Online Safety: A Cautionary Tale

Scammers are everywhere on the Internet. It’s a fact of life. No matter what you’re doing online, there’s somebody out there right now trying to figure out how to separate you from your money.

shakedown-1340048_1280These “people” (term used loosely) target all comers, but they have a special affinity for the elderly. Older Internet users are easier targets for them; they tend to be less than computer savvy, and they come from a time long since passed where manners and politeness were the rule rather than the exception. Scam artists take quick advantage of the kindness, patience, and manners of the older generations.

If you’re reading this, odds are you’ve seen and deleted countless scam emails.  When you get them, you probably roll your eyes while hitting delete, thinking “Oh come on…that’s so obviously a scam. Nobody with half a brain would fall for that!”  Well, you’d be surprised. Scammers have bilked folks out of their life savings…and not just one or two…lots of folks have fallen for this.  Scammers are skilled at the con. They know what to say, what to listen for, and how to exploit every opening. They know they’re not getting your money, and that’s OK, because while you might think “Jeez, these guys are crazy if they think they’re fooling anyone!”, an elderly grandma who just got her first email account might be thinking “I can’t believe my luck!”  Many older people are lonely and on a fixed income.  An unexpected good-news email and a chance at set-for-life money is something the inexperienced senior citizen just might bite on. They’re also good and exploiting the fact that so many senior citizens feel like they’re losing control of their lives and their money. The resent their adult kids for not trusting them with money.

But that’s not the tale I’m here to tell you today.  Today we’re looking at a much newer scam, one that is new enough to still catch people off guard.  Have you ever been sitting at your computer, minding your own business, and had a pop up message in the lower right corner alerting you that your computer is infected?  I’m not talking about a message from your anti-virus software, this is a message you won’t recognize. You might be scared; “How did I get a virus?” you might wonder. “What do I do now?” you’ll ask yourself. Well, today you’re in luck, because that very same message also includes a link to support that can help you “clean” that dangerous virus.  Instead of walking you through how the scam plays out, I’m going to let you read an actual conversation I had with someone recently. I’ve helped both this person and her stepfather (aka the elderly victim) with their computer needs in the past.

I’ve removed the names of the victim and company given. I removed the name of the company for two reasons; first, since I was brought in after the fact I can’t prove this was a scam, and I have no interest in being sued. Second, the name is mostly irrelevant because it’s changed frequently over time. They also change the name of the major corporation they claim to be affiliated with. Sometimes they’re with Microsoft, other times with Dell, etc.  

The Cautionary Tale
This story is true (red flags added for reference)
Received 03:51 Hey Jason. I have an IT question. Is it normal protocol to have an IT person make you type a billing address from your email so they can send the confirmation of work being done from your own email?
Received 03:52 [Victim] had some viruses on his PC and we paid for support through a company that is sponsored by Microsoft. They have been working on the computer modem and now want to send the confirmation email but send it from our email. And want us to type the email address. They refuse to type it themselves
Sent 04:13 Sounds pretty odd. Is this a local company?
Sent 04:15 I can’t see why they would have a requirement t like that.
Received 04:30 They are called [company]. I was just told I needed to send an email to the billing dept authorizing the payment and work doneredflag
Sent 04:31 How much are they charging him?
Received 04:32 A one time fee of $399.99redflag for lifetime supportredflag. They spent 3 hours on his PC remotely
Sent 04:32 That’s crazy!
Received 04:33 Yea well. We had no other choice lol. [Victim] clicked on something last March 2015 that hacked into his PC and was on it every day since. According to the screen that popped up after [Victim] clicked on something this morningredflag
Received 04:34 How much would have been a fair price for lifetime service?
Sent 04:35 I’ve never heard of lifetime service. There are companies out there that get malware on your system that says it’s infected then charge you to fix it.
Received 04:35 They discounted it from $599.99redflag
Sent 04:36 I hate to see anyone pay that much for something they can get for free.
Received 04:36 Hard to say. [Victim] stopped listening to me about anything
Sent 04:36 I would have taken a look for him.
Sent 04:36 I can’t say for sure but there are scams out there like that.
Received 04:37 I worried it was a scam. They were on it for 3 hours
Received 04:37 Well he was in a panic and needed it done todayredflag
Sent 04:38 Has he paid?
Received 04:38 Yep
Sent 04:38 It sounds like a scam.
Sent 04:39 Credit card?
Received 04:39 Yep
Sent 04:39 I’d have him call the credit card company and ask about disputing it.
Received 04:39 How could he? He got the service they did
Received 04:39 You can still look at it if you want lol
Sent 04:40 If they caused the issue he paid them to fix that’s illegal.
Received 04:40 Ok. But could you prove that?
Received 04:40 Plus we Sent the email authorizing the paymentredflag
Received 04:40 They have it in writing
Sent 04:40 What’s the full company name?
Received 04:41 The tech pulled up a screen that showed a foreign computer hacking oursredflag
Received 04:42 [company]
Received 04:42 It sounded like a sales pitch to meredflag
Received 04:42 But again [Victim] no longer listens to me. He thinks all I do is lecture him
Sent 04:42 Ok well it still sounds fishy.
Sent 04:44 Google it. Might be a scam.
Received 04:44 Google it?
Sent 04:45 Google [company] and scam.
Received 04:50 Ah. Would you be able to tell if his pc had a planted malware?
Sent 04:50 Not after the fact.
Received 04:52 Crap. Would we have any ground to stand on if [Victim] disputed the charge?
Sent 05:05 That’s why I said he should call. If it’s a known scam he can dispute it.
Received 05:08 K
Sent 05:12 I would say definitely a scam.
Received 05:13 Why?
Sent 05:17 Guy claiming to be from Microsoft charges a lot of money to clean up your computer. I’ve heard it all before
Received 05:42 Ok. I told [Victim]. Thank you. I should have snagged a pic of the screen and Sent it to you firsthand-157251_640
Sent 06:02 No problem. I’m sure they talked a good game. They get people all the time.

Again, I can’t prove anything, but let’s look at the facts:  First, they created a sense of panic and urgency with the pop up, then followed up on the phone by convincing the victim he had multiple infections that would take a lot of work to clean up.  They spent a while flashing screens in front of him, showing him he was being hacked right now.

road-sign-464653_1280
How many red flags do you need?

Then they kept him on the phone while they “cleaned up” his computer, making him think they’d already done the work so he had no choice but to pay. They softened the financial blow by convincing him he was getting a huge discount. And they made sure to get explicit approval for the transaction from him, so there wouldn’t be any question that he was OK with the charge.

 When it walks like a duck…

I can’t stress this enough: Never, never, ever give your credit card or bank information to someone unless you’re absolutely sure they’re legitimate.  If you’re unsure about a pop up, ask a trusted friend or family member. If you know someone who is fairly Internet savvy, ask their advice.  If you’re on the phone with someone claiming you need to pay them now for something you didn’t ask for, hang up the phone.  They may make you feel like you have no choice, but you do.  If you’re worried your computer is being hacked, unplug it and reach out to a legitimate, known company or person.

Be aware, be cautious, and be safe.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s