Woman nearly lost $308,000 to cyber-scammer | #cybercrime | #infosec

Not so fondly, Chris Duncan recalls the day when a customer walked in his store, Vinton Computer, and described an interaction she’d had the day before with the “Windows Help Desk.”

The senior citizen had recently sold her house, Duncan said. As a result, she had more than $300,000 in her bank account.

One day in August, the woman was on her computer when a warning popped up on her screen, purportedly from Microsoft. She called the phone number in the notification. Before long, she’d granted the “Help Desk” remote access to her computer.

Duncan, who’s sold computers for 14 years (and co-owns Brambleton Computer with his father, Keith) listened with a growing sense of dread.

Keith Duncan left Chris Duncan right

Chris Duncan, right, owner of Vinton Computer, says he hears about another cyberscam from customers roughly once a day. In August, a customer of his nearly lost $308,000 to a cyberscammer. Duncan also co-owns Brambleton Computers with his father, Keith Duncan, left.

Mr. Help Desk promised the customer he would ensure her computer was secure. After the guy said he’d accomplished that task, he added, “Let’s check your bank and see if that’s secure,” Duncan said. Unsuspecting and grateful, the woman agreed.

People are also reading…

A few minutes later, Mr. Help Desk informed her that her bank account was insecure. He advised her to personally visit her bank branch and move all her money into a specific digital currency account, where it would be safe.

She followed those instructions, Duncan said. Mr. Help Desk told her what to say at her bank, and he even stayed on the woman’s phone, listening to the transaction as it occurred inside the branch. A day later, she was relating that story at Vinton Computer.

Duncan said the blood drained from his face the longer he listened. Then the customer inquired as to why Duncan had suddenly turned pale.

He told her she’d been scammed. He suggested she jump in her car, activate her emergency flashers, and drive to her bank branch without stopping for anything. Somehow, she made it safely.

“We were both shaking when she left the store,” Duncan told me. By then, the customer’s money was out of her bank account, he added.

Somehow, the victim’s branch manager was able to claw back the $308,000. Duncan said the way he heard it, the manager “moved mountains.” The woman didn’t lose a penny. But she came very close.

Duncan’s aware of another customer, a man, who lost $100,000 to cyberscammers. At a con man’s behest, he converted a $100,000 bank savings account into digital currency and lost the money.

Yet another customer was persuaded to withdraw $10,000 in $100 bills from a bank and then feed that cash into a local Bitcoin ATM, where it promptly disappeared.

“This is all coming from the sleepy little town of Vinton, all these stories,” Duncan said. The number of computer scams or attempted scams Duncan has heard about from customers has exploded in the past six months, he added. On average, he hears about one per day.

“I shudder to think what’s happening across the United States,” Duncan said.

The FBI’s Internet Crime Complaint Center (or IC3) has assessed that question. In 2022, it fielded 800,944 complaints about online-related fraud that totaled $10.3 billion. Its 2022 report lists four common kinds of cybercrime.

FBI IC3 screen capture

One’s known Business Email Compromise, or BEC. In that, scammers target companies via “phishing.” They send real employees phony emails from legitimate-appearing addresses designed to deceive workers into believing the sender is inside the company, or a legitimate vendor. That accounted for $2.7 billion of fraud in 2022.

In 2022, cryptocurrency investment scams were the most common, stealing $3.31 billion, a 127% increase over 2021, the FBI reported.

Ransomware attacks accounted for 2,345 complaints in 2022 and the IC3 report indicates those were responsible for $34.3 million in losses.

Complaints related to phony tech support desks, or scammers posing as IRS or other government agents, accounted for $1 billion in losses. People over 60 were the most common victims of those, losing $724 million, the federal report said.

Most but not all the victims Duncan sees are senior citizens. Most are women, he added. And every one of the bank-related cyberscams he’s personally heard about involve local branches of large national banks. The three Duncan cited were Wells Fargo, Citibank and Bank of America.

Cybercrime also victimizes younger folks whom you might assume are more aware of cyberfraud and trickery.

Last year, I wrote about an Augusta County couple (they’re under 45) who own a small business. They lost their life’s savings from their Truist account following a fraudulent text, purportedly from Amazon Marketplace, about a transaction that had never occurred.

waszaks, shannon and christian

Shannon Waszak (left) with her husband Christian. The Augusta County couple’s account at Truist Bank was scammed for more than $55,000 in 2022 by a cyber-fraudster. They got a refund.

Dan Casey

The scam started when the wife, Shannon Waszak, replied to the text, indicating the transaction wasn’t genuine. From there it went on for hours. Ultimately, that scammer gained access to the couple’s bank accounts and got his hands on their $55,000 in three quick transactions.

After an investigation and some unfavorable publicity, Truist refunded their money. But not before they’d begun selling off belongings to try and support themselves.

Cybercrime comes in a stunning array of varieties. Twenty or so years ago, one of the most common was an email from a Nigerian prince, desperate to share his locked-up fortune with any American willing to help him move the money out of Africa.

Since then the games have changed, and branched out into phony support desks, romance scams, or con games in which people are tricked into buying multiple high-dollar gift cards at retailers, then reading off the numbers on the back to the con men, which gives them access to money stored on the cards.

Sometimes the victims are educated and intelligent, though far too trusting. One of the gift-card scam victims I’ve interviewed had a doctorate in a science-related field. She lost $16,000 in one weekend, after responding to a “Microsoft Support” pop-up window on a new computer.

In some cases, Duncan said, cybercriminals purchase fake Google ads and advertise themselves as real support desks for manufacturers such as Hewlett Packard. When computer users search for a toll-free help line, they stumble across those ads and call the numbers, thinking they’re reaching out to HP. Actually, they’re initiating a scam for which they’re the target.

One of the help desk scams happened to my son, Zach, 10 years ago when he was 15, just days after he’d bought a new Sony laptop. He was home alone, using it, when a “Help Desk” scammer coincidentally cold-called our landline. Zach answered, and the guy persuaded him there was a problem with his new computer.

Zach granted the guy remote access. Within seconds the scammer locked up the laptop and requested $200 to “fix” it. Fortunately, Zach had also purchased a warranty package from Sony. He contacted Sony’s help desk. A real technician unlocked the computer, but the process took hours.

That kind of scam is still happening, Duncan said, but the scammers running it have added new flourishes. Now they hide viruses in a computer before they lock it. Those wreak havoc if the owner is able to regain access without paying, he added.

Duncan specifically cited two hallmarks, or “red flags,” that are common with consumer cybercrimes and for which people should be on guard.

First, the scammer keeps the victim on the phone for as long as possible, for the purpose of gaining trust. Second, the con man will implore a victim to conceal the actions the scammer’s directing from anyone who might interrupt them, such as a spouse or a bank teller. The latter are trained to ask seniors questions about unusually large transactions.

Even worse, once a victim has fallen prey, the scammers will put his or her name and information on a sucker’s list and re-sell that information to other scammers, Duncan said. That sets up victims to be revictimized.

“Don’t be trusting,” Duncan said. “Don’t let your guard down. Always consult with family members.

“Or call your local computer store,” he added. “I’m sick of hearing about hard-working people getting ripped off.”

[email protected]@dancaseysblog

Source link


Click Here For The Original Source.

National Cyber Security