1. Give them a very locked down by default device like an iPad if possible.
2. Set their phone to send everything to voicemail that isn't a contact. Many scams don't leave one & if they do it can be discussed with appropriate people first.
3. Install a browser like Brave or extensions that block most garbage on the internet.
4. Setup their important files & pictures to be backed up automatically to one or more cloud services.
5. Not related to tech scammers, but more the ransom scammers or your grandchild needs money scammers - Always have some type of secret agreed upon phrases or questions that no one would ever know or be able to find out. Even better, make it a question someone could easily search for but have a ridiculous answer that is an inside joke between the two of you.
6. (Geek Bonus) - Enjoy watching social engineering videos together! They're entertaining, informative & I personally think more enjoyable than most of the stuff that passes for movies, sports & TV shows. Ok, this last one is probably not for everyone.
Not really by design, but I have a brilliant method! My mom still has only a land line, and the cord is too short to reach the computer.
She got a fake virus alert on some skeezy website, and she immediately called the number, without checking with me.
They tried to talk her through enabling remote access so they could get in and do whatever horrible thing they intended, but they had to get her to identify her IP address and type a few commands first.
She tried going back and forth from the telephone to the computer in another room, and the scammer finally got angry and screamed at her, "can't you borrow a cellphone from one of your neighbours?" When she told him she couldn't, the man just hurled obscenities and hung up.
These guys really depend upon you being able to talk to them while typing and clicking.
Teach them this simple heuristic:
No tech company these days will ever call a customer, especially not Microsoft.
If you do receive a call from a more traditional institution like a bank, don't divulge any information. All banks have strong identity theft protections in place, but you haven't authenticated the caller. Ask for a reference id so that you can call the company back using a phone number that you yourself looked up on their company web page.
If the caller has any reason not to comply (and they will have plenty of reasons why they can't), or they insist you use a number that they provide, hang up and forget about it.
My parents are both very intelligent. My mom (a PhD) actually fell for one of those pop-ups that warn your computer is infected. It took many phone calls to reverse the automated charges...
That being said, getting my parents from Windows to Mac was to biggest ROI. Before, with Windows and even Malware Bytes Anti-Malware, I had to literally drive home hours for emergency tech support.
However, I’ve educated them against popup clicking now so much that they pointedly ignore Mac update popup notifications. Oh well, it is what it is. And what it is is much better now in Mac land.
Dealing with this with an elderly family member.
We've moved them to all Apple devices. Locked down everything (the account on the Mac is "standard" not Administrator level). Set up a G Suite account with restricted access (cannot install apps, cannot install extensions into Chrome). Use 1Password for passwords, 2FA for all accounts that allow it. Removed Flash early on, removed Java runtime. Turned off auto–update on the Mac and iPhone/iPad.
I initially tried parental controls on the Mac but found it was a nightmare for even their limited use of apps outside of Chrome.
Still after 10+ years of “training” this person to call me for any technical issues I get surprises like yesterday when they wanted to install an “ad blocker that keeps popping up in Chrome”, which was, of course, malware.
Probably will ditch the Mac and switch to a Chromebook later this year.
Education. Whenever I'm talking to my mother about tech I make it as simple and relatable as possible. I drill in a few things:
Passwords are as private as the most embarrassing thing you can imagine. Never give them out to anyone. Ever.
No financial institution will randomly call you unless its a fraud alert. Even then, ask to call back and then call the company using their direct number to verify. Anyone trying to keep you on the line is suspect. You have a right to hang up at any time.
Treat your email address like your home address. Would you randomly give your home address to strangers?
Phone numbers are so easy to fake you could do it on your cell phone. Do not trust caller ID.
If in doubt call your children.
And I do get a lot of calls about everything but I'm glad my mother calls to verify instead of taking a chance. So many older parents stay in parental mode when their children are well into adulthood and tend to trust their judgement before their children's. That or they don't want to bother them or even admit they know less. Hubris and ignorance are the problem.
I don't think there is a magic bullet - and yes I have completely considered adding parental controls.
