WatchGuard Blog

The Oculus (Meta) Quest Scam

Oculus (also now known as Meta) Quest is a virtual reality headset and game craze created by Facebook, and it is the ultimate tech must-have for the holidays in 2021. My 11-year-old son is obsessed with it and during the past few months it has been impossible to get due to a recall and the wait for the new Quest 2 to be released. This recall and the huge demand for the new Quest 2 makes it an easy way for scammers to hook unsuspecting victims, especially with all the Black Friday/ Cyber Monday sales online. My son found an Oculus outlet website that claimed it still had some of the Oculus Quest 64GB available at a 72-hour flash sale discount. His best friend has the Oculus Quest and he had just enough money to purchase it at a steal of $85.99. I must admit I was preoccupied when he came to me with his cash in one hand, the iPad in the other hand. My son had the checkout cart of the Oculus outlet website on his iPad ready to buy. I looked at the screen and saw PayPal and figured if I could use my PayPal account to purchase then it must be legit and didn’t do any further research. I logged into my PayPal account on his iPad and hit Buy Now. I immediately got a confirmation email from “LOCALHOST” and knew it was a scam.  

Oculus-product.JPG
LOCALHOST-email.jpg

 

I then logged onto my work computer and tried to go to the website my son used https://www.oculus-gears.shop/ and also the website listed on my confirmation email https://www.oculusvr-outlet.store and both sites were blocked by my WatchGuard-issued laptop. WatchGuard software recognized and blocked the site, our personal iPad did not. Lesson learned… always check the website on my WatchGuard-issued laptop before ordering anything: the WatchGuard Endpoint Security software I have installed blocked the sites. I also went to the homepage on the iPad and immediately noticed typos that my 11-year-old son didn’t notice. Lastly, I looked up the price of a Quest on the real website and it is starting at $299.00 – the third red flag. No way you are going to get that much of a discount, even if it is an older version.

But what was perplexing was why was PayPal available to use for payment? Wouldn’t PayPal flag them and shut down the transaction if this was a scam?  Well, here was the real lesson learned. I emailed PayPal and gave them the purchase information and reported this as a scam. They then contacted the “seller” attached to the PayPal account and forwarded me a USPS tracking number and said that it was delivered and closed the case… huh? But wait! I didn’t receive anything, and I know this is a scam!

Next up on my quest to get my son’s hard-earned allowance money back – contact the United States Postal Service. I now had to prove that the tracking number that PayPal had was not mine. The USPS tracking number only had my town, not an address. I took the tracking number provided by PayPal and reported it to the USPS and within 24 hours got confirmation from my local post office that the tracking number provided by PayPal was not associated with my address. Bingo! The scammers somehow got ahold of a real tracking number associated with my hometown, but it was a stolen number and did not belong to me. Another lesson learned! These scammers not only created a fake website but also had a way to obtain real USPS tracking numbers. One way or another I was going to win, not the scammer!

USPS-Scam.JPG

 

I then sent the USPS email to PayPal and again requested my money back. The PayPal case had been closed and additional emails got me nowhere. I had to call PayPal and talk to a customer service agent to get the case re-opened and get the money refunded. In the end, PayPal did refund me the money and my son is working to save up his allowance money to purchase an Oculus for $299.00. Luckily for him I walked into Costco the other day and grabbed a Quest 2 for under the Christmas tree. If you are looking at Black Friday/ Cyber Monday deals and hoping to get the new Quest 2, make sure to watch out and make sure it is a legit website.

Today both Oculus Quest scam websites listed above seem to be unavailable, so I am guessing that they were caught and shut down. In the end it all worked out; we got our money, and the websites seem to be gone for the moment. It was also great learning experience for myself and my tech-savvy son. Do your research and look for clues that it is not a legit website.

A few things I learned from this experience and to watch out for on this Black Friday:

  1. Ensure that all personal devices are running an endpoint protection agent like WatchGuard EPP to protect you from unsafe scam websites.
  2. Never assume that just because they accept PayPal it is legit. Using a service like PayPal did ensure that I could get a refund. I don’t want to think about what would have happened if I had given them my personal credit card number.
  3. Beware of USPS tracking code scams. Just because you have a real tracking number from a trusted agency doesn’t mean that it is legit.
  4. These scammers are getting smarter by the day and will constantly find ways to manipulate and cheat the systems. You must always be on your toes and on the look-out for scams! If it seems too good to be true, then it is a fake!