Search

Search by Category

All Posts

The Costco Scam: What It Looks Like and How to Respond (Even If You’ve Fallen Victim)

Table of Contents:

  1. What is the Costco Refund Scam
  2. How to Recover from Phishing or Ransomware
  3. Other Scams Using Costco
  4. How to Avoid SMS/Text Scams

Costco is one of the nation’s most beloved chains. The wholesale retailer has made a name for itself with customer service and high quality, including house brands that are known for being just as good or better than name brands.

That builds loyalty, and Costco customers are often signed up for text message or email update programs to let them know about deals — but new scams are now preying on this tendency …

Costco is only one of many companies that’s been used as a stalking horse for scammers. Everyone from Wells Fargo to State Farm to Walmart has had frauds created in their name.

But Costco is one that comes up frequently because of the size of its customer base. It seems like there’s a new scam that comes out every year or so, and some of them have circulated fairly widely.

Now scammers are using a fake refund sent by text message to reach vulnerable customers. The latest Costco scam is a cynical exploitation of people who are expecting to get communications from one of their favorite trusted stores.

The Costco Refund Scam

The message looks like this:

A screenshot of the Costco refund scam's sms text that is sent.

The colloquialism “get a hold” is the first thing that jumps out here, but one of the first things that should also leap out is the URL. It’s not a Costco url as you’d expect, nor even a URL shortener like Bitly.

Typos in scam emails may be intentional or unintentional, but they often have the effect of weeding out people who might be more savvy to the next steps of the scam. It’s a self-selecting trait that helps scammers find people who are more likely to fall for their tricks.

Costco Deals was one of the first groups to warn about this newest scam. Best known for monitoring prices, they’ve also been a bit of a watchdog for scams related to Costco.

This isn’t new. Plenty of scammer groups have done similar scams in the past (we’ll go over a few of these in a bit). But this latest one is unique because it refers to an overcharge being returned to the customer.

If you click on the link, it may lead to a phishing site designed to steal information. It may install ransomware or spyware on your phone. Depending on which group is doing it and how it works, it may work different ways, but the one thing that’s clear is to not click on links you don’t completely trust.

But what if you’ve clicked on the link already? Are you sunk? Does it mean you have to nuke your device and start over, or change all your accounts?

All hope is not lost if you’ve already been sucked in, but you do need to take action fast. Here’s what you can do.

Recovering From Phishing or Ransomware

What is Ransomware and How to Avoid It

Ransomware, spyware and phishing are designed to take advantage of your trust and steal personal information.

If you’ve lost personal information to a scammer, you should change any passwords immediately. Any security questions whose information you might have given up should be changed, too. If you entered financial details you should cancel those cards too.

You should consider installing an antivirus app on your smartphone, too. Tom’s Guide has a good list of possible antivirus apps that you can rely on to keep your phone safe and scan for malware if you may have installed some.

Note: this only applies if you have an Android device. That’s because to do its job, an antivirus app has to reach deep into your operating system files. iPhone apps run in a sort of “sandbox” that doesn’t allow them to reach the same level of the operating system.

This has upsides and downsides but it’s a much more restrictive set of rules. Viruses and other malware are less likely to gain a foothold, but they’re harder to root out once they’re in.

That means iPhones may have security vulnerabilities, but unless you jailbreak your iOS device (not recommended), third-party manufacturers can’t really address them. Any “antivirus” software you can get for an iOS device doesn’t really do that much.

Other Costco Scams

This isn’t the first Costco scam to make the rounds. They seem to crop up every couple of years.

If a company wants to give you money back, they’re not going to send you a text. They’re going to contact you via email or regular snail mail.

As the Federal Trade Commision notes, legitimate companies don’t usually reach out to you via text to tell you you’ve received money, especially if you haven’t signed up for SMS messaging. You should be skeptical of any text messages you receive that you haven’t specifically asked for.

This latest scam targeted text messaging, but earlier scams have used different methods. One that made the rounds in 2019 was a $75 coupon that asked people to enter their personal information. Costco had to debunk it on their own page to make sure that people weren’t getting phished.