I think there's probably two prongs of attack. Helping them manage their IT and Scam prevention. Scam prevention covers cold calls "from your bank", random letters in the post, people knocking on the door etc. IT competence is supplementary and confidence here helps prevent the former. e.g. If you've installed every toolbar offered to your browser, then a) You shouldn't be in charge of a browser and b) Are more likely to need the help of MS when they call.
Things I've done, in no particular order:
Offered to be their IT support. If in doubt over anything, please call me first. I don't mind, it's how I can be helpful and show gratitude. If I've called them, I've normally got free time, so good time to ask if there's anything they want me to look at whilst I'm here.
Added their machines to my Google One Backup (or whatever your backup solution of choice is with an online family plan). I've tried leaving them with USB drives to plug in and local backup scheduled, but never seems to work out.
Accept some people shouldn't own a PC. Chromebook/ipad provide most of what they need and are relatively sheltered.
Push them towards online services for say email. Yes, they might be used to Thunderbird that you initially set them up with - but de-corrupting local storage, missing emails from that time they accidentally used POP, hooking in AV, anti-spam etc etc. Gmail (or your provider of preference) handles that for you (and you can just use thunderbird with that if you insist - and it will grab mails from that ISP account you mysteriously are attached to).
Education. Quite surprisingly my PC-cautious relative (never messes up, but refuses to embrace) decided to take a "Computer Driving License" course. I was slightly disparaging to be honest, but she found it interesting - and started realizing what she could do. e.g. Address book previously a txt file (kept on a USB stick for security, naturally), made the switch to Excel and mail-merged the envelopes for the Christmas letter.
I switched my grandparents PC to linux, Ubuntu in particular. It covers everything they want to do (light web browsing, some text processing, printing, transfering images from their phone/camera to the PC). Has been working great for 3yrs now.
I've also noticed that installing adblock helps, since there's less shady stuff to click.
Two things:
- I buy them Apple devices. n=4 here, but it really seems when my family (mom, father-in-law, mother-in-law, and older brother who is borderline tech illiterate) made the switch from Android to iOS devices or even PC to Mac, they just had less of an issue with this. It's anecdotal, I am not a diehard Apple fanboy, but take it for what it is.
- I tell them to always close any and all popups. Point blank, carte blanche, doesn't matter how sincere it seems, or if it even is legitimate, just close it. If there's something she ends up not being able to do eventually she just calls me.
First thing I did when I set them up w/ a PC years ago is send them an email from our President with obfuscated links to something absurd. These brought home the dual points if never trusting the sender's identity and never clicking links. There's be more to it but that's 80% right there.
My dad is good with computers and has a great online-bullshit radar. My mom and aunt are god awful though. My aunt fell for a 'virus scan' scam recently and the fallout was kind of rough to deal with. Full backup of photos & docs, new passwords, and a full factory reset of the computer. Not a fun weekend for her.
My rules for them: 1. If someone calls you from the bank, hang up and call them back from their phone number listed on their website. 2. If a pop-up comes up warning for viruses, call me immediately. 3. If a pop-up comes up warning about governments coming for you, call me immediately. 4. No one on Earth is going to try to give you money for free online.
I've had to answer plenty of calls about online bullshit, but I prefer that than having to try to deal with the Bank after they get scammed.
I recently came across a product that tries to solve exactly this. For $15 a month they give seniors a "personal secretary" who screens calls from unknown numbers.
Recently featured on ProductHunt: https://www.producthunt.com/posts/phonescreen
Their website: https://www.phonescreen.co
Unfortunately my mother trained herself mostly (I do block a bunch of stuff at a DNS level though on her PC), she lives with me and umpteen times a week:
"Can you come here the computer/phone/ipad is saying something, have I been hacked"
- no, it's telling you that you have an email, no it's telling you that you are getting a call, no that's your other son asking you a question...
"How do I save something again"
- you've been working with computers longer than I've been alive... click the save button "where" the disk "where" or go to file save "where is file" points "I don't see it" my finger is touching it!!!
