Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: How do you protect your parents from tech scammers?
155 points by nilsb on Jan 2, 2020 | hide | past | favorite | 180 comments
My dad recently received a call from “Windows support”. He figured out it was a scam call and so luckily no further harm came from it. However, how do you protect your parents from similar tech scams - short of locking down their computers with parental controls?

simple... they call me first.

if there is one thing i have _never_ done to my parents, or _anyone_ for that matter, is make fun of them if they call me and ask me for my professional opinion in tech matters. this has extended to situations when they think the situation is shoddy like they are being taken in a scam. i think _this_ is the single reason why my parents have never fell victim to scams. i feel that _most_ parents, or elderly people for that matter, fall victim cause they feel pressure from both ends... the first being the scammers themselves, the second being scared to ask _anyone_ if the situation is legit for fear of being made fun of.

_noone_ should feel scared of being ridicule when asking any question regarding their safety or well-being.

It's all good until they don't realize the thing that is happening is something they should call about.

You'll sit down to talk to your parents someday and the damage will already be done.

The scammers are fast. They are good. They are like vultures hovering over the elderly. Our parents don't see this stuff coming, and they comply too quickly.

My wife administers a nursing home and this is a daily problem. Their residents get calls from scammers constantly and they have to stop little old men and women from walking out of the building to catch a bus to go to the bank to send money to one scammer after another.

They are always telling them, no, the medicare office does not want you to put all your money in a government bank account for them to make deposits to - those are scammer accounts. No, a nephew you never heard about does NOT need to be bailed out of jail. No, you do not have to buy a pre-paid visa card over the phone in order to pay for medications. No, you never have to purchase a coupon for $50 that will save you $100 at the store, those don't exist. It goes on and on and on and on.

Definitely. But it may be enough depending on your parents, I think for now it's enough for my mother for example. And the title question is "How do you protect your parents?" not "How, hypothetically, should everybody's parents be protected?"

My mother phoned me because her laptop was yelling at her. Bad guys had taken over her browser (IE maybe? Or Edge? I genuinely don't remember) and on start-up it was repeating a verbal message on maximum volume about how they now controlled her computer and she needed to call them to... well you know how these go.

But she had the sense to realise that even though it said she must call _them_ she could rather call _me_ and since it was yelling at her she put the laptop down and left it yelling into thin air. I walked her through the surprisingly easy process to disable it and get her back in her comfort zone. I explained what they'd tried to achieve, that they had tried to trick her into thinking they were more powerful than they really were - and praised her for taking the time to call me.

It can also happen quickly with isolated parents if they're at a transition point (still living home) and a scammer walks in. I had a friend who's father was starting to suffer from dementia and had a woman who got control of some of his bank account info and was emptying him out. After my friend had his dad hospitalized, she was calling the hospital trying to get access to him and he had to get his room changed to an alias. Hospitals have frighteningly poor security measures.

When I visit relatives in the hospital there is no one stopping/verifying/questioning me. At all. No checks, no questions, nothing. If you act like you know where you are going no one worries enough to stop you. It has left me feeling concerned each time, especially when it is a younger relative in the hospital.

Scammers can definitely be fast. My grandfather was scammed recently. He got a phone call claiming to be some sort of technical support for the retirement community he was living in. Eventually he figured out he was being scammed, hung up, and called me.

Unfortunately, because it had happened so quickly he didn't remember everything the scammer had asked him to do. So it took quite a bit of searching until we figured it out.

Yeah this doesn't really sound like a strategy for preventing them from getting scammed

You can't prevent everything :(

a lot of the situations you described are targeted at people with dementia and other neurological disorders. there really isn't anything you can do in those cases.

thankfully my parent have their wits and don't suffer from such disorders.

> simple... they call me first.

This… seems a bit naive to think your parents will call you first every single time they want to do something special with their computer. It makes me think of parents that assume their teenagers aren't doing anything stupid because they are confident the kids are sharing everything with them.

Anectode: My in-laws are renting their property through Internet. They occasionally receive calls by interested renters and they successfully manage it by themselves. They are almost in their 70's. One day someone had a payment issue and asked to pay them differently, asking for account information so they could send the money directly. They managed to trick them into putting their card number on a fake website displaying the agreed-upon amount. They lost about 100€, the bank couldn't revert the transaction for some reason.

Parents only call you when they are unsure of something. The problem is when the scammer manage to convince them everything is normal, which is exactly what they are good at.

Since your mention euros: I am sure you know that cc transactions are protected in the EU and that you cannot be held accountable above 200 or 250€ (don't remember, this changed recently) when the transaction is fraudulent.

I know you said 100€, but I do not belive a bank will make the claim. I was in that situation twice, the first time they did not even mention it, and the other time they did mention it. When I asked "and so what" they said that they just informed me of that but they they will, of course, not make the claim.

if you think it's naive for your users or loved ones to call you when they have the slightness doubt about something, then perhaps the problem is with how they feel treated or the way you present yourself to them when need help? are you welcoming to their questions or do you act annoyed with them?

> Parents only call you when they are unsure of something. The problem is when the scammer manage to convince them everything is normal, which is exactly what they are good at.

> if you think it's naive for your users or loved ones to call you when they have the slightness doubt about something...

I think you just affirmed their point. You're acknowledging they only call when they have even the slightest doubt. They're saying that is exactly the problem, because they won't call when they have no doubt that everything is normal.

Same here. My 79-yr-old mother is far from sophisticated about tech stuff but understands the basic idea of scams, and is naturally inclined to assume people are out to get something from her. So when she gets suspicious calls or letters (she doesn’t follow her email that closely), she calls me. Sometimes she will try to engage with the scammers, which I’ve tried to tell here is counter-productive.

_noone_ should feel scared of being ridicule when asking any question regarding their safety or well-being.

In 2020, does this mean anything online anymore? Or does it mean more than ever? I've gotten to the point where a -50 karma is just a momentary annoyance, and I just think of it as "imaginary Internet points."

I could see how a kid who was conditioned to see their self-value in karma or views might take it hard. I've certainly been in that boat. Has there been a peak, then decline in online social media cynicism, like there was with child computer literacy? (Went up, peaked, then went down.) (Thankfully, my parents have always been extreme social media cynics.)

This is how I approach it at work (a non-profit where we deal with sensitive data). Every new employee and volunteer goes through a 30-minute training webinar on security when they start: spotting phishing emails, choosing good passwords, 2FA etc.

At the end, I tell them that if something just feels off, even if they can't figure out why, I'd rather they call or message me on Slack than ignore it. It absolutely never bothers me when they do it - in fact, it makes me feel better. Maybe 1% of reports are actual issues, but I'd rather deal with 99% false positives than miss even one thing.

