
Ask HN: How do you protect your parents from tech scammers? - nilsb
My dad recently received a call from “Windows support”. He figured out it was a scam call and so luckily no further harm came from it. However, how do you protect your parents from similar tech scams - short of locking down their computers with parental controls?
======
thrownaway954
simple... they call me first.

if there is one thing i have _never_ done to my parents, or _anyone_ for that
matter, is make fun of them if they call me and ask me for my professional
opinion in tech matters. this has extended to situations when they think the
situation is shoddy like they are being taken in a scam. i think _this_ is the
single reason why my parents have never fell victim to scams. i feel that
_most_ parents, or elderly people for that matter, fall victim cause they feel
pressure from both ends... the first being the scammers themselves, the second
being scared to ask _anyone_ if the situation is legit for fear of being made
fun of.

_noone_ should feel scared of being ridicule when asking any question
regarding their safety or well-being.

~~~
dpcan
It's all good until they don't realize the thing that is happening is
something they should call about.

You'll sit down to talk to your parents someday and the damage will already be
done.

The scammers are fast. They are good. They are like vultures hovering over the
elderly. Our parents don't see this stuff coming, and they comply too quickly.

My wife administers a nursing home and this is a daily problem. Their
residents get calls from scammers constantly and they have to stop little old
men and women from walking out of the building to catch a bus to go to the
bank to send money to one scammer after another.

They are always telling them, no, the medicare office does not want you to put
all your money in a government bank account for them to make deposits to -
those are scammer accounts. No, a nephew you never heard about does NOT need
to be bailed out of jail. No, you do not have to buy a pre-paid visa card over
the phone in order to pay for medications. No, you never have to purchase a
coupon for $50 that will save you $100 at the store, those don't exist. It
goes on and on and on and on.

~~~
aswanson
It can also happen quickly with isolated parents if they're at a transition
point (still living home) and a scammer walks in. I had a friend who's father
was starting to suffer from dementia and had a woman who got control of some
of his bank account info and was emptying him out. After my friend had his dad
hospitalized, she was calling the hospital trying to get access to him and he
had to get his room changed to an alias. Hospitals have frighteningly poor
security measures.

~~~
SkyBelow
When I visit relatives in the hospital there is no one
stopping/verifying/questioning me. At all. No checks, no questions, nothing.
If you act like you know where you are going no one worries enough to stop
you. It has left me feeling concerned each time, especially when it is a
younger relative in the hospital.

------
mattferderer
1\. Give them a very locked down by default device like an iPad if possible.

2\. Set their phone to send everything to voicemail that isn't a contact. Many
scams don't leave one & if they do it can be discussed with appropriate people
first.

3\. Install a browser like Brave or extensions that block most garbage on the
internet.

4\. Setup their important files & pictures to be backed up automatically to
one or more cloud services.

5\. Not related to tech scammers, but more the ransom scammers or your
grandchild needs money scammers - Always have some type of secret agreed upon
phrases or questions that no one would ever know or be able to find out. Even
better, make it a question someone could easily search for but have a
ridiculous answer that is an inside joke between the two of you.

6\. (Geek Bonus) - Enjoy watching social engineering videos together! They're
entertaining, informative & I personally think more enjoyable than most of the
stuff that passes for movies, sports & TV shows. Ok, this last one is probably
not for everyone.

~~~
beefield
> Enjoy watching social engineering videos together! They're entertaining,
> informative & I personally think more enjoyable than most of the stuff that
> passes for movies, sports & TV shows.

Do you have any recommended playlists? Did not know that is a thing, might be
fun to check.

~~~
csande17
There's a YouTube channel called "Kitboga" where a guy calls tech scammers and
tries to waste as much of their time as possible:
[https://www.youtube.com/channel/UCm22FAXZMw1BaWeFszZxUKw](https://www.youtube.com/channel/UCm22FAXZMw1BaWeFszZxUKw)

The videos have a pretty broad appeal -- even if you don't always get the
memes he references, it's still funny to watch him pretend to be an old lady
over the phone -- and you'll learn a lot about the way these scams usually
operate.

------
zelienople
Not really by design, but I have a brilliant method! My mom still has only a
land line, and the cord is too short to reach the computer.

She got a fake virus alert on some skeezy website, and she immediately called
the number, without checking with me.

They tried to talk her through enabling remote access so they could get in and
do whatever horrible thing they intended, but they had to get her to identify
her IP address and type a few commands first.

She tried going back and forth from the telephone to the computer in another
room, and the scammer finally got angry and screamed at her, "can't you borrow
a cellphone from one of your neighbours?" When she told him she couldn't, the
man just hurled obscenities and hung up.

These guys really depend upon you being able to talk to them while typing and
clicking.

~~~
joegahona
Sadly, this happened to my father last year, and they were successful charging
his debit card $300. He did not give them his PIN, which they requested (he
couldn't remember it). I called Wells Fargo and they were great about just
nuking the charge. Had to get a new card, of course, and I immediately made
him stop using a PC. I got him a iPad mini, which hopefully helps with those
fake "you have a virus" alerts.

