Got Scammed by "Western Digital Representative" after Requesting for AU Plug via Support Site

Lwhateva on 11/11/2020 - 23:08
Last edited 12/11/2020 - 00:06

DISCLAIMER: This post is meant to spread awareness of how elaborate scams can be now, and is not intended to implicate other ozbargainers or Western Digital (WD) in general

So the chronological order of the story of how I got scammed is as follows: -

  1. Bought a WD HDD during the Amazon prime day sale as per this link https://www.ozbargain.com.au/node/572428/

  2. After receiving the HDD last week, I followed the recommendation of other ozbargainers to request for an AU plug via their support site as per this link https://www.ozbargain.com.au/node/567041

  3. WD requested for my address, phone and S/N of the HDD. I provided the details to them via the support site. They responded yesterday (Tuesday) that they will be fulfilling my request and I will receive the AU plug within 12-15 days. Everything looking good so far! Little did I know…

  4. Today (Wednesday), I got a call from a "Western Digital Representative". This guy knew my name, had details that I was requesting for an AU plug and even identified himself as the name of guy from WD who has been emailing me.

  5. He told me that due to covid19, shipping for the AU plug part is expensive versus his alternative solution, which is to credit 25 AUD into a credit card to purchase the part myself. He mentioned that he will have to charge 1 USD to verify that the card works to process the refund.

  6. At this point, alarm bells should be ringing now but since he knew the details of the ticket I had raised to obtain the AU plug part, I did not suspect a thing and provided him with the details of my first credit card. It got rejected and he said he will check their system again and will come back to me after 15 mins

  7. On his second attempt, he requested for another credit card to try, and foolishly I provided him with the details of my second credit card. This time I got the SMS notification code to authorize the transaction and after like a couple of attempts it still "failed" according to him. He said he will try an alternative solution like sending a cheque and will get back to me in 48 hours.

  8. A couple of hours after this call, my bank called to inform me there have been a couple of suspicious transactions in Bangalore for my credit card, and asked if I had approved it. After checking the transaction that it amounted to a couple of thousand of AUD (instead of the 1 USD), I realized it was a scam and proceed to cancel all my affected cards and initiated a dispute claim with my credit card providers. The bank also told me there have been multiple attempts to purchase more things via my credit card but fortunately (or unfortunately) only one went through.

  9. I immediately called WD via their support line to check if I had inadvertently used a phishing site and provided details to a scam group. WD verified that they do indeed have such a ticket number and my account details in their system. I raised this incident with them and they mentioned they will investigate though I am not exactly hopeful I will get my money back at this point.

So yeah the moral of the story and TLDR version is, NEVER EVER provide credit card information to anyone via the phone even if it means you will be losing out on a purchase (which nearly happened to me when I was buying a Dell monitor and they stuffed up. I had to purchase it via the phone by providing my credit card details)

I am still baffled how the information got leaked out to this "Western Digital representative" because last I checked: -

  • I have not installed anything for the past couple of weeks on my computer. Scanned my machine today multiple times and with various online scanners like from ESET and Kaspersky with no viruses or malware
  • I have performed multiple transactions or purchases over the past couple of weeks (hey there were a lot of sales!) with no issues or credit card being compromised

The only few reasons I can think of is my machine is indeed compromised, or the WD side of things has been compromised, or it is an inside job. Maybe some ozbargainers here can enlighten me

It was a long post but I hope it serves as a lesson to many here about how elaborate scam calls can be nowadays and we need to be even more vigilant than ever!

Computing

Related Stores

Western Digital
Western Digital

Comments

  • tamckinnon on 11/11/2020 - 23:18
    +20

    Thanks for sharing your story - Since you've taken the effort to post about it, I'd recommend reporting it too

    https://www.cyber.gov.au/acsc/report

    • whateva on 11/11/2020 - 23:22
      +2

      Yeah I guess I will if it helps spread more awareness about scam calls. I do consider my self a careful online shopper but they are getting more sophisticated by the day!
      Edit: Made the report!

      • ragnar on 14/11/2020 - 07:25
        +1

        Thank you so much for sharing this story OP!
        I too, just got a call from this crew with the EXACT same story as you have mentioned.
        The guy knew all my details including address and said they have informed Amazon not to sell UK hard drives to AU residents.
        Alarm bells rang when he asked for credit card details so I gave him false details to see how he'd react. He got upset when he found out they were fake details.
        I called up WD to report it to them as there seems to be an inside leak or compromised email/helpdesk!!!!

        • whateva on 14/11/2020 - 11:32
          +2

          Hey ragnar,

          Thanks for sharing your story too. The details of your story seems to be very eerily similar to my case (except for the fact I had given him my real credit card details), especially the specific part where I did not mention in my original post about the "WD representative" saying they have informed Amazon not to sell UK hard drives to AU residents.