I’ve seen the kind of videos that FAANGs require their new employees to watch. Not good. Even scarily bad.

If you are at a FAANG, then the phish success rate against your company is probably in the mid single digit percentages.

If you’re at a Fortune 50 company, then the phish success rate against your company is most likely in the high single digit percentage range — if you’re lucky.

If you’re at a company not big enough to be in the Fortune 50, then the phish success rate at your company is most likely in the double digit percentage range. That’s right, over 10% of all phishing messages sent to people in your company will end up hooking their targets.

And the sad thing is that we techies are the ones that are supposed to be most aware of these things and most likely to be able to protect against them.

I think this is the key. As a kid, I remember family member of mine would routinely take their computer into friends at their company's IT department (their personal computer, mind you) because they felt less embarrassed asking a coworker for help than their kids. I try to make sure my parents don't feel awkward or embarrassed for asking me with tech help.

> i feel that _most_ parents, or elderly people for that matter, fall victim cause they feel pressure from both ends... the first being the scammers themselves, the second being scared to ask _anyone_ if the situation is legit for fear of being made fun of.

A friends parent got done by a phone scam. "Your router has been compromised, please let us check your PC, oh no they've got the computer, install this. Oh no - they've hacked your bank account and used it to Launder money, the fraud office will contact you. etc etc. The bank saved them when they tried to move a second load of money.

I don't believe for a moment they didn't contact anyone because of a fear of being laughed at - they believed the narrative that this was a secret operation. Ironically it had all the hallmarks of a classic eve online scam.

Do not assume all scammers are mediocre and transparent. Do not assume a close personal relationship is enough.

Which eve scam you are referring to?

This is not the best advice when your 90 year old father loves using his Mac and iPhone, and is constantly "fixing" things when something "didn't work"

Scammers have ways around that as well. My father called me once asking about malware, he also mentioned that they actually placed a timer, applying pressure that he supposed to respond within 2 minutes. There are a lot of tricks those scammers are using.

^ This.

My parents ring me if they get an odd popup on a webpage to double check if they should ignore it or not. If someone calls them telling them there's something wrong they politely tell the person they will ask me to look at it and politely end the call. And if they purchase stuff off a new website they check with me before they make any purchase so they don't pass their credit card to a dodgy site.

It's better they call and ask me than take a risk, last thing I want to happen is my parents to fall victim to a scam.

i will say that i also install and configure ublock origin on all the browsers that i and my parents use. it's surprising how many times, just innocent web browsing gets you in trouble cause of ads and drive by malware.

+1 for ad blockers - installing one (I use uBo as well) on the computers I "manage" must've saved my relatives 100s of € in falling for scams. I'm sure of this, because a month ago Facebook pushed a bypass for ad blockers and within days, one of my relatives almost lost 300€. What saved her was her poor understanding of English - she called me to translate something for her and I immediately smelled a scam.

Good point.

What if the scammer plot "do not call your kids" into their scheme?

Then it's 99.9999% safe to ignore. There is no reason that calling someone else would be a problem for anything that is legitimate.

Then it's an obvious red flag if the parents know to always call, no matter what!

Yes, when the scheme is simple and straightforward, there is no point to say "do not call your children". But within a little bit sophisticated schemes, scammers can find a reason to plot in this kind of demand. Such as your computer has been compromised by terrorist organization, do not call anyone especially your children.

it should be second nature to ask for help for something you don't understand or feel uncomfortable with. my parents and friends would literally say that they need to consult with their tech guy, that's me :), to make sure everything is alright. they would know something is wrong with the situation right away if they were told not to talk to me by the person.

and that really goes for _ANY_ situation in life. if you are told _not_ to talk to someone else about a situation, you are being controlled and taken advantage of.

I've watched some of Kitboga's streams on Twitch and you are correct. They will not same do not call your children, but they will say they need them to stay on the line over the duration of the call. In fact, if you do get disconnected, they are very quick to call back.

1. Give them a very locked down by default device like an iPad if possible.

2. Set their phone to send everything to voicemail that isn't a contact. Many scams don't leave one & if they do it can be discussed with appropriate people first.

3. Install a browser like Brave or extensions that block most garbage on the internet.

4. Setup their important files & pictures to be backed up automatically to one or more cloud services.

5. Not related to tech scammers, but more the ransom scammers or your grandchild needs money scammers - Always have some type of secret agreed upon phrases or questions that no one would ever know or be able to find out. Even better, make it a question someone could easily search for but have a ridiculous answer that is an inside joke between the two of you.

6. (Geek Bonus) - Enjoy watching social engineering videos together! They're entertaining, informative & I personally think more enjoyable than most of the stuff that passes for movies, sports & TV shows. Ok, this last one is probably not for everyone.

> Enjoy watching social engineering videos together! They're entertaining, informative & I personally think more enjoyable than most of the stuff that passes for movies, sports & TV shows.

Do you have any recommended playlists? Did not know that is a thing, might be fun to check.

There's a YouTube channel called "Kitboga" where a guy calls tech scammers and tries to waste as much of their time as possible: https://www.youtube.com/channel/UCm22FAXZMw1BaWeFszZxUKw

The videos have a pretty broad appeal -- even if you don't always get the memes he references, it's still funny to watch him pretend to be an old lady over the phone -- and you'll learn a lot about the way these scams usually operate.

Some of the more popular ones I've watched are by Kevin Mitnick, Rachel Tobac or Jessica Clark.

What is great about those is most anyone can relate & understand to what they're usually doing. No terminals. If they use a gadget, it's something you can buy off the shelf usually & they describe what it does in simple terms. This makes it much more educational for most people.

Forewarning, typing "Social Engineering" into YouTube can cost you many hours!

Not really by design, but I have a brilliant method! My mom still has only a land line, and the cord is too short to reach the computer.

She got a fake virus alert on some skeezy website, and she immediately called the number, without checking with me.

They tried to talk her through enabling remote access so they could get in and do whatever horrible thing they intended, but they had to get her to identify her IP address and type a few commands first.

She tried going back and forth from the telephone to the computer in another room, and the scammer finally got angry and screamed at her, "can't you borrow a cellphone from one of your neighbours?" When she told him she couldn't, the man just hurled obscenities and hung up.

These guys really depend upon you being able to talk to them while typing and clicking.

Sadly, this happened to my father last year, and they were successful charging his debit card $300. He did not give them his PIN, which they requested (he couldn't remember it). I called Wells Fargo and they were great about just nuking the charge. Had to get a new card, of course, and I immediately made him stop using a PC. I got him a iPad mini, which hopefully helps with those fake "you have a virus" alerts.

