Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: My grandfather was a target of a scam using my information
45 points by graham1776 on June 16, 2016 | hide | past | favorite | 29 comments
Yesterday my grandfather received a phone call at his home address from "one of my friends". This "friend" told him that I was in a tragic accident in Las Vegas while at a [real friend's name] wedding. This scammer knew some fairly detailed information about me to try to scam my grandfather. He called me and my dad and avoided the scam, but boy was he worried!

The ask is: What should I personally do to cover my ass. I have a blog, social media accounts, etc and am now worried about getting hacked, scammed, or family being prayed upon. Thoughts?




My dad fell for this scam (sadly he won't admit it to his friends to help prevent them from falling for it). He did explain to me what happened: the social hacking was successful enough that the scammer may not have known you real friend's name!

In my dad's case, someone called and said "this is your son. I'm in London and my passport was stolen." My dad asked, "This is <my name>? Are you OK?" Then he asked why "I" hadn't called my wife, using her name. Now the scammer could say "I tried to call <her name>" and had some explanation I now forget. Thus the scammer was able to build confidence.

The really interesting thing to me is that the caller didn't even have my accent. When he finally called me, my dad told me that, and said though he noticed that immediately he was so worried about me that it didn't cause him to suspect anything!

I'm a parent so I can understand how some of your rational reasoning can shut down when you think your kid is in trouble. I now see that as you start to lose your marbles this can become pretty bad.


If you're interested in learning more about the technique that scammer used, the magic search phrase is "cold reading". For instance: https://en.wikipedia.org/wiki/Cold_reading


> I now see that as you start to lose your marbles this can become pretty bad.

Maybe not your intention, but it's a severe mistake to think that people have to be somehow vulnerable or extra gullible to fall for scams.

The meme of "they put spelling mistakes in to filter out the clever folks" is only true for some scams.

Other scams involve people who've made many tens of thousands of contacts, all day every day, refining their scam in an iterative process. They use well-honed social engineering techniques.


Yes, that wasn't my intention so thanks for the clarification.


This is a very common (in UK) scam.

The "distressed relative" scam is mentioned in passing here: http://www.bbc.co.uk/guides/zw9v34j

The FTC calls this "family emergency scam" https://www.consumer.ftc.gov/articles/0204-family-emergency-...

Here's Canadian advice:http://mpdc.dc.gov/page/relative-distress-scam

I don't know who AARP are, but they have information here: http://www.aarp.org/money/scams-fraud/info-07-2012/grandpare...

There's some simplistic advice from the BBC here: http://www.bbc.co.uk/guides/zxq8frd

It's important to note that fraudsters don't just go after vulnerable people; they go after everyone. http://www.bbc.co.uk/news/business-35250678

What you can do to protect yourself: Let all your family know that these scams are happening; let your relatives know that if you do suddenly need large amounts of money that you will speak to them in person, or your spouse will.

Removing your information, especially your birthdate, is probably a good idea, but that's hard to do.


While Canada did take Washington, D.C. in 1814, we had to give it back. These days, advice from the D.C. Metropolitan Police Department can probably be considered American.


Thanks! Sorry about that. Not sure how I made that mistake.


Another idea is to have a code word that you will use if you are really in trouble. Though a good scammer can probably work around that by saying you are injured, dying, can't talk, etc.


AARP is an organization for American retirees.


>don't know who AARP are

AARP = American Association of Retired Persons.


I have a blog, social media accounts

A lot may revealed there. Think about what you post. Vomiting every detail of your life out for the world to see is a good source of feedstock for social engineering against your family and friends.


This is standard practise in Europe.Even a public police statement in Greece on TV. Sometimes they dont even know your details the chat goes like "crying voice calls for granpa" grandpa says "martin is it you" then they know they your name etc.


