[Legacy] The Anatomy of a Technical Support Scam

A month or so ago I was woken by a phone call from one of my oldest clients.
A lovely 90 year old lady we shall call "R" for this case. After her husband passed away I taught her how to use a computer and the internet to stay in contact with family, send emails and write letters.
R called me in a panic, "I think I've been scammed!" she said, struggling to string two words together. After calming her down I got her to explain the gist of what had happened.
She received a phone call a few days prior, a gentleman claiming to be from ISP "BT" (Formally British Telecom). They were calling to "compensate" her for her poor quality broadband service. She explained that she wasn't with BT so what the person was saying wasn't true. Before she could hang up he quickly said "Yes, but BT run all the backbone anyway, so it's technically still on us."
R later admitted to me that, in hindsight, it was all so obvious. But she was mentally exhausted from a troubling week and just didn't see it until it was too late.
Before they could give her this compensation, however, they needed to check some things on her computer. She dutifully gave them remote access using the "TeamViewer" platform.
At this point the scammer took control and started looking through the Windows Event Viewer and running scripts in the command prompt to make it look, to the untrained eye, like he was doing important "Technical" things.
After a few minutes of this he asked her for her bank details to "deposit her compensation of £[3 figure sum].

For viewers in the USA this will appear to be the high point of the scam, get her to hand over her account number and routing number and then clear out the account. Here in the UK your account number and sort code cannot be used to extract money from the account easily. So the scam has to be a bit more complex than that.

She provided her account details and waited. A few moments later the scammer came back all flustered, he'd "miskeyed" and "accidentally" deposited £[5 figure sum] into her account! If he didn't get it back he was sure to be fired! So he asked R if she had online banking.
She responded that she did not, but she didn't want him to get in trouble with his boss. Being the ever so helpful guy he is, our scammer walked R through setting up online banking!
After that, he then gave her an account number and sort code to send the "accidentally deposited funds" back to him. After successfully transferring a 4 figure sum out of her account the bank's anti-fraud system kicked in and locked out her account, and the scammer vanished into the ether. The supposed 5 figure sum he had "deposited" had never existed.
The scam complete all that was left to do was try and pick up the pieces, I helped her contact the bank, I contacted the bank that received the funds and we phoned the police who arrived shortly after to take a statement.
I took her computer home and totally erased it using DBAN (Darik's Boot and Nuke) just in case what the scammer had done was more than just a light show. The rest was in the hands of her bank.
Something that is so obviously a scam to us, fooled a tired old lady out of over £6k.
So, what can we take away from events like this?
Sadly not a lot, education with the aim of prevention is all that can really be done to prevent stories like this from playing out time and time again.
Remind your family that companies will never phone you to offer technical support or compensation. Have them immediately hang up, wait an hour, then call whatever company the caller claimed to be from to report the call.
There are so many variants of this scam, ones where the scammer wants system access to leave behind a keylogger, a virus, a miner, or just hook the system into a botnet are very common as well. But they all follow a similar script.

At this point I wish to give massive thanks to Police Scotland for responding so quickly to the call and taking a statement even though there is not a lot you can do you helped calm a distressed elderly lady with your presence.
Props also to N26 Bank who took the report of a scammer using their service to launder money seriously and immediately took action.

Finally, a condemnation of RBS' "anti-fraud" team, who not only had the cheek to send R an email advertising the "Anti-Fraud" features built into the account after she was defrauded, but entirely failed to recover even some of the lost funds and failed to honour the very "Fraud Protection promise" advertised because she'd "willingly given the scammers information".
Fraud like that can't happen if the scammers aren't given information, rendering your "promise" worthless. Shame on you.

This post will hopefully be the first in a series of posts about interesting jobs, clients and observations of the tech world as a whole. Hope you all tune in for the next one!
~ Miles