam

Knowing what red flags to look out for is key to not being taken in

The calls came about 30 minutes apart. An automated voice informing the listener that their Amazon Prime subscription was due. To cancel the transaction, all you had to do was press one.

The call didn’t come to my phone, but to my parents’. A couple of things raised immediate red flags. First, although my mother had an Amazon account, she had never signed up for Prime. Second, it came to the house landline, which is probably used by a grand total of three people these days. Third, Amazon may have her mobile number but it had never been given the house number.

So although momentarily confused by the call, she hung up.

It was a good thing she did. The best-case scenario was that she would have been transferred to an “operator”, while the charges for the now premium rate call were mounting. The worst scenario could see large amounts of money, relatively speaking, drained from bank accounts.

Unsuspecting victims

The scam has been doing the rounds of unsuspecting victims in Britain and has managed to net £1 million from its victims in a very short space of time. According to media reports, one man lost £65,000 after handing his bank details over to the fraudsters at the other end of the phone.

That “operator” could, going by previous reports, have persuaded my mother that there was a security flaw with her computer, opening the door to various fraudulent transactions. Of course they would be able to fix it, they would tell her, as long as she gave them remote access. One quick download later and her computer would be riddled with spyware that would capture her banking login details next time she did her online banking, and hand them over to scammers.

An alternative scenario, going by reports, is that she would have been offered a refund and, naturally, they would need her to disclose her bank details or card details to process it.

I was there when the second call came in and it is easy to see how people, momentarily wrongfooted by the news that their account has been charged for something they never agreed to, would be taken in by the scam. Your best bet is that you may be saved from disaster by your own bank: some require a second method of verification before they will transfer large amounts of cash to unknown accounts. But this is a case where prevention is definitely better.

If you are familiar with Amazon and how it works, the signs are there. You subscribe online and give your credit card details to the company through its website. Amazon don’t call your home – a number they’ve never been given – to renew or cancel a subscription; they will send you emails instead.

It’s a new twist on the fake “Windows support” calls that try to persuade you to pay money for security software upgrades that ultimately leave you with a depleted bank account or suspect charges on your credit card.

The solution is easy: education. If you know what to look for, you are less likely to be fooled.

A few years ago I overheard a conversation on the bus about paying for upgraded security software after a pop-up – undoubtedly a scam – had alerted the user to a large number of viruses on his hard drive. His credit card number was probably being sold on as he spoke.

I’d had the same pop-up on my own machine a few days before, and it was extremely convincing. It claimed to be Windows Defender, mimicking the software’s aesthetic almost to a tee. The only thing that gave it away as a fake was a slight misalignment of the text – something that would never have made it into the final version of the software on your computer.

Caller ID

Knowing what to be on the lookout for is key. In the case of the fake Amazon calls, there is another solution: a phone that displayed caller ID and could block nuisance calls.

Should companies do more to educate customers about potential security risks? Perhaps. But as soon as one scam is neutralised, another appears so consumers, and businesses, are always playing catch-up with the criminals.

While companies and banks can alert their users about the scams – and should do so proactively as soon as they are made aware of issues arising – they can’t control everything that happens outside their own platforms.

So a few rules to live by. Never hand out your bank details over the phone. Stay cynical. Verify independently with the company any information you are given over the phone. And if something seems too good to be true, it usually is.