Mom, the Identity Theft Magnet: Lessons from an MSP’s Hilarious Nightmare.

Ah, the life of a Managed Services Provider (MSP). It’s all network uptime and defending against ransomware—until your 72-year-old mother enters the picture.

My mom is a woman of many talents—she can whip up a Thanksgiving feast for 20 without breaking a sweat and has a sixth sense for spotting a good bargain. But technology? Let’s just say she still thinks Facebook is “the Google.”

So, when she called me last year in a panic because her credit card had been maxed out on a shopping spree she didn’t take, I wasn’t entirely shocked. But when it happened the fifth time, I began to suspect she had a glowing sign above her head that read, “Free Personal Data Here!”

The First Clue: A Free Cruise to Nowhere

“Guess what?” she said excitedly one day. “I won a free cruise!”

“Mom, you didn’t enter any contest.”

“Well, that’s the amazing part! They said I was randomly selected.”

“Did you give them any information?”

“Just my full name, address, date of birth, and credit card for the ‘port fees.’”

I sighed so hard that I nearly passed out. “Mom, that’s a scam.”

“Well, I thought so too, but the guy on the phone said people always assume things are scams when they’re actually good opportunities.”

And that was when I knew: my mother wasn’t just a target for cybercriminals—she was their dream come true.

Data Breaches and Online Shopping Sprees

The second breach came from her love of online shopping. She called me one night, her voice filled with frustration.

“My Amazon account is acting weird,” she said.

“Did you click on anything suspicious?” I asked.

“Well, I got an email saying I needed to verify my payment info for an order I didn’t place.”

“Mom, you know better than to click those links.”

“Well, it looked real! Plus, they were offering a 20% off coupon for my trouble.”

Turns out, she handed over not just her login credentials but also her social security number because the email claimed it was for “identity confirmation.”

Passwords That Make You Weep

Then came the password incident. After her bank account was compromised, I asked her what password she was using.

“Fluffy123,” she admitted.

“Mom, that’s the name of your cat.”

“Well, yes, but I added ‘123’ so it’s extra secure.”

Cue me banging my head against my desk.

A Series of Unfortunate Social Media Posts

The straw that broke the camel’s back happened last month. Mom accidentally posted her social security number on Facebook. Why? She thought she was sending it in a private message to “customer support” for a scammy “Medicare refund program.”

The fallout was catastrophic. Not only was her identity stolen for the sixth time, but now people were commenting, “Hey, is this the new lottery?” on her post.

I sat her down for an intervention. “Mom, we need to secure your identity.”

“What do you mean? I already called the credit card company and gave them a piece of my mind,” she replied.

“No, Mom. Yelling doesn’t secure anything.”

Lessons in Cybersecurity (for Both of Us)

Over the next few weeks, I overhauled her digital habits. And, in the process, I learned a few things about balancing high-tech solutions with low-tech logic.

  1. Password Managers Are Non-Negotiable

Mom is now using a password manager, which she affectionately calls “her little assistant.” She still doesn’t understand how it works, but she’s thrilled that she no longer has to write down her passwords on sticky notes and leave them on the fridge.

  1. Multi-Factor Authentication (MFA) for the Win

At first, Mom resisted MFA. “Why do I need to check my phone just to log in?” she grumbled.

“Because it’s like locking the front door and adding a deadbolt,” I explained.

“Oh, well, that makes sense,” she said. “I never trust just one lock.”

  1. Phishing 101

I made a list of common phishing tactics and taped it to the inside of her spice cabinet—her most frequently visited location. So far, she hasn’t fallen for any more “urgent account verification” emails. (That I know of.)

  1. Credit Monitoring and Freezing

I froze her credit faster than she could clip a new batch of coupons and signed her up for credit monitoring. She now gets alerts whenever someone tries to open an account in her name—though she did call me last week, confused about why she got a text from Experian. (Spoiler: it was me testing the system.)

  1. A Little Humor Goes a Long Way

Mom’s patience for tech lectures is about as long as a Hallmark movie’s plot twist. So, I’ve started explaining things in ways she understands.

“Think of your password like a clearance sale. The bigger the markdown, the more people are going to grab it. Make it expensive.”

A Happy Ending (Sort Of)

It’s been six months since her last identity theft incident, which is a personal best. She still occasionally calls me in a panic—like the time she thought her tablet was hacked because an ad popped up for a cruise (which, she insists, she did NOT click on). But overall, she’s safer—and so is my sanity.

The experience taught me a valuable lesson as an MSP: no matter how advanced your tech skills are, they’ll always be tested by the one person in your life who doesn’t believe in software updates or ad blockers.

There is a shortcut, however. As an MSP, we have exclusive access to a service called Uncompromized™. It’s an identity theft solution with the huge added benefit of scrubbing data from public data broker websites. After everything with Mom, I got her enrolled, and while she still clicks on way too many links, there are far fewer phishing emails coming her way now.

Leave a Comment

Your email address will not be published. Required fields are marked *

*
*