There you are, in the middle of your busy day, doing whatever it is you are doing, and suddenly your phone rings.  Without looking at the number, you pick up and answer, and you find yourself talking to someone who identifies themselves being from Facebook, or Twitter, or Microsoft, Apple, Cisco, or perhaps your bank, or credit card company, or your auto finance company, mortgage company, or whatever.  They sound official, they sound serious, they may even give you official credentials, or even, reference the name of someone at the company you are familiar with.  They are telling you your account has been compromised, or overdrawn, or your computer has viruses, or your internet is having problems, whatever the issue, they tell you it’s very serious and needs your immediate attention.   What do you do?

Unfortunately, many people in these situations panic.  After all, the caller is smooth and official sounding, perhaps even sympathetic.  Additionally, no one wants to deal with a compromised account, or the possibility someone has gotten access to bank accounts, credit card info, or worse, medical and insurance records.  Before many people realize it, they have given up important account information, passwords, credit card, or bank account numbers, which results in accounts being charged, or, in the worst case, emptied.

I work in tech support, and I deal with people several times a week that were the victims of “fake tech support” scams.  The victim, in many cases is elderly, either receives a phone call, or a “pop up” on their computer while browsing the internet, warning them that serious intrusions have occurred, or a serious virus has infected their computer.  The “pop up” message contains a phone number to call, and in a moment of panic, the person calls. Do not ever call the number that accompanies the “pop-up” warning. Whether direct phone call, or via pop up, the victim winds up talking to a smooth sounding, and empathetic tech support person, who reinforces the seriousness of the issue, and, while talking, gains access to the victim’s computer, using well known, and otherwise benign processes in both macOS and Windows to show the customer the “damage” the “virus”, or the “hackers” are doing to their computer.  Most of this consists of the scammer showing the victim normal behavior, but they make it sound serious, because it looks serious.   In the meantime, the scammer has launched software designed to search for, and gather banking, loan, medical, and other account information, all the while trying to sell the victim an expensive (and useless) “internet security package”.   I have seen this play out too many times to count, and I have seen the damage that has been wrought, and it is heartbreaking. In the worst cases, the victims (almost always elderly, in my experience, I would say 90% of the scam victims I have dealt with were elderly) have given the scammers hundreds, if not thousands of dollars.  What is even worse is that scammers, in some cases, leave “back door” openings for themselves so they can access the victim’s computer when ever they want.

To convince their victim that something is going on behind the scenes on their computer, the scammer will have the victim open a command prompt in Windows, and in macOS have them open Terminal, Console, or Activity Monitor.  In Windows, the scammer will have the victim run processes such as “netstat” or “ipconfig” both commands show known network connections, which the scammer can use to show their victim where the “hackers” have connected.  What the command really shows are network connections that the computer and the operating system normally use.  In macOS, the same network commands can be used, in addition to opening and running Activity Monitor which shows processor, network, and memory activity.  Since most people have never used such utilities, it is easy for the scammer to convince the victim something nefarious is going on. (Side note: It is extremely difficult to locate an intrusion, or, determine if a connection is a problem.  It takes analysis by someone who knows what to look for, and who is well versed in computer and network security.)

To protect not only yourself, but your family as well, especially older relatives, please convince them, don’t just tell them, or talk about it, you need to convince them of the following: It is for their own protection

