The angle the scammers are working hard and heavy these days is “remote access” where they pose as someone from companies like Microsoft or Amazon, offering to help with a potential problem with the target’s computer.
Instead, the fraudsters feed a “Remote Access Trojan” (RAT) – malware that takes control of a user’s computer and the account credentials (bank account number for example) that reside on those computers so the scammer can commit as much fraud as possible.
These scammers’ batting percentages are Hall of Fame worthy, too. In BioCatch's latest 2023 Digital Banking Trends in EMEA Fraud Report, data show that 85% of Remote Access cases involve seniors 60 years of age or older.
The money these scammers grab is pretty scary. In the Federal Trade Commission’s (FTC) tracking of 2022’s tech support scams, people aged 60-70 lost more than $50 million and those 70-79 lost more than $75 million.
'I’m not sure how to do that. Can you help, please?'
Erin Englund, lead threat analyst at BioCatch, told ConsumerAffairs that much of the wool being pulled over seniors’ eyes is due to the “you know what you’re doing” authority that seniors give to these cybercrooks.
“It's extremely important to be wary of the messages one receives that claim someone or something of authority needs your action urgently,” Englund said. “What is unique about the deployment of RATs is that scammers will impersonate the customer service lines of entities like the IRS, banking services or utility companies to gain the trust of seniors and trick them into downloading the trojan.
Englund says another ploy is that since many company websites are confusing and their customer service isn’t as good as it could be, scammers making the proactive offer of customer service are very attractive to seniors when urgency is emphasized.
Words of the wicked
Englund says that there are four things every senior should add to their scammer-sensitive radar:
When an unfamiliar message claims to be from an authority, it will either be:
Emphasizing the urgency of resolving a missed payment, account issue, or other item as soon as possible
Asking someone to click on a link, which should never be clicked on under any circumstances
Asking for personal credentials or vulnerable information to be shared over text; or
If anyone tries to suggest that a person download a legitimate remote access tool, such as AnyDesk or Teamviewer, the user should stop right there
Englund says that fraudsters are well aware of the advice she offered and they’ll do whatever they can to prevent someone from independently verifying the issue by calling the company the scammer is impersonating (e.g. Microsoft, Apple, Dell).
“If the source tells you not to visit any official websites or verify by yourself, there is a very strong chance they are not who they claim to be. Disconnect from these sources immediately once you recognize the scam and its potential,” Englund urged.