My dad is well-trained to call me for anything that looks even slightly off. Some of the scams thrown at him have been very convincing.

My in-laws too, now. They were taken in by a scammer who got full control of their Internet banking account. Thankfully, NAB’s anti-fraud protection kicked in and prevented the loss of a lot of money.

These scammers target the elderly. They are without scruples and will laugh while taking someone’s life savings. I honestly don’t know how they live with themselves.

Advice for spotting scams:

1. Microsoft don’t call you. I’ve worked with Microsoft gold partners for over fifteen years, I have premier support packages and the ability to raise requests with them. My employers/customers pay hundreds of thousands of dollars per year for me to be able to do this. They never initiate contact even with me. They sure don’t do that with regular users. If “Microsoft” is calling, it’s a scam. Every. Single. Time.

2. If the contact is coming from a company you don’t deal with, it’s a scam.

3. If the contact is coming from a company you do deal with: they will know your name and account details. If they initiate the call and want to confirm any information with you, ask for a reference number and hang up. Then go to their website, call the contact number and provide the reference number before confirming anything. If they are reluctant to do this, they are a scam.

4. Don’t just rely on scammers looking/sounding like scammers. I’ve seen some really legitimate looking phishing attempts. They’ll know your name, employer, address. They’ll be super friendly and helpful. If on the phone, they’ll be confident and efficient. But so will the real company. If you didn’t call them, be very on-guard.

5. Never ever, for any reason, provide either your password or that confirmation code if they initiate the contact.

The thing that got me with this is that it somehow went from “I’ve got a $3,000 bill I need to pay” to her transferring $10,000. Is my family weird, or is that something that most people would just do? I mean, even taking out the whole scam bit, do people actually just hand out that type of money without a serious conversation about what exactly is going on? I’d be really worried that there was some sort of gambling or drug problem behind something like that, I’d be dropping everything to make real contact and figure out what’s going on.

The problem with that approach is people don’t engage with the education efforts, and if they learn anything it tends to be incomplete and often not helpful. Like people who hear about the Marketplace scams and believe PayID is an unsafe payment method, rather than realising that it is a scam involving fake PayID messages. People tend to pick up weird nearly superstitious ideas about how to protect themselves, while skipping the bits that are actually helpful. I’m not sure that you can prevent that, it’s just the way people are. Making it possible for people to speak to real people at banks and institutions, through communication channels they understand, would have to be a start though. Pushing people to navigate through various constantly changing systems of messaging, chatbots and voice recognition phone systems is just creating more vulnerability.

That sounds impossible. Have you got the raw source?