Scammers Pose as Grandchildren to Swindle Grandparents

Grandparents scams swindle seniors; say no to “negative option” scams; beware the “robot” virus: Internet ScamBusters #244

It’s time for another Snippets issue. Today, we’ll cover three topics:

  • Avoid the grandparents scam: don’t be scammed by phony “grandkids.”
  • Say no to “negative option” marketing scams.
  • Keep your computer safe from the “robot” virus.

Let’s check out today’s Snippets…

Avoid the Grandparents Scam: Don’t Be Scammed By Phony “Grandkids”

Just when you may have thought scammers couldn’t sink any lower, some have plunged to record depths. Recently, some scammers have bilked the elderly out of hundreds — or thousands — of dollars by posing as their “needy” grandchildren.

According to, the grandparents scam usually works like this:

You receive a phone call from someone who greets you with, “Hi Grandma.”


“Do you know who this is?”



Without knowing it, you just made a mistake. Instead of saying, “No, I don’t know who this is,” you supplied the scammer with the name of a grandchild. He then proceeds to impersonate that grandchild.

Your “grandchild” claims he’s gotten into some kind of trouble — auto accident, overdue rent, minor brush with the law — and needs money to fix the situation. “Can you please help? But don’t tell mom. She’d kill me if she found out!”

This may seem like an obvious scam, but it’s fooled plenty of people — mostly because the scammers are good at what they do. They choose their targets carefully, tug on the heartstrings, and keep other family members “out of the loop” until it’s too late.

One scammer “victimized dozens of seniors and found his victims by scanning the phone book for old-fashioned sounding names. One of his victims, an 86-year-old grandmother, even had to use a walker in order to get to her bank and withdraw money for him.”

The scammers are cunning — one couple could have sworn the guy REALLY was their grandson.

Recommendation: There’s one easy way to expose the fraud: DO NOT fill in any “blanks” for the scammer. For example:

“Do you know who this is?”

“No, I don’t. Who is this?”

“It’s your granddaughter.”

“Really? Which one?”

Most likely, the next sound you hear will be a click, followed by a dial tone.

That’s the easiest way not to fall for the grandparents scam.

Just Say NO to “Negative Option” Marketing Scams

You may not know the term, but you’re probably familiar with the tactics of “negative option” marketing.

Let’s say your credit card offers you a free gift, and you decide to accept. You soon receive the gift, along with an unwelcome surprise — a credit card statement billing you for a magazine subscription or travel club membership that you never ordered or wanted.

But unfortunately, you DID order it!

“Simply put, negative option turns the sales transaction around,” reports “Instead of the merchant having to ‘sell’ you a product or service, it starts with the assumption that you’ve already bought it. It’s up to you, the consumer, to contact the merchant and cancel the order if you don’t want to complete the transaction.”

If you’d read the fine print in the “free gift” offer, you should have seen that you were also buying the magazine subscription or travel club membership. Trouble is: most people don’t read the fine print.

Worse: some otherwise legitimate firms — as well as scammers — regularly commit fraud by failing to inform consumers about the nature of the transaction and their right to “opt out,” i.e., “take the negative option.”

According to the Federal Trade Commission’s Pre-notification Negative Option Rule, companies must “give you information about their plans, clearly and conspicuously, in any promotional materials that consumers can use to enroll. If the sales presentation for a plan is made orally, say on the phone, the terms and conditions still must be disclosed clearly and conspicuously during the presentation.”

“Telemarketers need to be sure that consumers agree to be charged, and what account will be charged — even if they have an account number from another transaction,” Howard Beals of the FTC told

“If you charge consumers without their permission, we’ll charge you with committing a fraud,” he added.

Because many negative option marketers already have your credit card info from a previous transaction — the one you WANTED to make, it’s easy to get ripped off.

If you believe you’ve been the victim of this fraud, take the following steps:

  1. Call your credit card issuer, and report the charge as unauthorized.
  2. File a complaint with the FTC by visiting their website or calling 1-877-FTC-HELP.
  3. Visit the website of your state’s attorney general’s office to learn what they can do. In at least one state, Michigan, negative option contracts are illegal.

Finally, be wary of signing up for free gifts, whether online or at your local retailer. And if you do, PLEASE take time to read the fine print.

Beware the “Robot” Virus

In issue #232 of ScamBusters on fake antivirus software, we reported that scammers sometimes use pop-ups to convince computer users that their systems are infected with a virus. By doing so, they hope to con people into downloading REAL viruses or buying rogue “security” software.

Recently, we learned of another twist on this scam.

In the past few weeks, potential victims began receiving emails such as the following:

— Begin Fake Virus Alert —

Subject: Warning!

Dear Customer,

Our robot has detected an abnormal activity from your IP adress on sending e-mails. Probably it is connected with the last epidemic of a worm which does not have official patches at the moment.

We recommend you to install this patch to remove worm files and stop email sending, otherwise your account will be blocked.

Customer Support Center

— End Fake Virus Alert —

In reality, this poorly-worded email claiming to be from your Internet Service Provider (ISP), is actually directing you to download a Trojan.

According to, the “Robot” virus (W32/Nuwar@MM) will — among other things — “terminate applications based on window name. Applications using the following text in their window name will be terminated within a few seconds of launch: mcafee, taskmgr, hijack, f-pro, lockdown, msconfig, firewall,” etc.

Although the virus was first detected in November 2006, and has been given a variety of names by different security vendors, this particular email is new.

If you think there is a chance that an email like this is legitimate, your best prevention is to contact your actual ISP to determine if they really sent such an email. Chances are excellent that they didn’t.

And as always, NEVER download anything from the Internet, or click on a link in an email, unless you’re positive about the source!

That’s all for today — we’ll see you next week.