Targeting the Elderly – One Man’s Story:

 

On January 20, 2020, an 81-year old man we’ll call Mark (to protect his identity) received a phone call just after 3:30 pm.  Mark lives alone in his apartment, has limited mobility and, like many senior citizens, has some memory recall and cognitive issues.  This is his story, pieced together from what he told us just an hour or so after that phone call of January 20, and what we found on his Apple computer five days later when we paid him a visit.

 

Before we describe how badly he was victimized (though it could have been soooo much worse!) we want to point out the obvious.  Criminals knew exactly who they had on the phone… A single, elderly gentleman of some limited means and mobility. However, rather than back off for fear of doing such a person significant harm, these bastards did everything they could to steal from him.  They have no empathy and they certainly don’t care who they victimize and the price paid by the victim, both monetarily and emotionally.

 

Mark told us that he recalls the caller asking something about his Amazon account.  Believe it or not, Mark doesn’t have an Amazon account and told that to the caller. The caller had an accent. Apparently, the caller was able to quickly divert the question to a Mastercard account and convince Mark that there was an issue with his account.  The details of that conversation are unknown to us because Mark can’t remember them. However, with his permission, we can clearly document a great deal about what these criminals tried to do to Mark based on the browsing history on his computer and emails, both deleted and not, left by the criminals once they took over his computer.  

 

It is clear to us that a professional team of people targeted Mark.  No doubt, while talking to Mark on the phone, other team members were looking up detailed information about him and others were manipulating his computer and email account. He was victimized over a 77 minute period of time.  Shortly after answering the phone, Mark was tricked into visiting FastConnect[.]us to download and install software that would allow the criminals to take control over Mark’s computer remotely.  “FastConnect[.]us” appears to be a remote desktop connection software company based in the United States (.us). However, a WHOIS lookup clearly shows that the domain FastConnect[.]us was registered by someone in New Delhi, India in 2017 and the website is being hosted on a server in Mumbai, India.  This company has no more connection to the United States than the Taj Mahal does.

 

Once these criminals had control over Mark’s computer they moved quickly while the man on the phone with Mark was manipulating him to give up information.  Lots of information. The graphic below shows the web browsing history of Google Chrome, showing all the websites visited by the criminals. We will list below the sequence of events that took place to victimize Mark.  It is also important to note that these criminals are so very thorough that they launched Safari on Mark’s computer to check to see if he accessed any accounts from that browser or kept any passwords stored in that browser that they could monetize.  Mark never used Safari and within seconds they were deep into Google Chrome.

 

3:35 PM: Mark was tricked into downloading and installing remote control software from FastConnect[.]us.

3:47 – 3:53 PM: Gained access to Mark’s personal Gmail account; searched for information they could monetize such as locating other accounts, passwords and personal data. They discovered information about a Verizon online account.

3:47 PM: Attempt to log into Mark’s non-existent Amazon account. (Mark may have been confused and told them he wasn’t sure he had an Amazon account.)  The criminals quickly gave up.

3:53 PM: Change the password to Mark’s Gmail account, locking him out.

 

3:53 PM: Log into Mark’s Verizon account, no doubt, to try to make purchases of phones or gift cards that could be shipped to them or co-conspirators.  However, they quickly abandoned that idea because Mark had never set up his Verizon account to pay bills or make purchases online. There was no information stored in the account that could be monetized. (Doug from TDS helped Mark change the password to this account after verifying that nothing harmful had been done through it.)

 

3:56 PM: The criminals visited RemotePC.com, downloaded and installed additional or better software to take control over Mark’s computer.

 

4:07 PM: Through manipulation, the criminals learned the name of Mark’s personal bank in Canton, Massachusetts. They found the bank online and immediately tried to enroll him for online banking. However, after 12 minutes of trying, they were unable to enroll him or log into the bank as him.  Thankfully, Mark tells us that he never does any banking online and his bank doesn’t even know his email address.

 

4:19 – 4:40 PM: We have no records of any browsing activity on Mark’s computer during these 21 minutes.  It is quite likely that this is when the call with Mark ended. The criminals may have waited a short period of time before they saw remotely that his computer was not being used.  Perhaps Mark went to use the bathroom during this time. But their remote control software was still up and running on his computer.

4:40 PM: The criminals visited the Chrome Extension website and by 4:41 PM, had downloaded and installed the Chrome extension called FEA Keylogger.”  FEA Keylogger is a computer program that records and saves to a file all keystrokes made by a person on their computer.  There is a YouTube video showing how it can be used to steal someone’s account information on YouTube that SHOULD be taken down.  The video is called “Hacking with Keylogger.”  This extension allows someone to monitor everything that is typed into a website, including financial account websites.  Clearly, these criminals were planting a way to monitor Mark’s activities.

4:44 PM: The criminals set up a Western Union account in Mark’s name using Mark’s email address. Remember, they had already locked him out of his own email and they had full control of it.  We first found emails about his “new” Western Union account in his email trash.

4:51 PM: The criminals tried to wire $370 to someone in Columbia named Danna Valeria Castro Villamil by using Mark’s personal contact information AND his Mastercard information which they had clearly manipulated him into revealing.

Fortunately, Mastercard recognized the money transfer as fraudulent and cancelled it.  This also prompted Mastercard to put a freeze on Mark’s account. He discovered this when he called them at about 6:15 PM on January 20.  Doug from TDS spoke to Mark at about 6:00 PM on January 20 but only pieced together all of the details above after visiting Mark on January 25.  During Doug’s visit, he was able to recover Mark’s email account.

 

If Mark had been enrolled in online banking prior to this tragic phone call, this story would have ended up so much worse.  The criminals might have wiped out his life’s remaining savings IF the bank didn’t flag and stop large transfers of funds from his accounts.  We urged Mark to contact his bank first thing the next morning and inform them what had happened AND that the criminals had tried to enroll an online account in his name.  He told us the next afternoon via phone that the bank verified that no monies had been moved out of his account during the previous day and they set up new accounts for him.

 

Sadly, Mark’s experience happens all too often to the elderly.  In fact, we also spoke recently to an 88-year old man who fell for a pop-up saying that his computer had a virus and he needed to call an “Apple computer support” phone number for help to remove it.  $600 was then charged to this man’s computer and the criminals similarly installed software taking control of his computer and stole his email account. This 88-year old told us without hesitation that he thinks criminals who are convicted of victimizing the elderly like this ought to have a hand cut off, or an eye punctured.  As you might guess, this man was very upset by what had happened to him.

 

These experiences should make it extremely obvious that everyone, especially the elderly, be informed NEVER to answer calls from phone numbers they do not recognize.  And, NOT TO BELIEVE messages that may be left saying that there is a problem with their account that requires them to call back a phone number. If they think there is a problem with any account they have, they should enlist the help of someone who can look up the REAL and VERIFIABLE telephone number for that account, if they don’t already have it!

 

Not unrelated, if you have elderly parents or grandparents with financial accounts, Apple, Verizon, AT&T or other accounts, it would be extremely helpful to have another trusted relative’s name on that account who can stay informed and speak on behalf of that elderly person.  Especially a bank account! Most bank accounts nowadays allow people to set up limits and alerts on the transfer of money out of an account. Ask about this ability with your own account. If your bank doesn’t offer it, time to look for a new bank!