This happened to my grandfather. The scammer told him I was accused of manslaughter in Oklahoma and was being held for questioning. The scammer was my "lawyer" and my grandfather needed to post my bail. He saw through the scam but was worried enough to check with my dad to see I had travelled to Oklahoma recently. At that point my mother and father were quite concerned. 30 minutes later I finally answered the phone and confirmed that I was not in Oklahoma. I was in class.


This is called the "grandparent scam." It's a common tactic. Your grandfather's a smart guy and avoided it.


I had this happen to a friend of mine and at the time of the "call" the relative they said was in trouble was playing Xbox in the next room.


Your accounts probably weren't hacked or anything. Most likely you or your family posted on social media about the wedding and the scammers then knew you would be away from home.

Could the detailed information you mentioned be found in your social media profiles, or the profiles of your friends and family?


This happened to me as well. My grandmother called my dad because she believe I was in jail and I needed money to get out. She was completely distraught and even after I talked to her, she wasn't convinced that I was safe. It was pretty scary.


My grandfather was hit by this. We never determined conclusively how it happened, but putting together what they knew and what they didn't (they = the attackers), I strongly believe that an insider at the care facility my grandmother was staying at either was the attacker or provided key family information (names, etc) to the attacker, who then used Google, etc, to do additional research.

The attacker knew quite a lot about me (but all stuff publicly researchable) and was very convincing. It was quite disturbing.


> (but all stuff publicly researchable)

You said it there. Don't be so quick to blame the caregivers. The fact that an attacker could know quite a lot about you from social media means you were an easy mark, no insider necessary.

Just say no to social media.


The reason I included them is that my grandfather and I do not share a last name and he is not at all on any kind of electronic communication. So someone who just knew me could research for a long time and not find out anything about him; and vice-versa. Someone with specific knowledge had to make the link outside of social media.


Whitepages.com has a "associated with" that contains all sorts of relatives without social media accounts or Internet access and that's just public. Your name probably ended up in an obituary at some point in time They scammer surely has access to the paid private databases, same as the PIs and background check companies use. You know those "verify your identity" questions you get asked when opening a bank account or something? Those "what was your car payment for your 2005 Toyota Corolla" questions? One of them asked me who I knew and one of the choices was my ex. How we got linked in a database is beyond me. We never shared an address, bank account, credit card, last name, nothing. We weren't even all that serious. There's so much info out there in databases. No need to jump to totally unfounded conclusions.


While its not outright identity theft, I highly recommend following the instructions at https://www.reddit.com/r/personalfinance/wiki/identity_theft to get ahead of the curve.


This is why I have a Code - Counter Code setup with my family. I can give a message to any person and then say, "Say this word at the end of the message" and that confirms the message came from me. It's a little weird to do this with family but when you explain it to them, they kind of get it.


Sounds horrible but it doesn't sounds like there's much you can do personally about this to be honest unless you have zero internet identity. For that kind of scam, it sounds like all you need is few names or places that are related to you which would be hard to completely hide unless you never talk about yourself online, don't have an online CV and don't have any social accounts.


On the hacking front, make sure you have two-factor auth enabled on all of your accounts that support it. That will go a long way in keeping your accounts from being misused.


Honestly, don't answer the phone from numbers you don't recognize. Real emergency responders will leave a message.

Conmen are really talented at this. Once local restauranteur who I know got this call from the electric utility, demanding $500 in Visa gift cards in 30 minutes (lunchtime) or the gas will get shut off.

The guy fell for it, just because the conman was good. Afterwards, he didn't understand what happened.


I wonder, how did they get all these infos ? do you have profiles on many social networks like Facebook or Linkedn ? where did the call orignated from ? I guess they were trying to get money from your relative,how did they ask him to transfer the money ?


The Confidence Game: Why We Fall for It . . . Every Time by Maria Konnikova is definitely worth checking out if you're curious in learning more about why these types of scams (and cons in general) are so often successful.


a colombian friend was a victim of similar scam. they called her and claimed they had kidnapped her brother. she was about US$2k short




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: