It's possible that most commenters here are right, that the writer just has inferior reasoning capabilities compared to us, and that there's no way any of us could possibly fall for such a scam.
But I think it's more likely that there are techniques scammers can use to incrementally build trust, and that the rest of us would be wise to watch out for such techniques being used against us.
Quote: If it was a scam, I couldn’t see the angle. It had occurred to me that the whole story might be made up or an elaborate mistake. But no one had asked me for money or told me to buy crypto; they’d only encouraged me not to share my banking information. They hadn’t asked for my personal details; they already knew them. I hadn’t been told to click on anything.
The writer had carried on entire conversations with Krista and Calvin which lacked a scam angle. This wore the writer down to where she was more receptive to the stories being told to her. This is a warning to the rest of us to keep our guard up even after such conversations.
When I posed this theory to Saul Kassin, a psychology professor at John Jay College of Criminal Justice who studies coerced confessions, he agreed. “If someone is trying to get you to be compliant, they do it incrementally, in a series of small steps that take you farther and farther from what you know to be true,” he said. “It’s not about breaking the will. They were altering the sense of reality.”
> The writer had carried on entire conversations with Krista and Calvin which lacked a scam angle.
>"How much money do you have in your bank account?"
These scammers were good and had finesse, and the incremental approach is 100% effective. This one also plays on the "know your customer" horror stories that people have likely heard about accounts being frozen.
One has to stop every now and then to find the big picture and ask questions like why money in a bank account has to come into play, or to note that getting more detailed and in-depth are often signs of spinning a tale vs. telling the truth. That's also hard to do when you're probably in panic mode.
The callback from the spoofed phone number is very good, but also revealing. The fact that they called the victim and not vice versa, or that the call came from the main number are all clues that something is amiss.
> “It’s a government number,” he said, almost indignant. “It cannot be spoofed.”
This is something that should be taught. I only know how easy this is because I worked on messaging/telephony apps and an occasional misconfiguration while testing resulted in me sending texts or initiating calls that appeared to be from a completely different number than the one I was trying to use.
If someone calls me and I don’t understand immediately how this relates to something I recently initiated, I just tell them to fuck off. Much to my chagrin this once happened with a delivery driver who was trying to deliver a gift to a friends address. After I remembered I had some apologizing to do when he called again just trying to do his job. Unfortunately saying “I am from Amazon” in an Indian accent gets you sent right to the top of the fuck off list.
You have the right take. That was a scary read, because I could see how that manipulation was so powerful. There was a recent article in the WaPo about this happening to someone who had been a govt scientist. It's very tempting to say I'm financially literate, I'd never do this. But there are lots of scams, one could hit you one day.
The one thing I thought about in this article was that the bank is supposed to ask you those safety questions: why are you doing this, are you in trouble, this might be a scam, what will the money be used for. That might have pulled her out of this mistake. In the WaPo scenario the bank asked the victim those questions and she was told to lie and she did lie to them and lost even more money than this person.
Folks here seem happy to dunk on her, but her brother's take seems more reasonable:
> It was my brother, the lawyer, who pointed out that what I had experienced sounded a lot like a coerced confession. “I read enough transcripts of bad interrogations in law school to understand that anyone can be convinced that they have a very narrow set of terrible options,” he said.
I did that. Then they got a federal search warrant by making up a dog that supposedly smelled something, said there must be drugs hidden in my GI tract, dragged me to the hospital and then sent me the hospital bill when nothing was found. You can stop answering questions and they keep dragging you to more hospitals racking up your debt. This whole time I was 'not under arrest' so I had no real rights, but apparently DHS can drag you to hospitals cuffed for 'emergency medical care' without an arrest.
On another occasion feds came to my house to investigate a neighbor. When I refused to talk they waited until I was shutting the door and stuck their fingers in to try and get me for assault as it closed. Thankfully I caught the door at the last millisecond and just stared at them blankly with the door cracked until they left.
The solution is to severely limit the power of the federal government... but at least in the United States, every serious political party is working over time to do the opposite.
"I am invoking my 5th amendment right to refuse to speak. I will not speak until I have my lawyer present."
This is a (mostly) effective way of immediately stopping an interrogation.
