"Microsoft" scams and the elderly (too mild for Pit)

So my mother-in-law called earlier this evening. She was beginning to be a bit worried about a call she’d gotten from Microsoft. They needed to issue her a refund (it wasn’t clear for what) - but could NOT send her a check.

Evidently, she’d engaged with “Sam” who of course had a bit of an Indian accent to the extent that he was trying to “help” her log into her bank account so he could set up a transfer. No, he couldn’t send a check (and that’s what seemed to bug her more than anything: “It’s a big company, they could definitely send a check!!”).

Fortunately, for whatever reason, she can’t get to her bank to from her laptop. The helpful “Microsoft” guy was trying to have her set up remote desktop access through Anydesk - which as it turns out is a legitimate tool but is often used by scammers. Fortunately she ultimately hung up - and did NOT install the software. I’d still like to have a look at her computer to make sure nothing was compromised, but she’s a thousand miles away.

The conversation with her was like this:

Her: Hi - just wanted to check something. I got a call from someone from Microsoft saying I was due a refund-"
Me (cutting her off): It was a scam.
Her: They said they needed to be able to direct deposit the refund
Me: It was a scam. I bet he had an Indian accent
Her: (laughs) He said his name was Sam… but he did have a bit of an accent.
Me: It was a scam.
Her: And you know a lot of companies have outsourced their assistance to India
Me: It was a scam

I finally got her to describe exactly how the conversation went. The guy promised her something like 500 dollars. She asked can’t you send a check? He said no, it had to be direct deposit. I don’t know if she said “I can’t get to my bank from this computer” and he said “I’ll help you”, or if he led with “Let’s go through these steps together!”.

End result, she was attempting to download Anydesk, and either bailed out of the install or out of the download itself. She claims she did not successfully launch it, nor give the guy any banking info. She finally bailed when she was having trouble with it, anyway, and once again he refused to send a check.,

The frustrations:

  1. That she fell for it at all
  2. That even after the call had ended, her argument was that they should have been able to send a check so that’s how she guessed it might be a scam
  3. “Haha - they’re barking up the wrong tree - we don’t have any money to steal!!” (yes, but they could royally bollix up what money you DO have, not to mention stealing your credit card info and running up huge bills).

How do you protect the parents from being victims??? There’s a concern that she might be “slipping” a bit mentally though for the most part she seems perfectly fine; she’ll repeat stories (but hell, we’re 20+ years younger and we do that!!).

I was down there once when MIL got a spam call. She actually talked with the person a minute or so then said “Well we’re not interested” then hung up. I tried having her let them get signed up for NomoRobo (which is better than nothing) but nope, they refused.

My FIL actually showed a bit of savvy once. We have an account with a credit union, and we opened up a joint account with them so that if they needed money in a hurry, we could just transfer. FIL got a phishing email from a different - though similar-sounding - credit union. He forwarded it to me and asked “what’s this about?”. At least he had the sense to ask! I was able to clear it up: 1) well known scam, 2) not same name but I don’t blame you for being confused, and 3) YAY!!! you asked!!!

Sadly, it’s hopeless.
Here’s my experience with a scam my dad fell for.

Probably the best you can do is to tell her to NEVER follow any instructions about computers from a caller - tell her than no company will ever call her out of the blue.

The thing that I find incredibly frustrating is that it’s difficult to give older people clear universal instructions, because so many bona fide companies and institutions themselves have idiotic policies that encourage people to get into the habit of unsafe practices. I frequently get (genuine) people who have phoned me asking for personal identifying information - even SSNO - “because of data protection”. On more than one occasion, when I’ve offered to call back to a known number, they tell me they can’t take incoming calls! Pretty much every financial institution that I have accounts with send me periodic emails - your statement is ready, click on this link and enter your id and password to get your statement.

My mother and I were discussing this (she’s 77 and just had a stroke). My dad has Alzheimers and one of the signs that she noticed is that he kept telling her that she needed to call some guy about the computer. My dad was king of the “don’t click this, don’t download anything” to the extent that Mom couldn’t even update her Adobe without him getting wound up. Now he believes everything and worries about it.

Mom, thank goodness, just laughs at them when they call her. “Now why would you need my bank information? Oh, you could send me money if you really needed to. Well, I’ll tell you what. You can send me a letter to the address on my microsoft license, how’s that? No? Well, I don’t think I believe you.”

It’s a joy to see.

Have them drop their landline number. Most scam calls come in from those than cell lines.

My parents live in a small town so the local banker knows them and keeps an eye on their accounts. Maybe that would help?

Nah, I get these all the time on my cell phone. If I’m driving somewhere and have time to kill I usually just keep them on the line like I’m playing along. The call usually end with me interrupting them saying “Yeah, so, I’m not at my computer right now, I’m actually driving and just got to my destination so I think we’re done here.”

I was looking at recipes today and went to a website that immediately told me that I needed to call Microsoft NOW!!! I had to completely kill my browser to get out of it. I couldn’t kill the tab and I couldn’t backtrack to a safe page.

They’re in southern Florida. I suspect the average age in their county is 60 or so - and they live in a HUGE retirement community. So personal attention would be nonexistent.

If our credit union had a branch nearby I’d encourage them to switch to that… but the nearest branch is 300+ miles away.

I do get lots of spam calls on my cell phone. Dunno how many are the active “Windows” scams vs regular scummy / scammy telemarketing; I certainly receive plenty of offers to help lower my CC interest rate :D.

I don’t even answer if it’s an unfamiliar number - or the latest fun trick, the same area code and exchange. You’d think the scammers would realize that most people now have learned to recognize the area code / exchange trick, and that they’d have better luck with a very different number. I will occasionally answer calls that I don’t recognize, ONLY if they are NOT from my same exchange, and if they are not from an area code known for scammers (for some reason, A/C 757 is popular).

