The unexpected email alarmed my older relative in California. Apparently from PayPal, it confirmed her purchase of $800 ($798) in bitcoin. She wouldn’t have had the faintest interest in buying bitcoin.
She rang the PayPal number on the invoice, and spoke to a nice man who told her that she was the victim of a scam. But PayPal could aid her in recovering her money.
You need to go to an Apple Store and buy a gift card, and call me back; don’t delay, the reassuring man said. She went out and made the purchase, even though it seemed odd. When she phoned back, he obtained the number on the card. The actual physical card is safe with you, so you don’t need to worry about fraud, he said.
Thus she became another victim of a widespread online phishing scam using gift cards. No one had used her PayPal account, of course. Apple Support confirmed to me that the gift card had been redeemed swiftly at an Apple Store in Philadelphia. Only gift card numbers are needed, not the actual cards.
The email she received was convincing. The file name for an “invoice” utilised her own initials. For someone in their 80s, who uses the internet daily and sometimes shops online, the problem and the solution seemed plausible. I tried to sort out what I could on a timely US visit, but nothing proved easy.
Though my relative thought she had spoken to the “real” PayPal after the incident, I knew this could not be, because of my own exasperation in tracking down a PayPal number to call. For…