Yes, a police interrogation is even more intense than what the author experienced. But confessing to murder is also quite a bit more serious than handing somebody 50 grand in a box.
The fact that someone with a lawyer brother believed a Federal agent (real or fake) would act in her interest while denying her access to a lawyer is sad.
This alone, or knowing that the CIA does not investigate domestic fraud, would have stopped this.
I don't see that many people dunking on her. On the contrary, people do often tend to very carefully dance around the topic of preventative measures because they don't want to be seen as "victim blaming." It should be OK to say "here's what we can learn from this, about the tactics scammers use, about the technical issues like call spoofing, so that we can avoid being victims ourselves."
>At about 12:30 p.m., my phone buzzed. The caller ID said it was Amazon. I answered.
This is a terrible story and I feel for the person affected.
The lesson here is that there's no reason at al to answer any inbound phone call if it's not a personal contact.
There are only two reasons someone you don't know may be calling you:
- to sell you something
- to scam you
If it appears important like your bank or a government agency then call them back and do not answer. There is no upside and a potentially disastrous downside for trusting an inbound request of any kind.
> He told me to go to the FTC home page and look up the main phone number. “Now hang up the phone, and I will call you from that number right now.” I did as he said. The FTC number flashed on my screen, and I picked up. “How do I know you’re not just spoofing this?” I asked.
> “It’s a government number,” he said, almost indignant. “It cannot be spoofed.”
Completely insane that we continue to allow caller ID and number spoofing, it's so effective for these fraud scenarios.
I consider myself technically inclined, yet up until today I didn't realize numbers COULD be spoofed
One day a few months ago I woke up to a missed call from a verified number. I had been in a car crash the night before, and I was worried I missed a call from the driver's insurance company.
I called them back, and I was told that I was talking to a civil engineering firm; the receptionist was polite, but she sounded even more confused than I was. I had googled the number while I was on the phone, and yup, it belonged to a civie firm.
At the time I just assumed some engineer fat fingered my number by mistake, but I guess I missed a call from "Amazon" or "your insurance company" or some other nonsense. Funnily enough an insurance scam might have gotten me in the state I was in.
And, in fact, there are good reasons to spoof numbers. For example, a company may want all/many numbers to look like they come from a company's central exchange as opposed to an individual person's desk.
I think answering unknown numbers in real time is situational. I normally don't answer any of them; as you said, if it's important, they'll leave a message. But when I bought a refrigerator I knew delivery people would be calling, so I answered unknown calls until it was done.
The ability to view a transcript of the message in real-time is a great new feature of iOS 17. I use it all the time — and it's pretty much always junk.
I don't always answer calls from random weird area codes. But I'm also not willing to effectively throw out my phone as a way to reach me because I get the odd junk call.
The underlying issue is that answering these junk calls perpetuates them.
When I am expecting a call from an unknown number, I begrudgingly answer the junk calls, knowing full well the next several weeks will be full of them.
With cell phones being near-ubiquitous, there's no reason not to text and email in these scenarios.
My niece and nephew's school does text message updates. Informational communications from friends are by text or email (and can be confirmed via the mechanism not being used, or by arranging a call). I have never gotten a call for a delivery (it's all email and text if I've opted-in), and would treat one as a scam, even moreso if it is related to an online purchase. Legitimate emergency services have zero excuse for not displaying as such via caller ID.
More and more routine notifications ("You have an appointment next week") have moved to texts. (Lots of people ignore emails or they filter to rarely-checked tabs.) And pretty much no one where I work calls unscheduled. But there's still a fair bit of calling from doctors' offices, immediate needs, etc. They'll leave an often partial message if it's important but then you can get into call-back loops.
There are absolutely reasons to answer inbound calls. Job seekers will hear from recruiters they haven't heard from yet and heaven help you if you miss a call from a government agency because you'll be waiting on hold for a long time when you call them back. Like anything, there are tradeoffs.
Yesterday I ordered an Uber to go from a hotel to the Airport. Immediately after connecting with a driver I get an inbound call from another state.
I'm the type that never answers inbound calls unless it's in my contact list and even then I might not answer and let them leave a VM or follow up with a text.