- Are you ^(!@#$@ kidding me
- Look at your paper, you've written this down three times
"How do I save something to my zip disk"
- You don't have a zip disk, you have a usb drive or a thumb drive, you've never had a zip disk, I've never had a zip disk, zip disks were stupid and still are and I don't understand why Amazon has them for sale for so much!
"can you print this for me at work"
- no, I've told you this 37 times, go to FedEx office with your usb drive, I'm not printing 173 pages of whatever that is and risk getting fired
I promise you, it's all a con. There's no way she doesn't know exactly what she's doing and just likes messing with me. I've showed her how to turn the volume up and down on her iPhone at least 100 times. You've got 3 buttons, figure it out mom! I swear I'm going to have a stroke or a heart attack one of these days while showing her how to do something for the 97th time.
My brother on the other hand... when he still lived close it felt like every other week I was reinstalling windows for him. He'd torrent everything, click any link, open ever attachment... eventually I just blocked obscene numbers of domains and ran him through a 'family safe' DNS filter. I don't know what he does now, I guess his teenage step son has to suffer through helping him.
It's pretty bad in Canada - you get really convincing scammers pretending to be our taxation agency pushing you to pay back taxes in iTunes Giftcards.
This is an obvious scam, but for people who aren't up on this and fearful of "the man" I expect these kinds of scams work for every 1 in 100k people at best and are still probably lucrative enough for them to keep going.
The answer for the OP problem and the Canadian problem are the same: the government never calls you, Microsoft never calls you, no tech company will ever call you.
Also want to ask if anyone has a 'parents' Linux setup that has worked well over the years... I tried once maybe 8 years ago and had to figure out how to walk my mom through a kernel panic through the phone... didn't work well :)
I am surprised no one mentioned AdBlock yet. Often you contract an virus/adware/... through and ad, especially when the ad is confused with a feature of the website. I use noscripts also, but that is not for non tech peoples. Apart from that I don't know, maybe, do not give them admin rights on the computer?
Since I gave my dad a Chromebook instead of a Windows machine - I have no problems at all. It is very hard for the tech support scammers to make him install anything on it.
AARP Fraud Watch
https://www.aarp.org/money/scams-fraud/
877-908-3360
AARP puts serious resources into scam prevention. Print the hotline number and tape it up next to their screens and/or land-line phones.
I've convinced many of my loved ones to get two-factor authentication on at least their primary e-mail addresses and to treat everything as something that can be compromised e.g. don't make any of your bank accounts front facing that have any more money in them then you are willing to lose.
Obviously this doesn't protect them against the complete set of problems but it is quick to implement and keeps me from being the personal security manager of those I care about.
At the end of the day if someone is running a sophisticated phishing scam some savvy people are going to fall for it - I think the name of the game is damage mitigation not prevention. As long as you can mitigate people from losing a life changing amount of money I think you've won here.
My mom is 88 yo.
I have installed ChromeOS on her laptop, uBlock in Chrome, set router DNS to my own (which filters out spam, malware, ads etc.).
Set an iPhone option to accept only calls from Contacts. I am also going through call lists periodically and block marketing calls etc.
I have also cut the cord on land line.
I will add to this for small business owners, my parents who have a restaurant got contacted by "Google maps support" who had tricked Google maps to have a wrong address for the place, and then contacted them to "resolve the issue with a fee".
Have them watch Kitboga. https://kitboga.com/
This is something I've been thinking about for a while. If my dad goes before my Mom, I want to set something up to protect my Mother. She's an extremely trusting person, and generally not good at understanding the things she signs. I don't want to take autonomy from her, but I'd like to set something up so any purchase over some set threshold would need to be verified by either my brother or myself. My Dad is probably going to leave her with a pretty decent nest egg... and I really worry about her, especially since both my brother and I live in another State.
A good hosts file will help, a lot.
https://github.com/StevenBlack/hosts
Disclosure: there are many like it, but this one's mine.
Teach everyone you know few simple rules:
1. Never provide anyone any information on a call you receive. If you receive a call, go wit the expectations that it is a scam/spam. If it seems genuine, you call them back using a number from their website. Don't call back on a number provided by the caller.
