A Scam in the Family—How a Close Relative Lost $100,000 to an Elder Scam

Written by James Schmidt 

Editor’s Note: We often speak of online scams in our blogs, ones that cost victims hundreds if not thousands of dollars. This account puts a face on one of those scams—along with the personal, financial, and emotional pain that they can leave in their wake. This is the story of “Meredith,” whose aunt “Leslie” fell victim to an emerging form on online elder fraud. Our thanks to James for bringing it forward and to “Meredith’s” family for sharing it, all so others can prevent such scams from happening to them. 

 

“Embarrassing. Simply embarrassing.” She shook her head. “It’s too raw. I can’t talk about it right now. I need time.”   

Her aunt had been scammed. To the tune of $100,000 dollars. My colleague—we both work in the security industry—felt a peculiar sense of loss. 

“I work in this industry. I thought I’d done everything right. I’ve passed on enough warnings to my family and friends to ensure they’d avoid the fate of the scammed.  Simply because I’m in this industry does not imply my circle is always aware of all the threats to them, even if I do my best to teach them.” 

“My mental state, recently, borders on shame; this feeling, you know? How could someone working in my industry have something like this happen to a family member?”  

I told her many people working in other industries cannot control what happens to people in their families even if people in that industry had knowledge that could have helped them or otherwise avoided a problem altogether. 

“I know, but this simply should never have happened! My aunt is one of the smartest, most conscientious people I know, and she fell for this. It’s crazy and I can’t wrap my head around it.” 

My colleague, let’s call her Meredith (not her real name as she’s a bit ashamed to know this happened to a family member), told me the beginnings. 

Let’s call her aunt Leslie. 

Her story unfolds, the overall picture a pastiche of millions of people in the United States today. Her aunt is retired, bored, lonely, and isolated. She feels adrift without something to occupy her time; she was looking for companionship, connections, someone (anyone) to talk to. Her feelings intensified during the pandemic. She morphed into perfect prey for scammers of what is now known as the “Pig Butchering Scam.” 

The term “Pig Butchering” has a visceral and raw feel to it, which falls right in line with how brutal this scam can be. It’s a long con game, where the scammer befriends the victim and encourages them to make small investments through the scammer, which get bigger and bigger over time. The scammer builds trust early with what appear to be small investment wins. None of it is legit. The money goes right into the scammer’s pocket, even as the scammer shows the victim phony financial statements and dashboards to show off the bogus returns. Confidence grows. The scammer wrings even larger sums out of the victim. And then disappears.  

It was a targeted attack that started innocuously enough with a “fake wrong number”. An SMS arrives. A text conversation starts. The scammer then apologizes but tells Leslie someone gave them the number to initiate the text. 

The scammer then uses emotional and psychological techniques to keep Leslie hooked.  “How are you, are you having a nice day?” Leslie, being bored and interested, engages willingly.     

The scammer asks to talk directly, not via text: and a phone conversation ensues.  The scammer proceeds to describe—in very soothing detail—what they are doing, helping people, like Leslie, invest their “hard-earned money” into something that will make them more money, to help them out in retirement. 

Of course, it is too good to be true.  

“The craziest part of all of this is my aunt refuses—to this day—to believe she’s been scammed!” 

She still thinks this scammer is a “friend” even though the entire family is up in arms over this, all of whom beg her aunt to “open her eyes.” 

“My aunt still thinks she’d going to see that money again, or even make some money, which is crazy. The scammers are so good at emotional intelligence; really leveraging heartstrings and psychological makeup of the forlorn in society. My aunt finally agreed to stop sending more money to the scammers, but only after the entire family threatened to cut her off from the rest of the family. It took a lot to get her to stop trusting the scammers.” 

Meredith feels this is doubly sad as the aunt in question is not someone they’d ever imagine would in this predicament. She was always the upright one, always the diligent and hardworking and the best with money. She is smart and savvy and we could never imagine her to be taken by these people and taken so easily. It boggles the mind.” 

She did start to change in the last few years. And the pandemic created a weird situation. Retirement, loneliness from loss of a partner, and the added burden of the pandemic created a perfect storm for her to open herself up to someone willingly, simply for the sake of connection. 

“No one deserves this. It has rocked my family to the core. It is not only about the money, but we’ve found family bonds stretched. She believes these random people, these scammers, more than she believes her own family. Have we been neglectful of our aunt? Does she no longer put her faith in people she knows, rather gives money to complete strangers?” 

Being a security professional does not provide magical protection. We are more aware of scams and scammers, and how they work, and what to look for, and we try to do all we can to keep our family aware of scams out there in the big wide world, but we are human. We fall short. 

Diligence is action. Awareness is action. Education is action. 

We need to be better, all of us, at socializing risky things. We need to consistently educate our family and friends to protect themselves, not only via security software (which everyone should have as default) but by providing tips and tricks and warnings for things we all need to be on the lookout. This is not a one-time thing. The cliché holds true: “If you see something say something.” Repetition helps.  