But I made an exception in this case due to the timing and my desire not to miss my flight. It was the Uber driver clarifying the pick-up spot.
> But I made an exception in this case due to the timing and my desire not to miss my flight. It was the Uber driver clarifying the pick-up spot.
This points to failed process on Uber's part. There is no reason an Uber driver should need to call their customer from their personal phone. The pick-up spot is prominently displayed on both the driver's and rider's apps. You can't miss it.
Same for delivery drivers. If the package requires an in-person signature, there should be a process for what to do if the customer is not available that does not involve the delivery driver calling from a personal phone.
Would you believe that passengers frequently do not appear at pick up spots? Or that some pickup spots in some geographies in crodwed cities are unclear?
Some drivers call proactively to avoid issues. I’ve had multiple calls from Uber drivers.
Unemployment agencies can call to ask questions about your application and it'll go quicker if you pick up. Often it's important for people to get the unemployment money quickly.
Indeed. Hospitals and medical providers almost always call from unknown numbers, and if they leave a message the person leaving it may not be reachable easily for callback.
Recently I contested a fraudulent charge on a credit card. When they called me for information about the incident they couldn't offer any way for me to verify that they were from the bank they claimed to be from. No published number. Can't verify my information until they hear me give it. Can't call them back because they have an internal extension, it would go to the regular fraud number which starts the whole process over. My choice was either to cooperate or ignore them and pay the bill. It was in fact the real bank...
Ah, I meant that there is no way to reach a second tier fraud handler on any published number. If you start over, you'll just repeat the escalation process, and end up with another unverifiable caller asking you to verify information.
This was a $6k transaction. Depends on your lot in life, you're right. But, I think the takeaway is that it takes both you and the bank to prevent fraud. And only one of those is in your control.
This. Not in my contact list? Good luck getting a hold of me. And people who know me know not to call on my phone.
My bank will lock me out of online banking if they want something from me. That will get me driving to the bank to fix the issue in person. Anything less than that will be procrastinated into oblivion.
Exactly do not pick up any call unless it's in your contacts already let all others go to voicemail to screen them. Even those voicemails be weary of especially if it's something that sounds scary even a family members voice crying for help..call their phone number directly to see if they are ok (it's not an AI voice). If you do call the unknown number which is possibly using a fake voice of one of your loved ones or friends ask them personal questions and or shared experiences between you and them..the scammers haven't downloaded our memories (not yet at least).
Personally I ignore almost unknown calls and voicemails and do not do any online shopping. Those few that I respond back to I'll say I can't verify who you are (people search sites & google search) are you a scammer/spammer?
It's not as easy as it sounds. The POTS network was not built with this sort of authentication in mind. Though every major carrier has converted to all-digital backhaul (which still leaves a number of last-mile exceptions here and there), every evolutionary step was built around backwards compatibility. What was never there can't be magicked into existence, though of course it can be strongly encouraged with incentives.
Even though mobile-to-mobile and VoIP-to-VoIP calls carry subscriber information under the hood, other call pathways don't or require translation of the information. STIR/SHAKEN are designed to carry this information end-to-end but the need for backwards compatibility and the usual slowness of cross-vendor cooperation leave some gaps.
Plenty of identifiers can be spoofed (email addresses, for example). This doesn't mean they are not useful. 911 operators for example can use caller ID to locate someone who couldn't disclose their identity or was disconnected too early.
Getting rid of something useful just because it doesn't work perfectly is dumb. It's replacing infrastructure maintenance and improvement with demolition.
It's not a technical problem, it's a market capitalism problem.
Legislate that callers receiving a call without a valid caller ID will be allowed at least one month of bill payments returned and they'd make damn sure that they never routed calls without a caller ID. "Valid" would have to encompass things like 'foreign country of origin', I imagine. So, a call from a scam call center, that the local company allows to be routed, might only have "City, Country". But that would be enough to auto-block all non-domestic calls. Your home country's supplier can decide whether to route calls from a foreign peer, but I imagine that not being able to charge customers would be sufficient impetus?
A company routing more than X% of non-IDed calls could be subject to penalties against it's directors (a fine equal to a years income, and/or 5% of all assets, would probably be enough), just to sweeten things.
