Scammed! What to Do and How to Prevent Internet Crime

(Scroll to the bottom to hear this article in podcast form!)

Today’s article is a little off-topic from what you usually see at practicebalance.com. But I assure you, this is applies to literally everyone – unless you live under a rock and use no email, no phone, do no internet shopping, etc. Are there still people like that?

The scam

I was at the hospital waking a patient up from anesthesia, and I saw a call come in from Google.

I ignored it, but they called two more times, and on the third time I answered the call. It was an automated message that said, “We noticed a change to your phone number on your Google account. If you made this change, press 1. If you did not make this change, press 2.” So I pressed 2. Then, while I was dropping the patient off in the PACU, someone from a northern California number called me. So again, I answered.

The man on the other end of the line identified himself as a Google employee and told me they needed to reset my Google passwords associated with 2 different emails, which he recited to me. He also knew my husband’s name and asked me if he had possibly made the changes.

He didn’t ask me for any sensitive information, which would have definitely made me suspicious, so I continued on the phone with this guy, WHILE WORKING IN PACU, to reset my passwords by him sending me 2-factor codes through my Youtube app.

At that point, the call started getting a little weird, but I still went along with it. I was trying to write down vital signs for my patient and hurry this guy along. But he said a couple things that in retrospect should have raised a bigger flag. First, he said “yes sir” at one point, which was odd and unprofessional, and then he basically asked me in a roundabout way if I had any cryptocurrency.

Finally the call ended, and while I was closing out the case chart, I called my husband. I was like, “You won’t believe what just happened (blah blah blah)….” Partway through my explanation, he started interjecting:

“What did you tell them? What did you give them? No no no no no!”

He said it was a scam. The computer nerd security expert anesthesia partner sitting next to me in PACU while this happened said it was a scam. Then I typed it into AI and it said, “Most certainly a scam.”

🙄 🙄 🙄 🙄 🙄

I still had another case to do! Imagine having to put a patient to sleep and take care of that patient while stressing about what had just happened! But I got through it and left for the day, and I was on my computer or phone for hours after that trying to place security flags on my accounts, change passwords, etc.

I got lucky

So far, nothing really serious has happened to my accounts or finances. I believe the people who were scamming me were probably after crypto, of which I have a little bit. Someone called later that night and tried to pretend they were from one of the crypto wallet apps, alerting me that my account had been logged into in Germany and needed to be reset. In my jaded and tired state, I asked them if they could prove legitimacy of who they were before moving forward, and they hung up on me.

According to my AI explanation, the scammers were possibly trying to access my email accounts and photos to find crypto ledger keys or other important but long passwords. Apparently people take photos of these long strings of letters and numbers and store them on their Google Photos, but I thankfully do not do that.

I have to admit that sharing all this is kind of embarrassing, but I’ve never been the type of keep things to myself. I’ve shared my vulnerabilities like an open book since I had my health scare in residency. Yes, I’m an intelligent, highly educated doctor, but I’m also a human. I’m not perfect.

And neither is anyone else.

During my work week, I shared what had happened to me with nurses and other staff, and multiple people reciprocally shared stories of their own where either they or their spouses had gotten scammed. And most of them were not as lucky – they had real money stolen from them. Even the lady on the phone at Vanguard who helped me reset all my security features shared that she had been victim of a scam.

It’s just so common, and it’s so shame-inducing. Imagine how many people have been scammed and have never even reported it or talked about it because they’re embarrassed or think there’s no point! Incidentally, you can report what happened at the Internet Crime Complaint Center through a web form. I wanted to share this experience because I hope it helps you – to not be fooled by something similar to this, and to re-evaluate your internet security measures in general.

What I did

The first thing I did was ignore the scammer’s instructions to leave the temporary password in place for 24 hours. It was kind of a lame password anyways – another red flag, but it was too late at that point. I went to Google Account Recovery and reset everything within about 20-30 minutes. I changed the passwords for my two emails, and then I also changed the recovery email to a non-Google email I have through my web hosting.

I added passkeys to everything. I called my financial institutions and alerted them to what had happened, and I changed those passwords. Then I started working on other basic accounts like social media. I realized I was using the same password, albeit a complex one, for multiple logins (which is a bad idea). It’s been a little more than a week since this happened, and I’m still realizing passwords I should change and 2-factor authentications I should beef up.

There are common scams circulating these days targeting physicians and other professionals regarding their licenses, DEAs, or other professional credentials. They threaten to revoke your credentials if fees are not paid or information not given. And I’m sure everyone listening has received a phishing scam email where they try to get you to click on a link that might cause problems to your device.

There are even more sophisticated scams nowadays impersonating your work IT services, wanting to install questionable software for remote access. I also remember once receiving an email supposedly from the head of my anesthesia department asking me to purchase some gift cards for him. The thing is, while some stuff is obvious, scammers and getting more and more savvy (like, how did they send 2-factor codes to my Youtube app??), so it’s harder to know when something is a scam or not.

What you can do to prevent being a victim

A Mel Robbins podcast on this very subject with cyber security expert Caitlyn Sarian just happened to come out last week, but I listened to it after all this had happened. I thought it was informative and easy in approach, as opposed to many people when they talk about this subject and they lose me in the tech, or they’re just totally over the top making everything Fort Knocks. Here’s a summary of the points I took from her interview:

1. Don’t answer calls from unknown numbers. I should have never answered the call. I should have let it go. If it’s important, they will leave a message. And anyway, big companies like Google or Amazon will never call you. They send emails only. I should have known this because any time you have a problem, they’re super hard to get a hold of!
2. Don’t post on your social media while traveling. I admit that I’ve done this before, but I see all sorts of problems with it now. Not only will people know you’re not home, but people will extrapolate your exact location and could try to scam you while on vacation. Save your vacation photo dump for after you get back.
3. Don’t use the same password for everything, even if it’s a good password. Most people know you need to have complex passwordse – even for shopping sites where your credit card might be stored – but my problem was that I had a lot of things using the same complex password. On the subject of passwords, I highly recommend a password vault. We use Last Pass, but there are others. You can buy a family membership, and then if something happens to you, your family will have access as well (an important feature for any occasion).
4. Beware of AI voice fakes where they use your voice or the voice of a loved one to try to scam you. Because I have a podcast, my voice is all over the internet. Someone could take my voice and make it sound like I’ve been kidnapped and extort money from my family. Consider adopting a safe word or keyword that is only known within your family, that you can ask for if this unfortunate situation were to come up.
5. Consider freezing your credit. We did this back when there was an Equifax breach years ago and have never unfrozen. Yes, it’s kind of a pain to apply for credit cards, but all the agencies now have apps where you can place a temporary thaw. This way, no one can open up a credit card in your name without you knowing.
6. This last tip is my addition and was not discussed in the podcast, but I feel it’s equally important… Don’t multitask. Focus on what you’re doing, and don’t get distracted. This was my biggest pitfall in this scam. I was working, and I should have ignored the call. I could have paid better attention and maybe I would have caught on to what was happening.

As I mentioned, I feel lucky that this wasn’t, or so far has not been, a worse outcome for me. It’s been an eye-opening lesson about beefing up security and also paying better attention. There are literally so many ways our information can get compromised on the internet, you could go crazy thinking about it all.

I say do your best and cover the big rocks.

I hope this article was helpful. Like I said, this information applies to everyone!

Have you ever had something like this happen to you, or maybe someone you know? What was the outcome? How did it change what you do online? Share your thoughts by leaving a comment below!