security

How con artists use AI, apps, social engineering to target parents, grandparents for theft – CBS News


More Americans than ever rely on alarm systems, gates or doorbell cameras to help protect their families. But statistically, you are now more likely to be the victim of theft online than a physical break in at home.

A new report from the FBI reveals that Americans lost more than $10 billion last year to online scams and digital fraud.  

People in their 30s – who are among the most connected online – filed the most complaints. But we were surprised to learn the group that loses the most money to scammers… is seniors.  

Tonight, we will show you how cyber con artists are using artificial intelligence, widely-available apps and social engineering to target our parents and grandparents. 

Susan Monahan: It’s like a death in the family, almost.   

Tamara Thomas: Well, she worked so hard, you know.   

Susan Monahan: For my money. I sure have.  

Susan Monahan and her daughter, Tamara, are talking about how the 81-year-old was conned out of thousands of dollars in what law enforcement calls a “grandparent scam.”  

Tamara Thomas and her mother Susan Monahan

60 Minutes


Sharyn Alfonsi: Tell me about the call that you got.  

Susan Monahan: There was a young adult on the line saying, “Grandma, I– I need your help,” in a frantic voice, scared, saying– “I was driving and suddenly there was a woman stopped in front of me. She’s pregnant, and I hit her.” And “they’re gonna take me to jail,” and, and, “Grandma, please don’t call my mom and dad, because I don’t want them to know.” And I said, “Brandon, it doesn’t sound like you.” He said, “Oh, I have a cold, Grandma.”

Sharyn Alfonsi: You think it’s your grandson?

Susan Monahan: I do. And he said, “Grandma, a friend of mine has an attorney that we can, that we can use, and that we can do something about me going to jail.” And I said, “Yes, of course.”

Monahan said the scammer – pretending to be a helpful attorney – got on the line. It was  June of 2020, during the pandemic, and he promised to keep her grandson out of jail, if she could get $9 thousand for bail to him quickly.

Sharyn Alfonsi: What other instructions were you given?

Susan Monahan: I needed to make an envelope that was addressed to this certain judge, that he was gonna coordinate this through, and write on there and they gave me the name, the address, and everything else for this envelope.  

Sharyn Alfonsi: Did it sound pretty legitimate?   

Susan Monahan: Oh, absolutely. He had the legalese. 

Monahan is a tax preparer – with an MBA. The scammer kept her on the phone as she rushed to the bank. 

Sharyn Alfonsi: What’d he say?

Susan Monahan: He said, “when you go there, make sure you tell them that it’s for home improvements, ’cause they might question the fact that you’re withdrawing $9,000.” 

Minutes after Monahan got home with the cash… a courier showed up to take it. This is video from the doorbell camera. You can hear Monahan on the phone with the scammer as she hands off the money.

Susan Monahan: He said to move your butt ’cause they’re on a deadline. 

Courier: OK, have a great day.

She says as soon as the courier left and the adrenaline left her body… she was filled with a sick feeling she’d been scammed.

Tamara Thomas: It’s just devastating. 

Sharyn Alfonsi: What did they do to your mom? Beyond the money, beyond taking $9,000 from her?  

Tamara Thomas: Well, it’s your livelihood. I’m sorry. It just gets you, like, in your gut.  

The Federal Trade Commission reports scams like these… skyrocketed 70% during the pandemic when seniors, home alone, went online to shop or keep in touch with family.

Ester Maestre, Ron Attig, Steve Savage, Judy Attig (left-right) talk about digital theft. 

60 Minutes


Sharyn Alfonsi: How much money were you scammed out of?

Ester Maestre: $11,300.

Steve Savage: $14,000.

Judy Attig: $7,600.

Judy Attig and her husband Ron, a retired ironworker, were victims of the same “grandparent scam” as Susan Monahan. That’s the view from their doorbell camera… as the same courier took off with $7,600 of their savings.

Sharyn Alfonsi: $7,600 hits hard. 

Ron Attig: Oh yeah–

Judy Attig: Well, that was for, you know, if we wanted to go on a trip or something. It was terrible. I was a mess. 

Steve Savage, a retired scientist, was scammed when he opened a fake email from the Geek Squad.

Steve Savage: The email said that, “Your bank account is being charged $399 for another year.” And I’m like, “Wait a minute, I don’t remember it being anywhere close to that.”