Why aren't we more militant with companies that enable antisocial/scam activities?
No, it's a technical problem. These weaknesses exist because legacy systems had them and the entire telephony network is nothing but backwards compatibility and technical debt.
So in your view well regulated telephone networks could not feasibly ensure every call has origin data? Not even to the level of upstream origin to the suppliers network?
In other words, they have no idea where calls enter their network from; a corollary of which is they don't know which company to bill for any of the calls they terminate.
Companies purposefully allow false origins for call centres, and purposefully carry calls from spammers for financial reasons (they get paid). It's not a technical problem.
What you describe is an historic problem, not a technical inability to act.
Traditional regulatory authority has been moderately effective at getting changes made already, but being too aggressive risks network fragmentation. Even the USA is just one participant in the NANP, never mind the global telephony network.
We also don't live in the days of AT&T having a monopoly anymore. Any change requires cooperation between different vendors, and ensuring a smooth rollout means allowing for a slow rollout. This is the telephone system after all, not some startup's barely-used product.
Plus the government has multiple arms and some of them don't want the changes to be made or not too quickly (surveillance, stings, etc.).
> The lesson here is that there's no reason at al to answer any inbound phone call if it's not a personal contact.
I was thinking about that the other day. I think 'incoming calls' is an idea that got badly implemented, or I'd even call it one of the worst features ever implemented.
Besides my friends and family (I normally text chat with them during day hours and calls after work), why would anyone unsolicitedly call me? I might be in a meeting or deep work; did that never occur to you? So, either I miss those calls or do not pick up.
Some scammers are just dumb. One of them called me on a weekend and said - "This is border police". DumbF*k, there's no border police.
The woman went to the bank and withdrew $50k in cash. The article makes no mention of the bank warning or asking any questions. Banks and Tellers absolutely need to be taught to warn people of these scams. It has saved many people in the past by just simply raising awareness.
I once caught a older lady buying $2000 of google play gift cards from the service counter at a grocery store.
When I brought it up as politely as I could, she paused and look concerned but then assured me that they were gifts for her grand kids graduations. I pushed back gently that she should call the police if someone asked her to buy those, but she nervously laughed and reiterated the graduation gifts line.
I have no idea the outcome, but I do know it was in March and that here in America her grand kids almost certainly have iPhones. Really upsetting.
I had one on monday that purported to be my bank claiming it was calling to verify some blocked transactions £300 for amazon and £1000 in 'foreign travellers cheques'.
It was pretty obvious from the start it was an attempt at a scam - my bank never uses a robocall when they call to tell me they've blocked transactions, but this was a 'press 2 to talk to our customer service', but they still went with the 'we have blocked them because they are suspicious'. I guess they're happy to point out that scams and such exist, because it plays into your paranoia that maybe you ARE being scammed by someone else, and increases your trust in the caller if they're warning you.
All they want is for you to press or saying anything, to prove to themselves that a live person is at that number. Then you go on a list for increased scam attempts. They just call every number, most of which are dead. So finding a literal "live one" is gold. The real scam comes in a follow up.
DON'T PRESS OR SAY ANYTHING. Don't answer, or if you answer by mistake, just hang up.
>>The woman behind the thick glass window raised her eyebrows, disappeared into a back room, came back with a large metal box of $100 bills, and counted them out with a machine. Then she pushed the stacks of bills through the slot along with a sheet of paper warning me against scams. I thanked her and left.
Giving you a generic warning slip isn't the same as "telling you to be aware of scams" -- most people lump that into generic background noise.
My best friend's mom recently passed. She had Stage 4 breast cancer and somehow survived for a decade in that condition. My friend's dad has always been "out there" in a sense, but now has full on dementia.
While cleaning out their old office, we came across Apple Pay gift cards, all with their code revealed, stored in an envelope. $2500 worth, from people with very little to begin with.
His Dad, with his dementia, had no idea what it was about, and his Mom is gone. We can only conclude that they were scammed. His Mom was a very sharp woman, but somehow it still happened. Very sad indeed.
> The article makes no mention of the bank warning or asking any questions.
