Here is an article about how a couple was scammed out of $18.5 million. It sounds like a fairly classic phishing scheme, possible with some “enhancements” - maybe the scammers had inside help, or maybe they came upon the family’s financial statements in the physical trash (unshredded), or from insecure online storage.
Regardless, always initiate the phone call to the correct phone number, or go in person if it’s that important… and never give out the multi-factor authentication code!
A good reminder to educate your parents and loved-ones about the common tactics in scam attempts:
This might sound a little insensitive on my part but I’m starting to have little sympathy for these people. How long have these scams been around? And people still getting taken by them? I don’t answer my phone unless I know the caller. If I’m expecting a call from a number I don’t normally see, I might pick up. But as soon as I find out it’s not what I expect I hang up.
One thing that is becoming more prevalent is session cookie theft via malware. The scary thing is your financial institution could rightly say “you gave away your own assets, we can prove it because you were authenticated at the time”.
Well, if someone stole the session cookie… maybe it wasn’t you, but you have no recourse.
The thing to delete would be to delete all cookies EVERY TIME you close the browser! That’s an additional PITA.
On Android you can goto Settings,/notifications/Do Not Disturb and set Do Not Disturb to allow phone to ring only for call in your contact list.
I do not receive calls from people who are not in my contact list unless I turn it off because I am expecting a call from some one who may not be in my contact list (usually a contractor -employee).
Passkeys may soon eliminate that problem.
Who ever tires to sign me in to Clark Howard has to have my phone and my finger print.
I have started to use a FIDO2 hardware key where I can and I really like it.
I like it better than phone-based passkeys because what if the phone breaks or is lost / stolen? And it’s tiny and requires no power.
I have a Yubikey on my keychain and another on my safe. They are much tougher than a phone, much tougher than me!
True…but if you use a password manager then the cookies don’t matter as much. You could just use Incognito Mode and the PW manager to sign-in and create a fresh session every time.
Passkeys are definitely the future…but support is very limited right now.
They are not going to solve the session hijacking problem.
I don’t have any harsh words for old people who get scammed… they grew up in a totally different threat environment, they are often losing mental acuity,…
But I have little sympathy for the prideful “digital natives” who apparently get scammed at very high rates, too. Just because you can plunk on colorful oversized buttons on a glass-faced pocket appliance doesn’t mean you are wise. Toddlers can do as much today.
Yes, It can be amazing at times how people get scammed. My sister (age 70 Y.O.) got scammed out of some money from the Microsoft bug that at times will pop up on your computer screen, telling you to not turn your computer off - YES DO IT. But they took over her computer and gave those same silly demands to not tell anyone and to go and get a gift card to pay for the repairs they would do to her computer. After a thousand-dollar gift card she paid for with her credit card, she finally called the Best Buy Geek Squad who finally got control of her computer back for her. I wish she had called me up.
I help friends with their PC problems. I’m just an amateur, but I can format HDs and reinstall Windows and some other basic stuff.
I have a friend who is in real estate but struggles with computers. She got the popup warning on her MS Surface and she went so far as to call the 800 number. The guy hooked up to her PC to “help clean” it. At some point she hung up. Her computer was locked up, even rebooting wouldn’t work.
She called all embarrassed and confessed. After one reboot try I told her I’d have to completely wipe the HD and reinstall and that she would lose her data. Luckily she told me most of her stuff was on the PC’s at work. A day later I handed her her factory fresh computer tactfully saying “never call/respond to these popup things.” I showed her that if the normal shutdown doesn’t work, just hold down the power button for a force shutdown, then restart.
Yes, it is very true that you can get away from that locked screen by holding the power button down until the computer turns off, then waiting a short time to restart. I just wished my sister had called me, and all her problems would have never happened.
Happened to my wife, she called me upstairs to help, we shut the box down.