          As I do not really have much concrete evidence, I do not want to say it is a leak on WD side, but this is really getting more suspicious and no wonder Western Digital took my case so seriously on my first call to them reporting this. There may have been other people or cases reported to them too from the looks of it.

    • DemocracyManifest on 12/11/2020 - 00:30

      Didn’t know about this - thanks! Have a relative been scammed in a elaborate romance hoax currently…

  • sunnypack on 11/11/2020 - 23:18
    +10

    Well snap, that's a pretty bad leak. Anyone could have fallen for this as well. Good luck with everything in the future mate.

    • ragnar on 14/11/2020 - 08:07

      I got the call not long ago and it was VERY convincing.
      Either an inside leak or their email/helpdesk system has been compromised I'd say…..

  • Slippery Fish on 11/11/2020 - 23:29
    +1

    O.o wow… I would never give my bank details over the phone but bloody ouch

  • [Deactivated] on 11/11/2020 - 23:39
    +30

    Sounds like someone from WD's CS is working something on the side.

    • mskeggs on 12/11/2020 - 07:15
      +3

      Maybe. Or the email account is compromised and that recent message was seen as a likely avenue.

      • Neilzy on 12/11/2020 - 08:53

        Yeah Im thinking the same. The scammer probably access to the OPs email

      • ragnar on 14/11/2020 - 10:12

        Unlikely as OP uses Yahoo and I use Outlook.com.
        For both of us to have our emails hacked and potentially scammed based on this WD type of ticket alone is quite unlikely.
        Seems to be some leak within WD or compromised WD email/helpdesk system.

        • mskeggs on 14/11/2020 - 10:43

          Agreed. Sounds like WD has got a problem.

  • mbck on 12/11/2020 - 00:00
    +2

    Someone in customer service is leaking probably…

    Our your computer has malware.

    In any case that's stuffed up.

  • avoidfullprice on 12/11/2020 - 00:16
    +6

    Fark!. Thanks for sharing man.

    4). Today (Wednesday), I got a call from a "Western Digital Representative". This guy knew my name, had details that I was requesting for an AU plug and even identified himself as the name of guy from WD who has been emailing me.

    Change your email password if you haven't already.

    Also consider if you have been using public wifi while accessing email.

    • whateva on 12/11/2020 - 00:37
      +1

      Good point about changing password for my email. I have never used public WIFI for accessing email thus far. It is either my mobile data plan or the home WIFI network

      • mskeggs on 12/11/2020 - 07:18

        I have heard of businesses being compromised in a similar way. The scammer gained access to their email account and used that to target the scam by choosing a likely email.

        Do you use an email service that does not notify you if you log on from a different machine (like Outlook or Yahoo?). Maybe consider two factor authentication.

        • whateva on 12/11/2020 - 09:19
          +1

          I use Yahoo and have 2 factor authentication enabled. Nothing of that sort popped up that my email has been logged on in another location. Hence one of the reasons why I kinda let my guard down on this one…

          • Forfiet on 12/11/2020 - 09:48

            @whateva: Well Yahoo mail did have an issue a few years ago…….

        • ragnar on 14/11/2020 - 07:52

          I use Outlook.com with 2FA and this happened to me as well.
          They claimed to be from WD and tried to ask for my credit card details just like how OP described but I gave them fake details.
          It's unlikely that both OP and I have had our emails hacked (Yahoo and Outlook) AND only this scam has been pulled off so far?
          I reckon it's some inside job or compromised email/helpdesk.

  • Clear on 12/11/2020 - 00:24
    +2

    Years ago I came across similar quite frequently with Telstra NBN installs on the day the service was hooked up. Someone overseas claiming to be Telstra and wanting to charge a connection fee. They knew the name, business, address and even the case number. One time they happened to call when Telstra were onsite …

  • garetz on 12/11/2020 - 00:33
    +1

    The only way wd support will communicate with you is through email, specifically - [email protected]

    they will never call you.

  • AustriaBargain on 12/11/2020 - 01:09
    +5

    I was in the middle of scanning my birth certificate for the WD representative to process my $20 adapter order and I remember thinking "am I giving him enough information already?" So I scanned my passport and medicare card for him as well.

    • whateva on 12/11/2020 - 09:35
      +3

      In retrospect, the situation I have faced is indeed as per your analogy, which I deem a harsh but fair point. However, all it takes is sometimes just a lapse in judgement and you get hit by scams/cons. I am the kind of person that hardly puts any personal details in social media and just uses it if necessary to keep up to date with the happenings in the world.

      Also, unless one plans to isolate oneself by not buying anything online (then it begs the question why are you in Ozbargain anyway?) or doing online transactions, you will have to divulge some form of information. Nevertheless, this has been a good lesson for me on being more alert with ANY dealings that involve your monies or identity.