The article, about half way in, indeed does say the bank teller which counted out the $50k warned her of scams. It is in this paragraph:
> When I reached the bank, I told the guard I needed to make a large cash withdrawal and she sent me upstairs. Michael was on speakerphone in my pocket. I asked the teller for $50,000. The woman behind the thick glass window raised her eyebrows, disappeared into a back room, came back with a large metal box of $100 bills, and counted them out with a machine. Then she pushed the stacks of bills through the slot along with a sheet of paper warning me against scams. I thanked her and left.
Note the second half of the second to last sentence: "along with a sheet of paper warning me against scams".
The person being scammed ignored the bank's scam warning.
Curious that it was only an easily ignored piece of paper, though. Not even a short chat as to "how sure are you that you are withdrawing this lump of cash for a legitimate purpose"?
Agreed, the bank /should/ have tried harder to point out the possibility for a 'scam' occurring here (and of course this would eventually evolve into a discussion of "how much is sufficient"). But the article does admit that the bank did warn her, she just ignored the warning (and I don't recall her saying why she ignored the warning on the sheet of paper).
Wasn't the scammer on a live call in her pocket, listening in? In which case, a warning on paper might've been the best way to secretly convey the message. And also give her something tangible to review at multiple times before the money was handed over?
In the US, if you are withdrawing ~thousands of $ in cash, and they ask you what it is for, and your answer is "mattress" or "no answer" then you can be 100% certain they will file an SAR.
However, there are probably so many SAR's that they would only be useful as a data point on an investigation triggered by something else, or if you get them frequently.
Also, if over $10k they are automatically required to file a CTR on that, but I bet those are even less likely to trigger anything by themselves.
Better than asking what the money is for, even if the customer gives a reason like "buying a car", warn the customer that if someone on the phone or is unknown at your door asked you to do it urgently it's probably a scam even it they say they are from your bank/company/authorities.
The scam here was threats through external calls, pretending to be authoritative agencies (FTC, CIA). The scam would have been prevented if the person had actively sought contact to those agencies to validate the claims of the callers.
Never trust someone who calls you with extreme, urgent bad news. Use validated, known means of contact for whoever they pretend to represent and validate.
Many years ago I experienced a "false negative" event like this: two different people called me claiming to be FBI agents. Of course I laughed and hung up. A couple of weeks later a car pulls into my driveway, two dudes wearing mirrored sunglasses get out, introduce themselves as FBI agents. I ask them to show me credentials, which they do. Lesson: you can just hang up on all calls purporting to be from federal agencies. They will show up in your front yard if they really need to talk to you.
How many people know what [insert federal agency] credentials look like?
I have a friend who is one of the 2k IRS Criminal Investigation Division agents in the entire country. He's full-blown armed federal agent a la FBI, etc.
He tells me it's very common that when he goes out to do an "interview" people say he's not real and they're calling the police, slamming the door in his face.
The local cops show up, check him out, and then go back to the door with him. In his area he (of course) personally knows many local cops and they'll show up laughing "Oh another one, huh?". It doesn't bother him at all and I seriously doubt a scammer/impersonator would stand around waiting for the police to show up and then have the gall to try to con /them/.
Additionally, they have undercover vehicles (of course) but when he goes out for interviews like this it's in the classic "Oh yeah that's a cop car" vehicle with US Government license plates.
It's such a weird read. She even called out the possibility of spoofing calls and how law enforcement never asks for money. So she was well aware. Yet she fell for all of it without being able to explain why.
I've refused to give away basic ip addresses to the police because they couldn't verify their identity and she handed over her life savings to a stranger in an unmarked car.
I wish she at least could explain her reasoning afterwards. Her husband's disappointment must be immense and that's a tricky thing to mend.
Sounds like a lot of manipulation techniques described in this book being used:
A little treatise on manipulation for honest people
Book by Jean-Léon Beauvois
I had a psych teacher who shared an anecdote of how she spent a few 100 on Venetian glassware key-rings to gift everyone due to a combination of those techniques, despite knowing and teaching them for years. Knowing something is manipulation and how it works doesn’t make one immune to it. It made no sense to the teacher why she fell for it. She couldn’t really explain it either, except for that is how the techniques work. It uses how your brain functions to shortcut your ability to think rationally, and get you to do something you normally wouldn’t, and that seems obvious in hindsight. You could compare it to hacking someone’s thoughts, except there’s no way to fix vulnerabilities with a software update.