------
kstenerud
Teach them this simple heuristic:

No tech company these days will ever call a customer, especially not
Microsoft.

If you do receive a call from a more traditional institution like a bank,
don't divulge any information. All banks have strong identity theft
protections in place, but you haven't authenticated the caller. Ask for a
reference id so that you can call the company back using a phone number that
you yourself looked up on their company web page.

If the caller has any reason not to comply (and they will have plenty of
reasons why they can't), or they insist you use a number that they provide,
hang up and forget about it.

~~~
dazc
'If you do receive a call from a more traditional institution like a bank,
don't divulge any information.'

The problem with this, in the UK at least, is that banks do call and ask for
personal info such as date of birth, etc. The irony always seems lost on them
when you refuse to give it.

~~~
nothrabannosir
Yes! First Direct did this to me, and when I asked to call back for security
reasons, he was borderline upset. "But sir, I have your mother's maiden name;
surely that should be enough validation?" I didn't know whether to laugh or
cry.

~~~
rdiddly
I know you probably asked yourself this, but could that call also have been a
scam?

I mention it because (and this is I think a good contribution to the thread)
"getting upset" correlates strongly with "hiding something" and with "axe to
grind with the world" and with "not disciplined or patient enough to get a
job."

~~~
nothrabannosir
I did wonder, but when I insisted, hung up, and called back, the next CS rep
saw the call in their CRM and knew exactly what they wanted to discuss with
me. So it's unlikely.

Honestly I think I'd rather had have it be a scam, at that point :/

~~~
rdiddly
Ha! Well your current relationship with a bank is probably a scam too, but
they're smart enough not to bleed you too quickly!

------
wallflower
My parents are both very intelligent. My mom (a PhD) actually fell for one of
those pop-ups that warn your computer is infected. It took many phone calls to
reverse the automated charges...

That being said, getting my parents from Windows to Mac was to biggest ROI.
Before, with Windows and even Malware Bytes Anti-Malware, I had to literally
drive home hours for emergency tech support.

However, I’ve educated them against popup clicking now so much that they
pointedly ignore Mac update popup notifications. Oh well, it is what it is.
And what it is is much better now in Mac land.

~~~
OrangeMango
> My parents are both very intelligent. My mom (a PhD) actually fell for one
> of those pop-ups that warn your computer is infected.

There have been many studies that have found that education level, job
function ,etc are not indicators of whether someone will fall for a scam. It
can and does happen to people all over the place.

~~~
JohnFen
This. Everyone can be scammed, without exception. Being smart is not very
protective. In fact, some studies have also shown that very intelligent people
are more likely to fall for certain types of scams.

~~~
0xcde4c3db
As far as I've seen, the single most important factor in whether someone will
fall for a scam is the degree to which they match the "target audience" of the
scam's script. The practice of spear phishing embodies this principle taken to
its logical extreme.

------
epc
Dealing with this with an elderly family member.

We've moved them to all Apple devices. Locked down everything (the account on
the Mac is "standard" not Administrator level). Set up a G Suite account with
restricted access (cannot install apps, cannot install extensions into
Chrome). Use 1Password for passwords, 2FA for all accounts that allow it.
Removed Flash early on, removed Java runtime. Turned off auto–update on the
Mac and iPhone/iPad.

I initially tried parental controls on the Mac but found it was a nightmare
for even their limited use of apps outside of Chrome.

Still after 10+ years of “training” this person to call me for any technical
issues I get surprises like yesterday when they wanted to install an “ad
blocker that keeps popping up in Chrome”, which was, of course, malware.

Probably will ditch the Mac and switch to a Chromebook later this year.

~~~
mbreedlove
> Turned off auto–update on the Mac and iPhone/iPad.

Why? I would have done the opposite.

~~~
Unklejoe
Not saying it's right, but in general, updates tend to introduce pointless UI
changes which are catastrophic for older people who aren't technologically
inclined.

Apple itself isn't too bad in this regard, but apps do this all the time.

~~~
BrianHutch
You are spot on on UI changes. My octogenarian father called last year telling
me his bank account had been hacked. Long story short, his bank had put an
interstitial ad for loans showing a vacation beach scene between the login
page & the account summary page he was used to. With his eyesight and patience
level he didn't notice to scroll down for the "continue to your accounts"
link. Ergo, only explanation was that he'd been hacked.

This took way too long to diagnose now that I live hundreds of miles away.

I wish UX designers would slow their roll on things like this in sensitive
applications like online banking. There are times for ads and times for when
ads should not be present.

~~~
cameronfraser
Most of the time, it is not UX designers that are the problem here. There
aren't UX designers who are like, "yeah let's make a shitty experience where
you have to click through for no reason". It's someone on the business side
forcing them to do it.

~~~
JohnFen
I used to think this, but then I started reading UX industry papers and
websites. Now I think that the problem is a combined effort.

------
MisterTea
Education. Whenever I'm talking to my mother about tech I make it as simple
and relatable as possible. I drill in a few things:

Passwords are as private as the most embarrassing thing you can imagine. Never
give them out to anyone. Ever.

No financial institution will randomly call you unless its a fraud alert. Even
then, ask to call back and then call the company using their direct number to
verify. Anyone trying to keep you on the line is suspect. You have a right to
hang up at any time.

Treat your email address like your home address. Would you randomly give your
home address to strangers?

Phone numbers are so easy to fake you could do it on your cell phone. Do not
trust caller ID.

If in doubt call your children.

And I do get a lot of calls about everything but I'm glad my mother calls to
verify instead of taking a chance. So many older parents stay in parental mode
when their children are well into adulthood and tend to trust their judgement
before their children's. That or they don't want to bother them or even admit
they know less. Hubris and ignorance are the problem.

