April 01, 2016

"Hi, Grandpa, It's Me": Scammers Impersonating Grandchildren, Friends, Even Microsoft

Martin Cowan

Reprinted from Martin Cowan, "'Hi, Grandpa, It's Me,' Scammers Impersonating Grandchildren, Friends, Even Microsoft," Voice of Experience: The Finance Issue, February 2016. © 2016 American Bar Association.

I recently got a call from a friend, a retired physician, asking for tax advice:  he had been tricked into sending $1,500 to a scammer. Can he deduct it?

As he explained the story to me, he had received a call from someone who said he was his grandson. The caller said, “Hi, grandpa, it’s me,” that he had been in an automobile accident and that he was afraid to tell his parents. The police found drugs in the car and, although the drugs were not his, all of the occupants had been arrested. Could he send $1,500 for bail money as soon as possible, and please don’t tell his parents about this? Following the caller’s instructions, my friend purchased a money order for $1,500, and sent the PIN on the money order to the caller, which permitted the caller to collect the $1,500 in cash without leaving a trace. The caller then called again and said he needed another $2,000 for the attorney. Getting a bit suspicious, and even though the caller again pleaded with him not to contact his parents, my friend did call the parents and discovered the grandson was sitting in an ice cream parlor around the corner. Finally realizing that he had been had and that the money was gone, my friend called me to learn whether he could claim a deduction on his tax return.

It is astounding how many seniors get tricked with “Hi grandpa, it’s me,” into wiring substantial sums of money to scammers. While many scams target people of all ages, this one aims at the elderly. Typically, when the grandparent answers the phone and hears, “grandpa, it’s me”, the grandparent asks, “is that you, Richard?” (or whatever the grandson’s name is), and the caller, now knowing the grandson’s name, confirms it, saying, “yes, it’s Richard.” If the grandparent mentions that his voice sounds strange, the caller says something like “I have a cold” or “I broke my nose in the accident” or “we have a bad connection.” 

There was a strange variation in this particular case that re-enforced the deception. The caller knew in advance the name of the grandchild and did not have to prompt for it: he said up front, “it’s me, Richard.” He also sounded like Richard and, oddest of all, referred to his grandfather as “opah,” a German/Dutch word for grandfather — my friend’s wife is Dutch — that was in fact used within the family.

When my friend reported all of this to the police, the officer taking his statement interrupted him after the first few words, and was able to recite virtually verbatim what the caller told my friend. The officer had a file cabinet stuffed with similar cases. Unfortunately, none of the culprits had been caught or any of the money recovered.

Afterwards, we discovered why the caller knew the grandchild’s name, and why he knew to call the grandfather “opah.” For several years, the children, who are teenagers, had a personal trainer who came to the house twice a week. A few days after the telephone call, there was a newspaper story that the trainer had been arrested and that the police had found an arsenal of guns and explosives in his house. The trainer knew all the family names, that the grandfather was called “opah,” and was able to imitate the grandchild’s voice. Unfortunately, this information did not help recover the funds.

A similar scam, which is probably even more effective and which is not restricted to targets who are elderly, is the e-mail from a friend or relative who reports that he is in a foreign country, that his wallet and passport were stolen, and could you wire him a few hundred dollars to replace the passport or buy transportation home? Hackers are able to steal the information from e-mail address books, and then send pleas to everyone on the list for emergency financial assistance. The requests appear to come from the legitimate owner of the e-mail account. In one case, a month after I attended a neighbor’s funeral, I received a request from him for emergency funds. Although I did not know his exact new location, I was still surprised that, wherever he was, he needed passports, let alone cash. (I guess that perhaps you can take it with you after all.) Although these requests all seemed transparent to me, I know too many people who have sent the money. 

One of the most invidious ones is a letter from the IRS, claiming that the addressee owes additional tax and, unless he remits the funds immediately (by wire or money order), he will be arrested. A variation on this scam is a similar IRS letter but, this time, advising that the addressee is entitled to a refund, and asks for the addressee’s bank account number and routing information. In both cases, the letter is an exact copy of IRS letterhead and would fool even an expert. The clue, however, is that the IRS never asks for money without giving you an opportunity to question the claimed liability, or directs you to send money to a non-government account (and certainly not by wire or money order). And if you are actually entitled to a refund, the normal method of payment is to send you a check. If you receive such a letter, or suspect other types of tax fraud, e.g., someone else used your name to collect a fraudulent refund, you can check it out and/or report it by going to a recent IRS publication, FS 2016-3, available at this link:  https://www.irs.gov/uac/Newsroom/IRS-Identity-Theft-Victim-Assistance-How-It-Works

Unfortunately, the number of scams claiming to invoke the IRS are too numerous to recount and describe here. For a recent list and description of the most common ones, including several targeting new immigrants who may have language difficulties, be unfamiliar with the system and easily frightened by threats of imprisonment, fines or deportation, check the IRS information site: https://www.irs.gov/uac/Tax-Scams-Consumer-Alerts

Many of us have received calls from people claiming to be from Microsoft, telling us that there is a problem with our computer. (For some unknown reason, I seem to get these calls on average of once a week.) If you listen to them, they will instruct you to turn on one of your Windows PCs, open a hidden file that exists on every computer and which logs thousands of “errors.” When you see this file, you are easily convinced to give the caller remote access to your computer so that he can “repair” it. Of course, the caller is not from Microsoft, the log entries are routine and do not need to be repaired. The caller has no intention of debugging or fixing those “errors,” only in stealing confidential data from your computer once you give him that remote access. The caller may also try to sell you a program that would "fix" the problem. At best, this is just a waste of money; at worst, the program also installs a virus or other malware.

