by Da King » Fri Mar 08, 2024 8:40 am
This is long. Not bothering with a TL;DR. This isn't X.
So I'm sitting in a work meeting yesterday (online), and my phone rings with a number from Key Bank. I am not a customer of theirs, but both of my parents are (separately), and it was a local number. So I decided to answer it.
Nice lady from the Baytowne (Webster) branch introduces herself, and asks if I am Steve, and verifies that I am joint on my mother's accounts (which I am). She proceeds to tell me that my mother came into the branch yesterday (Wednesday), and tried to wire $95k to someone. It sounded like a scam to the bank, so they would not allow her to do that. (Side note: Personally, I'd be pissed if I tried to transact my own money, and the bank said "no", but thats a different story). I found this very odd and unlike my mother. She is a smart person, and is not exactly "wealthy". My first thought is that it was someone impersonating my mother. The lady says that she has worked with my mom for years, and knows her well enough. She then proceeded to describe my mom perfectly. It was definitely her trying to do this.
The lady then tells me that my mother has tried to do the same thing at two other branches today (Thursday). And to make things even fishier, she says that my mom has tried to wire the money to a different bank every time, and with a different reason every time. I'm like WHAT THE FUCK. This is 100% out of character for her. I was genuinely afraid that she was starting to have some mental problems (she's in her late 70s, so older, but not REALLY old).
So I call my mom at home. She's not there (no surprise, the bank told me she was out branch-hopping). I call her cell phone, which she NEVER has on. It rings 7-8 times (meaning it WAS on), then goes to voice mail. I'm debating my next step. She then calls me back from one of the branches, tells me that she is sitting down with one of the account people at Key Bank, and she said she's discovered that she's in the middle of a scam right now. I tell her to finish working with the bank, and to call me when she gets home.
So this whole thing started Wednesday morning when she got a full-screen popup (looking just like Windows Defender) saying that she has a virus, and to call Microsoft at some random number (Red Flag #1). There is also an audible voice coming from her laptop telling her that she has a virus (probably Red Flag #2). So she calls them. I ask if they spoke "clear English". She said they sounded a bit off, but they said something about the call being sent thru "relays" and some other stuff as an excuse (Red Flag #3). They had her install Ultra Viewer as a way to take over her desktop (Red Flag #4, I'm pretty sure Microsoft would use a Microsoft tool if this was a real thing). They spent a LOT of time with my mom having her look at different things, being very patient with her (she is not overly computer-literate). Eventually they have her log into her bank account (thru a web browser that she opened, using her own link, not a phishing link), and it appears that her account is $25k below what her balance should be. Now she is very concerned. "Microsoft" starts doing some other "stuff" on her computer, and tells her that they've come to the conclusion that there were Russian hackers that gained access to her bank accounts, and withdrew $25k. They did this with the help of someone on the inside at Key Bank. At this point, they got someone from the Federal Trade Commission (FTC) involved (Red Flag #5). So another guys hops onto the call. He says that because it is an inside job at the bank. the only way to protect her money is to wire it to another account outside of Key Bank (Red Flag #6).
So she goes to branch #1, gives them the wire information, and tells them that the money is for a loan to a friend. They red flag it and won't do the transaction. The scammers call her back, and she tells them that the bank wouldn't do the transaction. They have her look at her account online again, and now there is $60K missing from her account! They tell her to try another branch ASAP. Thursday AM, she tries branch #2. She tries to send it to a different bank, and this time they tell her to tell the bank that it's for a purchase she's making from someone on the West Coast. Again, the bank denies it. They tell her to try another branch. (This is all Red Flag #7, going to different branches and lying to them, but she is lying because they tell her this whole thing is an "inside job"). At branch #3, she tries to send to yet another different bank with another different reason. They deny it again, but someone sits down with my mother, gets some of the back story, and explains the entire scam to her. My mother is now incredibly embarrassed at this whole thing.
So while on the phone with her yesterday, the first thing *I* do is change her password on her bank account (I dont know if they installed a key logger on her computer, so I did it from mine). Then I asked if she logged into any other financial accounts since this started, and she said she has logged into her investment account also... so I changed that password too. Those are the only two accounts that she had entered a password for since this whole thing started. I instruct her to turn her computer off until I get over there in the evening. I also ask her to unplug her internet, in the hope that being off for a couple hours will reset her IP address, denying the hackers the ability to remote into her computer.
