
Ask HN: My grandfather was a target of a scam using my information - graham1776
Yesterday my grandfather received a phone call at his home address from &quot;one of my friends&quot;. This &quot;friend&quot; told him that I was in a tragic accident in Las Vegas while at a [real friend&#x27;s name] wedding. This scammer knew some fairly detailed information about me to try to scam my grandfather. He called me and my dad and avoided the scam, but boy was he worried!<p>The ask is: What should I personally do to cover my ass. I have a blog, social media accounts, etc and am now worried about getting hacked, scammed, or family being prayed upon. Thoughts?
======
gumby
My dad fell for this scam (sadly he won't admit it to his friends to help
prevent them from falling for it). He did explain to me what happened: the
social hacking was successful enough that the scammer may not have known you
real friend's name!

In my dad's case, someone called and said "this is your son. I'm in London and
my passport was stolen." My dad asked, "This is <my name>? Are you OK?" Then
he asked why "I" hadn't called my wife, using her name. Now the scammer could
say "I tried to call <her name>" and had some explanation I now forget. Thus
the scammer was able to build confidence.

The really interesting thing to me is that the caller didn't even have my
accent. When he finally called me, my dad told me that, and said though he
noticed that immediately he was so worried about me that it didn't cause him
to suspect anything!

I'm a parent so I can understand how some of your rational reasoning can shut
down when you think your kid is in trouble. I now see that as you start to
lose your marbles this can become pretty bad.

~~~
DanBC
> I now see that as you start to lose your marbles this can become pretty bad.

Maybe not your intention, but it's a severe mistake to think that people have
to be somehow vulnerable or extra gullible to fall for scams.

The meme of "they put spelling mistakes in to filter out the clever folks" is
only true for some scams.

Other scams involve people who've made many tens of thousands of contacts, all
day every day, refining their scam in an iterative process. They use well-
honed social engineering techniques.

~~~
gumby
Yes, that wasn't my intention so thanks for the clarification.

------
DanBC
This is a very common (in UK) scam.

The "distressed relative" scam is mentioned in passing here:
[http://www.bbc.co.uk/guides/zw9v34j](http://www.bbc.co.uk/guides/zw9v34j)

The FTC calls this "family emergency scam"
[https://www.consumer.ftc.gov/articles/0204-family-
emergency-...](https://www.consumer.ftc.gov/articles/0204-family-emergency-
scams)

Here's Canadian advice:[http://mpdc.dc.gov/page/relative-distress-
scam](http://mpdc.dc.gov/page/relative-distress-scam)

I don't know who AARP are, but they have information here:
[http://www.aarp.org/money/scams-
fraud/info-07-2012/grandpare...](http://www.aarp.org/money/scams-
fraud/info-07-2012/grandparent-scam-wa1889.html)

There's some simplistic advice from the BBC here:
[http://www.bbc.co.uk/guides/zxq8frd](http://www.bbc.co.uk/guides/zxq8frd)

It's important to note that fraudsters don't just go after vulnerable people;
they go after everyone.
[http://www.bbc.co.uk/news/business-35250678](http://www.bbc.co.uk/news/business-35250678)

What you can do to protect yourself: Let all your family know that these scams
are happening; let your relatives know that if you do suddenly need large
amounts of money that you will speak to them in person, or your spouse will.

Removing your information, especially your birthdate, is probably a good idea,
but that's hard to do.

~~~
slavik81
While Canada did take Washington, D.C. in 1814, we had to give it back. These
days, advice from the D.C. Metropolitan Police Department can probably be
considered American.

~~~
DanBC
Thanks! Sorry about that. Not sure how I made that mistake.

------
ams6110
_I have a blog, social media accounts_

A lot may revealed there. Think about what you post. Vomiting every detail of
your life out for the world to see is a good source of feedstock for social
engineering against your family and friends.

------
arisAlexis
This is standard practise in Europe.Even a public police statement in Greece
on TV. Sometimes they dont even know your details the chat goes like "crying
voice calls for granpa" grandpa says "martin is it you" then they know they
your name etc.

------
zaque1213
This happened to my grandfather. The scammer told him I was accused of
manslaughter in Oklahoma and was being held for questioning. The scammer was
my "lawyer" and my grandfather needed to post my bail. He saw through the scam
but was worried enough to check with my dad to see I had travelled to Oklahoma
recently. At that point my mother and father were quite concerned. 30 minutes
later I finally answered the phone and confirmed that I was not in Oklahoma. I
was in class.