I need a VoIP service that changes my voice to a grandma/pa.

They always catch on too fast with me when I pull these stunts :(

Teach them this simple heuristic:

No tech company these days will ever call a customer, especially not Microsoft.

If you do receive a call from a more traditional institution like a bank, don't divulge any information. All banks have strong identity theft protections in place, but you haven't authenticated the caller. Ask for a reference id so that you can call the company back using a phone number that you yourself looked up on their company web page.

If the caller has any reason not to comply (and they will have plenty of reasons why they can't), or they insist you use a number that they provide, hang up and forget about it.

'If you do receive a call from a more traditional institution like a bank, don't divulge any information.'

The problem with this, in the UK at least, is that banks do call and ask for personal info such as date of birth, etc. The irony always seems lost on them when you refuse to give it.

I've had banks call and ask for personal info. I tell them, "I'm sorry, I don't give that information unless I called you."

They immediately understood, gave me a reference number, and told me to get my credit card and call the number on the back and give the reference number.

When I called back I was able to pick up right where I left off.

On one hand I was impressed that they had this flow, but on the other hand I was disappointed that they were training people that it's ok to give personal information on the phone.

I had another bank do what I thought was the right thing. I got a recorded call that said, "We believe someone used your card to make a gas purchase in Las Vegas. We have locked your card. If this was you, please call the number on the back of your card, press 3, and an operator will be able to unlock your card. Or you can log in with the app and unlock the card yourself."

They did all the right things. They told me unique information that helped identify they weren't a scammer but didn't reveal anything too personal, and then told me how to securely contact them.

That is actually a scam (or can be), where they would play the hang-up sound, play the sound when you dialed the keys and then have a second person continue the call. It worked because land-lines didn't end the call until both parties hanged-up. That means when you picked up the phone again, you were still connected to them.

Don't know if that scam still works, or not, and the same flow is probably used by legitimate senders.

That always baffles me with HSBC when they call and ask for personal information like DOB or other to confirm the identity. (The calls were legitimate.) I always tell them I won't provide the information, and then they ask me to call back. But why do they ask for it, when on the other hand they also recommend not to disclose any personal information to unknown parties (the phone number is not good enough verification), escapes me.

The one that drives me bloody insane on HSBC is the text from the bank's 'security department' telling you to call them on a number that is unlisted on any web page.

I've tried to explain to them several times that they are training their customers to fall or scams, but they seem to be unable to comprehend.

// Aside: If this kind of stuff bugs folks enough to want to help change the whole industry, come work with us. Rethink and build better workflows to “do it right” for customers of a global bank.

Not only banks.

My pension provider, Scottish Widows, did this to me a few weeks back, from a private number to boot.

I told them I'd call them back and they were fine. Not sure if it was a scam or not but suspect not as they were pretty ok about the whole thing.

There's a lot of institutional stupidity in banking, given that they need to verify the customer at the same time that the customer needs to verify the bank.

That said, the "call back" test is an easy smell test -- a bad actor will have a huge problem with that, while the bank usually won't think too much of it.

fyi .. Etrade has this stupidity fwiw.

Perhaps last year, when I was trying to resolve some broadband issues with Virgin Media, I had to recite my account password over the phone in order to pass the security check....

Thankfully I don't share passwords across accounts, so only had to update that one!

Yes! First Direct did this to me, and when I asked to call back for security reasons, he was borderline upset. "But sir, I have your mother's maiden name; surely that should be enough validation?" I didn't know whether to laugh or cry.

I know you probably asked yourself this, but could that call also have been a scam?

I mention it because (and this is I think a good contribution to the thread) "getting upset" correlates strongly with "hiding something" and with "axe to grind with the world" and with "not disciplined or patient enough to get a job."

I did wonder, but when I insisted, hung up, and called back, the next CS rep saw the call in their CRM and knew exactly what they wanted to discuss with me. So it's unlikely.

Honestly I think I'd rather had have it be a scam, at that point :/

Ha! Well your current relationship with a bank is probably a scam too, but they're smart enough not to bleed you too quickly!

You can set a password for First Direct to use when calling you. That's worked fine for me, but then I did set up the password like... 20 years ago maybe? Maybe a bit more, I was in this city so that's 20-25 years ago.

It doesn't need to be a very good password, because it's not as though it can be brute forced. It's like the Socialist Millionaire's Protocol situation, a human is in the loop, if you get the answer wrong twice the human is already very annoyed, so you cannot try 100 passwords let alone a billion.

if they call you, it's them who want something from you, right? So they can just bugger off. My bank in Russia used to call me all the time to offer stuff, usually credits. I've ended up just blacklisting them. If there's anything wrong with my account they never call, they block the card and wait for me to call them

Which bank? I've found them mostly understanding when I've asked people if I can call back.

Although they still try to ask for your DOB first, which means you can't have a blanket "If someone calls from your bank and asks for your DOB, they are definitely fraudsters" rule.

Note that fraudsters are doing things like faking caller ID and holding the line open, playing dialling tone on landline calls so that you hang up, think you are dialling again, and actually are still on the original call. The fix there is to use your mobile to call them back, or call someone else first. You can also feed them wrong information and see how they react, but I'd still do the call back thing.

I haven't had them ask for personal info, but I've had NatWest 'advisors' ring from random mobile numbers to confirm I was attending an appointment.

Its quite disconcerting, especially as most corporate VOIP extends to mobiles.

Calling someone else first is a false sense of security: if scammers are faking a dial tone, they will starthaving software to connect the call too, and then resume the scam when you call the bank number.

If it's a landline, call on a mobile.

Hah yes I've had this from NatWest. I always insist that they provide me with a number to phone them back, then check it against their website before dialing.

Actually some tech companies do call; at least Dell (well I guess you could argue it’s not a tech company) did cold call me to try to sell overpriced extended warranty on their shitty tower. Probably legit since apparently loads of people get this sort of calls, plus they don’t actually ask for service tag or personal info and you can pay on dell.com so rather pointless as a scam.

But having people mistake sales calls for scams doesn't really do any harm.

My parents are both very intelligent. My mom (a PhD) actually fell for one of those pop-ups that warn your computer is infected. It took many phone calls to reverse the automated charges...

That being said, getting my parents from Windows to Mac was to biggest ROI. Before, with Windows and even Malware Bytes Anti-Malware, I had to literally drive home hours for emergency tech support.

However, I’ve educated them against popup clicking now so much that they pointedly ignore Mac update popup notifications. Oh well, it is what it is. And what it is is much better now in Mac land.