I talk to a couple of our IT Security folks at work, trying to understand if I should wipe the laptop clean, or what the right steps would be. I find a website that identifies this exact scam, along with the remediation efforts if you fall for it. I show them this website, which has like 5 different things to do (
https://malwaretips.com/blogs/remove-mi ... lert-scam/, for reference). The IT Security guy says that the steps listed on the website seem pretty comprehensive. Then I dont have to rebuild the computer.
I go over to her house last night, and use my phone as a hotspot while cleaning things up (rather than letting her connect to her own internet, where these guys have her IP address to remote in). The only app that it appears they installed was that Ultra Viewer Remote Desktop app. So I uninstall that. I follow the steps to clean up her browsers (Chrome and Edge... basically, resetting them back to "new" and deleting cookies/trackers/etc). I run Malwarebytes, and it finds nothing. I run Hitman Pro, and it finds nothing. I run AdwCleaner, and it finds a browser hijacker installed. I am 95% sure this is how they were "altering" the balance in her accounts. Key Bank verified that she still had all of her money and there were no questionable transactions, but she would see something totally different when logging in. To me, this was the most sophisticated part of the attack. Once all of that is done, I re-enable Microsoft Defender, run a couple more scans (basic, deep, etc), and it appears everything is cleaned up now.
In hindsight, there were a million places that this should have been caught. My mom questioned them on stuff several times, and they ALWAYS had an answer that seemed plausible. They didnt rush her through anything, seemed very sympathetic, etc. These guys were REALLY good, and I can see why seniors fall for this stuff all too often.
Moral of the story.. have a conversation with your parents. My dad talks to me about everything under the sun that "might" be a scam. He's almost too cautious. My mom will be doing that from now on. I need to have this same conversation with my in-laws. Even if you think there's no way they'll fall for it.... dont make that assumption.
My mom was very upset at the whole thing, but in the end, all it cost her was time. No money lost. Once she had that perspective, she felt better.
Hope nobody else falls for this crap.
This is long. Not bothering with a TL;DR. This isn't X.
So I'm sitting in a work meeting yesterday (online), and my phone rings with a number from Key Bank. I am not a customer of theirs, but both of my parents are (separately), and it was a local number. So I decided to answer it.
Nice lady from the Baytowne (Webster) branch introduces herself, and asks if I am Steve, and verifies that I am joint on my mother's accounts (which I am). She proceeds to tell me that my mother came into the branch yesterday (Wednesday), and tried to wire $95k to someone. It sounded like a scam to the bank, so they would not allow her to do that. (Side note: Personally, I'd be pissed if I tried to transact my own money, and the bank said "no", but thats a different story). I found this very odd and unlike my mother. She is a smart person, and is not exactly "wealthy". My first thought is that it was someone impersonating my mother. The lady says that she has worked with my mom for years, and knows her well enough. She then proceeded to describe my mom perfectly. It was definitely her trying to do this.
The lady then tells me that my mother has tried to do the same thing at two other branches today (Thursday). And to make things even fishier, she says that my mom has tried to wire the money to a different bank every time, and with a different reason every time. I'm like WHAT THE FUCK. This is 100% out of character for her. I was genuinely afraid that she was starting to have some mental problems (she's in her late 70s, so older, but not REALLY old).
So I call my mom at home. She's not there (no surprise, the bank told me she was out branch-hopping). I call her cell phone, which she NEVER has on. It rings 7-8 times (meaning it WAS on), then goes to voice mail. I'm debating my next step. She then calls me back from one of the branches, tells me that she is sitting down with one of the account people at Key Bank, and she said she's discovered that she's in the middle of a scam right now. I tell her to finish working with the bank, and to call me when she gets home.
