One would imagine she’s hella busy …
The Chrome password is independent of your Windows one, so if you don’t have a Windows password, it does not open up Chrome to the user. It will go into your email (since Chrome stores that), but if you try to look up stored passwords in Chrome, it asks for your password again.
They probably figured $250 was about the threshold at which most people don’t bother contacting the authorities.
As for not covering their tracks, they probably just don’t have to. Or maybe they’ll attempt a repeat breach later on to see if their victim has changed their passwords, and if not they do more serious damage. Surely they’re counting on those that fall for the scam to be less tech-savvy than most.
It should if she actually has a password set up for her computer.
If you have a local account (not a Microsoft account) not having a password is actually safer, as it means people cannot remotely log into to the computer—at least, not without getting you to download other software.
As for advice: report the site to Google to get the site off their search results, as well as to other places:
OP: Do PayPal and Amazon have “quick checkout”, where you don’t have to enter your payment info each time you purchase something? If so, you should have your mother disable that option.
Also, small enough that maybe it won’t trip automated anti-fraud measures from banks or card issuers, and might be overlooked by people who aren’t really diligent about their finances.
I did one better – I changed her passwords, got rid of her auto-logins, and logged her out on her computer.
She doesn’t have a Windows password set up, and if I did and she had a problem, I couldn’t help her remotely.