If you read this and think "what an idiot" instead of thinking "is there any way a variant of a scam like this could work on me?" you're doing yourself a disservice.
I don't think this happened. Too much of it doesn't add up. I'm especially hung up on going to a major US bank and asking to withdraw $50,000 on no notice, with minimal ceremony. At the least, they'd be filling out a SAR, right? I am speaking from some experience with large (and carefully papered, unlike this one!) transactions with Bank of America.
The suggestibility details in the story don't add up. She attempts to verify the CIA agent, is told to check an incoming number, knows that incoming numbers can be forged, but buys that government numbers can't be? There are too many places in this story where we're asked to let the author have it both ways: she knows something is wrong, specifically, but is going along anyways.
It's not at all clear why she couldn't call the police; it's just stated, at one point early in the article, that she concluded that she couldn't. What's the rationale for that one? The scammer might be in the local police department? Like Agent Koutris in Season 2 of the Wire?
I'm also hung up in the scammers showing up, in person, in a Mercedes. They have not in fact hacked this person's whole life (that isn't really a thing), so they don't know that the police haven't been contacted. But they're showing up, at her house, in a car probably worth more than the $50k that they're hoping to collect. Here I have just a basic Bayesian problem: the Venn diagram of people who can cough up $50k who won't contact the police, such that the handoff is a setup, is slim. It's not that it's impossible; it could happen. But the base rate is very low. As a strategy, that is a very effective way to lose a white Mercedes SUV.
I'm registering a prediction that another shoe is going to drop on this story.
Two pieces of corroborating information that are gettable:
* The police report that she says was filed on October 31 is a public record subject to FOIA.
* The handout her bank gave her about "not getting scammed" when she withdrew the 500 $100 bills should be available to anyone who asks.
I agree with you that this part is fishy as hell. I can swallow the Mercedes (pay a random dude money to collect the box without reading him into the scam), but not the part where she strolls into a BoA branch and gets $50K on demand while on speakerphone with her scammer.
I'm on a Slack trading stories about trying to take 5 figures in cash out of major banks, and (1) all of them are more complicated than getting stacks --- you get neat little envelopes, btw! --- at the teller, and everyone has stories about things escalating to managers and getting quizzed about what was going on, and (2) nobody has ever seen this supposed high-dollar withdrawal room or floor in a major bank (in fact: if you're doing HNW banking, you're less likely to see bulletproof glass, not more).
I think the Internet is hypnotized by the debate about how dumb you have to be to get taken by a scam like this. Smart people get taken by these kinds of scams all the time. The story is directionally and importantly true. But I think it's almost certainly false. I've got a FOIA out for the police report.
Someone should roll into a Citi or Chase and try to pull 50k out on no notice next week. I bet they freak out. One person I talked to was told they had to give advanced notice to take $15k out. And pay attention to the timeline given on this story! Everything had to have taken place between the hours of 2:00PM EST (when she got the call) and 5:00PM EST (when all the banks in Brooklyn close). At 6:00PM EST she's home giving the money to the guy in the SUV, who she's not allowed to look at, because he's UC. On Halloween. And the scammers picked the day to do this on. Come on.
Last night I stayed up late to crunch on a deadline, so my brain cells are slower than usual...but did anyone else not realize on first read that, according to the author, happened in a just SIX HOURS?
> That morning — it was October 31 — I dressed my toddler in a pizza costume for Halloween and kissed him good-bye before school. I wrote some work emails. At about 12:30 p.m., my phone buzzed. The caller ID said it was Amazon. I answered...
> I met the SUV at the curb and put the money in the back seat. It was 6:06 p.m. Even if I’d tried to see who was driving, the windows were tinted and it was dusk. He maybe wore a baseball cap. When I turned around, I could see the backlit faces of my husband and son watching from our apartment nine stories above. As I walked back inside, Michael texted me a photo of a Treasury check made out to me for $50,000 and told me a hard copy would be hand-delivered to me in the morning.
