The FBI described a devious Google authentication scam targeting online sellers. The FBI Oregon’s Tech Tuesday segment explained how the scheme works, which we’ve summarized below. (Hat tip to Pymnts.com.)
- You post your real phone number on an online platform when listing an item for sale.
- The scammer contacts you via text or email and says in order to make sure you are legit so he doesn’t get scammed, he will send you an authentication code from Google “to confirm that you are a real person and not a bot.”
- You receive the authentication code in the form of a voice call or a text message and provide the number to him.
- The scammer then uses that authentication code to set up a Google Voice account in your name using your real phone number as verification.
The FBI explains, “Once set up, he can use that Google Voice account to conduct any number of scams against other victims that won’t come back directly to him.” (Google Voice is a free service that lets you set up a phone number that can be used to make phone calls and send texts.)
The FBI said scammers can also use the authentication code people provide them to gain access to, and take over, victims’ Gmail accounts.
It seems likely scammers could use variations of this scheme, so think twice before you read out any numbers that come to you from what looks like an authorized source unless *you* initiated it personally.
The FBI provided additional tips for avoiding scam:
- Never share a Google verification code with others.
- Only deal with buyers, sellers, and Fluffy-finders in person. If money is to exchange hands, make sure you are using legitimate payment processors.
- Don’t give out your email address to buyers/sellers conducting business via phone.
- Don’t let someone rush you into a sale. If they are pressuring you to respond, they are likely trying to manipulate you into acting without thinking.
- If you believe you are the victim of an online scam, report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your local FBI office.
The full post is available on the FBI website.
4 thoughts on “Beware Google Authentication Scam Targeting Online Sellers”
What the deuce is “Fluffy-finders”? And why are they specifically called out along with buyers and sellers?
In the press release, it said scammers also target “sites where you post about lost pets,” so it was a reference to users of those types of sites. (Despicable to target sad pet owners)
I encountered this several times when listing to Facebook’s marketplace and once or twice on Craigslist. Could tell immediately it was a scam. But until now, I wasn’t exactly sure how they used this information; glad I read this! As soon as I replied that I knew it was a scam, they dropped me like a hot potato, all except one who tried to convince me she was legit. I haven’t gotten one of these in a long time, so I’m wondering if there are coordinated groups of scammers doing this in defined geographical areas. If it were random, you’d think I’d get one of these authentication requests every time I posted a listing.
Is it my old eyes, or is every ‘ghost’ scam slightly out of focus, like the old mimeograph copies?
Comments are closed.