Costco has two qualities that should make you skeptical of any message that goes around: first, it has its own page on its website that it uses for deals. Second, all coupons for Costco have to come from Costco itself. They don’t ever come from third parties.

Some of these scams are surprisingly convincing. In the case of the $75 coupon, Costco’s CFO received a text from his own sister asking if it was legitimate.

“They come and they go periodically,” he said in response. Costco and other large corporations are used to this sort of thing happening. Even fairly smart people get suckered in by this sort of thing sometimes, especially when it comes in a convincing-looking package. Especially if it’s shared by friends who they trust.

That’s why this particular Facebook scam was so devious. People tend to trust things that are shared with their friends more than they do something that’s passed on by a random account, and Facebook is a prime spot for this sort of exploitation.

The same scam made its way through Facebook on 2018 as well, and there have been other scams that have followed a similar format. One offered a $500 Costco Travel or Shop Card credit and was primarily spread via phone calls.

Others offer free money for filling out a survey through SMS messaging. You name it, scammers will try it. Be safe by referring to the Costco deals page itself instead of clicking on random links.

This is a good rule of thumb for phishing in general. Be wary of links. If you get something in your inbox, you’re usually best served calling or checking the website to confirm. Even the URL may not be enough to tell in some cases if the scammer has effectively spoofed it.

Avoiding Texts from Unknown Senders

Email inboxes have protections built in. But text messages usually don’t.

If you want to avoid getting messages from unknown numbers, you can turn that capability off. Go to Settings, then Messages, then “Filter Unknown Senders” on your iPhone. These messages will get sorted into a different tab.

If you want to do this on an Android phone, open your Phone app (the one you use to make calls), hit the three vertical dots at the right middle of the screen and choose Settings from the drop-down menu. Then open Blocked Numbers. Choose “Unknown”.

On an iPhone there’s a “Report Junk” link under the message you can use to report it. On Android, you can hold on the conversation from the Messages screen, then choose “Block” and then “Report spam”.

These tips will help you keep spam and malicious messages away from your phone. They’ll also help the companies responsible for your electronic devices to track common scams.

Be aware, though, that if you do this you’ll never get any messages from unknown numbers, including those from people that you may know but don’t have in your address book. You may lose messages from your friends. Make sure people know that you have unknown numbers blocked.

You can protect yourself from malicious messages and scammers with a little common sense and a little prevention. Scammers are clever, but you can stay ahead of them. Stay vigilant for messages that look strange. Don’t open links you don’t trust. Be wary of links you do trust. And remember that age-old truism about scams: if it sounds too good to be true, it probably is.

You can also check consumer advocacy groups and watchdogs like Snopes to keep an eye on frauds and scams that are circulating. If it’s a new fraud they may not have it, but the most common ones will usually be well represented.

Safeguarding your personal information isn’t a “set it and forget it” thing. It takes constant monitoring and caution. But you can do it. And we’re here to help. If you have questions about a suspicious email or text message like this Costco scam, contact HelpCloud Technicians today. 

We’ll help you find out whether it’s valid or not and give you the protection you need.

Erik Fullmer

Director of Marketing

Erik was raised in many places in a military family but has long since called Utah home. He spends free time in his garden, in the mountains with his dog, and skis…a lot. He is actively earning the necessary certifications and training to become a certified winter mountain guide.

Erik graduated from Utah Valley University in 2011 with a bachelor’s degree in Behavioral Science and a minor in Spanish. Additionally, being raised by a German mother, he spent a part of his childhood and also the beginning of his professional career in Germany where he worked as a Digital Strategist for adesta, a locally owned business in Darmstadt. Speaking three languages has opened up the world to him and influences the breadth of topics covered in his articles. He has always held an affinity for the world wide web and its workings, development, history and future.

Being a key player in the development of, and Director of Marketing for HelpCloud, he takes the content displayed and utilized on HelpCloud extremely seriously.

Photo of Erik Fullmer