~~~
CaptainMarvel
It’s not enough to call the bank directly after a scam call - first phone
someone else to ensure the line is actually closed.

~~~
JohnFen
I don't understand what you mean here...

~~~
Tyr42
I think there's a way on a landline to "hold the line open", even while the
other person hangs up? Then if they pretend to pick up again after you punch
in new numbers they can fool you

~~~
JohnFen
> I think there's a way on a landline to "hold the line open", even while the
> other person hangs up?

Ah, thank you, I understand now.

This was true with landlines decades ago, but that problem had been resolved a
long time back, before I stopped having a landline entirely.

It may not have been solved everywhere, though...

~~~
CaptainMarvel
This is an article from 2014:
[https://www.theguardian.com/money/2014/jul/19/telephone-
frau...](https://www.theguardian.com/money/2014/jul/19/telephone-fraudsters-
banks-response). It’s possible it’s been solved by now.

------
goldcd
I don't think there is a magic bullet - and yes I have completely considered
adding parental controls.

I think there's probably two prongs of attack. Helping them manage their IT
and Scam prevention. Scam prevention covers cold calls "from your bank",
random letters in the post, people knocking on the door etc. IT competence is
supplementary and confidence here helps prevent the former. e.g. If you've
installed every toolbar offered to your browser, then a) You shouldn't be in
charge of a browser and b) Are more likely to need the help of MS when they
call.

Things I've done, in no particular order:

Offered to be their IT support. If in doubt over anything, please call me
first. I don't mind, it's how I can be helpful and show gratitude. If I've
called them, I've normally got free time, so good time to ask if there's
anything they want me to look at whilst I'm here.

Added their machines to my Google One Backup (or whatever your backup solution
of choice is with an online family plan). I've tried leaving them with USB
drives to plug in and local backup scheduled, but never seems to work out.

Accept some people shouldn't own a PC. Chromebook/ipad provide most of what
they need and are relatively sheltered.

Push them towards online services for say email. Yes, they might be used to
Thunderbird that you initially set them up with - but de-corrupting local
storage, missing emails from that time they accidentally used POP, hooking in
AV, anti-spam etc etc. Gmail (or your provider of preference) handles that for
you (and you can just use thunderbird with that if you insist - and it will
grab mails from that ISP account you mysteriously are attached to).

Education. Quite surprisingly my PC-cautious relative (never messes up, but
refuses to embrace) decided to take a "Computer Driving License" course. I was
slightly disparaging to be honest, but she found it interesting - and started
realizing what she could do. e.g. Address book previously a txt file (kept on
a USB stick for security, naturally), made the switch to Excel and mail-merged
the envelopes for the Christmas letter.

------
lksaar
I switched my grandparents PC to linux, Ubuntu in particular. It covers
everything they want to do (light web browsing, some text processing,
printing, transfering images from their phone/camera to the PC). Has been
working great for 3yrs now.

I've also noticed that installing adblock helps, since there's less shady
stuff to click.

~~~
theandrewbailey
I've had my parent's PC on Linux for almost 10 years (mostly Xubuntu, was on
Mint for a bit). I initially expected to reinstall Windows after a few months,
but it worked pretty well. I told them that it looks and works[0] like
Windows, and they were off.

[0] As for as using the GUI is concerned. Normal people don't care about the
internal workings of their technology.

