phishing website claiming to be an apple support page with a phone number

Real-Life Story of Phishing the Elderly – by Ed Tobias

This week on the NosillaCast you’re going to hear regular contributor (and good friend) Ed Tobias tell us the story of how an elderly relative of his was snared in a phishing scam. It’s a horror story but there are a few heroes in the plot as well. Below are the rough notes we used for our discussion, along with a couple of images and a link to a helpful article on how to protect loved ones from scams.

Ed’s notes:

Problem to be solved:

As loved ones get older they may begin to lose their cognitive capacity to recognize a scam. This is why they are high-priority targets for scammers. How can we protect them without severely limiting their freedoms? This is the story of what happened to my relative, who we will call Betty to protect the innocent.

Sequence of Events

1) Betty received an email that looked like it was from PayPal. The letter said that she had been charged $740 for a subscription service from a security firm

PayPal Scam Email
PayPal Scam Email

2) The fake PayPal email listed a customer service number to dispute the charge.

3) Betty called the number. The “PayPal customer service rep” (let’s call him Daryl) said that the charge will be investigated but the charges needed to be reconciled to clear her account. He said since she doesn’t have any way to transfer funds to the account, they would allow the account to be paid using Target gift cards.

4) Betty agreed and went to Target and asked for $740 worth of gift cards. The cashier suspected something was wrong and had the store manager come over. He told Betty it was a scam and that this happens a lot, She didn’t get the gift cards and swore she wouldn’t talk to Daryl again. Target’s training program and the employees at her local store are the first heroes of this story.

5) Daryl called back a few days later and convinced her that it was not a scam and that her credit could be affected if the account wasn’t paid. She told him she didn’t know what to do. He asked if she had a Zelle account at her bank – she didn’t. He said he would help her set it up. All she had to do is give him access to remotely control her computer. She gave him access. Daryl logged into her bank, set up a Zelle account on her checking, and sent three payments to his number for $500 each. He then noticed that her checking had only a few thousand dollars in it so he transferred more money from her saving account to her checking.

6) The next day she told me what she did. I fainted.

7) Steps I took to protect her in the future:

I updated the following passwords:

- 1password password
-  Mac login password
-  email account passwords
-  Vanguard investment account password
-  tried to change her bank password, but it was locked out. 

I changed her Mac settings:

-  changed her Mac user to a non-administrator 
-  changed sharing preferences to turn off remote sharing and remote management. 

This would make it harder on me, as I often do tech support over the phone for her using Messages to share her screen, and now I would have to drive the 10 miles to go help her, but it was worth it.

Since it was Sunday, I had to wait until the next day to talk to the bank. The bank (Farmers and Merchants) had shut down the account due to suspected fraudulent activity. F&M is the second hero in the story. None of the transactions Daryl tried to do went through.

8) With the bank’s help (with Betty on the line), I managed to change the bank password. It was already set up with two-factor authentication like many of her other financial institutions from when I previously helped her.

The bank had frozen the Zelle requests suspecting they were fraudulent
They terminated the transfers and removed the Zelle account link.

9) Daryle continued to call her from various different numbers. I told her never to talk to him again and to stop answering the phone number if she didn’t recognize the number. But she did answer one last time to chew him out.

Other things that could also be done if a loved one is in cognitive decline:

- Get co-owner privileges on bank and financial accounts
- Vanguard trusted advisor
- Have access to their password manager

Note: Betty has been going through some serious medical issues which have resulted in diminished cognitive ability. This made her even more susceptible to the phishing scam.

Here’s a helpful article:

How to Safeguard Loved Ones from Scams

Allison described in the conversation an attempt to phish her mother-in-law. The screenshots below are what she saw on her iPad:

Deceptive Website Warning with red background with two choices
Web Browser Tab with Red Background Caused Her to Stop and Call for help

Except for the red background, this looked a lot like the page you see when you go to an http site these days:

This connection is not private screen
Real http Insecure Site Warning

Allison advised her to hit the “Go Back” button and this is what she saw next. We can spot the telltale signs of a scam but your friends and relatives may not.

Page says Apple Security Center with a phone number. Has overlapping windows (first hint) and x's in the corner to close them and apple supposedly saying this
Phishing Page She Was Presented

Allison told her to close the browser tab and be happy she didn’t get caught.

1 thought on “Real-Life Story of Phishing the Elderly – by Ed Tobias

  1. Listener Lynn - October 15, 2022

    Listen to AARPs podcast, The Perfect Scam, for more scams to watch for. ️

    F&M bank is a SoCal community bank that has been around over 100 years.

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top