What was the scam about? Scammer told her to withdraw cash and bring it home…

My mom (63) opened her laptop yesterday and saw an error message saying she was hacked. The message gave a “Microsoft” number to call to fix the virus.

She called the number and immediately got someone on the line.

Microsoft (scammer): “Yes, it seems like you’ve been hacked. Let me run a report.”

My mom watches as a “report” is run on her computer. The report claims that she has adult content, including things with minors, and says her phone is hacked too. During this, she can’t use the keyboard, mouse, or trackpad.

Microsoft (scammer): “Since the report mentions content with minors, I’d recommend contacting your bank. Can you give me the phone number from your debit card? I’ll send them a message and have them call you. Also, share your contact info with me.”

My mom types her details into a Sticky Note on her computer, which the scammer can see

Name
Phone
Email address
Home address

Then a new person calling from the bank calls my mom: “Hi, this is your bank. I see a $15k withdrawal scheduled for later today. I can’t stop it. You should go to the bank and withdraw the money before it happens. Here’s a new phone number. It’s a secure line directly to me. When you get there, call me and stay on the line with me while you speak with the teller. Take the cash home with you.”

At this point, my dad calls me and quickly explains the situation. I tell my mom she’s being scammed and to hang up, then call her bank directly.

Bank (real): “No, there’s no withdrawal scheduled.”

We haven’t heard from the scammers since, and my parents took the laptop to tech support to get wiped. They’re locking down all financial accounts and changing passwords.

(1) What exactly was the scam? What were the scammers going to do once she withdrew the cash? Were they planning to show up at her house because they have her address?

(2) What other steps should we take now to protect her? I assume they’ll try to sell her details, but they didn’t get any banking info, and as far as I know, her email wasn’t hacked (though I’m not totally sure on that one).

Thanks for reading and sharing your thoughts!

If you think you might have malware on your computer or are trying to clean it up, check out this malware guide.

Please ignore if this advice doesn’t apply to your situation.

I’m a bot, and this action was done automatically. If you need help, contact the moderators of this forum.

They have her address, so it’s possible they were planning to rob her house once they knew she had cash there.

Blue said:
They have her address, so it’s possible they were planning to rob her house once they knew she had cash there.

Do you think it’s still a risk if they didn’t confirm that she withdrew the money? Is she safe at home right now?

@PixelVoyager2
I don’t think it’s an immediate risk, but since she’s easily convinced over the phone, they might try to get her to withdraw more money.

They would likely ask her to meet with the cash in person. If they still pretended to be the bank, they could arrange for her to deposit the money in a ‘safe’ account or even send a courier to collect it.

@Cameron
Would they meet her with the cash? Would they still pretend to be the bank? How would buying gift cards help them?

There’s a series in the UK called Scam Interceptors. The team, with help from an ethical hacker, watches scam call centers live. They talked about this exact scam two days ago. Once they get the money, they might ask her to mail it, or they could follow her after she withdraws it. If they know which branch she’s going to, someone might steal the money after she leaves the bank, or they could go to her house to collect it. It’s a fascinating show.

@LogicLuminary
Thanks for the tip! I’ll check out the episode. The scammers seemed like they might be from South Asia, but they called from a number in Texas, while my mom lives on the East Coast (USA).

@PixelVoyager2
It’s on BBC. I haven’t been to the US in a while, but I think some areas have access to BBC shows.

This is a common scam. Sometimes, they pretend to be the police and ask you to help catch criminals by withdrawing money. Other times, like in this case, they talk you through withdrawing money, then find a way to get control of it, like asking you to deposit it in a ‘safe’ bank account.

Since she let them into her computer, you don’t know if they still have remote access. I’d disconnect it from the internet, wipe it, and reinstall the system to make sure it’s clean.

@Terryanne
I see! I didn’t realize there were different versions of this scam.

My parents took the laptop to Best Buy to get it wiped. As far as I know, they haven’t turned it back on or connected it to WiFi. Should we just start fresh with a new computer?

@PixelVoyager2
Good question. Personally, I’d wipe it myself and install from a USB drive with Windows install media. It depends on whether Best Buy wiped it using a USB thumb drive or just did a system restore. A full wipe will clean everything. Here’s a Microsoft link on how to create installation media.

Microsoft Installation Media Link

Once you’re sure the laptop is clean, make sure all online accounts are secured—check recovery emails and phone numbers, remove any devices linked to the accounts, change passwords to strong ones (use a password manager), and use two-factor authentication. The authenticator app is best, not SMS/email, since someone who had remote access to the laptop could easily grab those codes from your email.

@Terryanne
This is really helpful! Thanks so much!

I just learned about physical security keys. Is an authenticator app similar to a security key?

PixelVoyager2 said:
@Terryanne
This is really helpful! Thanks so much!

I just learned about physical security keys. Is an authenticator app similar to a security key?

Yes, when you link an account to an authenticator app, you scan a QR code that connects the service to the app. The app then generates a 6-digit code. The app counts as ‘something you have,’ while the password is ‘something you know.’ You can use Google, Microsoft, or other apps for this.

@PixelVoyager2
It’s not required, but doing a fresh Windows install from a USB drive is a good idea.

They probably planned to use her as a money mule.

JasonJr said:
They probably planned to use her as a money mule.

What does that mean?

PixelVoyager2 said:

JasonJr said:
They probably planned to use her as a money mule.

What does that mean?

It means they find someone in the US to move the money for them, and then it gets sent back to the scammers.