~~~
Tempest1981
What do you use for a mail client? Besides web-based?

~~~
theandrewbailey
They were already using Thunderbird.

------
tyri_kai_psomi
Two things:

\- I buy them Apple devices. n=4 here, but it really seems when my family
(mom, father-in-law, mother-in-law, and older brother who is borderline tech
illiterate) made the switch from Android to iOS devices or even PC to Mac,
they just had less of an issue with this. It's anecdotal, I am not a diehard
Apple fanboy, but take it for what it is.

\- I tell them to always close any and all popups. Point blank, carte blanche,
doesn't matter how sincere it seems, or if it even is legitimate, just close
it. If there's something she ends up not being able to do eventually she just
calls me.

------
obarthelemy
First thing I did when I set them up w/ a PC years ago is send them an email
from our President with obfuscated links to something absurd. These brought
home the dual points if never trusting the sender's identity and never
clicking links. There's be more to it but that's 80% right there.

------
admay
My dad is good with computers and has a great online-bullshit radar. My mom
and aunt are god awful though. My aunt fell for a 'virus scan' scam recently
and the fallout was kind of rough to deal with. Full backup of photos & docs,
new passwords, and a full factory reset of the computer. Not a fun weekend for
her.

My rules for them: 1\. If someone calls you from the bank, hang up and call
them back from their phone number listed on their website. 2\. If a pop-up
comes up warning for viruses, call me immediately. 3\. If a pop-up comes up
warning about governments coming for you, call me immediately. 4\. No one on
Earth is going to try to give you money for free online.

I've had to answer plenty of calls about online bullshit, but I prefer that
than having to try to deal with the Bank after they get scammed.

------
alex-wallish
I recently came across a product that tries to solve exactly this. For $15 a
month they give seniors a "personal secretary" who screens calls from unknown
numbers.

Recently featured on ProductHunt:
[https://www.producthunt.com/posts/phonescreen](https://www.producthunt.com/posts/phonescreen)

Their website: [https://www.phonescreen.co](https://www.phonescreen.co)

------
ryanmercer
Unfortunately my mother trained herself mostly (I do block a bunch of stuff at
a DNS level though on her PC), she lives with me and umpteen times a week:

"Can you come here the computer/phone/ipad is saying something, have I been
hacked"

\- no, it's telling you that you have an email, no it's telling you that you
are getting a call, no that's your other son asking you a question...

"How do I save something again"

\- you've been working with computers longer than I've been alive... click the
save button "where" the disk "where" or go to file save "where is file"
_points_ "I don't see it" my finger is touching it!!!

\- Are you ^(!@#$@ kidding me

\- Look at your paper, you've written this down three times

"How do I save something to my zip disk"

\- You don't have a zip disk, you have a usb drive or a thumb drive, you've
never had a zip disk, I've never had a zip disk, zip disks were stupid and
still are and I don't understand why Amazon has them for sale for so much!

"can you print this for me at work"

\- no, I've told you this 37 times, go to FedEx office with your usb drive,
I'm not printing 173 pages of whatever that is and risk getting fired

I promise you, it's all a con. There's no way she doesn't know exactly what
she's doing and just likes messing with me. I've showed her how to turn the
volume up and down on her iPhone at least 100 times. You've got 3 buttons,
figure it out mom! I swear I'm going to have a stroke or a heart attack one of
these days while showing her how to do something for the 97th time.

My brother on the other hand... when he still lived close it felt like every
other week I was reinstalling windows for him. He'd torrent everything, click
any link, open ever attachment... eventually I just blocked obscene numbers of
domains and ran him through a 'family safe' DNS filter. I don't know what he
does now, I guess his teenage step son has to suffer through helping him.

~~~
vorpalhex
Don't baby them. Ask them productive questions in response - "well, which icon
do you think is for saving?" You can guide them "well usually that's at the
top of the screen" but don't take the device from them or do it for them.

You want to teach them how to fish, not hand fish to them every time they ask.

------
archie2
It's pretty bad in Canada - you get really convincing scammers pretending to
be our taxation agency pushing you to pay back taxes in iTunes Giftcards.

This is an obvious scam, but for people who aren't up on this and fearful of
"the man" I expect these kinds of scams work for every 1 in 100k people at
best and are still probably lucrative enough for them to keep going.

The answer for the OP problem and the Canadian problem are the same: the
government never calls you, Microsoft never calls you, no tech company will
ever call you.

~~~
goldcd
There was a fascinating story I read (which now I obviously can't find), which
explained why spam emails/pop-ups appear to be so bad. It's because the
scammers don't want thousands of responses, they want tens of responses from
people who'll believe a shonky looking scam is real. Allows you to triage your
potential market down to those more likely to complete the second more
expensive (needs a scammer) and unbelievable (government wants taxes in gift-
cards) step.

~~~
nullc
[https://www.microsoft.com/en-us/research/wp-
content/uploads/...](https://www.microsoft.com/en-us/research/wp-
content/uploads/2016/02/WhyFromNigeria.pdf)

------
i_dont_know_
Also want to ask if anyone has a 'parents' Linux setup that has worked well
over the years... I tried once maybe 8 years ago and had to figure out how to
walk my mom through a kernel panic through the phone... didn't work well :)

~~~
snu
My parents have been running Zorin OS lite for a couple years now, they have
not had any problems with it. It's based on ubuntu and the lite version has
xfce as the desktop. Runs great on their older computer, looks enough like
windows that they jumped in without any issues, and it has a pretty basic
interface.

------
Heyso
I am surprised no one mentioned AdBlock yet. Often you contract an
virus/adware/... through and ad, especially when the ad is confused with a
feature of the website. I use noscripts also, but that is not for non tech
peoples. Apart from that I don't know, maybe, do not give them admin rights on
the computer?

------
uka
Since I gave my dad a Chromebook instead of a Windows machine - I have no
problems at all. It is very hard for the tech support scammers to make him
install anything on it.

~~~
ocdtrekkie
Most malware I've seen in the field is Chrome extensions, so I would not
assume this is enough. I recommend disabling browser extensions for maximum
computer illiterate IT safety.

~~~
pergadad
And then online banking and your government eID Middleware won't work...

~~~
ocdtrekkie
Whoa, there's governments that require browser extensions to work? That's
terrifying (but enlightening, thanks).

