How My Mum Got Taken for $40,000 in a Scam

I would like to share with you the story of how my mum was scammed out of $40,000 – which was almost all of her life's savings at the time. This was a multi-week process that started with a phishing email, much like the one inthat previous article. (Reminder: phising is hacker-speak for "fishing for someone they can trick into handing over their username and password")

My motivation in sharing this with you is to call out how vulnerable the older generations are to this type of attack, even though they are well-educated, in sound mind, and (I thought in this case) had been warned of the dangers and the signs to look out for. It's easy to hear this story and think, "That would never happen to my mum or dad" – that's exactly what I thought.

The "phishing" email my mum responded to threatened legal action because she had not paid her Optus bill for over 12 months. It claimed that they had been trying to contact her and had now taken steps to instigate court action. Mum was beside herself, so much so that she failed to realise she was with Telstra, not Optus. Using the number in the email, she rang straight away.

The "lovely young man" she then dealt with for over two weeks explained that it was a very serious matter, but if she was willing to take part in a "sting" operation to help them catch scammers, they would waive her bill. The irony. The scammer went to great lengths to explain which Optus shop he was based out of and assured mum that she could call him at any time on the provided Sydney number with an 02 area code. She had over 30 conversations with him over that period.

First, he explained, they needed to scan mum's computer and fix some issues because they had detected malware on it. So mum accepted the connection request for them to "fix" her laptop. At all times, they were keen to explain that they didn't have control and couldn't see her screen – even though the connection request was for remote control using software called TeamViewer. They asked her to log into her bank account, which she did – and then asked that she turn off her monitor as some of the "fixing" could damage the monitor.

After all that was done and the monitor was back on, the man explained that they had deposited $50,000 into her account and asked her to check. Conveniently, the page was already on the bank account where the money had been transferred in, and it did appear that a new deposit of that amount had been made. In reality, the scammers had just manipulated the webpage on mum's PC; her real bank account showed no such deposit.

The first phase involved mum transferring most of that amount to "our overseas agents" who were purportedly close to apprehending some scammers and needed funds. Of course, the transfer needed to be untraceable, otherwise the scammers might get wind of it. Over the course of a week, mum withdrew her daily withdrawal limit and deposited the money through Western Union wire transfers, which are untraceable.

At some point, I guess, the banks get suspicious about this type of activity. At any rate, phase two switched to mum using her credit card to buy a large number of high-value Apple iTunes gift cards. There was a lot of press at the time about fraudulent use of these cards, so mum's purchase raised some attention. But the scammers were ahead of this and had instructed her at great lengths on how to handle those queries and explain withdrawals. They told mum that it was a covert operation and that it was crucial. It remains so.

During this phase, mum dealt with a dedicated "agent" who worked through piles of these cards to get the serial numbers verbally from mum. I guess the main guy had handed this off to his partner and gone to the pub.

Even after I realised that my mum was in the middle of giving her money away and tried to stop her, the scammers had done such a great job of manipulating her emotions that she believed them over me and kept going for a few days, giving away a further $5,000 before I could physically intervene. (At the time, she lived in Brisbane and I lived in Sydney.) I even tried to involve the police, but they don't have the powers to intervene even if it's in her own interests.

It was towards the end of the second phase that I caught wind of what was going on. Even then, it was only by chance. I was chatting to mum, as I regularly did, and just before she signed off, she explained that she had to go down to the bank to get her credit card replaced and her internet banking account unlocked. It took me a couple of minutes to realise that she had been scammed.

I begged her to stop taking their calls and stop calling them – and most importantly, not to withdraw any more money and not to complete the process of handing over the iTunes serial numbers. I reminded her that she wasn't even an Optus customer. I pointed out that no international operation would be run out of a shop in Sydney. I asked her to go into the branch and check the original deposit amount because I knew it wasn't there. I rang the "nice young man" and asked him a few basic questions, like why his phone number was different from the branch's phone number. He chose not to address any of the questions, of course.

None of this changed my mum's mind. She still managed to withdraw some more cash over the next couple of days and wired it to them. She also completed the process of reading them the remaining serial numbers. You can imagine how I felt – and then how she felt eventually when she had to face the fact that she'd been swindled and that she would never get her money back.

I have asked myself many times what I could have done before this event to better inoculate my family against something that I understood well myself. Certainly, I had spent significant amounts of time over dinner and lunch and on the phone with my mum explaining and even giving examples of some of these scams. I had asked her strongly not to transfer money to someone she didn't know unless she had spoken to me first. But what I was not prepared for was the power of fear and manipulation.

Projecting this forward, I have wondered if at some point in my life, I should hand over the keys to my financial affairs (including my account) to my kids because what I see is that as we get older, we become more susceptible to manipulation.

What I can suggest, though, is to never assume that your extended family will come to you in such a situation – try to stay as connected as you can so that if the event occurs, you can catch it earlier than I did. It's also worth investigating software products like anti-phishing tools and browser security features designed specifically to protect against the type of manipulation that these scammers used to make my mum's bank account look like it had $50,000 in it.

Andrew Walker
Technology consulting for charities
https://www.linkedin.com/in/andrew-walker-the-impatient-futurist/

Did someone forward this email to you? Want your own subscription? Head over here and sign yourself right up!

Back issues available here.