The customer service number went to a scammer posing as a representative of the company. Savage was duped out of $14 thousand.   

Ester Maestre was scammed too. The retired nurse says an alarm sounded on her iPad with a message to call “tech support.” She did.

Ester Maestre: He said that, “last night between 4 and 9 p.m. your bank account has been hacked.”

Sharyn Alfonsi: And your heart probably stopped.

Ester Maestre: Oh, you know, I felt so nervous. But he said, “I am going to transfer you to another guy who’s a security at Chase Bank.” 

That fake bank employee told her hackers might be able to access her bank account and instructed her to immediately withdraw money and deposit it into a new account for safe keeping. Maestre  did and lost $11 thousand. 

Sharyn Alfonsi: And have you been able to recover any of your money?

Ester Maestre: Nothing.

Sharyn Alfonsi: Nothing.

Ester Maestre: I’m the one that pulled the money out of the bank, so I won’t be reimbursed. 

Sharyn Alfonsi: If your house gets broken into, you call the police. If this happens–  

Scott Pirrello: There’s no one to call. 

Scott Pirrello, a deputy district attorney who runs San Diego’s Elder Justice Task Force, walks with Sharyn Alfonsi.

60 Minutes


Scott Pirrello is a deputy district attorney who runs San Diego’s Elder Justice Task Force and connected us to the victims you just heard from. He says studies show only one in every 20 seniors who’ve been scammed, report it. Often, they’re embarrassed.

Scott Pirrello: Most people who have not experienced this think, “Well, these people must have dementia or Alzheimer’s.” It’s not the case. Our victims are sharp as a tack. We had a woman, 66 years old, she came home, she got a message on her computer from Microsoft and the message said that she had a virus on her computer. And then that virus had somehow infected her financial accounts. Within a matter of weeks this victim had lost $800,000.

Sharyn Alfonsi: Oh my gosh.

Scott Pirrello: The scariest part of these scams is that these victims have no recourse. They’re left bewildered.

Sharyn Alfonsi: What typically happens?

Scott Pirrello: The seniors that have the courage to report that this has happened are being told that, “I’m sorry, there’s nothing we could do.” And that is the reality, that a local police detective in Kansas City doesn’t have the reach to go investigate a case that’s being operated from the Caribbean, or from Nigeria, or Ghana.

Investigators have also traced scams to Europe, Southeast Asia and Canada.  

To combat them, San Diego’s Elder Justice Task Force has taken a new approach.   Investigators collect every local fraud case, then, collaborate with federal authorities to connect them. 

Scott Pirrello: If we have a victim that lost $12,000 here in San Diego, there is without question, dozens of other victims to the same scam and millions of dollars in losses. And then once we identify that the scam is part of something much larger, then we can deliver that to our federal partners with the reach to go around the country. Because these are networks. These are transnational, organized, criminal networks.

In 2021, Pirrello helped the FBI bring down a network of criminals who stole millions of dollars from elderly victims.

Remember those doorbell videos from the grandparents scam? The courier, a 22-year-old Californian, was the starting point for the FBI’s case. She’s serving time for her role but the FBI says the scams ringleaders, two Bahamian-nationals, based in Florida… fled the country before they could be arrested. 

Ethical hacker Rachel Tobac is CEO of Social Proof Security

60 Minutes


Rachel Tobac: If you don’t know how a criminal thinks, then you really don’t know how you can protect yourself online. 

Rachel Robac is what’s called an “ethical hacker.” She studies how these criminals operate.

Rachel Tobac: So ethical hackers, we step in and show you how it works.   

Tobac is the CEO of Social Proof Security, a data protection firm that advises Fortune 500 companies, the military and private citizens on their vulnerabilities.  We hired her to show us how easy it is to use information found online to scam someone. We asked her to target our unsuspecting colleague, Elizabeth.  

Tobac found Elizabeth’s cellphone number on a business networking website. As we set up for an interview, Tobac called Elizabeth but used an AI-powered app to mimic my voice… and ask for my passport number.

Elizabeth: Yes, yes, yes I do have it. OK, ready? It’s…

Tobac played the AI-generated voice recording for us…. to reveal the scam.

AI Voice: Elizabeth, sorry, I need my passport number because the Ukraine trip is on. Can you read that out to me? 

Rachel Tobac: Does that sound familiar?