------
logfromblammo
AARP Fraud Watch

[https://www.aarp.org/money/scams-fraud/](https://www.aarp.org/money/scams-
fraud/)

877-908-3360

AARP puts serious resources into scam prevention. Print the hotline number and
tape it up next to their screens and/or land-line phones.

------
reedf1
I've convinced many of my loved ones to get two-factor authentication on at
least their primary e-mail addresses and to treat everything as something that
can be compromised e.g. don't make any of your bank accounts front facing that
have any more money in them then you are willing to lose.

Obviously this doesn't protect them against the complete set of problems but
it is quick to implement and keeps me from being the personal security manager
of those I care about.

At the end of the day if someone is running a sophisticated phishing scam some
savvy people are going to fall for it - I think the name of the game is damage
mitigation not prevention. As long as you can mitigate people from losing a
life changing amount of money I think you've won here.

------
chewz
My mom is 88 yo.

I have installed ChromeOS on her laptop, uBlock in Chrome, set router DNS to
my own (which filters out spam, malware, ads etc.).

Set an iPhone option to accept only calls from Contacts. I am also going
through call lists periodically and block marketing calls etc.

I have also cut the cord on land line.

------
toxicFork
I will add to this for small business owners, my parents who have a restaurant
got contacted by "Google maps support" who had tricked Google maps to have a
wrong address for the place, and then contacted them to "resolve the issue
with a fee".

------
sevensixseven
Have them watch Kitboga. [https://kitboga.com/](https://kitboga.com/)

~~~
indigodaddy
Was just about to say this but cmd-f'ed for it first... :)

Kitboga is great. His tone is not too aggressive or caustic like some other
scambaiters. And he is extremely funny. I mean brilliantly funny..

He livestreams on [https://twitch.tv/kitboga](https://twitch.tv/kitboga) at
least 4 times a week generally...

------
swalsh
This is something I've been thinking about for a while. If my dad goes before
my Mom, I want to set something up to protect my Mother. She's an extremely
trusting person, and generally not good at understanding the things she signs.
I don't want to take autonomy from her, but I'd like to set something up so
any purchase over some set threshold would need to be verified by either my
brother or myself. My Dad is probably going to leave her with a pretty decent
nest egg... and I really worry about her, especially since both my brother and
I live in another State.

~~~
Heyso
Maybe you can try letting her getting scammed on small things, so that she can
train her ability to discern scams. Before she get scammed on something huge.
The best would probably be a game, game doesn't have a huge consequence, this
is good for training. Maybe some game like Resistance or The Werewolves of
Millers Hollow. Maybe she is in deny, that someone would think of taking
advantage of someone else thrust. Would be curious to know if making her take
advantage of someone else thrust trought a game (like one cited above), would
help her evolve.

~~~
vorpalhex
^ But also, tell her before you do this. Respecting autonomy and agency
matters.

------
stblack
A good hosts file will help, a lot.

[https://github.com/StevenBlack/hosts](https://github.com/StevenBlack/hosts)

Disclosure: there are many like it, but this one's mine.

~~~
npongratz
Thank you for your service.

------
codegeek
Teach everyone you know few simple rules:

1\. Never provide anyone any information on a call you receive. If you receive
a call, go wit the expectations that it is a scam/spam. If it seems genuine,
you call them back using a number from their website. Don't call back on a
number provided by the caller.

2\. Don't pick up unknown numbers.Let them leave a voicemail.

3\. Most Govt. orgs or banks will not call you to request personal information
over phone at least in the United States.

4\. There are common scams/spams including Windows/Tech Support, IRS, You have
won a vacation scam etc. Don't ever believe those. They are always a scam.

5\. Never ever click/download a link/attachment on an email that you are not
sure about.

6\. Teach everyone how to read email headers if possible to verify the sender.
It is too easy to spoof the from name/email. Fun fact: my wife recently
received emails from ME (obviously not) asking her to wire money for some
urgent need. lol. But she almost fell for it and I was shocked. The reason was
email spoofing. I immediately showed her how to check the headers.

Most importantly, teach your parents or other non tech savvy friends/family to
never trust anyone over the phone or email even if it seems like someone they
know. Always be suspicious. It is ok to do so.

Oh and as the tax season approaches, the IRS scammers will be out in full
force. Make sure that everyone knows IRS NEVER CALLS you especially to ask for
money. IRS will always send you a registered letter in mail, always.

~~~
mici
What should one look for in e-mail headers to spot spoofing?

~~~
JohnFen
It can be very difficult to detect a well-spoofed email message even when
examining headers (but if you want to learn how, a web search should get you
the information you want).

What I do, and strongly recommend to others, is two-fold: First, don't allow
your mail reader to render HTML emails. Second, never follow any links in
emails, nor trust that any other contact information is correct.

If you get an email from an entity you know, and it is asking you to follow a
link or call a number, ignore contact methods/information in the email itself
and contact the entity using your already established information instead.

------
eitland
This is nore realistic than a number of people realize I think:

I happen to be known as a nice sysadmin and therefore people call me so I got
a number of stories.