In today’s world, the need for protecting people’s security, identity, and privacy is critical to keeping them safe. Scammers long stopped focusing on attacking only your computer. Now focus more than ever on YOU: your identity, your privacy, your trust. If they get you there, they soon get your money. 

As for contributing factors to scammers success with their victims, such as loneliness, isolation, and boredom, they all have remedies.  Make connections with your loved ones, especially those easily tagged as vulnerable, those you feel might be at risk. Reach out. It may be hard sometimes due to distance and other factors but make it a point to connect. There is a reason these scammers are succeeding. They are stepping into roles of companions to people who are desperate for connection.   

Most people are greatly saddened at seeing other people being “taken.” Let’s work together to help stop the scammers. 

Look out for each other, and get your people protected! 

Editor’s Closing Note:  

If you or someone you know suspects elder fraud, the following resources can help: 

• In the U.S., the National Elder Fraud Hotline and the Eldercare Locator run by the U.S. Administration on Aging. 
• In the U.K., ActionFraud, run by the National Fraud and Cybercrime Reporting Centre. 
• In Canada, the Canadian Anti-Fraud Centre maintained by the Canadian government. 
• In Australia, Scamwatch, maintained by the Australian Competition and Consumer Commission. 

For further reading on scams and scam prevention, check out the guides in our McAfee Safety Series, which provide in-depth advice on protecting your identity and privacy—and your family from scams. They’re ready to download and share. 

The post A Scam in the Family—How a Close Relative Lost $100,000 to an Elder Scam appeared first on McAfee Blog.

Ransomware Masquerading as Microsoft Update Targets Home Computers

A new ransomware threat is currently sweeping its way across home computers. And what’s making it extra tricky is that it’s disguised as an operating system update. 

Be on the lookout for this new ransomware scheme and protect yourself from ransomware with a few of these tips. 

What Is Magniber Ransomware? 

Magniber is a new type of ransomware that is disguised at almost every touchpoint until it seemingly pops out of nowhere demanding money. The attack begins when someone visits a fake Windows 10 update website owned by the Magniber cybercriminal group. Once someone clicks on a malicious link on that site, file-encrypting malware downloads onto the device. 

Another stealth maneuver of Magniber is that the encryption malware downloads as a JavaScript file straight to the memory of the device, which can often slide under an antivirus’ radar. This malware allows the criminal to view, delete, and encrypt files and gain administrator access of the device. Usually, before the person even knows their device is in danger, Magniber reveals itself and demands a ransom payment in exchange for releasing the documents and giving back control of the computer. If the device owner refuses to pay, the criminal threatens to delete the files forever.1 

Personal Ransomware May Be on the Rise 

For the last several years, large companies fell left and right to breaches. Hacker groups infiltrated complex cybersecurity defenses, got ahold of sensitive company or customer information, and threatened to release their findings on the dark web if not paid a hefty ransom. The reasons cybercriminals targeted corporate databases versus personal devices wasn’t just because they could demand multiple millions, but because companies were better equipped to make ransom transactions anonymously. Often, cryptocurrency transactions are untraceable, which allows criminals to remain at large. 

Now that more everyday people are proficient in cryptocurrency, ransomware may shift to targeting personal devices. Though the ransom payments won’t be as lucrative, there also won’t be corporate cybersecurity experts hot on the cybercriminal’s tail. 

How to Keep Your Device Safe 

To avoid ransomware schemes similar to Magniber, adopt these three habits to better protect your device and digital privacy: 

• Turn on automatic updates. It’s best practice to accept all new software and device updates, which makes Magniber an especially difficult threat to detect. Consider configuring your device to auto-update. If you enable automatic updates, you can then treat any other popups or update websites with skepticism. To validate if an update prompt is genuine, go to your operating system or device’s corporate page and search for any announcements about new updates.  
• Regularly back up your important files. If you store sensitive documents (like your tax returns) or sentimental files (like your wedding photos) on your computer, consider also backing them up on an external hard drive. Not only will that free up memory on your device, but it’ll also protect them in case a cybercriminal takes control of your computer. When your device is scrubbed of these important files in the first place, you can factory reset your device without losing anything. That way, the cybercriminal gets nothing: neither your personal information nor your money. 
• Avoid risky sites. Magniber downloaded onto devices after a person visited a site controlled by the cybercriminal. If you’re ever suspicious about any site, it’s best to leave and not click on any links while you’re there. Even sites that attempt to mimic legitimate ones leave a few clues that they’re fake. Check for typos, blurry logos, incorrect grammar, and hyperlinks that direct to long, unfamiliar URLs. 

Ransomware Protection 

If a cybercriminal gets in touch with you and demands a ransom, immediately contact your local FBI field office and file a report with the FBI’s Internet Criminal Complaint Center. From there, the authorities will advise you on how to proceed.  

Something you can start with now to defend against ransomware is to invest in McAfee+ Ultimate. It provides the most thorough device, privacy, and identity protection, including $25,000 in ransomware coverage. 

1ZDNET, “This unusual ransomware attack targets home PCs, so beware” 

The post Ransomware Masquerading as Microsoft Update Targets Home Computers appeared first on McAfee Blog.