So this whole thing started Wednesday morning when she got a full-screen popup (looking just like Windows Defender) saying that she has a virus, and to call Microsoft at some random number (Red Flag #1). There is also an audible voice coming from her laptop telling her that she has a virus (probably Red Flag #2). So she calls them. I ask if they spoke "clear English". She said they sounded a bit off, but they said something about the call being sent thru "relays" and some other stuff as an excuse (Red Flag #3). They had her install Ultra Viewer as a way to take over her desktop (Red Flag #4, I'm pretty sure Microsoft would use a Microsoft tool if this was a real thing). They spent a LOT of time with my mom having her look at different things, being very patient with her (she is not overly computer-literate). Eventually they have her log into her bank account (thru a web browser that she opened, using her own link, not a phishing link), and it appears that her account is $25k below what her balance should be. Now she is very concerned. "Microsoft" starts doing some other "stuff" on her computer, and tells her that they've come to the conclusion that there were Russian hackers that gained access to her bank accounts, and withdrew $25k. They did this with the help of someone on the inside at Key Bank. At this point, they got someone from the Federal Trade Commission (FTC) involved (Red Flag #5). So another guys hops onto the call. He says that because it is an inside job at the bank. the only way to protect her money is to wire it to another account outside of Key Bank (Red Flag #6).
So she goes to branch #1, gives them the wire information, and tells them that the money is for a loan to a friend. They red flag it and won't do the transaction. The scammers call her back, and she tells them that the bank wouldn't do the transaction. They have her look at her account online again, and now there is $60K missing from her account! They tell her to try another branch ASAP. Thursday AM, she tries branch #2. She tries to send it to a different bank, and this time they tell her to tell the bank that it's for a purchase she's making from someone on the West Coast. Again, the bank denies it. They tell her to try another branch. (This is all Red Flag #7, going to different branches and lying to them, but she is lying because they tell her this whole thing is an "inside job"). At branch #3, she tries to send to yet another different bank with another different reason. They deny it again, but someone sits down with my mother, gets some of the back story, and explains the entire scam to her. My mother is now incredibly embarrassed at this whole thing.
So while on the phone with her yesterday, the first thing *I* do is change her password on her bank account (I dont know if they installed a key logger on her computer, so I did it from mine). Then I asked if she logged into any other financial accounts since this started, and she said she has logged into her investment account also... so I changed that password too. Those are the only two accounts that she had entered a password for since this whole thing started. I instruct her to turn her computer off until I get over there in the evening. I also ask her to unplug her internet, in the hope that being off for a couple hours will reset her IP address, denying the hackers the ability to remote into her computer.
I talk to a couple of our IT Security folks at work, trying to understand if I should wipe the laptop clean, or what the right steps would be. I find a website that identifies this exact scam, along with the remediation efforts if you fall for it. I show them this website, which has like 5 different things to do (https://malwaretips.com/blogs/remove-microsoft-warning-alert-scam/, for reference). The IT Security guy says that the steps listed on the website seem pretty comprehensive. Then I dont have to rebuild the computer.
I go over to her house last night, and use my phone as a hotspot while cleaning things up (rather than letting her connect to her own internet, where these guys have her IP address to remote in). The only app that it appears they installed was that Ultra Viewer Remote Desktop app. So I uninstall that. I follow the steps to clean up her browsers (Chrome and Edge... basically, resetting them back to "new" and deleting cookies/trackers/etc). I run Malwarebytes, and it finds nothing. I run Hitman Pro, and it finds nothing. I run AdwCleaner, and it finds a browser hijacker installed. I am 95% sure this is how they were "altering" the balance in her accounts. Key Bank verified that she still had all of her money and there were no questionable transactions, but she would see something totally different when logging in. To me, this was the most sophisticated part of the attack. Once all of that is done, I re-enable Microsoft Defender, run a couple more scans (basic, deep, etc), and it appears everything is cleaned up now.
In hindsight, there were a million places that this should have been caught. My mom questioned them on stuff several times, and they ALWAYS had an answer that seemed plausible. They didnt rush her through anything, seemed very sympathetic, etc. These guys were REALLY good, and I can see why seniors fall for this stuff all too often.
Moral of the story.. have a conversation with your parents. My dad talks to me about everything under the sun that "might" be a scam. He's almost too cautious. My mom will be doing that from now on. I need to have this same conversation with my in-laws. Even if you think there's no way they'll fall for it.... dont make that assumption.
My mom was very upset at the whole thing, but in the end, all it cost her was time. No money lost. Once she had that perspective, she felt better.
Hope nobody else falls for this crap.