------
jbeales
This is called the "grandparent scam." It's a common tactic. Your
grandfather's a smart guy and avoided it.

------
jason_slack
I had this happen to a friend of mine and at the time of the "call" the
relative they said was in trouble was playing Xbox in the next room.

------
saint_fiasco
Your accounts probably weren't hacked or anything. Most likely you or your
family posted on social media about the wedding and the scammers then knew you
would be away from home.

Could the detailed information you mentioned be found in your social media
profiles, or the profiles of your friends and family?

------
RUG3Y
This happened to me as well. My grandmother called my dad because she believe
I was in jail and I needed money to get out. She was completely distraught and
even after I talked to her, she wasn't convinced that I was safe. It was
pretty scary.

------
steven777400
My grandfather was hit by this. We never determined conclusively how it
happened, but putting together what they knew and what they didn't (they = the
attackers), I strongly believe that an insider at the care facility my
grandmother was staying at either was the attacker or provided key family
information (names, etc) to the attacker, who then used Google, etc, to do
additional research.

The attacker knew quite a lot about me (but all stuff publicly researchable)
and was very convincing. It was quite disturbing.

~~~
daveguy
> (but all stuff publicly researchable)

You said it there. Don't be so quick to blame the caregivers. The fact that an
attacker _could_ know quite a lot about you from social media means you were
an easy mark, no insider necessary.

Just say no to social media.

~~~
steven777400
The reason I included them is that my grandfather and I do not share a last
name and he is not at all on any kind of electronic communication. So someone
who just knew me could research for a long time and not find out anything
about him; and vice-versa. Someone with specific knowledge had to make the
link outside of social media.

~~~
nommm-nommm
Whitepages.com has a "associated with" that contains all sorts of relatives
without social media accounts or Internet access and that's just public. Your
name probably ended up in an obituary at some point in time They scammer
surely has access to the paid private databases, same as the PIs and
background check companies use. You know those "verify your identity"
questions you get asked when opening a bank account or something? Those "what
was your car payment for your 2005 Toyota Corolla" questions? One of them
asked me who I knew and one of the choices was my ex. How we got linked in a
database is beyond me. We never shared an address, bank account, credit card,
last name, nothing. We weren't even all that serious. There's so much info out
there in databases. No need to jump to totally unfounded conclusions.

------
toomuchtodo
While its not outright identity theft, I _highly recommend_ following the
instructions at
[https://www.reddit.com/r/personalfinance/wiki/identity_theft](https://www.reddit.com/r/personalfinance/wiki/identity_theft)
to get ahead of the curve.

------
MrMullen
This is why I have a Code - Counter Code setup with my family. I can give a
message to any person and then say, "Say this word at the end of the message"
and that confirms the message came from me. It's a little weird to do this
with family but when you explain it to them, they kind of get it.

------
seanwilson
Sounds horrible but it doesn't sounds like there's much you can do personally
about this to be honest unless you have zero internet identity. For that kind
of scam, it sounds like all you need is few names or places that are related
to you which would be hard to completely hide unless you never talk about
yourself online, don't have an online CV and don't have any social accounts.

------
dmuth
On the hacking front, make sure you have two-factor auth enabled on all of
your accounts that support it. That will go a long way in keeping your
accounts from being misused.

------
Spooky23
Honestly, don't answer the phone from numbers you don't recognize. Real
emergency responders will leave a message.

Conmen are really talented at this. Once local restauranteur who I know got
this call from the electric utility, demanding $500 in Visa gift cards in 30
minutes (lunchtime) or the gas will get shut off.

The guy fell for it, just because the conman was good. Afterwards, he didn't
understand what happened.

------
spriggan3
I wonder, how did they get all these infos ? do you have profiles on many
social networks like Facebook or Linkedn ? where did the call orignated from ?
I guess they were trying to get money from your relative,how did they ask him
to transfer the money ?

------
kaila
The Confidence Game: Why We Fall for It . . . Every Time by Maria Konnikova is
definitely worth checking out if you're curious in learning more about why
these types of scams (and cons in general) are so often successful.

------
wprapido
a colombian friend was a victim of similar scam. they called her and claimed
they had kidnapped her brother. she was about US$2k short

