The most recent AARP newsletter has an article about the “grandparent scam.” A retired person asked me about it and we had a good discussion about potential future variants of it. First of all, this isn’t new. In fact, AARP wrote about it four years ago. Some thoughts beyond what is in the article:
- Never give any personal information or financial information if you didn’t initiate the phone call in the first place. I’d say banks and such don’t call and ask for personal information except that one did. The solution was to call back to the known number of the branch.
- Don’t rely on caller id. It can be spoofed with your child/grandchild’s phone number.
- I’d like to think a grandparent/parent would recognize their child’s voice. But if not, ask questions. And not questions like your pets name or mother’s birth date. The former is likely on Twitter/Facebook. And mother’s birth date is in the public record so a horrible security question in any case. I’m talking questions that are hard to search for an answer to if you don’t already know them like “remember when I visited you in Arizona two years ago” and see if they know that never happened. Or “what’s the last injury you had” since that is hard to search for.
- Verify using another channel. Ask for a number to call back. The police or hospital or any legit emergency would give you one. (and verify this is the right number; don’t just call back.) Then call the person on their known telephone numbers. Call their relatives. Send a text. Odds are the person really is ok.
- Don’t wire money or buy a pre-paid cash card or buy BitCoin to pay someone who called you. Hospitals take this lovely thing called a credit card. Even if someone is arrested, you can call a local bail bondsman and pay them and they will pay the local jail. (At least that’s what the internet says; I’ve never been in a position to find out if that is true!). Which goes back to you initiating the transaction.
The point that a lot of information is online is a good one. And that’s just what we know about. Think about how many websites have been hacked in the last five years. That means your “security questions” aren’t safe. Also, the “bad guys” don’t limit themselves to google. Paying for a background check would yield more info if someone wants to target you. And the dark web probably has all sorts of information.