Technology Scam Targeting Seniors

Fake Microsoft Security Alert Pop-Up Scam Results in $4.8 Million In Reported Losses

Author

Seth Combs
October 10, 2024

If you’ve been a victim or know a victim, please contact us and we will try to assist

Quick Overview

Cybersecurity Awareness Month

This week, we’re looking at a common crime - technology scams. It’s timely because October is Cybersecurity Awareness Month, started by the National Cybersecurity Alliance. It’s an important month for us to clean up our passwords, settings, and take a look at our devices.

From the National Cybersecurity Alliance site:

The theme of Cybersecurity Awareness Month is Secure Our World, here to remind us that there are simple ways to protect yourself, your family and your business from online threats.

The campaign focuses on the top four ways to stay safe online:

Stay safe out there,

Technology Scam Alert: Fake Microsoft Security Alert Pop-Up Used in $4.8 Million Scam

Shreyas Baldevbhai Chaudhary, 24, of India, is accused of conducting a scheme using fake Microsoft pop-ups on computers, encrypted messaging, and clandestine operations to steal $4.8 Million from half a dozen victims nationwide.

A co-conspirator, Trusha Chaudhary (no relation), was apprehended picking up a package containing $11,000 from a victim in Illinois. Trusha Chaudhary worked under numerous aliases, fourteen of which were on phony California driver’s licenses.

From FBI

How the Scam Worked

Court documents reveal that the operation was quite intricate, with victims being deceived into thinking that their computers had been compromised and their identities had been stolen.

In August 2023, a victim told the FBI that he saw a Microsoft security alert pop-up on his computer and the screen froze with a number to call. The man called the number and the scheme began.

Here is a summary of the events:

  • Initial Contact: The victim called the phone number on his screen and was informed by the criminal that he was a victim of identity theft.

  • Gift Cards Purchase: The victim was instructed to buy $11,000 in gift cards and send pictures of them, which he did.

  • Cash Withdrawal: Later, the victim was told to withdraw $61,000 from his bank account, package the money and gave it to a driver who arrived at his house after exchanging a "password."

  • Cash Withdrawal #2: A month later, the victim was asked to withdraw another $50,000.

  • Bank Reports to FBI: When requesting the $50,000 withdrawal, the bank became suspicious and alerted the FBI.

  • FBI Intercepts and Captures Driver: The FBI contacts the victim, provides the victim the $50,000 to conduct a controlled drop of the money, and catches the driver.

  • Connecting the Driver to an International Criminal: Through their investigation, investigators learned that the driver was contacted on a messaging app by the leader and told to pick up cash and gold from addresses across the U.S. Investigators tracked down the leader through an iCloud email to Chaudhary, of Gandhinagar, Gujarat, India.

How to Spot the Scam

When you see a pop-up on YOUR computer and it has the Microsoft logo, it’s easy to believe it’s real. This is what makes these scams so effective.

Over the past few years, there have been several major data breaches from AT&T, National Public Data, Equifax, and more. Given the details now out there, you should assume criminals have access to:

  1. Your full name

  2. Your birthday

  3. Your home address, email address, and phone number

  4. Your commonly used passwords

  5. Your Social Security number

  6. The names of your relatives that have lived with you

  7. Possible access to medical records

  8. Possible access to mortgage records

  9. Possible access to bank records

To spot a scam like this, you have to be suspect of any email or pop-up that is directed to you.

The scammers used impersonation, fear and urgency to exploit their victims.

The biggest clues of tech scams:

  1. Asking you to call them

    1. At this point, google the phone number to confirm it is from Microsoft or any other major tech company mentioned

  2. Telling you that you are a victim of identity theft

    1. If you are a victim of identity theft, companies typically inform you via mail or email and they do not ask you to withdraw money.

  3. Gift cards, cryptocurrency, cash or gold bars

    1. Established companies and your bank will never ask you to withdraw large funds or move your money to untraceable instruments like gift cards, gold bars, cash or crypto

Protect Yourself and Loved Ones

It's crucial to educate ourselves and our loved ones about scam prevention. Here are some essential tips to safeguard against elderly scams:

  • Never share personal information: Be wary of unsolicited calls, emails, or visits that ask for your personal or financial information.

  • Verify before you trust: Always verify the identity of the person or organization contacting you. Use official channels to confirm their legitimacy.

  • Stay informed: Regularly update yourself and your family on the latest scam tactics. Awareness is your first line of defense.

  • Report suspicious activity: If you suspect any fraudulent activity, report it to the authorities immediately. Early reporting can prevent further victimization.

How to Report a Tech Scam

Here’s how to report a tech scam:

  1. FBI’s Internet Crime Complaint Center

    1. Please have this information ready before filing your complaint. During the filing process, you will have the opportunity to provide any other information you feel is relevant to your complaint.

      Victim Mailing Address

      Victim Email Address

      Victim Phone Number

      Description of Incident

      Victim bank and account details

      Subject/recipient bank and account details

      Cryptocurrency wallet details (if applicable)

      Transaction dates and amounts

      The full financial wiring/routing instructions provided by the subject

  2. Contact your local FBI office

If you need help with reporting, please reach out to us.