Re: How devious
You've made the mistake of thinking that this has anything to do with computing at all. Consider:
Guy rings you up. You don't know who he is, never heard his voice before.
He says he has some photos of you.
He'll send them to you if you want.
Just open your front door and he'll leave them on the mantelpiece.
Then you can open them in your own time.
If you haven't smelled a rat by line #2, you're an idiot.
My mum and dad are actually completely computer-illiterate. They are pensioners and they *can* play games like the Wii with some prompting (mum's actually a Mario-addict from the Gameboy days), but in terms of doing things if it doesn't start as soon as they press a button / put a disk in, they are absolutely baffled. They share a Facebook account that was their first ever online presence, made two years ago - up until then, they had no PC experience whatsoever (mum can type because she used a typewriter in a hospital job 40+ years ago but she still stabs the keyboard too hard), never owned a PC, never been on the net, never had an email account, never even done it through the TV or Wii or anything along those lines. Hell, it took years for them to learn to send a text.
When they get something dodgy (online, offline, on the phone, by text message, by Facebook, by email, by something popping up, or some dodgy bloke knocking at the door), if Dad isn't already shutting the door on their face, they are on the phone to me or my brother. They don't click on emails from strangers (in fact, they get rather annoyed that people they don't know CAN send them email or even Facebook messages), they don't download things, if the window today doesn't look like it did yesterday or something pops up asking permission they phone up or they just switch the computer off.
This isn't the result of intensive training - this is simply experience of what they've heard from others getting scammed, and application of their off-line principles to on-line actions (Who the hell are you and why are you talking to me on Skype / phoning me in the middle of the night?).
It's not an IT skill. It's a life skill. It doesn't matter WHO'S on the other end. If you don't know them, and don't think they have genuine business with you, hang up. Even if they do have genuine business with you, they will contact you another way that you *can* verify them.
But strangers popping up on Skype and asking you to do things for them (like click links etc.)? Come on. This is nothing to do with IT at all. It's common sense, even in pensioners with no IT skills above clicking on Facebook and replying to messages on there by text (not to Facebook, direct to the people in question!) after DECADES of bringing up two IT-literate sons.
Hell, Dad even sent me a message once asking if an email was genuine and actually included in the question he asked were the words "I don't even have an account with that bank!". Guess what, Dad? It's probably a fraud, then. Although not the best in deduction, he checked before he did ANYTHING.