      • ragnar on 14/11/2020 - 07:59

        I must say that the WD scammer was extremely convincing considering that he had so much information.
        He called my mobile and recited the incident number, incident details and my address. He even tried to give me his employee number! LOL
        The scammer could have possibly had access to my emails but I have 2FA setup on Outlook.com and I believe OP uses Yahoo so what's the chances of this scam ONLY being pulled off. This leads me to believe it's a WD inside job or compromised email/helpdesk.
        Alarm bells rang for me when credit card details were required so I gave him false details to which he got quite upset.

  • 87percent on 12/11/2020 - 06:44
    +2

    My general rule is, if a company calls me directly and they want me to verify any information, I will always tell them I’ll call them back via their advertised 13 number.

    • CyberMurning on 12/11/2020 - 07:38

      Is that works for banks as well? Like during my recent charge back Citibank calls me couple times to verify… They didn't ask for cc number but my DOB I think in the beginning

      • 87percent on 13/11/2020 - 07:38

        Especially banks

        If any company calls me and wants me to verify any information, I’ll ask them what section they’re from, and call them back on their 13/18 number

        • CyberMurning on 13/11/2020 - 08:48

          wow i should do that… what if they said they (their team) cant take call only can make call ?

          • 87percent on 15/11/2020 - 10:32

            @CyberMurning: Well then ask them to add sufficient notes Ron your account, when you get transferred back to their area, the next person from that team can continue on whatever they need from you

    • MS Paint on 12/11/2020 - 07:40

      How often does that happen?

  • Caped Baldy on 12/11/2020 - 08:26

    Pretty unlucky, I think my alarm bells would have been going nuts.

    WD should just ship the other plugs like Seagate. Would probably only cost a couple bucks at most.

  • trinkasharma on 12/11/2020 - 08:30

    Did you get a notice from gmail etc that you have signed on a new and unknown location?

    • whateva on 12/11/2020 - 09:38

      Yeah I do have alerts setup that if my email has been signed in another location and 2 factor authentication enabled. No warnings of that sort came up in my email

    • ragnar on 14/11/2020 - 07:43

      I have 2FA setup and I wasn't notified of any attempts to login.
      Based on the story by OP and that it happened to me as well, I believe it's an insider job at WD or compromised email/helpdesk.

  • pharkurnell on 12/11/2020 - 09:51

    Im still quite happy to do my banking at a bricks and mortar branch.

    As time goes on and people rely on banking on phones, trendy little watches and shit - this will happen more

  • iDroid on 12/11/2020 - 10:01
    +2
    • A WD employee leaked your info or is responsible; or
    • Your email account is in some way compromised; or
    • WD ticketing/email system(s) are compromised; or
    • You have a remote access exploit on your device that someone is taking advantage of.
  • roguescholar on 12/11/2020 - 10:05

    I have notifications on every credit card transaction and every bank transaction.
    Everyone should set these up on their phone.

    • CyberMurning on 13/11/2020 - 08:50

      agree. each time taking out $ from ATM i got sms to confirm. each time salary paid i got sms too
      but yeah i setup like $50 but should setup $0.01 to be safe

  • lint on 12/11/2020 - 10:35

    When you get a one-time code by SMS or app to verify a transaction, doesn't it tell you the amount being charged?

    Are you saying those "test" transactions were $1 as the scammer said but then they used the card to make other purchases which didn't require a code?

    • CyberMurning on 13/11/2020 - 08:51

      probably scammer told him it will be $1 to get the cc details but didnt actually do the $1 test but keep the card details and then later on spend $1000 on purchasing something

  • CyberMurning on 13/11/2020 - 08:51

    if this is real, its so scary….

    • ragnar on 14/11/2020 - 08:04

      It's definitely real, I got the call not long ago…….
      I was lucky enough to give them false details but this scammer knew A LOT.
      Either an insider job or their email/helpdesk system is compromised…..

      • CyberMurning on 14/11/2020 - 08:53

        you as well????
        oh yeah just saw your posts above
        so this is definitely something wrong with WD then….

  • someone else on 14/11/2020 - 09:10
    +1

    That's terrible. I've refused to pass my credit card details on the phone to authentic representatives who said "I will type direct on the system and not keep the number" in two different situations. One of them was to place an order on the phone, and the other to receive a refund of a double charged bill. On the other hand, I had to send an unprotected email with my credit card number to pay an international subscription. I was not happy, but they wouldn't offer any option. This was in 2019. In 2020, fortunately they implemented a (secure) online payment system.

    What happened to you is a different level of scam and I can definitely understand why you gave your details. Western Digital has some investigation to do, and you should report to Scam Watch too.

Login or Join to leave a comment
Login Join