2. Don't pick up unknown numbers.Let them leave a voicemail.
3. Most Govt. orgs or banks will not call you to request personal information over phone at least in the United States.
4. There are common scams/spams including Windows/Tech Support, IRS, You have won a vacation scam etc. Don't ever believe those. They are always a scam.
5. Never ever click/download a link/attachment on an email that you are not sure about.
6. Teach everyone how to read email headers if possible to verify the sender. It is too easy to spoof the from name/email. Fun fact: my wife recently received emails from ME (obviously not) asking her to wire money for some urgent need. lol. But she almost fell for it and I was shocked. The reason was email spoofing. I immediately showed her how to check the headers.
Most importantly, teach your parents or other non tech savvy friends/family to never trust anyone over the phone or email even if it seems like someone they know. Always be suspicious. It is ok to do so.
Oh and as the tax season approaches, the IRS scammers will be out in full force. Make sure that everyone knows IRS NEVER CALLS you especially to ask for money. IRS will always send you a registered letter in mail, always.
This is nore realistic than a number of people realize I think:
I happen to be known as a nice sysadmin and therefore people call me so I got a number of stories.
Many of my older friends and relatives are somewhat immune as their technical English just isn't good enough.
I find the persons who call are mostly 25-35 year olds (I had one older acquaintance who taught highly technical subjects at university level who installed various cleaners that were clearly scams to me but I'll leave him out and focus on the telephone tech support scams.)
Most of the cases we've managed to stop somehow. The one were I didn't manage to stop it in time or get the money back was actually a young accountant who got his personal checkings account emptied.
One thing I've noticed is that several of the people who fall for it are surprisingly smart.
In the last case I interviewed the victim for 20 minutes afterwards and what shook me was how she had no recollection of anything between the start of the call and when she was pulling out her second credit card.
This suggests to me that the best scammers are kind of good with something NLP-line or something.
(FTR: I do also pretend to be a victim everytime they call me both to annoy them for my own entertainment and to learn what they do so I have a fair idea of the first part of the scam.)
First, stop for a moment and consider how EXPLETIVE-DELETED insane it is that we have to even deal with this.
Inter-networking computers is fraught with danger: criminals are attacking your loved ones.
I think it's time for a reboot of the Internet.
The one we have now looks like Disney Land but acts like a back alley in a bad part of Bangkok (apologies to residents of that city, I mean no disrespect.)
I keep my mom's iMac up to date, but she does have admin privileges so she can run the updates, etc.
I removed the Flash player from her machine some time ago, because it now seems to be completely obsolete. (I liked Flash in its day, but it's time has passed.)
AARP still requires Flash for one of its online "Safe Driver" courses. So my mom followed the advice in an AARP User Forum and, of course, got a adware malware installed in her browser.
No matter how many times I tell her to never install _anything_ she'll still wants to prove that she is capable of doing things and gets viruses/malware.
She also gets confused by Google ads. She wanted to add AT&T minutes to her pay-as-you-go phone, searched, and clicked on an ad for a third party minutes reseller (which was filled with AT&T logos) and bought it there. It wasn't such a bad deal, but when she calls me about a message she's getting on her flip phone and mentions company names I've never heard of, I can't help her.
Teach them to be more skeptical/less trusting about all interactions with strangers (not just scam calls). On some level, I don't like doing this because most people are good and skepticism puts a dark cloud over a lot of good/positive human interactions. But, I also hate to see people get tricked and taken advantage of by con men.
The criminals who prey on the elderly using tech scams (I just need your credit card number to deposit the funds) use the same emotional cons and tactics as those who prey on kids (can you help me find my lost puppy) and they ought to be handled the same.
I've found the best way to address this is to deflect the request. Give me your phone number and I'll call you back or let's report the lost puppy to that policeman over there. And, also practice con-like scenarios. Make a game out of it.
Treat every unsolicited call like a sales call. Which it is. If they're pushing you something you didn't ask for, it's sales.