> My parents are both very intelligent. My mom (a PhD) actually fell for one of those pop-ups that warn your computer is infected.

There have been many studies that have found that education level, job function ,etc are not indicators of whether someone will fall for a scam. It can and does happen to people all over the place.

This. Everyone can be scammed, without exception. Being smart is not very protective. In fact, some studies have also shown that very intelligent people are more likely to fall for certain types of scams.

As far as I've seen, the single most important factor in whether someone will fall for a scam is the degree to which they match the "target audience" of the scam's script. The practice of spear phishing embodies this principle taken to its logical extreme.

Dealing with this with an elderly family member.

We've moved them to all Apple devices. Locked down everything (the account on the Mac is "standard" not Administrator level). Set up a G Suite account with restricted access (cannot install apps, cannot install extensions into Chrome). Use 1Password for passwords, 2FA for all accounts that allow it. Removed Flash early on, removed Java runtime. Turned off auto–update on the Mac and iPhone/iPad.

I initially tried parental controls on the Mac but found it was a nightmare for even their limited use of apps outside of Chrome.

Still after 10+ years of “training” this person to call me for any technical issues I get surprises like yesterday when they wanted to install an “ad blocker that keeps popping up in Chrome”, which was, of course, malware.

Probably will ditch the Mac and switch to a Chromebook later this year.

> Turned off auto–update on the Mac and iPhone/iPad.

Why? I would have done the opposite.

Not saying it's right, but in general, updates tend to introduce pointless UI changes which are catastrophic for older people who aren't technologically inclined.

Apple itself isn't too bad in this regard, but apps do this all the time.

You are spot on on UI changes. My octogenarian father called last year telling me his bank account had been hacked. Long story short, his bank had put an interstitial ad for loans showing a vacation beach scene between the login page & the account summary page he was used to. With his eyesight and patience level he didn't notice to scroll down for the "continue to your accounts" link. Ergo, only explanation was that he'd been hacked.

This took way too long to diagnose now that I live hundreds of miles away.

I wish UX designers would slow their roll on things like this in sensitive applications like online banking. There are times for ads and times for when ads should not be present.

Most of the time, it is not UX designers that are the problem here. There aren't UX designers who are like, "yeah let's make a shitty experience where you have to click through for no reason". It's someone on the business side forcing them to do it.

I used to think this, but then I started reading UX industry papers and websites. Now I think that the problem is a combined effort.

I've sadly started recommending the same thing. It seems like every software company hires new UI designers every year, or the existing ones can't resist the urge to change the interface around every release. I wonder how many of them realize how hard their redesigns are on older folks who just took 6 months to learn where everything is on the previous version?

I really wish it was the norm in the software world to offer UI updates and security fixes independently, so we could upgrade the good without having to accept the bad.

> I really wish it was the norm in the software world to offer UI updates and security fixes independently, so we could upgrade the good without having to accept the bad.

Me too. That used to be standard practice, and I think abandoning it was a disastrous move.

I know that combining the two things like this means that I get security updates less often than is desirable, because I delay all of them until I feel I have enough time and energy to deal with any UI/feature/configuration changes.

I forgot that auto-update can upgrade the OS. Blocking those updates to prevent UI changes makes sense.

This. I still keep an aging HP desktop running windows XP up for an 85 year old who only cares to play a specific version of Hoyle card games for DOS. If anything in his experience changed, it would be catastrophic.

On Mac, alowing OS Updates doesn't actually enable the download of major releases, only point releases that don;t tend to involve UI changes.

Mostly to avoid what others have responded with. The person I'm supporting is ~1500 miles away for much of the year and I found Apple's update process would randomly disable my remote access setup, in addition to random UI changes. 2-3 times a year I apply updates in person as well as take snapshot backups on a portable drive.

I would suggest using a pi hole on top of this setup.

Great idea, thank you.

Only issue is it will desensitize them to threats when they are not on that network. But if they're only ever on that network, they'll probably be fine.

I would install logmein or some remote access program that helps. Also helps to buy them a router with a cloud stored configuration. I mean that opens up some issues but all in all saves a lot of time.

Education. Whenever I'm talking to my mother about tech I make it as simple and relatable as possible. I drill in a few things:

Passwords are as private as the most embarrassing thing you can imagine. Never give them out to anyone. Ever.

No financial institution will randomly call you unless its a fraud alert. Even then, ask to call back and then call the company using their direct number to verify. Anyone trying to keep you on the line is suspect. You have a right to hang up at any time.

Treat your email address like your home address. Would you randomly give your home address to strangers?

Phone numbers are so easy to fake you could do it on your cell phone. Do not trust caller ID.

If in doubt call your children.

And I do get a lot of calls about everything but I'm glad my mother calls to verify instead of taking a chance. So many older parents stay in parental mode when their children are well into adulthood and tend to trust their judgement before their children's. That or they don't want to bother them or even admit they know less. Hubris and ignorance are the problem.

It’s not enough to call the bank directly after a scam call - first phone someone else to ensure the line is actually closed.

I don't understand what you mean here...

I think there's a way on a landline to "hold the line open", even while the other person hangs up? Then if they pretend to pick up again after you punch in new numbers they can fool you

> I think there's a way on a landline to "hold the line open", even while the other person hangs up?

Ah, thank you, I understand now.

This was true with landlines decades ago, but that problem had been resolved a long time back, before I stopped having a landline entirely.

It may not have been solved everywhere, though...

This is an article from 2014: https://www.theguardian.com/money/2014/jul/19/telephone-frau.... It’s possible it’s been solved by now.

I don't think there is a magic bullet - and yes I have completely considered adding parental controls.

I think there's probably two prongs of attack. Helping them manage their IT and Scam prevention. Scam prevention covers cold calls "from your bank", random letters in the post, people knocking on the door etc. IT competence is supplementary and confidence here helps prevent the former. e.g. If you've installed every toolbar offered to your browser, then a) You shouldn't be in charge of a browser and b) Are more likely to need the help of MS when they call.

Things I've done, in no particular order:

Offered to be their IT support. If in doubt over anything, please call me first. I don't mind, it's how I can be helpful and show gratitude. If I've called them, I've normally got free time, so good time to ask if there's anything they want me to look at whilst I'm here.

Added their machines to my Google One Backup (or whatever your backup solution of choice is with an online family plan). I've tried leaving them with USB drives to plug in and local backup scheduled, but never seems to work out.

Accept some people shouldn't own a PC. Chromebook/ipad provide most of what they need and are relatively sheltered.

