Protecting the New Most Vulnerable Population – The Grandparent Scam
In Part 1 of this series, we introduced the concept that the most vulnerable people on the internet are our senior population. According to the FBI, elder fraud impacts millions of American seniors every year. Figures from the United Kingdom show similar levels of criminal activity targeting seniors.
Most of the elder fraud schemes are financially driven, targeting those who most likely have a secure and readily available source of income such as retirement accounts, pensions, and other forms of assets. While the seniors of today are much more computer savvy than those of yesteryear, that does not mean they are immune to fraud. One reason for this is that the scammers are becoming better versed in social engineering techniques, taking advantage of people by offering false goods or services.
Sometimes, the fraud is perpetrated through one of the strongest motivators—emotions, particularly, fear. This is the mode used in a very popular scam known as “The Grandparent Scam.” Is there a way to combat this? Yes, there is. But first, in case you are unfamiliar with this particular fraud, let’s review how it works.
The Mechanics of the Fraud
The grandparent scam begins when a parent or grandparent is contacted by someone impersonating the child, or grandchild, stating there is an emergency that requires money to fix. The fraudsters use convincing techniques such as a noisy phone line to obfuscate voice recognition by the victim as well as common social engineering techniques such as urgency or false premises like, “my parents will be so mad if they knew I was asking you for money.”
The victim of the crime is then asked to send money to an account to help the beleaguered child. (One has to wonder if the criminals have updated their tactics to use cryptocurrency. There are plenty of seniors who have begun to dabble in this area, so it is not unreasonable to assume that grandma has a digital currency account.) It should be noted that while this scam is not primarily carried out using a computer, it may easily be perpetrated via email or any number of common messaging apps through fraudulent means such as SIM swaps.
Ways to Combat Grandparent Scams
The Federal Trade Commission (FTC) offers some good advice about ways to prevent this scam including resisting the urge to act immediately, sending gift card codes, or using obscure questions to verify that the caller is who they purport to be. These are good tips, but there may actually be an easier way to protect against this scam.
An Easier Technique
One of the tips offered by the FTC is to ask questions that a scammer would not be able to answer. However, in the heat of the moment, with a panicked “relative” in trouble, these types of questions would probably not come easily. That is the “engineering” part of social engineering at work, motivating the target to behave in a way that is not in their best interest.
Do you have a favorite photo that you would like to share with your relatives? Send them that photo, and be sure to point out a unique piece of jewelry or a particular color that you are wearing. Make it a caption or a meme or whatever will catch their attention.
Advise your relatives to keep that photo on the refrigerator, mantle, or anywhere that they can easily look at it. Then, educate them about the grandparent scam and let them know that if you ever call and request money, they should simply ask, “what are you wearing?” If you cannot tell them whatever you have emphasized in that photo, advise them to hang up the phone or delete the email.
Not only is this method much more convenient than grandma needing to conjure up strange questions, recalling who your third-grade teacher was or who taught you how to swim; it lets you know that your smiling face is always present!
In part three of this series, we will look at an often overlooked method used by crooks to empty unsuspecting victims’ bank accounts in a slow and methodical scam.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.