If there's really an issue with your device/account/whatever, you'll know about it.
No legitimate business will threaten and cut you off if you don't do what they're asking right now. Your bank wants your business. They won't just cut you off because you didn't verify your social security number. A legitimate institution will bend over backwards to let you make things right, eventually. Not threaten you right now.
But really, being savvy with tech scams is just being savvy with society in general. So the usual anti-aging, keeping your body and brain active advice apply here as well as anywhere.
My dad uses Linux as I installed it on his computers. He only uses the browser anyway and are very concerned about security in general. So the choice felt very natural.
Otherwise, he basically tells every "seller" to eff off so he probably wouldn't be scammed anyway.
While I don't agree with everything it recommends, the "Little Black Book of Scams" is a good starting point for having a talk with someone who you think is at risk. https://www.interest.co.nz/sites/default/files/embedded_imag... (NZ Version) https://www.accc.gov.au/system/files/Little%20Black%20Book%2... (AUS version)
Moving my grandmother into an assisted living facility stopped all the scam calls.
I understand that’s not an option for everyone. But no amount of education, new devices, etc are going to solve this issue past a certain age/cognitive decline.
I wonder if parental controls would be more palatable if they were called something like "Remote Security Administration" and your child set themselves up as the "administrator" with your permission.
I put my mom on linux. You be surprise how many scammers will hang up as soon as they hear you run linux instead of windows/mac. I went through a phase talking to "windows support" because my evil sister used my moms phone number for something that ended up in there database. I ran through their script a few times typically stopping when they try and get me to install remote access software to see what their end goal was. When I started telling them I ran linux not windows they would hang up.
Aside from what everyone else has said, a Pi-hole (https://learn.adafruit.com/pi-hole-ad-blocker-with-pi-zero-w) costs very little and can be ssh'd into if enabled. One way to add a DNS-level adblocker, although you maybe have to let it act as a DHCP to ensure everything goes through it.
Has a lovely web interface too.
I wouldn't be surprised if there's a blocklist for scams to be included directly as well.
Two simple rules -
1. Don't act immediately (no matter how urgent matter seems to be).
2. When in doubt, check with someone you trust (and first reaction should be 'doubt').
Beyond that, any of following are worthy of being flagged as scam automatically -
1. Call/email from IRS or any other government agency
2. Easy money offers
3. (unfortunately) Anyone asking for help, specifically involving money, that too urgently
4. Anyone asking for password, SSN, financial record acess
Bottomline is that in online world, start point should be doubt followed by questions which help build your trust.
A big one for my parents was setting up their phones and laptops to use 1password (also making sure that iOS used 1password and not the system password remembering). This setup means that if they go to a scam bank site or scam amazon site the password manager won't autofill their credentials.
In addition: their passwords are all shared with me so that when they die or become otherwise incapable I can still manage their affairs.
I told my parents to contact me before responding to any unsolicited email, phone call, or surprise popup no matter how scary any of them may seem.
I started this practice when my stepfather got a fraudulent email pretending to be from me, claiming that I had been arrested in a foreign country and needed him to send a few thousand dollars. He called me, as he was confused about why I left the country without telling anyone, and I straightened him out.
If someone interested in topic I also recommend watching Jim Browning channel[0], most of time he reverse remote access, investigate scammers devices to prevent them or contacts victims to warn them.
[0]https://www.youtube.com/channel/UCBNG0osIBAprVcZZ3ic84vw/vid...
give them an ipad. My mom has one and, fortunately, only uses facebook. It's difficult to scam because the attack surface (if that is still a phrase) is pretty low.
I recently got a PC for my youngest because some games he wants to play around't available on OSX. I was amazed, virtually every site and app is constantly trying to trick him into signing up, downloading, or changing security settings. PC's are bad news.
Reading these stories, I see two possible issues. One is pure age, the potential slowing of cognitive processes, to outright dementia in some of them. The other is lack of deep familiarity with technology, which is a symptom of growing up before it was prevalent. When we age, will we be as susceptible? We're tech savvy, but at least at 70+ will we be vulnerable?