I find this thread frightening. I will be 82 in a couple weeks and I wonder if it could happen to me. Maybe I will not be using a computer by then. But my wife and I are both immune so far. One thing, when the phone rings and no one responds to my “Hello” I hang up. Never fails.

Why did they refuse? Do they like getting junk calls?
I have not gotten one call from the Windows scammers since I signed up for NoMoRobo, so that is really the safest thing for them to do. You’ll never be able to warn them in advance of all scams, and they don’t seem to be able to smell a rat. I’ve never missed a legitimate call due to NoMoRobo - anyone legit who gets blocked can enter some kind of code to get through. MIT gets blocked when they ask for money, but the nice undergrad solicitors do get through right after.

Have you ever heard of kitboga? His whole shtick is to call these people up with a voice changer, sound effects, the whole deal, and keep them on the phone as long as possible so they can’t scam someone else. He even has supermarket background ambiance to make it sound like he’s in the store looking for the Google Play cards. It’s a hoot.

If that happens again, besides taking a note of the page so you don’t go there again, use the task manager->processes to find and kill one tab at a time until it goes away. Although this malware is initially disconcerting, it’s one of the easiest to disable.

And although a malware scan afterwards would be a good idea, it may not find anything. This scam is generated from a rogue script on a web page, typically from an ad server.

Not all callers have a blank time before they begin. Can you tell which ones are real humans and which ones are fake? Do you know the characteristic sounds made by hold music? Do you know which charities are bogus? Can you tell if the caller is really from Microsoft or Apple?

That may have been true once, but no longer. The calling robots make no distinction; a number is a number is a sucker/victim. US laws that make a distinction have no effect on callers from India. My 4-year log shows about an equal number of scam calls from both sources.

I don’t know why this would be suspicious. In my business dealings with Microsoft, they have always routinely asked to take control of my computer in order to facilitate money transfers. That’s just how they roll. They only have a savings account, so the bank doesn’t let them write checks. :wink:

I haven’t run into institutional stupidity on quite such a grand scale, but there’s a cautionary tale here. We get accustomed to certain security practices because they’re so common, like being asked for personal and account information to verify identity. In fact I just went through this twice in the process of re-activiting an old account that had gone dormant. It’s very easy to forget that there’s a vast difference between you calling a financial institution (to resolve a known problem) versus some unknown party calling you claiming to be that institution (and alleging some problem).

So if any such question should come up, I would keep two things in mind: (1) you called me, and (2) caller ID is easily spoofed. So I would be keen to do a little identity-verification of my own. Like, “I just need to ask you some questions to verify that this is really my bank calling. Who is your executive vice-president in charge of risk management? Is he a moron? (‘yes’ or ‘no’ answer only). What is his annual salary? Is it true he’s having an affair with the director of his own HR department? If not, how do you explain what his wife found in his pants?”

Satisfactory answers to questions like these will not only offer reassurance that it really is your bank calling, but that the person calling you is “tuned in” to the bank’s culture and gossip, which is what you want.

Many years ago, I came up with an iron-clad rule:

Never send money to any stranger who calls you on the phone.

I expect it will continue to serve me well as I get older.

In my opinion, the best thing to teach people is that it’s fine to be rude and just hang up. They don’t owe these callers anything, they don’t need to argue with them, just hang up the phone and get on with their day.

This is a particular type of attack that most browsers are vulnerable to. They put up a nasty page, and then do something to make the browser run out of resources and lock up. The cute name for this escapes me.

Uggh, they have realized, unfortunately. I still get the occasional calls to my exact area code and exchange, but now I probably get an equal number of calls with a different exchange, or even the other local area code. I get very few spam calls from non-local area codes. I usually answer, and then hang up as soon as the recording says “don’t hang up.” I’m not sure what it says after that.

An interesting almost possible scam “call” is when CenturyLink (phone) was going door-to-door with salespeople, seeing if we’d be interested in upgrading to the upcoming fiber-optic cable going into the neighborhood. Of course I would be! She said to set this up, she’ll have me talk to the account specialist at Century Link. Here’s how that call went:

  • the salesperson initiates the call (dials the number) and talks for a few sentences, and hands me the phone
  • the phone account person wants some account information: our phone number (she knew that), street address, etc.
  • the phone account person then wants to verify my identity, and asks for the last four digits of my SSN

At this point I’m thinking that sometimes the last four digits is all you need to impersonate you. So I said to him that I can’t tell him that, since I hadn’t initiated the call. He said it was in front of him, he just needed to verify it.

I asked him if he could read it to me, so I could verify it. He said no.

Finally I hit on a solution: he would tell me the first two digits, and I’ll tell him the last two digits. He said the correct first two digits, I gave him my two digits, and it was a match. He told me he understood the concern, and that was a pretty slick way of verifying the information.

I tell my students in the internet safety part of their beginning computer class that not all scams come from the internet - it might be phone calls, door-to-door, mailings (although rare). The students have some interesting stories of scams that have hit their families over the years.

Play dumb. It worked for me.

The best thing is, the older I get, the less I have to play at it.

Yeah, I may get frustrated sometimes with my Luddite mother, but I take comfort in the fact that she’s way too paranoid about computers to fall for one of these.

I think I dodged a bullet. As my mother descended into dementia, she forgot to answer the phone. It’s been 10 months since I changed the number and put the call director on the landline that Verizon insisted I have. 537 calls, One, count it ONE rang through. It was a wrong number. I have no idea what the landline number is, so they are all spam calls.