This is a true story.

This week I took a call from a client who urgently wanted me to check his 80-something mother-in-law’s computer; she had just had £5,000 stolen from her bank account by scammers.

Here’s how they did it. And in the spirit of helping as many people as possible please share and pass this on — particularly if you have a Mum (or Dad) you’d like to stay cyber safe; it could be the best present they receive this Christmas.

It began with a phone call, “Hi, we’re from BT and we’ve detected that your computer has been infected with malware and your online banking is in danger – we’re here to help.”. Judy (lets call her that) did indeed buy her broadband from BT, so this seemed plausible.

“Just go to this site” – Teamviewer; a legitimate app that allows someone to view and remotely control your computer – “download the app and give us the code”. With this step completed, the thieves were on the computer. “So that we can check things for you can you please give us some details.”. Judy confirmed the password she uses to login to the computer, her online banking PIN and passcode. Then she was told to put a towel over the computer whilst the thieves set to work ‘checking’ everything was OK.

Her daughter came to the house not long after the call. She saw the computer and asked her mum why she had a towel over it…

Removing the towel, they saw that the online banking app was open, and a transfer of £5,000 had been made to an unknown account.

They called the bank and the police and managed to freeze the account and the funds so they could be traced. The police advised that all passwords should be changed.

I then had a look at the computer. On the face of it, this wasn’t technically a sophisticated attack. A scan with freshly installed anti-virus from a trusted source revealed nothing. However, I noticed that the browser homepage– didn’t have the usual padlock to show it was over https and the normal browser URL bar had disappeared, so you had to search through the site. I couldn’t change the home page, and the normal preferences file for browser settings wasn’t there. Alarm bells rang. The thieves had access to the machine with the administrative privileges and had time to install and hide anything, such as a keylogger, which would mean that even though passwords had been changed, they could still have these new details.

What Next?

  • We changed all the passwords again, but on a different computer and turned on two factor authentication where it wasn’t already turned on.
  • The computer is going to be wiped with everything reinstalled.


  • BT (or whoever the internet provider is/Microsoft/Apple/Google/insert-some-plausible-organisation and so on) are NEVER going to call to tell you have a virus. If you get a call like this, just put the phone down.
  • Don’t ever give your passwords and banking details out to anyone.
  • If you have been a victim of a call like this and realise you’ve been scammed, call the bank and the police immediately, turn off your computer and have an expert you trust look over it.

Don’t let thieves ruin your Mum’s Christmas. Share this and make sure #mumstayscybersafe.