Push them towards online services for say email. Yes, they might be used to Thunderbird that you initially set them up with - but de-corrupting local storage, missing emails from that time they accidentally used POP, hooking in AV, anti-spam etc etc. Gmail (or your provider of preference) handles that for you (and you can just use thunderbird with that if you insist - and it will grab mails from that ISP account you mysteriously are attached to).

Education. Quite surprisingly my PC-cautious relative (never messes up, but refuses to embrace) decided to take a "Computer Driving License" course. I was slightly disparaging to be honest, but she found it interesting - and started realizing what she could do. e.g. Address book previously a txt file (kept on a USB stick for security, naturally), made the switch to Excel and mail-merged the envelopes for the Christmas letter.

I switched my grandparents PC to linux, Ubuntu in particular. It covers everything they want to do (light web browsing, some text processing, printing, transfering images from their phone/camera to the PC). Has been working great for 3yrs now.

I've also noticed that installing adblock helps, since there's less shady stuff to click.

I've had my parent's PC on Linux for almost 10 years (mostly Xubuntu, was on Mint for a bit). I initially expected to reinstall Windows after a few months, but it worked pretty well. I told them that it looks and works[0] like Windows, and they were off.

[0] As for as using the GUI is concerned. Normal people don't care about the internal workings of their technology.

> I've had my parent's PC on Linux for almost 10 years

I did this with my daughter, and never told her it wasn't Windows. She didn't know or care for years -- until she developed a taste for cutting-edge video games.

What do you use for a mail client? Besides web-based?

They were already using Thunderbird.

this proved to be very effective in my case as well, a gnu\linux distribution + ublock origin.

Two things:

- I buy them Apple devices. n=4 here, but it really seems when my family (mom, father-in-law, mother-in-law, and older brother who is borderline tech illiterate) made the switch from Android to iOS devices or even PC to Mac, they just had less of an issue with this. It's anecdotal, I am not a diehard Apple fanboy, but take it for what it is.

- I tell them to always close any and all popups. Point blank, carte blanche, doesn't matter how sincere it seems, or if it even is legitimate, just close it. If there's something she ends up not being able to do eventually she just calls me.

First thing I did when I set them up w/ a PC years ago is send them an email from our President with obfuscated links to something absurd. These brought home the dual points if never trusting the sender's identity and never clicking links. There's be more to it but that's 80% right there.

My dad is good with computers and has a great online-bullshit radar. My mom and aunt are god awful though. My aunt fell for a 'virus scan' scam recently and the fallout was kind of rough to deal with. Full backup of photos & docs, new passwords, and a full factory reset of the computer. Not a fun weekend for her.

My rules for them: 1. If someone calls you from the bank, hang up and call them back from their phone number listed on their website. 2. If a pop-up comes up warning for viruses, call me immediately. 3. If a pop-up comes up warning about governments coming for you, call me immediately. 4. No one on Earth is going to try to give you money for free online.

I've had to answer plenty of calls about online bullshit, but I prefer that than having to try to deal with the Bank after they get scammed.

I recently came across a product that tries to solve exactly this. For $15 a month they give seniors a "personal secretary" who screens calls from unknown numbers.

Recently featured on ProductHunt: https://www.producthunt.com/posts/phonescreen

Their website: https://www.phonescreen.co

Unfortunately my mother trained herself mostly (I do block a bunch of stuff at a DNS level though on her PC), she lives with me and umpteen times a week:

"Can you come here the computer/phone/ipad is saying something, have I been hacked"

- no, it's telling you that you have an email, no it's telling you that you are getting a call, no that's your other son asking you a question...

"How do I save something again"

- you've been working with computers longer than I've been alive... click the save button "where" the disk "where" or go to file save "where is file" points "I don't see it" my finger is touching it!!!

- Are you ^(!@#$@ kidding me

- Look at your paper, you've written this down three times

"How do I save something to my zip disk"

- You don't have a zip disk, you have a usb drive or a thumb drive, you've never had a zip disk, I've never had a zip disk, zip disks were stupid and still are and I don't understand why Amazon has them for sale for so much!

"can you print this for me at work"

- no, I've told you this 37 times, go to FedEx office with your usb drive, I'm not printing 173 pages of whatever that is and risk getting fired

I promise you, it's all a con. There's no way she doesn't know exactly what she's doing and just likes messing with me. I've showed her how to turn the volume up and down on her iPhone at least 100 times. You've got 3 buttons, figure it out mom! I swear I'm going to have a stroke or a heart attack one of these days while showing her how to do something for the 97th time.

My brother on the other hand... when he still lived close it felt like every other week I was reinstalling windows for him. He'd torrent everything, click any link, open ever attachment... eventually I just blocked obscene numbers of domains and ran him through a 'family safe' DNS filter. I don't know what he does now, I guess his teenage step son has to suffer through helping him.

Don't baby them. Ask them productive questions in response - "well, which icon do you think is for saving?" You can guide them "well usually that's at the top of the screen" but don't take the device from them or do it for them.

You want to teach them how to fish, not hand fish to them every time they ask.

It's pretty bad in Canada - you get really convincing scammers pretending to be our taxation agency pushing you to pay back taxes in iTunes Giftcards.

This is an obvious scam, but for people who aren't up on this and fearful of "the man" I expect these kinds of scams work for every 1 in 100k people at best and are still probably lucrative enough for them to keep going.

The answer for the OP problem and the Canadian problem are the same: the government never calls you, Microsoft never calls you, no tech company will ever call you.

There was a fascinating story I read (which now I obviously can't find), which explained why spam emails/pop-ups appear to be so bad. It's because the scammers don't want thousands of responses, they want tens of responses from people who'll believe a shonky looking scam is real. Allows you to triage your potential market down to those more likely to complete the second more expensive (needs a scammer) and unbelievable (government wants taxes in gift-cards) step.

the government never calls you, Microsoft never calls you, no tech company will ever call you

And none of them will ever ask for payment in gift cards.

Also want to ask if anyone has a 'parents' Linux setup that has worked well over the years... I tried once maybe 8 years ago and had to figure out how to walk my mom through a kernel panic through the phone... didn't work well :)

My parents have been running Zorin OS lite for a couple years now, they have not had any problems with it. It's based on ubuntu and the lite version has xfce as the desktop. Runs great on their older computer, looks enough like windows that they jumped in without any issues, and it has a pretty basic interface.

My non-technical parents have been Mint for years with minimal problems. One thing that makes life easier is that they were okay with me enabling sshd for the cases when they want me to investigate something for them.

(An incidental benefit of a Linux household - the calls from "Microsoft" become a lot funnier and less scary.)