It's disappointing that US telecoms are so far behind in shaken/stirred, reputation based call blocking, etc. Email spam is not the problem for me that it was 10+ years ago. Telephone spam and scam, on the other hand, is worse than ever, and rising.
Maybe NLP will get to the point that an automated answering service would pass for human, and screen callers effectively and cheaply.
For awhile, I was responsible for all tech support. While this was a pain, it protected my parents from scam support calls. Then, that burden went away. My father now has Alzheimer's, and my mother has no interest in using computers, except minimally. She doesn't even check email. So long as Apple TV doesn't have scammers on it, we're safe for now.
Try showing them some clips from Kitboga [1] — he talks to tech scammers (usually pretending to be an old lady) with the goal of wasting their time, and demonstrating how most tech scams work.
Easy: just ask the scammer where he calls from, then hang up and call them yourself. If the problem is legitimate, you get to talk to real clerk and resolve it, if not the real person will tell you that. Bonus points: tell them the phone of the scammer and they can do smth about it, like start investigation as to who leaked your data to criminals.
Give them a chromebook. No virus scanner or firewall needed.
It's 2020 and the "Personal Computer" paradigm is past its expiration date.
Want to keep hobbying with Windows and manage your "PC" like a pet, good luck with that!
Hardware should be managed like cattle with a cloud native setup if you ask me.
Racehorse owners loose 90 cent on every dollar invested, cowboys fly helicopters.
I had a huge issue with this duo my parents being signed up to TalkTalk UK who were hacked. I have my parents phone set up so only whitelisted numbers can phone in. Your phone company is good at this. Their computing devices are iPads. Since their messaging requirements are simple (email and imessaging / Facetiming me).
My parents bought this scam device: https://www.get-enence.com/Enence/EN/001_sc54/index.html
a couple of weeks ago, so I told them to call me before they make any technical purchase/decision.
I pity the scammer that tries to take my mother in. She's incredibly disagreeable. I'd wager that agreeability is a risk factor for this sort of thing. It's almost impossible for legitimate entities to deal with her as well, however.
I don't. They're from a country with sky-high crime rate though so their IRL street smarts are rock solid. Some of that translates to digital scams
Still worried though when their SIM cards got cloned. (banks use cell OTP for 2fa)
I told my parents to always think: “Did I initialize this conversation to begin with?“. If no, don’t act on anything and do your own research and purchase decision.
Workes as a universal solution. Don’t remember where I learned it.
Ask them not to give out any personal details like Name and Address and never reveal bank details to any one on the phone.
No one asks for your credit card numbers through phone. Every one has a payment gateway now a days
an ipad goes a LONG way towards reducing problems.
Get a Logitech external keyboard for it.
I'm not just talking tech scammers. It's just harder to "mess up" the ipad for anyone.
NoMoRobo seems to help (for landlines). But it's not perfect - callers can use random numbers.
Is there a cellphone equivalent?
Or an easy-to-manage whitelist?
Parents? I have to worry about my spouse...
its not just scammers but also questionable charity organizations (could also be scammers). I recall her getting a donation envelope with a dollar amount she agreed to, I called the entity to tell them to F off. The organization dealt with either firefighters or police and bowling.
Set them up with VoIP. Monitor the CDRs.
Not a primary solution, but definitely a secondary safeguard.
Bought them a Mac.
Disable browser extensions. It'll remove 90% of fake and real malware they'll run into.
simple... they call me first.
if there is one thing i have _never_ done to my parents, or _anyone_ for that matter, is make fun of them if they call me and ask me for my professional opinion in tech matters. this has extended to situations when they think the situation is shoddy like they are being taken in a scam. i think _this_ is the single reason why my parents have never fell victim to scams. i feel that _most_ parents, or elderly people for that matter, fall victim cause they feel pressure from both ends... the first being the scammers themselves, the second being scared to ask _anyone_ if the situation is legit for fear of being made fun of.
_noone_ should feel scared of being ridicule when asking any question regarding their safety or well-being.