Many of my older friends and relatives are somewhat immune as their technical
English just isn't good enough.

I find the persons who call are mostly 25-35 year olds (I had one older
acquaintance who taught highly technical subjects at university level who
installed various cleaners that were clearly scams to me but I'll leave him
out and focus on the telephone tech support scams.)

Most of the cases we've managed to stop somehow. The one were I didn't manage
to stop it in time or get the money back was actually a young accountant who
got his personal checkings account emptied.

One thing I've noticed is that several of the people who fall for it are
surprisingly smart.

In the last case I interviewed the victim for 20 minutes afterwards and what
shook me was how she had no recollection of anything between the start of the
call and when she was pulling out her second credit card.

This suggests to me that the best scammers are kind of good with something
NLP-line or something.

(FTR: I do also pretend to be a victim everytime they call me both to annoy
them for my own entertainment and to learn what they do so I have a fair idea
of the first part of the scam.)

------
carapace
First, stop for a moment and consider how EXPLETIVE-DELETED insane it is that
we have to even deal with this.

Inter-networking computers is _fraught_ with danger: criminals are attacking
your loved ones.

I think it's time for a reboot of the Internet.

The one we have now looks like Disney Land but acts like a back alley in a bad
part of Bangkok (apologies to residents of that city, I mean no disrespect.)

------
fortran77
I keep my mom's iMac up to date, but she does have admin privileges so she can
run the updates, etc.

I removed the Flash player from her machine some time ago, because it now
seems to be completely obsolete. (I liked Flash in its day, but it's time has
passed.)

AARP still requires Flash for one of its online "Safe Driver" courses. So my
mom followed the advice in an AARP User Forum and, of course, got a adware
malware installed in her browser.

No matter how many times I tell her to never install _anything_ she'll still
wants to prove that she is capable of doing things and gets viruses/malware.

She also gets confused by Google ads. She wanted to add AT&T minutes to her
pay-as-you-go phone, searched, and clicked on an ad for a third party minutes
reseller (which was filled with AT&T logos) and bought it there. It wasn't
such a bad deal, but when she calls me about a message she's getting on her
flip phone and mentions company names I've never heard of, I can't help her.

------
_wldu
Teach them to be more skeptical/less trusting about all interactions with
strangers (not just scam calls). On some level, I don't like doing this
because most people are good and skepticism puts a dark cloud over a lot of
good/positive human interactions. But, I also hate to see people get tricked
and taken advantage of by con men.

The criminals who prey on the elderly using tech scams (I just need your
credit card number to deposit the funds) use the same emotional cons and
tactics as those who prey on kids (can you help me find my lost puppy) and
they ought to be handled the same.

I've found the best way to address this is to deflect the request. Give me
your phone number and I'll call you back or let's report the lost puppy to
that policeman over there. And, also practice con-like scenarios. Make a game
out of it.

~~~
JohnFen
> I don't like doing this because most people are good and skepticism puts a
> dark cloud over a lot of good/positive human interactions.

What I taught my children can be applied here...

Most people are good. Some people are bad. The problem is that you can't tell
which is which by looking. Being very cautious, but optimistic, is the way to
go here.

------
rconti
Treat every unsolicited call like a sales call. Which it is. If they're
pushing you something you didn't ask for, it's sales.

If there's really an issue with your device/account/whatever, you'll know
about it.

No legitimate business will threaten and cut you off if you don't do what
they're asking _right now_. Your bank wants your business. They won't just cut
you off because you didn't verify your social security number. A legitimate
institution will bend over backwards to let you make things right, eventually.
Not threaten you right now.

But really, being savvy with tech scams is just being savvy with society in
general. So the usual anti-aging, keeping your body and brain active advice
apply here as well as anywhere.

------
mscasts
My dad uses Linux as I installed it on his computers. He only uses the browser
anyway and are very concerned about security in general. So the choice felt
very natural.

Otherwise, he basically tells every "seller" to eff off so he probably
wouldn't be scammed anyway.

------
flyingkiwi44
While I don't agree with everything it recommends, the "Little Black Book of
Scams" is a good starting point for having a talk with someone who you think
is at risk.
[https://www.interest.co.nz/sites/default/files/embedded_imag...](https://www.interest.co.nz/sites/default/files/embedded_images/Little-
Book-of-Scams-CFFC.pdf) (NZ Version)
[https://www.accc.gov.au/system/files/Little%20Black%20Book%2...](https://www.accc.gov.au/system/files/Little%20Black%20Book%20of%20Scams%20-%20Pocket-
sized%20guide.pdf) (AUS version)

------
unlinked_dll
Moving my grandmother into an assisted living facility stopped all the scam
calls.

I understand that’s not an option for everyone. But no amount of education,
new devices, etc are going to solve this issue past a certain age/cognitive
decline.

------
Waterluvian
I wonder if parental controls would be more palatable if they were called
something like "Remote Security Administration" and your child set themselves
up as the "administrator" with your permission.

~~~
goldcd
Rather than 2 Factor, could have 2 Person Authentication.

