One afternoon in December 2019, Kathleen Langer, an elderly grandmother who lives by herself in Crossville, Tenn., got a phone call from a person who said he worked in the refund department of her computer manufacturer. The reason for the call, he explained, was to process a refund the company owed Langer for antivirus and anti-hacking protection that had been sold to her and was now being discontinued. Langer, who has a warm and kind voice, couldn’t remember purchasing the plan in question, but at her age, she didn’t quite trust her memory. She had no reason to doubt the caller, who spoke with an Indian accent and said his name was Roger.
He asked her to turn on her computer and led her through a series of steps so that he could access it remotely. When Langer asked why this was necessary, he said he needed to remove his company’s software from her machine. Because the protection was being terminated, he told her, leaving the software on the computer would cause it to crash.
After he gained access to her desktop, using the program TeamViewer, the caller asked Langer to log into her bank to accept the refund, $399, which he was going to transfer into her account. “Because of a technical issue with our system, we won’t be able to refund your money on your credit card or mail you a check,” he said. Langer made a couple of unsuccessful attempts to log in. She didn’t do online banking too often and couldn’t remember her user name.
Frustrated, the caller opened her bank’s internet banking registration form on her computer screen, created a new user name and password for her and asked her to fill out the required details — including her address, Social Security number and birth date. When she typed this last part in, the caller noticed she had turned 80 just weeks earlier and wished her a belated happy birthday. “Thank you!” she replied.
After submitting the form, he tried to log into Langer’s account but failed, because Langer’s bank — like most banks — activates a newly created user ID only after verifying it by speaking to the customer who has requested it. The caller asked Langer if she could go to her bank to resolve the issue. “How far is the bank from your house?” he asked.
A few blocks away, Langer answered. Because it was late afternoon, however, she wasn’t sure if it would be open when she got there. The caller noted that the bank didn’t close until 4:30, which meant she still had 45 minutes. “He was very insistent,” Langer told me recently. On her computer screen, the caller typed out what he wanted her to say at the bank. “Don’t tell them anything about the refund,” he said. She was to say that she needed to log in to check her statements and pay bills.
Langer couldn’t recall, when we spoke, if she drove to the bank or not. But later that afternoon, she rang the number the caller had given her and told him she had been unable to get to the bank in time. He advised her to go back the next morning. By now, Langer was beginning to have doubts about the caller. She told him she wouldn’t answer the phone if he contacted her again.
“Do you care about your computer?” he asked. He then uploaded a program onto her computer called Lock My PC and locked its screen with a password she couldn’t see. When she complained, he got belligerent. “You can call the police, the F.B.I., the C.I.A.,” he told her. “If you want to use your computer as you were doing, you need to go ahead as I was telling you or else you will lose your computer and your money.” When he finally hung up, after reiterating that he would call the following day, Langer felt shaken.
posted by f.sheikh