I have setup xubuntu for my parents to look similar to windows. No sudo access, no password default login on boot. Firefox/Chrome with ublock origin. Virtualbox with win10 is installed for Office. If at all anything happens I do a remote login and check/fix things. Works well so far.

I installed ubuntu for my grand father and, two years later, has not had any problem (whereas it took less than a week before he asked my do uninstall the adblocker I gave him...).

Have you - in later years - figured which distro if any, was the easiest and hassle-free, for older people in general (if not your parents specifically)?

My mom has been using Ubuntu MATE for a few years and doesn't even know it. I just put a Firefox icon on the desktop and it was basically the same as any other computer for her.

How would a BSOD be different in this scenario?

I am surprised no one mentioned AdBlock yet. Often you contract an virus/adware/... through and ad, especially when the ad is confused with a feature of the website. I use noscripts also, but that is not for non tech peoples. Apart from that I don't know, maybe, do not give them admin rights on the computer?

Since I gave my dad a Chromebook instead of a Windows machine - I have no problems at all. It is very hard for the tech support scammers to make him install anything on it.

Most malware I've seen in the field is Chrome extensions, so I would not assume this is enough. I recommend disabling browser extensions for maximum computer illiterate IT safety.

And then online banking and your government eID Middleware won't work...

Whoa, there's governments that require browser extensions to work? That's terrifying (but enlightening, thanks).

AARP Fraud Watch



AARP puts serious resources into scam prevention. Print the hotline number and tape it up next to their screens and/or land-line phones.

I've convinced many of my loved ones to get two-factor authentication on at least their primary e-mail addresses and to treat everything as something that can be compromised e.g. don't make any of your bank accounts front facing that have any more money in them then you are willing to lose.

Obviously this doesn't protect them against the complete set of problems but it is quick to implement and keeps me from being the personal security manager of those I care about.

At the end of the day if someone is running a sophisticated phishing scam some savvy people are going to fall for it - I think the name of the game is damage mitigation not prevention. As long as you can mitigate people from losing a life changing amount of money I think you've won here.

My mom is 88 yo.

I have installed ChromeOS on her laptop, uBlock in Chrome, set router DNS to my own (which filters out spam, malware, ads etc.).

Set an iPhone option to accept only calls from Contacts. I am also going through call lists periodically and block marketing calls etc.

I have also cut the cord on land line.

I will add to this for small business owners, my parents who have a restaurant got contacted by "Google maps support" who had tricked Google maps to have a wrong address for the place, and then contacted them to "resolve the issue with a fee".

Have them watch Kitboga. https://kitboga.com/

Was just about to say this but cmd-f'ed for it first... :)

Kitboga is great. His tone is not too aggressive or caustic like some other scambaiters. And he is extremely funny. I mean brilliantly funny..

He livestreams on https://twitch.tv/kitboga at least 4 times a week generally...

This is something I've been thinking about for a while. If my dad goes before my Mom, I want to set something up to protect my Mother. She's an extremely trusting person, and generally not good at understanding the things she signs. I don't want to take autonomy from her, but I'd like to set something up so any purchase over some set threshold would need to be verified by either my brother or myself. My Dad is probably going to leave her with a pretty decent nest egg... and I really worry about her, especially since both my brother and I live in another State.

Consider taking some autonomy away from her.

A lot of work to set up, but it might be worth it in your case.

Put almost all of her money in a main account that requires approval from you or your brother.

Give your mom a checking account with regular monthly deposits from the main account.

We did this for my mom, and she was relieved to have the burden off her shoulders.

Maybe you can try letting her getting scammed on small things, so that she can train her ability to discern scams. Before she get scammed on something huge. The best would probably be a game, game doesn't have a huge consequence, this is good for training. Maybe some game like Resistance or The Werewolves of Millers Hollow. Maybe she is in deny, that someone would think of taking advantage of someone else thrust. Would be curious to know if making her take advantage of someone else thrust trought a game (like one cited above), would help her evolve.

^ But also, tell her before you do this. Respecting autonomy and agency matters.

A good hosts file will help, a lot.


Disclosure: there are many like it, but this one's mine.

Thank you for your service.

Teach everyone you know few simple rules:

1. Never provide anyone any information on a call you receive. If you receive a call, go wit the expectations that it is a scam/spam. If it seems genuine, you call them back using a number from their website. Don't call back on a number provided by the caller.

2. Don't pick up unknown numbers.Let them leave a voicemail.

3. Most Govt. orgs or banks will not call you to request personal information over phone at least in the United States.

4. There are common scams/spams including Windows/Tech Support, IRS, You have won a vacation scam etc. Don't ever believe those. They are always a scam.

5. Never ever click/download a link/attachment on an email that you are not sure about.

6. Teach everyone how to read email headers if possible to verify the sender. It is too easy to spoof the from name/email. Fun fact: my wife recently received emails from ME (obviously not) asking her to wire money for some urgent need. lol. But she almost fell for it and I was shocked. The reason was email spoofing. I immediately showed her how to check the headers.

Most importantly, teach your parents or other non tech savvy friends/family to never trust anyone over the phone or email even if it seems like someone they know. Always be suspicious. It is ok to do so.

Oh and as the tax season approaches, the IRS scammers will be out in full force. Make sure that everyone knows IRS NEVER CALLS you especially to ask for money. IRS will always send you a registered letter in mail, always.

What should one look for in e-mail headers to spot spoofing?

It can be very difficult to detect a well-spoofed email message even when examining headers (but if you want to learn how, a web search should get you the information you want).

What I do, and strongly recommend to others, is two-fold: First, don't allow your mail reader to render HTML emails. Second, never follow any links in emails, nor trust that any other contact information is correct.

If you get an email from an entity you know, and it is asking you to follow a link or call a number, ignore contact methods/information in the email itself and contact the entity using your already established information instead.

This is nore realistic than a number of people realize I think:

I happen to be known as a nice sysadmin and therefore people call me so I got a number of stories.

Many of my older friends and relatives are somewhat immune as their technical English just isn't good enough.

I find the persons who call are mostly 25-35 year olds (I had one older acquaintance who taught highly technical subjects at university level who installed various cleaners that were clearly scams to me but I'll leave him out and focus on the telephone tech support scams.)

Most of the cases we've managed to stop somehow. The one were I didn't manage to stop it in time or get the money back was actually a young accountant who got his personal checkings account emptied.

One thing I've noticed is that several of the people who fall for it are surprisingly smart.

In the last case I interviewed the victim for 20 minutes afterwards and what shook me was how she had no recollection of anything between the start of the call and when she was pulling out her second credit card.

This suggests to me that the best scammers are kind of good with something NLP-line or something.

