Nicola Mawson
I was scammed simply because I bought into the panic my daughter was going through and ignored warning signs. And it cost me, and that cash is gone.
My daughter, as is probably typical of teenagers, is big into gaming and uses a platform called Steam. I’ve lost track of which games she plays and are in her library, and those that are on her wish list, which she watches carefully for when items go on sale, so she can spend some of her earnings from working at a bookstore.
My kid is an A+ pupil, who is also street savvy and knows her way around PCs, as most Gen Zs generally do.
It was a rather sophisticated scam. Her Steam account was hacked, she went onto Discord (a voice, video, and text chat app) to chat to a service representative and was somehow connected with the scammer.
The first I knew about it was when she tried calling me while I was in a meeting as she was at dad and I was home. Then she sent me a message saying it was urgent. As soon as I could, I called back. By then she was in panic mode, which set me off because this is my child, my Baby Bear.
And she was in a panic because the fake service representative said she had only 12 hours in which to get her account back. A large red flag that I ignored.
What I should have done is either ask for screen shots or gone there to check it out myself. I didn’t. Instead, I just asked if it seemed legit.
The screen shots arrived later, after we realised it was a scam. The purported Steam representative wanted a voucher to be bought, via a link. There was no way that they would refund the money, which they claimed was to verify her identity. It was a ransom.
Steam warns about this sort of scam, so it’s obviously happened a few times.
“You should never pay a scammer even if they've gained full control of your account. You can recover your account from a scammer any time using Steam Support, and a scammer who is already defrauding you is not likely to actually return the account even if you pay. Instead, they would likely just demand additional payments.”
And that’s when my ex realised it was a scam, when the so-called Stream agent asked for more money and called me to see if it was possible to reverse the transaction. It wasn’t; the cash was gone. There’s no fault with my bank’s systems – the bad was on my side.
My bank asked me twice if I wanted to approve the transaction and I clicked on “confirm”.
In 2015, Valve, which develops Steam, said hackers, who had stolen passwords, hit 77 000 Steam accounts every month. Personal Finance was unable to get the latest figures.
Personal Finance put the scenario to veteran ICT commentator Adrian Schofield for his input on this type of scam.
Expressing sympathy, Schofield explains that these sort of attacks are becoming more common place, and hackers are using more advanced methods to get money out of people.
Schofield says that for anyone who transacts online, with people increasingly doing so, it is becoming harder to identify the scam messages.
“The scammers appear to know which accounts you use and are able to send messages and emails that certainly look legitimate.”
Schofield says some of them are obvious – they mention a bank you don't use or they send an email to an address that is not used for transactions. That is often the case with SMS messages from a real cellphone number, asking you to Fica your account at a bank with which you do not transact.
They are also sometimes badly written and have a rather odd URL associated with them:
“Dear Standard Bank Customers, Kindly update your account details on our FICA server at https://l-k.io/n866mz to prevent immediate deactivation of your account.”
As Schofield notes, some scams need closer inspection .
When it comes to how I was scammed and being drawn into the panic, Schofield says this is “unfortunate because a particular circumstance of time and place prevented a cooler analysis of the situation”.
He says his personal approach is that the world will not end if I “lose” an account. However, that account was very important to my kid, because she had invested in games hosted on it.
Schofield suggests deleting the message or email that's demanding action and wait to see what happens.
“If your password has been hacked, then it's probably best if the account is closed. If a service is terminated, then go back (directly) to the source and get it straightened out.”
At least my Baby Bear got her account back, this time through official channels, and didn’t lose any of her games – which was her biggest worry.
Personally, Schofield, who describes himself as Gen-1940, says he has “come close a couple of times to letting the criminals into my financial life, so I know how easy it is to be duped”.
He adds that AI will also make it easier for the scammers to imitate real life conversations and interactions.
“Some lessons are very hard to learn. The lesson for me is that nothing is so urgent that I must act immediately. Keep Calm and Look Closely!”
My Baby Bear got her account back, this time through official channels, and didn’t lose any of her games – which was her biggest worry.
PERSONAL FINANCE