  1. No major media, computer, or social media company, makes unsolicited calls to customers at random.  No one does this.  Not their bank, their investment broker, loan company, mortgage company or, life insurance company.  None of them make unsolicited calls to warn their clients of problems.  None of them.  Not ever.  Also, they will never, and I mean, not ever, ask for account numbers or passwords.  They simply do not do it.  Ever. As in, never.  This is an important point to drive home.  It simply does not matter who they say they are, this is a scam, it is always a scam, it is never not a scam. 
  2.  If a phone call comes from a number they don’t recognize, do not pick it up.  Ever. Let it go.  Some of these scammers call over and over in a short period of time, hoping the target will answer out of sheer frustration, or concern that it “might be important”.  If they leave a voice mail saying they are from Apple, or Microsoft, or HP, or Facebook, see #1 above.
  3. Ignore internet/browser pop ups that claim “Your computer is infected/compromised/penetrated, whatever.  Teach them how to force quit a program, clear their history, as well as cookies and browsing data, so it does not pop up again. It does not matter if the pop up says they are from Apple, or Microsoft, or whatever, do not click, and do not call. No company, none of them, have the ability to monitor every system in the world for viruses, or intrusions, or what have you.  Despite the leaps and bounds in computer technology these days, it simply does not work that way.
  4. Also, no one takes gift cards, be they iTunes, GooglePlay, Steam, or any others, as a form of payment for things like bail, fines, or anything of the sort.  Scammers like to have people “pay” by going out  and buying several hundred dollars worth of gift cards, especially iTunes and GooglePlay, and then having the victim read the numbers on the cards to them.  The scammers then use the numbers they were given to purchase things from iTunes, GooglePlay, or other online content providers (Netflix, Hulu, Steam, Wargaming.net, XBox, Playstation, etc) at the victim’s expense.
  5.  Also tell them that if this does happen, they stand no chance of getting their money back.
  6. Email scams are the same.  Also, and this is vitally important, if you, or your family member receive an official, or important looking email from their bank, or investment broker, Facebook, Microsoft, etc.  Please read the email. Read it carefully.  Note syntax, grammar and spelling.  Most email scams are written by people overseas, and then translated to English.  No business person that I know writes something like  “We have in your account, noted that an issue is at hand, and needs your direct attention. Have please contact office here, at this number.”  The sentence is awkward, poorly constructed, and the word usage and grammar is not normal. That is a dead giveaway that the email is not legitimate.  It is not so much the errors as it is the “voice” of the email.  We talk how we write, and write how we talk.  In other words, no American I know is going to say “Have please”, much less write it, or say “We have in your account”. That is the result of the email being written in the scammers native language, and then run through something like Google Translate.

It’s heartbreaking when I get calls from upset family members, or the victims themselves.  We all have elderly family members, and in this technological age, we should be doing our best to help them understand that they need to keep themselves safe.  Because many older people do not understand the technology, that is what makes them easy marks.  It also doesn’t help that there is so much misinformation out there about what the internet, and computers, and hackers are capable of.  Sorting through what is true, and what isn’t can be perplexing.  Working with family members and helping them understand, and hopefully “scam proofing” them will go a long way to preventing anything bad from happening.  I know the tone of this is sharp.  It is no way meant to ridicule, or put down anyone.  The scammers are my pet peeve.  I have been doing tech-support for a number of years, and nothing makes me angrier than scammers and frauds.  I also feel genuine compassion for those who have been victimized.  It sucks, and there is very little one can do to get the scammers in trouble, because most of the time they operate from overseas.  If you love your family members, then, please, help them stay safe. Give them the tools to protect themselves, more importantly give them the knowledge to protect themselves.

Last note:  Malicious software; If you own a Windows computer, be very leery of anything that you download from anywhere, unless it is from a known, and reputable software publisher.   For macOS, avoid downloading anything unless it is from the Mac App Store.  Apple has a vetting process for anything that goes in to the Mac App Store, or the iOS App Store.  There are 3rd party programs that offer performance increases, ways to manage your computer, back it up, and etc.  At best they are PUP’s or, Potentially Unwanted Programs.  There are several out there.  Avoid them.  If you need software or utilities for your Mac, use the Mac App Store.   This is not to say that everything out there is bad.  It’s not. All I am saying is; be careful.  Know who your are downloading from.  Make sure anti-virus is up to date, and you have a good malware removal program (Malwarebytes.com makes a good one for both Windows and macOS).  Also, not all major tech companies have phone support.  Google and Yahoo do not.  They handle all support issue via email.  Searching for a number for Google, or Yahoo, will result in a search showing a plethora of numbers, none of which will get you in contact with either company, and in some cases, may put you in touch with scammers.  If you need a number for a technology company go to their website and look for a “Contact Us” link. Click that link, if they have a number for tech support, you will find it there, if they don’t, then, they don’t and searching Google for it won’t help.  No company has “hidden support numbers” like a restaurant has a “hidden menu” that only those in the know can access.  If they list a number, then, they offer phone support, if they don’t, then, there isn’t any, but they may have a chat support link, or an email support link.  Many companies, such as Apple, HP, Microsoft, and a couple of others offer support through phone, chat, email, and social media. (Twitter, Facebook, etc)

The bottom line is, everyone,  stay safe, stay aware, and educate family members.   Keep up to date on the latest security trends, and keep any security software up to date, as well as phone, tablet, and computer operating systems.