Not just for parents. If say I've rolled in one night, after one too many
beers after work, might be handy if my wife had to confirm any random
purchases I attempt to make.

~~~
Waterluvian
I think you're on to something. I get worn out if someone calls me all the
time for support. But if I got an email asking me to approve a security
action, like downloading a lesser known URL or installing an app, that'd be
pretty fine.

And it can be async too (at the cost of convenience): "You will be notified
when your download is complete and the security administrator has reviewed it
for safety"

~~~
franga2000
I've actually considered doing something similar by proxying all of their web
traffic through my server and setting up a dynamic whitelist of domain names.
I'd pre-populate it with sites I'm sure are 'safe' and have it send me a
notification for anything new. If I approve it, it gets whitelisted.

Sounds pretty easy to implement, but it would take a long time to get my folks
used to it and a sibling or two probably wouldn't hurt for efficiency.

------
smilesnd
I put my mom on linux. You be surprise how many scammers will hang up as soon
as they hear you run linux instead of windows/mac. I went through a phase
talking to "windows support" because my evil sister used my moms phone number
for something that ended up in there database. I ran through their script a
few times typically stopping when they try and get me to install remote access
software to see what their end goal was. When I started telling them I ran
linux not windows they would hang up.

------
kmfrk
Aside from what everyone else has said, a Pi-hole
([https://learn.adafruit.com/pi-hole-ad-blocker-with-pi-
zero-w](https://learn.adafruit.com/pi-hole-ad-blocker-with-pi-zero-w)) costs
very little and can be ssh'd into if enabled. One way to add a DNS-level
adblocker, although you maybe have to let it act as a DHCP to ensure
everything goes through it.

Has a lovely web interface too.

I wouldn't be surprised if there's a blocklist for scams to be included
directly as well.

------
n_t
Two simple rules -

1\. Don't act immediately (no matter how urgent matter seems to be).

2\. When in doubt, check with someone you trust (and first reaction should be
'doubt').

Beyond that, any of following are worthy of being flagged as scam
automatically -

1\. Call/email from IRS or any other government agency

2\. Easy money offers

3\. (unfortunately) Anyone asking for help, specifically involving money, that
too urgently

4\. Anyone asking for password, SSN, financial record acess

Bottomline is that in online world, start point should be doubt followed by
questions which help build your trust.

------
gumby
A big one for my parents was setting up their phones and laptops to use
1password (also making sure that iOS used 1password and _not_ the system
password remembering). This setup means that if they go to a scam bank site or
scam amazon site the password manager won't autofill their credentials.

In addition: their passwords are all shared with me so that when they die or
become otherwise incapable I can still manage their affairs.

------
JohnFen
I told my parents to contact me before responding to any unsolicited email,
phone call, or surprise popup no matter how scary any of them may seem.

I started this practice when my stepfather got a fraudulent email pretending
to be from me, claiming that I had been arrested in a foreign country and
needed him to send a few thousand dollars. He called me, as he was confused
about why I left the country without telling anyone, and I straightened him
out.

------
hrgiger
If someone interested in topic I also recommend watching Jim Browning
channel[0], most of time he reverse remote access, investigate scammers
devices to prevent them or contacts victims to warn them.

[0][https://www.youtube.com/channel/UCBNG0osIBAprVcZZ3ic84vw/vid...](https://www.youtube.com/channel/UCBNG0osIBAprVcZZ3ic84vw/videos?view=0&sort=p&flow=grid)

------
chasd00
give them an ipad. My mom has one and, fortunately, only uses facebook. It's
difficult to scam because the attack surface (if that is still a phrase) is
pretty low.

I recently got a PC for my youngest because some games he wants to play
around't available on OSX. I was amazed, virtually every site and app is
constantly trying to trick him into signing up, downloading, or changing
security settings. PC's are bad news.

------
ralphc
Reading these stories, I see two possible issues. One is pure age, the
potential slowing of cognitive processes, to outright dementia in some of
them. The other is lack of deep familiarity with technology, which is a
symptom of growing up before it was prevalent. When _we_ age, will we be as
susceptible? We're tech savvy, but at least at 70+ will we be vulnerable?

------
tyingq
It's disappointing that US telecoms are so far behind in shaken/stirred,
reputation based call blocking, etc. Email spam is not the problem for me that
it was 10+ years ago. Telephone spam and scam, on the other hand, is worse
than ever, and rising.

Maybe NLP will get to the point that an automated answering service would pass
for human, and screen callers effectively and cheaply.

~~~
franga2000
Of course, if NLP (and speech processing) gets that good, the scammers can
just automate their operations and we're in another arms race.

~~~
Tempest1981
If the arms race includes Lenny, it should be entertaining:
[https://www.techspot.com/news/77583-lenny-chatbot-trolls-
tel...](https://www.techspot.com/news/77583-lenny-chatbot-trolls-
telemarketers.html)

------
stcredzero
For awhile, I was responsible for all tech support. While this was a pain, it
protected my parents from scam support calls. Then, that burden went away. My
father now has Alzheimer's, and my mother has no interest in using computers,
except minimally. She doesn't even check email. So long as Apple TV doesn't
have scammers on it, we're safe for now.

