Too Smart to Get Hacked? Think again

  We all think we’re too smart to get fooled by a telephone hacker, right?

  It’s one of those things that happen to other people. People who aren’t as smart as we are. People who aren’t as savvy or well informed. People who are naive or overly trusting.

  Until it happens to us.

  It happened to my wife, who is one of the smartest people I know. That she’d fall victim to a hacker on the telephone was so out of character as to be almost unbelievable. That it did happen shows just how slick these guys are at preying on people.

  It seemed to start innocently. The caller said he was with our satellite TV provider and that the company needed to install some new fiber optics equipment because ours was outdated. The installer would be out the following week. The caller said to be sure to check his ID to make sure he was legitimate. The installation was free; the only charge would be a $10 co-pay. Then he asked for a credit card number for the ten bucks.

  A friend who was visiting and overheard the conversation on the phone speaker thought it sounded fishy.

  “Ask him why you can’t just pay the installer with your credit card when he gets here,” she said.

  The hacker was quick with an answer:  the installer wouldn’t have a machine to process credit cards, and the company didn’t accept cash or checks.

  A couple of hours later, someone claiming to represent our credit card company’s fraud department called and asked whether she’d given her card’s number to someone that morning.

  “Yes. Why are you asking?”

  “It’s a scam,” the caller said. “They’re using your credit card and have gotten into your bank account. You need to give us some information so we can stop them before they clean you out.”

  Her reaction: instant panic.

  But still wary. 

  “How do I know you’re really my credit card company?” she asked.

  The caller said she could check by calling him back.

  “But instead of using my head and calling the number on the back of the credit card, I called the number on the caller ID. They answered by saying they were the company’s fraud department. Then they said they needed my passwords, user ID and Social Security number so they could stop the hackers. I know now how stupid it was, but by then I was panicking and I  fell for it hook, line and sinker.”

  Worried, as anyone would be, that the hackers were about to empty her bank account, she told the “fraud department” that she was going to call her bank. And was told not to do that.

  “They said that if I did, the hacker would have access to that number and could do more damage. By this time I’d also given them all my credit card numbers and told them about what the balance was in my bank account.”

  As mentioned above, this was utterly unlike her. It was all but  unbelievable that she’d given out that much information.

 “My brain just stopped working,” she said. “If he’d said the sun rose in the West I probably would have believed him. … They’re so good at it! They study people’s possible responses so they have a quick comeback for anything you say to them.” 

  The fallout from that one phone call:

  The hackers withdrew $2,800 from our bank account, spent $1,300 with an online-retailer, charged $1,300 on one credit card and $500 on another. This all happened within minutes.

  Damage control took much longer. My wife estimates that she spent about 12 hours a day for two weeks on it.

  She canceled all her credit cards. 

  She closed the bank account we’d had for decades and had to change the direct-deposit and autopay information used by Social Security and other income sources. She changed passwords, contacted utilities, her doctors, the credit bureaus, had an alert put on her Social Security number …

  We also had to get rid of the landline telephone we’d had forever and get new cell phone numbers, because the hacker had forwarded our calls to himself! And of course we had to tell all the friends and others who used our old numbers that they wouldn’t work any more.

  Weeks have passed since the hacking, and I still miss the landline phone we’d had ever since the house was built. I can’t tell you how many times I’ve gone to make a call where that dependable old phone graced the kitchen before remembering once again that it’s gone.

  Of course it goes without saying that we had to tell all the friends and others who used our old numbers that they wouldn’t work any more.

  It takes a while to realize just how many places those numbers were used. One example: I now have scores of utterly useless business cards.

  We were lucky in one way. The damage control worked. My wife’s immediate and diligent response to the scam got all our money back.

  Countless other victims haven’t been as fortunate.

  Luckily, there are ways to protect ourselves. Two of the Federal Trade Commission’s tips:

  Don’t give your personal information to anyone who calls out of the blue. Legitimate organizations will never do that.

  Don’t trust Caller ID. It can be faked. It may say that it’s your bank, a government agency or a company you’ve done business with, but it could end up being your worst nightmare instead.

  My wife’s advice:

  “Don’t answer the phone. If it’s not a number I recognize, I don’t even pick up. If it’s legitimate, they can leave a voicemail.”

Tim Woodward’s column appears every other Sunday in The Idaho Press and is posted on woodwardblog.com the following Mondays. Contact him at woodwardcolumn@gmail.com.