Yesterday my grandfather received a phone call at his home address from "one of my friends". This "friend" told him that I was in a tragic accident in Las Vegas while at a [real friend's name] wedding. This scammer knew some fairly detailed information about me to try to scam my grandfather. He called me and my dad and avoided the scam, but boy was he worried!<p>The ask is: What should I personally do to cover my ass. I have a blog, social media accounts, etc and am now worried about getting hacked, scammed, or family being prayed upon. Thoughts?
My dad fell for this scam (sadly he won't admit it to his friends to help prevent them from falling for it). He did explain to me what happened: the social hacking was successful enough that the scammer may not have known you real friend's name!<p>In my dad's case, someone called and said "this is your son. I'm in London and my passport was stolen." My dad asked, "This is <my name>? Are you OK?" Then he asked why "I" hadn't called my wife, using her name. Now the scammer could say "I tried to call <her name>" and had some explanation I now forget. Thus the scammer was able to build confidence.<p>The really interesting thing to me is that the caller didn't even have my accent. When he finally called me, my dad told me that, and said though he noticed that immediately he was so worried about me that it didn't cause him to suspect anything!<p>I'm a parent so I can understand how some of your rational reasoning can shut down when you think your kid is in trouble. I now see that as you start to lose your marbles this can become pretty bad.
This is a very common (in UK) scam.<p>The "distressed relative" scam is mentioned in passing here: <a href="http://www.bbc.co.uk/guides/zw9v34j" rel="nofollow">http://www.bbc.co.uk/guides/zw9v34j</a><p>The FTC calls this "family emergency scam" <a href="https://www.consumer.ftc.gov/articles/0204-family-emergency-scams" rel="nofollow">https://www.consumer.ftc.gov/articles/0204-family-emergency-...</a><p>Here's Canadian advice:<a href="http://mpdc.dc.gov/page/relative-distress-scam" rel="nofollow">http://mpdc.dc.gov/page/relative-distress-scam</a><p>I don't know who AARP are, but they have information here: <a href="http://www.aarp.org/money/scams-fraud/info-07-2012/grandparent-scam-wa1889.html" rel="nofollow">http://www.aarp.org/money/scams-fraud/info-07-2012/grandpare...</a><p>There's some simplistic advice from the BBC here: <a href="http://www.bbc.co.uk/guides/zxq8frd" rel="nofollow">http://www.bbc.co.uk/guides/zxq8frd</a><p>It's important to note that fraudsters don't just go after vulnerable people; they go after everyone. <a href="http://www.bbc.co.uk/news/business-35250678" rel="nofollow">http://www.bbc.co.uk/news/business-35250678</a><p>What you can do to protect yourself: Let all your family know that these scams are happening; let your relatives know that if you do suddenly need large amounts of money that you will speak to them in person, or your spouse will.<p>Removing your information, especially your birthdate, is probably a good idea, but that's hard to do.
<i>I have a blog, social media accounts</i><p>A lot may revealed there. Think about what you post. Vomiting every detail of your life out for the world to see is a good source of feedstock for social engineering against your family and friends.
This is standard practise in Europe.Even a public police statement in Greece on TV. Sometimes they dont even know your details the chat goes like "crying voice calls for granpa" grandpa says "martin is it you" then they know they your name etc.
This happened to my grandfather. The scammer told him I was accused of manslaughter in Oklahoma and was being held for questioning. The scammer was my "lawyer" and my grandfather needed to post my bail. He saw through the scam but was worried enough to check with my dad to see I had travelled to Oklahoma recently. At that point my mother and father were quite concerned. 30 minutes later I finally answered the phone and confirmed that I was not in Oklahoma. I was in class.
Your accounts probably weren't hacked or anything. Most likely you or your family posted on social media about the wedding and the scammers then knew you would be away from home.<p>Could the detailed information you mentioned be found in your social media profiles, or the profiles of your friends and family?
This happened to me as well. My grandmother called my dad because she believe I was in jail and I needed money to get out. She was completely distraught and even after I talked to her, she wasn't convinced that I was safe. It was pretty scary.
My grandfather was hit by this. We never determined conclusively how it happened, but putting together what they knew and what they didn't (they = the attackers), I strongly believe that an insider at the care facility my grandmother was staying at either was the attacker or provided key family information (names, etc) to the attacker, who then used Google, etc, to do additional research.<p>The attacker knew quite a lot about me (but all stuff publicly researchable) and was very convincing. It was quite disturbing.
While its not outright identity theft, I <i>highly recommend</i> following the instructions at <a href="https://www.reddit.com/r/personalfinance/wiki/identity_theft" rel="nofollow">https://www.reddit.com/r/personalfinance/wiki/identity_theft</a> to get ahead of the curve.
This is why I have a Code - Counter Code setup with my family. I can give a message to any person and then say, "Say this word at the end of the message" and that confirms the message came from me. It's a little weird to do this with family but when you explain it to them, they kind of get it.
Sounds horrible but it doesn't sounds like there's much you can do personally about this to be honest unless you have zero internet identity. For that kind of scam, it sounds like all you need is few names or places that are related to you which would be hard to completely hide unless you never talk about yourself online, don't have an online CV and don't have any social accounts.
On the hacking front, make sure you have two-factor auth enabled on all of your accounts that support it. That will go a long way in keeping your accounts from being misused.
Honestly, don't answer the phone from numbers you don't recognize. Real emergency responders will leave a message.<p>Conmen are really talented at this. Once local restauranteur who I know got this call from the electric utility, demanding $500 in Visa gift cards in 30 minutes (lunchtime) or the gas will get shut off.<p>The guy fell for it, just because the conman was good. Afterwards, he didn't understand what happened.
I wonder, how did they get all these infos ? do you have profiles on many social networks like Facebook or Linkedn ? where did the call orignated from ? I guess they were trying to get money from your relative,how did they ask him to transfer the money ?
The Confidence Game: Why We Fall for It . . . Every Time
by Maria Konnikova is definitely worth checking out if you're curious in learning more about why these types of scams (and cons in general) are so often successful.