------
ab_io
Try showing them some clips from Kitboga [1] — he talks to tech scammers
(usually pretending to be an old lady) with the goal of wasting their time,
and demonstrating how most tech scams work.

[1]:
[https://m.youtube.com/channel/UCm22FAXZMw1BaWeFszZxUKw](https://m.youtube.com/channel/UCm22FAXZMw1BaWeFszZxUKw)

------
nephrite
Easy: just ask the scammer where he calls from, then hang up and call them
yourself. If the problem is legitimate, you get to talk to real clerk and
resolve it, if not the real person will tell you that. Bonus points: tell them
the phone of the scammer and they can do smth about it, like start
investigation as to who leaked your data to criminals.

------
lowdose
Give them a chromebook. No virus scanner or firewall needed.

It's 2020 and the "Personal Computer" paradigm is past its expiration date.

Want to keep hobbying with Windows and manage your "PC" like a pet, good luck
with that!

Hardware should be managed like cattle with a cloud native setup if you ask
me.

Racehorse owners loose 90 cent on every dollar invested, cowboys fly
helicopters.

~~~
teekert
I tell this to my in-laws as well, but they don't seem to understand the
difference between hackers and privacy invaders. Yes, Apple and Google want to
know you, but, in general they know they security stuff and won't try to fool
you with it. But they think it's about the same as giving data to hackers that
want to scam them. He thinks for example that using a Gmail address as an
apple account makes it magically so that both companies now know everything
about you. I have a hard time explaining the difference between security/data-
protection and hacking.

In a way I understand them. Google wanting to track you _is_ nefarious but
still, the security from viruses/hackers/cryptolocking viruses is unmatched
for a Chromebook or an iPad.

My own father wants privacy, has has Apple products, he doesn't want
(i/any)Cloud, I buy him a Synology NAS saying the data is his, then Photos
libraries go corrupt because the NAS does not have APFS attributes (damn thing
works for months until it doesn't). What a nightmare. And I'm explaining all
this to a man that doesn't really understand where his Browser ends and the
internet starts. So he will wonder if his data is on his Macbook because he
can see it in the browser logged into the Synolgy. And then he won't close the
browser because the Synology is backing up... It's pretty complex if you think
about it. I can understand all the distrust.

~~~
lowdose
But if they already own an iPad maybe this metaphor can make it more easy to
explain. Chrome OS on a chromebook is like iOS, Windows / MacOS functions like
Android. For me this has kept the discussion simple and people already on iOS
understand the difference in flavor immediately.

------
renaissancec
I had a huge issue with this duo my parents being signed up to TalkTalk UK who
were hacked. I have my parents phone set up so only whitelisted numbers can
phone in. Your phone company is good at this. Their computing devices are
iPads. Since their messaging requirements are simple (email and imessaging /
Facetiming me).

------
kissgyorgy
My parents bought this scam device: [https://www.get-
enence.com/Enence/EN/001_sc54/index.html](https://www.get-
enence.com/Enence/EN/001_sc54/index.html)

a couple of weeks ago, so I told them to call me before they make any
technical purchase/decision.

------
theonemind
I pity the scammer that tries to take my mother in. She's incredibly
disagreeable. I'd wager that agreeability is a risk factor for this sort of
thing. It's almost impossible for legitimate entities to deal with her as
well, however.

------
Havoc
I don't. They're from a country with sky-high crime rate though so their IRL
street smarts are rock solid. Some of that translates to digital scams

Still worried though when their SIM cards got cloned. (banks use cell OTP for
2fa)

------
punnerud
I told my parents to always think: “Did I initialize this conversation to
begin with?“. If no, don’t act on anything and do your own research and
purchase decision.

Workes as a universal solution. Don’t remember where I learned it.

------
aswathrao
Ask them not to give out any personal details like Name and Address and never
reveal bank details to any one on the phone.

No one asks for your credit card numbers through phone. Every one has a
payment gateway now a days

------
privateSFacct
an ipad goes a LONG way towards reducing problems.

Get a Logitech external keyboard for it.

I'm not just talking tech scammers. It's just harder to "mess up" the ipad for
anyone.

------
Tempest1981
NoMoRobo seems to help (for landlines). But it's not perfect - callers can use
random numbers.

Is there a cellphone equivalent?

Or an easy-to-manage whitelist?

------
oxymoran
Parents? I have to worry about my spouse...

------
dangerboysteve
its not just scammers but also questionable charity organizations (could also
be scammers). I recall her getting a donation envelope with a dollar amount
she agreed to, I called the entity to tell them to F off. The organization
dealt with either firefighters or police and bowling.

------
Scoundreller
Set them up with VoIP. Monitor the CDRs.

Not a primary solution, but definitely a secondary safeguard.

------
Angostura
Bought them a Mac.

------
ocdtrekkie
Disable browser extensions. It'll remove 90% of fake and real malware they'll
run into.

~~~
dubcanada
People do not use IE 8 anymore. This hasn't been true in probably half a
decade.

~~~
ocdtrekkie
I'm mostly talking about Chrome extensions, though Firefox has its fair share
of malicious extensions too.

