OSF - 2.05 - scams - grandparent scams and social engineering
Now, as I say, I am old. I am a grandparent, and, in fact, a great-grandparent. So, I am going to start with the grandparents scam. No, it is not just because I am a grandfather, and a great-grandfather, but also because talking about the grandparents scam allows me to point out some of the important techniques that scammers will use against you.
This one pretty much always comes by phone. The phone rings, and I pick it up, and a female voice, sometimes rather shakily, as if the person was in distress, asks, "Grandpa?" So, of course, being a caring grandfather, I respond, "Sophie?" And the voice on the other end says "Yes! Grandpa, I'm in trouble!"
Now, of course, this person is not Sophie. This person might not even be female. I have a video of someone, conducting a scam, using a bank of phones in a railway station (which shows you how old the video is), and, using multiple phones, and changing his voice so that he changes gender, job title, and level of authority, is conducting a scam on someone, and using himself, with a different voice, to verify his identity to the person over the phone. But let's get back to our grandparents scammer.
The scammer on the phone, who I have mentally identified as my granddaughter Sophie, is not my granddaughter. The person on the phone is using social engineering techniques. (You can, if you wish, think that "social engineering" is just a fancy way of saying "lying," but there ae a great many techniques, some of them quite sophisticated, and, even when you know about them, they generally do work.) One of the techniques being, using me to give the scammer information, which the scammer is going to then use against me. The scammer has only had to say one word, grandpa, and then I have given the scammer the name of my granddaughter.
This is not the only social engineering technique. These people are specialists, and are using a series of techniques called cold reading, allowing them to "read" information about you, without you being aware of giving that information away. These techniques are used by entertainers presenting themselves as mentalists and mind readers.
So, by now flustered and distressed myself, I say what about Mavis? (Making the situation even worse: I have given away another piece of information to the scammer.) So the scammer goes on to say that, yes, the two of them are together, and they are both in distress. At this point, the story may vary. They may be in jail, for a crime that they didn't commit, of course, but, given that it is a Friday night, if somebody doesn't bail them out they are going to be in jail over the weekend, until they can appear before a judge. As I say, it may be that they are not in jail, but have been in an accident with another driver, it may be that the other driver is intending to call the police and get them thrown in jail unless the damage to the car is paid for immediately. It may be that they are in hospital, and need funding for medical care. As I say, there are various types of stories, but the stories all have some common themes. For one thing, there is a sense of urgency. The money, and the decision to send the money, must be made right away, it is urgent. They are in a distressing situation, which is not their fault, but, unless the situation is dealt with right away, they will be in difficulty, and possibly for an extended period of time. Their need is urgent, but the situation is not their fault, and can be rectified, and the money recovered, at a later date, but they need immediate funding, right now.
This is the grandparent scam. This is relying on the fact that grandparents do love their grandchildren, and are willing to do pretty much anything for them. It is also somewhat relying on the fact that the grandparents probably do not have daily contact with the grandchildren. They probably don't know precisely where their grandchildren are, at any given point in time. The grandparents believe that they know their grandchildren's voices, but that may be more of a belief than a reality. When I discuss the grandparents scam, pretty much every time, somebody brings up the fact that artificial intelligence is now capable of generating a pretty good facsimile of any person's voice. That is true, and there are definitely systems which, given three seconds of recorded audio of someone's voice, can generate an almost flawless version of the person's voice. But, generally speaking, and partly relying on the fact that voice identification over the phone is somewhat limited by the fact that some of the sounds and intonations of the voice are eliminated by telephone transmission, it is basically the fact that you believe that the person is your grandchild, which makes you identify the person as your grandchild. Deepfake voice generation is not really necessary, and scammers generally take the easiest route.
So, social engineering is at play here, big time. There is the fact that you have provided the information which allows the scammer to claim to be your grandchild. You have provided the name, right at the beginning of the conversation. The scammer retails a story which identifies a distressing situation. You do not wish your grandchild to be in distress, and so you are primed to help. This story that the scammer has relayed also instills a sense of urgency: the money must be sent now, or things will get very much worse, and, in addition, the scammers story indicates that the distress will be of short duration: if you send the money now, the situation will be remedy shortly, and you will receive your money back. The urgency also shortcuts authentication steps that you might normally take. All of this is standard fare for the grandparent scam, and for a few other scams as well.
The money is to be sent right away. It is probably after hours, particularly for a bank, and so sending some kind of wire transfer is not available as an option. Generally speaking, the way that you were to get the money to the agency on the end of the other end of the line which requires it, is through gift cards. Sometimes they may also suggest cryptocurrency, but that is still not terribly common, and, of course, one of the major points about the scam is the sense of urgency, and so gift cards seem to present the most viable, and certainly most common, option.
Now, particularly when the situation involves the police, and may require bail money, you should know that the police don't take gift cards. There are no bail money gift cards available in the store. The gift cards maybe specified to you, as to a particular type, but, generally speaking, the scammers don't particularly care. They will instruct you to go to the store, get a bunch of gift cards totaling a few thousand dollars, and then come back, call them back, or sometimes even stay on the line and go to the store, and then read the numbers from the gift cards over the phone.
A little bit later I'm going to go into some detail on the organizations behind these scammers, and particularly, the ability to extract money from gift cards of various types. At this point, the only thing that you really need to know is that the scammers are organized, and that, as soon as you read the numbers over the phone, the scammer on the other end, even while still talking to you, is reselling those numbers to another specialist in organized crime, whose specialty is extracting the value from the cards. So, as soon as you read the numbers of those gift cards, over the phone, that value is gone. It cannot be recovered. As I say, the scammers are organized, and they have specialized specialists, and that value has been extracted almost as soon as the last digit leaves your mouth. There is no point in trying to get that value back. It's gone.
Now, fortunately for the story that I started off with at the beginning of this piece, there is absolutely no one in my family whose name is Sophie. There is absolutely no one in my family whose name is Mavis. When my actual granddaughter calls me, and says Grandpa, and I respond Sophie? she knows what is going on, and will immediately respond, in a somewhat exasperated voice, no grandpa, it's me! They know that I am a security specialist, and they know what is going on here.
What is going on here is that I am giving misinformation to the scammer. Now, you can do it that way, or you can have a kind of family code word, or password, to identify yourself in a truly distressing situation when you do actually need monetary help. But, forewarned is forearmed. Being aware of the nature of the scam, and then discussing it with your family, you can come up with some kind of plan to prevent yourself from being taken advantage of, while still allowing you to help your family if they're truly is a need to do so.
Online scams, frauds, and other attacks (OSF series postings)
Introduction and ToC: https://fibrecookery.blogspot.com/2026/02/online-scams-frauds-and-other-attacks.html
No comments:
Post a Comment