(FTR: I do also pretend to be a victim everytime they call me both to annoy them for my own entertainment and to learn what they do so I have a fair idea of the first part of the scam.)

First, stop for a moment and consider how EXPLETIVE-DELETED insane it is that we have to even deal with this.

Inter-networking computers is fraught with danger: criminals are attacking your loved ones.

I think it's time for a reboot of the Internet.

The one we have now looks like Disney Land but acts like a back alley in a bad part of Bangkok (apologies to residents of that city, I mean no disrespect.)

I keep my mom's iMac up to date, but she does have admin privileges so she can run the updates, etc.

I removed the Flash player from her machine some time ago, because it now seems to be completely obsolete. (I liked Flash in its day, but it's time has passed.)

AARP still requires Flash for one of its online "Safe Driver" courses. So my mom followed the advice in an AARP User Forum and, of course, got a adware malware installed in her browser.

No matter how many times I tell her to never install _anything_ she'll still wants to prove that she is capable of doing things and gets viruses/malware.

She also gets confused by Google ads. She wanted to add AT&T minutes to her pay-as-you-go phone, searched, and clicked on an ad for a third party minutes reseller (which was filled with AT&T logos) and bought it there. It wasn't such a bad deal, but when she calls me about a message she's getting on her flip phone and mentions company names I've never heard of, I can't help her.

Teach them to be more skeptical/less trusting about all interactions with strangers (not just scam calls). On some level, I don't like doing this because most people are good and skepticism puts a dark cloud over a lot of good/positive human interactions. But, I also hate to see people get tricked and taken advantage of by con men.

The criminals who prey on the elderly using tech scams (I just need your credit card number to deposit the funds) use the same emotional cons and tactics as those who prey on kids (can you help me find my lost puppy) and they ought to be handled the same.

I've found the best way to address this is to deflect the request. Give me your phone number and I'll call you back or let's report the lost puppy to that policeman over there. And, also practice con-like scenarios. Make a game out of it.

> I don't like doing this because most people are good and skepticism puts a dark cloud over a lot of good/positive human interactions.

What I taught my children can be applied here...

Most people are good. Some people are bad. The problem is that you can't tell which is which by looking. Being very cautious, but optimistic, is the way to go here.

Treat every unsolicited call like a sales call. Which it is. If they're pushing you something you didn't ask for, it's sales.

If there's really an issue with your device/account/whatever, you'll know about it.

No legitimate business will threaten and cut you off if you don't do what they're asking right now. Your bank wants your business. They won't just cut you off because you didn't verify your social security number. A legitimate institution will bend over backwards to let you make things right, eventually. Not threaten you right now.

But really, being savvy with tech scams is just being savvy with society in general. So the usual anti-aging, keeping your body and brain active advice apply here as well as anywhere.

My dad uses Linux as I installed it on his computers. He only uses the browser anyway and are very concerned about security in general. So the choice felt very natural.

Otherwise, he basically tells every "seller" to eff off so he probably wouldn't be scammed anyway.

While I don't agree with everything it recommends, the "Little Black Book of Scams" is a good starting point for having a talk with someone who you think is at risk. https://www.interest.co.nz/sites/default/files/embedded_imag... (NZ Version) https://www.accc.gov.au/system/files/Little%20Black%20Book%2... (AUS version)

Moving my grandmother into an assisted living facility stopped all the scam calls.

I understand that’s not an option for everyone. But no amount of education, new devices, etc are going to solve this issue past a certain age/cognitive decline.

I wonder if parental controls would be more palatable if they were called something like "Remote Security Administration" and your child set themselves up as the "administrator" with your permission.

Rather than 2 Factor, could have 2 Person Authentication.

Not just for parents. If say I've rolled in one night, after one too many beers after work, might be handy if my wife had to confirm any random purchases I attempt to make.

I think you're on to something. I get worn out if someone calls me all the time for support. But if I got an email asking me to approve a security action, like downloading a lesser known URL or installing an app, that'd be pretty fine.

And it can be async too (at the cost of convenience): "You will be notified when your download is complete and the security administrator has reviewed it for safety"

I've actually considered doing something similar by proxying all of their web traffic through my server and setting up a dynamic whitelist of domain names. I'd pre-populate it with sites I'm sure are 'safe' and have it send me a notification for anything new. If I approve it, it gets whitelisted.

Sounds pretty easy to implement, but it would take a long time to get my folks used to it and a sibling or two probably wouldn't hurt for efficiency.

This is a great idea. All about not making it seem patronising.

I put my mom on linux. You be surprise how many scammers will hang up as soon as they hear you run linux instead of windows/mac. I went through a phase talking to "windows support" because my evil sister used my moms phone number for something that ended up in there database. I ran through their script a few times typically stopping when they try and get me to install remote access software to see what their end goal was. When I started telling them I ran linux not windows they would hang up.

Aside from what everyone else has said, a Pi-hole (https://learn.adafruit.com/pi-hole-ad-blocker-with-pi-zero-w) costs very little and can be ssh'd into if enabled. One way to add a DNS-level adblocker, although you maybe have to let it act as a DHCP to ensure everything goes through it.

Has a lovely web interface too.

I wouldn't be surprised if there's a blocklist for scams to be included directly as well.

Two simple rules -

1. Don't act immediately (no matter how urgent matter seems to be).

2. When in doubt, check with someone you trust (and first reaction should be 'doubt').

Beyond that, any of following are worthy of being flagged as scam automatically -

1. Call/email from IRS or any other government agency

2. Easy money offers

3. (unfortunately) Anyone asking for help, specifically involving money, that too urgently

4. Anyone asking for password, SSN, financial record acess

Bottomline is that in online world, start point should be doubt followed by questions which help build your trust.

A big one for my parents was setting up their phones and laptops to use 1password (also making sure that iOS used 1password and not the system password remembering). This setup means that if they go to a scam bank site or scam amazon site the password manager won't autofill their credentials.

In addition: their passwords are all shared with me so that when they die or become otherwise incapable I can still manage their affairs.

I told my parents to contact me before responding to any unsolicited email, phone call, or surprise popup no matter how scary any of them may seem.

I started this practice when my stepfather got a fraudulent email pretending to be from me, claiming that I had been arrested in a foreign country and needed him to send a few thousand dollars. He called me, as he was confused about why I left the country without telling anyone, and I straightened him out.

If someone interested in topic I also recommend watching Jim Browning channel[0], most of time he reverse remote access, investigate scammers devices to prevent them or contacts victims to warn them.


give them an ipad. My mom has one and, fortunately, only uses facebook. It's difficult to scam because the attack surface (if that is still a phrase) is pretty low.