Elizabeth: Yes. And I gave her– wow.

Rachel Tobac: I have–

Elizabeth: I was duped–

Rachel Tobac: –your passport–

Elizabeth: –sitting over there.

Sharyn Alfonsi: What did it say on your phone?

Elizabeth: Sharyn.

Sharyn Alfonsi: How did you do that?

Rachel Tobac: So I used something called a spoofing tool to actually be able to call you as Sharyn. 

Elizabeth: Oh, so I was hacked, and I failed, failed the hacking–   

Sharyn Alfonsi: No.

Rachel Tobac: But everybody would get tricked with that. Everybody would. It says Sharyn. “Why would I not answer this call? Why would I not give that information, right?” 

Tobac showed us how she took clips of me from television, and put it into an app… that cloned my voice. It took about five minutes. 

Sharyn Alfonsi: I am a public person. My voice is out there. Could a person who’s not a public person like me be spoofed as easily?

Rachel Tobac: Anybody can be spoofed. And oftentimes attackers will go after people, they don’t even know who these people are. But they just know this person has a relationship to this other person. And they can impersonate that person enough just by changing the pitch and the modulation of their voice that, I believe that’s my nephew and I need to really wire that money.

Tobac says hackers no longer need to infiltrate computers through a  back door. She says 95% of hacks today happen after a user clicks on a text, a link, or gives personal information over the phone.

Sharyn Alfonsi: You were able to hack my colleague Elizabeth, who is a tech-savvy millennial. What does that tell you?  

Rachel Tobac: Anybody can be hacked. Anybody can fall for what Elizabeth fell for. In fact, when I do that type of attack, every single time, the person falls for it.    

She said hackers… armed with basic information, like a relative’s name found online… or an app that can mimic a voice or change the caller ID … can create a convincing story. 

Rachel Tobac: If you were to receive a phone call, a text message, an email, and it’s asking for something sensitive, urgent, or with fear, that’s when the alarm bells have to go off in your head. They want me to give something to them. I’m gonna take a beat, and I’m gonna check that this person is who they say they are. I call it being politely paranoid.  

Sharyn Alfonsi: Politely paranoid.  

Rachel Tobac: Be politely paranoid.

Tobac has worked as a consultant for Aura…a Boston-based technology company that created software to protect the identity, passwords, finances and personal data for entire families in one app.

Hari Ravichandran: Here you can see a full footprint of everything that’s happening inside the family.

Sharyn Alfonsi and Hari Ravichandran

60 Minutes


Hari Ravichandran is  the CEO of Aura… he says their software can re-route scam calls away from grandparents.

Hari Ravichandran: If the parent is getting a call, and we are identifying using AI that the call is a potential scam call, then they can route that call to me.

Sharyn Alfonsi: Does this stop the call from getting in? 

Hari Ravichandran: It does. It, so– 

Sharyn Alfonsi: So it just blocks the call? 

Hari Ravichandran: When the call comes in, it will have a recording that says, “Let me know who you are: What’s your intent?” if it’s an unknown person. If it’s a known person that’s already in your contacts, it’ll go right through.

Ravichandran says AI is also used to monitor finances and alert users of problems in real time.

Hari Ravichandran: If I see a charge from my mom for $10 at Starbucks, that feels OK. But if there’s a $500 charge from Starbucks, something’s off kilter. So we try to figure out with AI, contextually, what’s different. But if something’s off pattern, then you can look at that, and say, “OK. Well, something’s off here. I need to go take care of this.”

San Diego Deputy District Attorney Scott Pirrello says more help is needed from law enforcement and the banking and retail industries to protect seniors. The FBI reports over the past two years, the losses from digital theft have doubled. 

Scott Pirrello: The trends and– and the data are horrifying. We have the senior population is growing exponentially every year. We have this dynamic of under-reporting and then we have the technology coming. People are convinced that AI is playing a part in maybe pretending it’s the grandchild’s voice. We’re all just next on the conveyor belt and we all need to do a better job.

Produced by Oriana Zill de Granados and Emily Gordon. Broadcast associate, Elizabeth Germino. Edited by Robert Zimet.



READ SOURCE

Readers Also Like:  Signal talks privacy, encryption, AI and more at TechCrunch Disrupt 2023’s Security Stage - TechCrunch

This website uses cookies. By continuing to use this site, you accept our use of cookies.