[ajsnigrutin]

On the other hand, the best anti-scam feature for older relatives is to tell them to "go there in person". Get a call from the bank, they simply tell them "ok, I'm coming to the bank tomorrow, in person", and they're done. Scam call? Legit call? Doesn't matter, they'll sort it out at the bank.

There's a whole wide age and knowledge/competence where older people can still fall for scams (or can't know if it's legit or a scam) but on the other hand are still capable to go to whatever office/bank they need to go.

[Terr_]

Probably not news to anyone here, but partial step in this direction is to put down vetted official contact details for the institutions.

Every time someone calls to say there's a problem with your account, you ask for their name and/or extension number, because recontacting through the institution is your only good way of verifying their identity.

[donalhunt]

That works when the system is setup to allow that.

I've encountered banks that don't have that setup — hilariously one bank felt the need to cold call me about my complaint about cold calling from unverifiable numbers. When I asked how I could call them on a verifiable number, they claimed I couldn't. :/

[Terr_]

Bank-be-crazy Anecdote: I used a paper check to send money to a relative. My bank balance went down, but a week later my relative still hadn't received anything. Eventually the relative's bank said that something went wrong, and I thought: "Well, OK, I'll transfer it some other way when it gets returned to me." Except a month later it was still in limbo.

The kicker is that Bank X's website was simply... mathematically wrong. There weren't any transactions or notes to explain it, my balance was just magically smaller as the funds had never existed, last month's statement could not be reconciled with the current statement, etc. This was several thousand dollars.

I was eventually able to fix it with support, and they explained that Bank X had been bought by Bank Y, and somehow my old checkbook was still valid-enough to pull money out of my account, but somehow not valid-enough to finish the job nor to fail "cleanly."

I expressed to the representative that--while I had immense professional sympathy for the problems of mergers and system integrations--it's probably bad PR and perhaps a regulatory issue for any bank to lose track of customers' money and present them with what is either a false set of transactions or a false balance...

[kijin]

Malware on your phone can reroute your calls to the attacker. So you think you're calling the official number at the correct institution, but you're actually talking to the attacker.

[Terr_]

Well, yeah, and knowing first-aid is worthless if someone's been decapitated. :p

If some malware is that deep on the phone, able to redirect calls, then you've got much bigger problems and the attacker might not even need to trick any cooperation at all.

[sciencejerk]

What kind of malware are we talking about here? On a non-rooted phone?

[kijin]

It was in the news a few times in my country. Not sure about the exact technical details, but it might have been a malicious Android app that advertises itself as an improvement over the stock Phone app, encouraging users to set it as the default dialer. You don't need root for that.