I recently got a PC for my youngest because some games he wants to play around't available on OSX. I was amazed, virtually every site and app is constantly trying to trick him into signing up, downloading, or changing security settings. PC's are bad news.

Reading these stories, I see two possible issues. One is pure age, the potential slowing of cognitive processes, to outright dementia in some of them. The other is lack of deep familiarity with technology, which is a symptom of growing up before it was prevalent. When we age, will we be as susceptible? We're tech savvy, but at least at 70+ will we be vulnerable?

It's disappointing that US telecoms are so far behind in shaken/stirred, reputation based call blocking, etc. Email spam is not the problem for me that it was 10+ years ago. Telephone spam and scam, on the other hand, is worse than ever, and rising.

Maybe NLP will get to the point that an automated answering service would pass for human, and screen callers effectively and cheaply.

Of course, if NLP (and speech processing) gets that good, the scammers can just automate their operations and we're in another arms race.

If the arms race includes Lenny, it should be entertaining: https://www.techspot.com/news/77583-lenny-chatbot-trolls-tel...

I was assuming the NLP on the screening side could take advantage of things the scammers don't always know. Like "who are you trying to reach?", for example.

For awhile, I was responsible for all tech support. While this was a pain, it protected my parents from scam support calls. Then, that burden went away. My father now has Alzheimer's, and my mother has no interest in using computers, except minimally. She doesn't even check email. So long as Apple TV doesn't have scammers on it, we're safe for now.

Try showing them some clips from Kitboga [1] — he talks to tech scammers (usually pretending to be an old lady) with the goal of wasting their time, and demonstrating how most tech scams work.

[1]: https://m.youtube.com/channel/UCm22FAXZMw1BaWeFszZxUKw

Easy: just ask the scammer where he calls from, then hang up and call them yourself. If the problem is legitimate, you get to talk to real clerk and resolve it, if not the real person will tell you that. Bonus points: tell them the phone of the scammer and they can do smth about it, like start investigation as to who leaked your data to criminals.

Give them a chromebook. No virus scanner or firewall needed.

It's 2020 and the "Personal Computer" paradigm is past its expiration date.

Want to keep hobbying with Windows and manage your "PC" like a pet, good luck with that!

Hardware should be managed like cattle with a cloud native setup if you ask me.

Racehorse owners loose 90 cent on every dollar invested, cowboys fly helicopters.

I tell this to my in-laws as well, but they don't seem to understand the difference between hackers and privacy invaders. Yes, Apple and Google want to know you, but, in general they know they security stuff and won't try to fool you with it. But they think it's about the same as giving data to hackers that want to scam them. He thinks for example that using a Gmail address as an apple account makes it magically so that both companies now know everything about you. I have a hard time explaining the difference between security/data-protection and hacking.

In a way I understand them. Google wanting to track you is nefarious but still, the security from viruses/hackers/cryptolocking viruses is unmatched for a Chromebook or an iPad.

My own father wants privacy, has has Apple products, he doesn't want (i/any)Cloud, I buy him a Synology NAS saying the data is his, then Photos libraries go corrupt because the NAS does not have APFS attributes (damn thing works for months until it doesn't). What a nightmare. And I'm explaining all this to a man that doesn't really understand where his Browser ends and the internet starts. So he will wonder if his data is on his Macbook because he can see it in the browser logged into the Synolgy. And then he won't close the browser because the Synology is backing up... It's pretty complex if you think about it. I can understand all the distrust.

But if they already own an iPad maybe this metaphor can make it more easy to explain. Chrome OS on a chromebook is like iOS, Windows / MacOS functions like Android. For me this has kept the discussion simple and people already on iOS understand the difference in flavor immediately.

Some people like it if their data is theirs and not on some server being used for personal advertisements.

For the sake of nuance, in 2019 "tech" has been in unfair bad spotlight while it has been a blessing for society.

We literally have magical powers at our fingertips. People however do not want to spend money on the software that makes this possible, period.

We still have companies like Coke that sell sugar water and propel a tsunami of obesitas at scale with an advertisement budget that only recently is surpassed by Google's annual profit.

There is advertisement and advertisement, helping every business with tools to sell more products and services is moving us forward. Google's Chrome OS offering is a clear business contract which has a paid option.

It is up to you if you want to keep using it for free. I hope more of "us" can convince more people to start paying for software services like GSuite and Chrome OS.

And Apple's iCloud runs on Google's Cloud Spanner. So it's the same "server" anyway.

I had a huge issue with this duo my parents being signed up to TalkTalk UK who were hacked. I have my parents phone set up so only whitelisted numbers can phone in. Your phone company is good at this. Their computing devices are iPads. Since their messaging requirements are simple (email and imessaging / Facetiming me).

My parents bought this scam device: https://www.get-enence.com/Enence/EN/001_sc54/index.html

a couple of weeks ago, so I told them to call me before they make any technical purchase/decision.

I pity the scammer that tries to take my mother in. She's incredibly disagreeable. I'd wager that agreeability is a risk factor for this sort of thing. It's almost impossible for legitimate entities to deal with her as well, however.

I don't. They're from a country with sky-high crime rate though so their IRL street smarts are rock solid. Some of that translates to digital scams

Still worried though when their SIM cards got cloned. (banks use cell OTP for 2fa)

I told my parents to always think: “Did I initialize this conversation to begin with?“. If no, don’t act on anything and do your own research and purchase decision.

Workes as a universal solution. Don’t remember where I learned it.

Ask them not to give out any personal details like Name and Address and never reveal bank details to any one on the phone.

No one asks for your credit card numbers through phone. Every one has a payment gateway now a days

an ipad goes a LONG way towards reducing problems.

Get a Logitech external keyboard for it.

I'm not just talking tech scammers. It's just harder to "mess up" the ipad for anyone.

NoMoRobo seems to help (for landlines). But it's not perfect - callers can use random numbers.

Is there a cellphone equivalent?

Or an easy-to-manage whitelist?

Parents? I have to worry about my spouse...

its not just scammers but also questionable charity organizations (could also be scammers). I recall her getting a donation envelope with a dollar amount she agreed to, I called the entity to tell them to F off. The organization dealt with either firefighters or police and bowling.

Set them up with VoIP. Monitor the CDRs.

Not a primary solution, but definitely a secondary safeguard.

Bought them a Mac.

Disable browser extensions. It'll remove 90% of fake and real malware they'll run into.

People do not use IE 8 anymore. This hasn't been true in probably half a decade.

I'm mostly talking about Chrome extensions, though Firefox has its fair share of malicious extensions too.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact