This post was sent to me by Yehudah Greenberg, who is sharing his interesting story with our readers in order for people to be aware of this weird but insane scam he bumped into. Thanks Yehudah, for sharing this incredible story. There are definitely a lot of lessons to be learned.
I got scammed into becoming a scammer!
It looked suspicious, but the risk seemed worth it. Little did I know that I would be an accomplice to steal from somebody else…
An online course I’d had my eyes on cost $180. Upon reading some reviews, I discovered that on a certain site, the course was available for a mere $35. So I checked it out.
The site offered a range of online courses, all for much lower than the real asking price.
If legitimacy would be rated on a scale of 1-10, I would rate this site as a “6”. It seemed to have good, real reviews and it had a “contact us” page. However, it did not explain HOW or WHY the courses were so cheap. I assumed that IF it was legitimate, the owner of the site was some sort of affiliate who had negotiated steeply reduced prices.
I decided to buy the course from the site. I figured that if the offer is a scam and the course isn’t delivered, I’ll have to challenge the credit card charge, and perhaps change my credit card number.
I paid for the course, and promptly received an email containing and email address and password to log in. This was unexpected – Why couldn’t I log in with my own email address? The explanation I came up with is that this affiliate generates his/her own email address and password combo.
Logging into the course was simple. All the material was there. And the subscription was good for an entire year, exactly as the $180 charge would have bought. Apparently, I had gotten my money’s worth.
What I found interesting was that upon logging in the first time, I received the following warning from chrome:
Still not taking the hint, I decided that this “breach” didn’t bother me – I wasn’t storing any vital information on the site. And, I couldn’t change the password if I wanted to, as the email address of the account was not my own, it was “randomly generated”…
The final red flag for me was when I saw that the course had a progress bar, and it looked like it had already been started…
A visit to the “profile” account settled the mystery for me. There was a credit card on file… But not my own! Stranger still, the page claimed that the account was started about 2.5 years ago. But if that’s the case, being that it’s an annual subscription, why did I have access to a full year starting today?
At that point, I realized what must have taken place.
Apparently, the email and password were not “randomly generated”, they were stolen! The account had been created over two years back, and had expired. Now, the crook had used the owner of the email address’s credit card, which was already on file, to register for another year’s membership of the course!
That was the theory. If correct, that meant that I was party to stealing from somebody else’s credit card… Was this the case?
I immediately sent an email to the address which I had used to access the course. Turns out, my theory was right. Here is the email thread:
And, there you have it.
I haven’t learned to stop taking risks. I will still take small gambles on things which seem too good to be true.
BUT, I have learned to be very cautious about subscription sites which store my credit card information! If a password is compromised, that would put my credit card at risk.