When Ángel’s license to use Microsoft Windows on his computer expired, he went looking online for a new one – browsing Amazon and other portals to see if he could get one for a low price.
The next day, he answered a call from a woman who said she worked for Microsoft and her name was Martina Wilson, giving her employee number which Ángel duly wrote down.
Two hours later, the 76-year-old retiree had provided the caller with his phone number, details of his three bank accounts, photos of his ID, remote access to his computer, and a photo of his face taken with Skype.
“I’ve wondered many times how I could have been so naive, how I didn’t realize earlier,” Ángel tells EL PAÍS. He agreed to share his story, in order to help others. But he asked this newspaper to make sure he could not be identified, largely because he feels so ashamed at having been stung so easily.
“Maybe [it’s because] I’m from another generation.”
Ángel’s wife says she doesn’t understand “how he fell into that trap.”
Ángel adds that he is “always lecturing people” on the subject of security online and avoiding fraud or scams.
“They are artists,” he says of the people who scammed him.
Ángel does not remember all the details, such as whether the call took place on the home landline or his mobile. But he is clear that the caller had him start a program with a circular logo - probably TeamViewer, a software for remote control of computers.
He said the screen showed “a curtain of files coming down,” with the caller telling him she had located tons of infected files.
How did it happen?
The main hypothesis is that the scammers got to Ángel when he was searching for the Windows license renewal and provided some of his data on an online form, perhaps on a dodgy website selling licenses. Francisco Fernández, cybersecurity technician at the Institute of Cybersecurity (INCIBE), says that, from here, the scammers were able to contact him, pretend to be from Microsoft, and have Ángel provide access to his computer and his banking details.
“It might not even be necessary for you to enter a phone number: this data could be located using other information provided by the user,” says Fernández, adding that the victim’s computer could also have been infected with a Trojan.
The speed and accuracy of the presumed Windows agent is something that Angel remembers. Fernández warns that there are very well organized groups: “They seem to function like a call center, in which case the operators, in general, know a relatively small range of scams, but in depth and with a well-planned script,” he says.
Luckily for Ángel that day he had to go to the doctor. As the hour approached, he became more agitated. For some reason, he ended up reacting, although the damage had already been done. “Before I left I already realized, because taking so long and being so demanding was not normal, just like the amount of data that he had asked me for and had given him. I had a lucid moment to realize that this was a huge scam,” he says.
The call and the whole process took more than an hour. As it progressed, Ángel found himself feeling agitated. The call was taking so long and the caller was being so demanding and asking for so much information that “I had a lucid moment and realized that this was a huge scam.”
‘What are you doing to my husband?’
He got up to leave and turned off the computer. The woman called again, and was answered by Ángel’s wife: “What are you doing to my husband, are you scamming him?” she yelled before hanging up.
Ángel proceeded to a doctor’s appointment while his wife called one bank straight away and had them change his passwords. When he returned from the doctor he did the same with his other two banks. Just in time, perhaps – nothing had been stolen from the bank accounts.
The retiree reported the incident to police, who told him there had been no crime. But then more calls started – never more than 4 or 5 a day, always on different days and numbers. Angel kept writing down all the numbers, finding from online searches that some of the numbers were listed against a debt collection company.
Ángel had no debt - had he inherited debts accrued by the scammers? His main concern remains that his name appears somewhere with a debt against it that he must answer for.
The Spanish consumer authority recommended that he consult the main lists of defaulters to see if his name was on it. For now, it is not.
Fernández the cyber security expert says there are a number of possible crimes that have been committed using Ángel’s identity, including “contacting acquaintances or friends asking for money and providing a context made from the information collected, to contracting supplies, insurance, credit, [and] falsifying documentation.”
The worst scare Ángel has had so far occurred on December 28, when he realized he had forgotten to change the details to access one of his bank cards. Ángel’s daughter received a request from Ikea for payment of €950. She immediately declined the payment and the family canceled the card on which Ángel was the authorized cardholder.
Indeed, changing account numbers, canceling cards, and changing passwords are the most critical measures to take if you think you might have been a victim of identity theft.