My mom just called me in a panic because she suddenly has hundreds of emails in her inbox signing her up for various websites. These are for businesses all over the world, and the usernames used to sign up are inconsistent (Wayne Anaed, Michael Vek, etc). Buried among these emails is a receipt for a new Samsung laptop. I am not sure if that’s real, but I’m inclined to believe it is because the billing address and last four digits of her credit card are correct. We are trying to confirm if that’s a real order directly with the vendor.
I am just hoping someone can help me understand what this scam is so I know what we need to do to protect her. Is all this just designed to bury the confirmation email for the laptop amid a sea of spam so that hopefully she wouldn’t notice the credit card theft? Should we simply delete all these account registration emails? Mark them as spam? Block the sender? She has gmail if that matters. Thanks in advance for the help!
I am no expert but I would change her gmail passwords(make sure they are good).
No clue as to the “how it happened” but change her PW; make it so you need a secondary way to authenticate it and call the credit card company to see if there was a charge for that PC and get the purchase cancelled if necessary.
There is no indication that her email has been has been compromised. It is still recommended the password be changed to be safe. Then check her credit card transactions to see if there is something she doesn’t recognize.
one thing that came to mind was a session highjack for something they were logged into being used as a starting point.
Her email isn’t hacked, the scammers have her credit card and are buying a laptop with it. The large number of sign up emails is to try and hide the laptop purchase confirmation email.
They are hoping you will just delete them all, or just miss the laptop confirmation email in amongst the noise.
Ignore the junk email, and figure out what is going on with the credit card and Samsung immediately.
The flood of emails were sent in hopes you did not find the receipt for the purchase, reach out to the vendor and get it cancelled, she should also change ALL of her passwords, start using 2FA, and get new cards.
The first step is to call the credit card company that’s supposedly been used, and use the phone number on the back of it, no other number. If a fraudulent transaction is noticed by the customer service rep, they can reverse the transaction. Worry about the emails later.
The scammers are spamming her inbox with junk in order to hide the legitimate email (the laptop receipt that you found).
She needs to contact her bank’s fraud department and report this. Cancel the compromised card and get a new one. Also go through all the spam to find any other legitimate emails (i.e. anything with her payment details), and act on them accordingly (i.e. cancel order, refund, etc.).
Looks like her card details were compromised and the spammers are trying to get away with making a few big ticket purchases without her noticing til it’s too late. It’s unlikely that her email account is also compromised, otherwise they wouldn’t be so worried about burying the purchases they’re making under a mountain of irrelevant spam.
Your assumption was correct; it was indeed an email barrage. This has become a common tactic among identity thieves; they buy something on your credit card, using all of the correct information for their victim so as not to trigger any alarms. Of course, this includes the victim’s actual email address, so they use email-blasting apps to sign the victim up to many different mailing lists, with the intention of tricking the victim into deleting the one clue that they’re an identity theft victim, with the intention of hanging around her house to swipe it off her porch before she finds it. Absolutely call Samsung to report the fraudulent purchase (hopefully they haven’t shipped it yet, if so keep a very close eye on her incoming parcels to try and find it), and her card issuer for the same reason so she can be issued a new card with a new number.