And then there is ransomware: somewhere, you manage to download a vicious file that locks up your computer. This malware might come from a contaminated web page, or through a link in an email that you are tricked into opening. For example, the e-mail may appear to come from someone you know and trust, and urges you to click on that link (something you should never do). It might even come from that fake Microsoft caller. After the malicious file is unwittingly downloaded, your computer freezes, and a notice pops up on the screen claiming that it is from a law enforcement agency that found something illegal in your computer and that you must pay a fine to avoid arrest. The computer will not be unlocked unless within 48 hours you send them a money order to pay the “fine.” One problem is that even if you do pay it, the thieves might not bother unlocking the computer anyway. Why should they? They have your money and have no reason to spend time and effort helping you to unblock your computer.

There are two versions of this scam. The original one locked the entire computer, and it took some very advanced techniques—and sometimes hours of effort — to get rid of the lock. This was not something that most computer owners would be able to manage without professional assistance. With some time and effort, a professional usually could do it, but at a cost that would likely be more than the price of a new computer. The second one was more sophisticated. It did not lock up the computer itself, but encrypted all the data on the computer, resulting in a loss of all records contained on the hard drives. It was impossible for even professional technicians to unencrypt and recover these files. Several law enforcement agencies were forced to pay the extortion money to recover court files, arrest records, payrolls, lists of gun licenses, and other critical data. However, in this case, if you pay the ransom, the thieves will usually provide the key needed to recover the files. If they did not, subsequent victims who learned that paying the extortion would not help them would decline to pay it, and the scheme would come to a halt. In other words, it is good business tactics for the thieves to honor their promise to provide the key to decrypt the files.

In most of these scam scenarios, the computer user can avoid a problem by keeping informed and alert. For example, never click a link in an e-mail unless you are absolutely positive that you know who it came from and that it is safe, and always make sure that your computer is running anti-virus and other security programs. 

But the ransomware scams are of a different order. Even the typical anti-virus software on the market may not block ransomware. There are one or two that claim to do this, but it is hard to know how effective they are. The only sure way to prevent becoming victimized by ransomware is to install an automatic backup program that copies all of your data to a remote location (the “cloud”) at least once a day, and preserves all versions of every file for at least 30 days. That way, if the current files are encrypted by the hackers, older versions that were not encrypted can be recovered from the back-up service. While some of this software may be free and, once installed, runs invisibly and automatically in the background (e.g., at 2 a.m. every day), it may be beyond the ability of a typical non-professional computer user to implement effectively.

A third version has shown up. A hospital in Los Angeles recently had to pay $17,000 in the form of bitcoins, which are untraceable. Here, it was not the data that was encrypted, but key system files were locked, which rendered the hospital’s communications networks inoperable. In this situation, even the most rigorous backup methods will be useless. Moreover, even if it is possible to restore the system without paying the ransom, it would take too much time—lives are at stake.  So the ransom was paid. 

Perhaps the most heart-rending scams are known as “catfishing”; single men or women lured by romantic overtures from an online contact into parting with large sums of money. Usually, the contact sends a picture purportedly of himself or herself, along with a very persuasive story (e.g., that she, or her mother, needs an expensive operation),  but the truth is that the real contact looks nothing like the picture—possibly not even of the same gender—and the story is pure fable. The details and variations of this scam are too long for this article. Most of these scams have been described by many other writers, including SLD members Kerry Peck1 and Carolyn Rosenblatt2, but it is apparent that we cannot repeat the warnings too often. 

Oh, yes. The tax deduction. I told my friend that he could claim a deduction if he itemized his deductions, and only the amount in excess of $100 and only to the extent that that excess exceeded 10 percent of his income.  As a practical matter, those restrictions prevented any tax deduction.

Peck and Law, “Alzheimer’s and the Law” (ABA Publishing, 2013).

2 E.g., Carolyn’s web site at aginginvestors.com, and her article at http://www.forbes.com/sites/carolynrosenblatt/2015/11/20/give-the-older-folks-in-your-life-a-heads-up-about-the-grandma-scam/.


Martin Cowan

Martin B. Cowan, a resident of New Rochelle, NY, practiced law at Milbank Tweed Hadley & McCloy in New York City, and from time to time taught tax courses in the law schools of NYU, Florida State, Miami, and Quinnipiac. He is a past chair of the Real Estate Tax Committee of the ABA Tax Section, and is currently chair of the Senior Lawyer Division’s Task Force on Protecting the IRA Accounts of the Elderly.