(Although you may be more tech-savvy than my mom, you may still work with an older doctor, team member, or relative who could benefit from this story.)
I was seated in church when I got the call from my 80-year-old mother. She said, “Boy, did I just dodge a bullet!”
When I asked her what happened, she explained that she was surfing the web looking for a recipe when a “loud warning” popped up on her screen. It said something like, “Your computer has been infected with a virus that could destroy your files. Call Microsoft support immediately at 1-222-333-4444 (not the actual number).”
She said that the message was accompanied by a “blaring siren” that scared her and that no matter what she tried, she could not close the alert popup. Worried about losing her files, she quickly called the “support line” number on the screen.
The voice on the other end of the line identified himself as a “Level 7” Microsoft technician. He told her not to worry, that her files were safe and that he would solve her problem. She dutifully followed his instructions which allowed him to remotely connect to her computer. She was so proud that she was able to follow his instructions without my help. After several minutes of watching windows open and close on her screen, he told her that everything was now working and her files were safe. He also notified her that she didn’t have antivirus software installed and that for a one-time fee of $699 she could purchase lifetime support and protection from future attacks. Not wanting to go through this again, she read him her Discover Card account number over the phone.
Upon hearing her story, I immediately had her disconnect her computer from the Internet and shut it down. I explained that she had been scammed and that everything the “technician” told her was a lie. It took me over an hour to convince her that he was not legitimate. Once I had her laptop disconnected from her WiFi, I started damage control. I tried to log on to her retirement account website and found that it had already been locked down because of multiple attempts to log on using the wrong password. I found the same to be true for her bank account. I assume that the scammer had obtained login information from her browser history.
We immediately called all of her financial institutions and credit card companies to lock down her accounts. We were even able to get Discover to stop payment on the “support fee” she paid. My mom didn’t lose any money, but the inconveniences she’ll face over the next month or two will be a big hassle.
When I asked her why she didn’t call one of my siblings or me like she usually does when she has computer issues, she said that the siren scared her and that she trusts Microsoft (even though she was browsing the Internet on her MacBook and wasn’t even using Microsoft software!) She also thought she was safe because she placed the phone call rather than received it, even though she got the number from the fake alert. In review, my mom made three glaring mistakes – 1) she called an unverified number, 2) she helped them log onto her computer, and 3) she gave them her credit card number.
This “phishing” technique is just one of many being used by scammers to steal from less-than-tech-savvy people. The appropriate way to get out of this situation would have been to simply choose “Force Quit…” under the Apple Menu or right click on the taskbar in Windows and choose “Task Manager.” These options would have allowed my mom to close the browser along with the ominous alert popup. Had she done this, the scammer would not have even known she saw the alert message.
A quick review of safe surfing practices with your team or relatives should include the following recommendations:
- never click on a link that arrives in an email unless you are 100% sure that it is legitimate and you are expecting it (don’t just trust the name on the email…scammers can hack your friends’ email accounts).
- never open an attachment that arrives in an email unless you are 100% sure of its origin and are expecting it.
- never call a phone number supplied in an email or alert box (instead, look up the support number yourself if you feel you need to call). Be leery of any email that arrives unexpectedly or doesn’t look or feel right. If you aren’t certain, don’t click, open, or call.