The amount of convoluted bullshit that the "CIA" and "FTC" investigators fed her, I automatically assumed that developed over the course of a week at minimum, as do many Nigerian prince/pig-butchering scams in which the scammer ends up geting to know the victim's personal life (and sources of funding) as well as an actual close friend.
Withdrawing $50,000 in cash from your bank in a single day between taking your kid to school and then trick-or-treating is impressive enough under any circumstance. But I can't imagine hearing and processing all that bullshit (nevermind believing it!) in a single day
Definitely a fair point. Although I think that's the only way the story works.
That said, the part that caught me was that the bank was happy to hand her 50k... ? With just a paper about scams? IDK, I wrote an 8k cashier's check awhile back and the manager came out to make sure I wasn't sending it to a Nigerian Price.
Her bank must do a lot of cash volume to not blink at 50k taken out mid-day with no questions asked.
I think the biggest protection against this kind of scam right now is just treat every incoming call or message as untrusted. Since caller ID spoofing is just left completely unchecked by the government and telcos.
Anyone who calls me out of the blue is a huge red flag, I don't engage with them other than asking what they are calling about, if it sounds like something real then I hang up and call back through the public listed number of whoever they claim to be.
Im amazed she pulled the money out so easily. A few times I've bought shitmobile cars for 5k+ plus cash and the teller always spends 5 minutes typing up a SAR before they hand it to me and always interrogate why and seem annoyed. WTF bank does she have that they just grab 50k no questions asked?
She likely had to speak to a bank manager and return on a different day to retrieve the money. Of course, it's not possible to pull out that much cash from a regular teller.
It makes for good content. The story will go viral, and she'll likely get compensation (and more) with the help of real government authorities or generous donors.
The real crime in this story is that telcos still haven't stopped the ability to spoof caller ID.
In a just world her phone provider would be liable for the stolen money, along with all the other stolen money as a result of spoofed caller ID.
It is absolutely batshit insane that this is still an issue. Fucking fix it. Yes I am aware of STIR/SHAKEN, it should have been completed 20 years ago.
And yes, I'm sure there are business reasons for wanting to pool a company's numbers under a main company line: but tough luck. There should be no way for this to happen. Make businesses find a way around it.
The scammers seem so talented, I wonder how good they would do in a legitimate career in sales. If you can convince people to hand over 50k$ in cash to an unknown man in a car - what can't you sell?
I check on my mom and her finance about every week. As I said to her and others many times - don't do anything before calling a relative or the police. The simplest check can save you great pain - really simple when you think about it.
It seems like the main defense to this is to not have cash.
We all seem smart until we’re unreasonable. I don’t expect I’m stupid, but if someone threatens my kid, I probably get real dumb.
But if I don’t have cash, I don’t have cash. So the solution is to have failsafes so if we start getting cash to put into a box, someone questions us and convinces us that handing $50k into the window of a car driving by is a bad idea.
This person is brave for writing about how stupid they are.
>It seems like the main defense to this is to not have cash.
Which has its own set of problems. Various mechanisms to hold and transfer large amounts of cash largely anonymously have already largely gone by the wayside (e.g. bearer bonds). Read some spy or financial novels for a few decades ago sometime.
Alright... I understand, anyone can get scammed, these scammers know what they're doing and all that, but come on. One fine afternoon you're on the phone with a CIA agent telling you to pull $50K out of your account and put it in a shoe box and hand it to some random dude in the street, all it would've taken to avoid this is to stop, breathe, think about what is happening and it would have been clear.
First, she was called by Amazon. First full stop -- these companies don't care about you enough to call you.
Second, they transferred her to an investigator with the FTC? Then they transferred her to someone with the CIA? Then that CIA agent said, "Withdraw 50,000 in cash, put it in a shoe box, and put it in a car that pulls up in front of your house."???
I know we aren't supposed to blame the victim, but Charlotte Cowles has no business being a "financial advice columnist".
I find it interesting that the software community tends to be so big on things like blameless postmortems and root cause analysis that understands that "just train somebody not to fat finger a SQL query on prod data" isn't nearly as effective as actual systems that prevent bad things from happening yet the response here can be "wow this person is just too dumb to live."
I disagree with the latter. A victim of financial crime is exactly the sort of person who knows how to get to the people that most need advice on handling potential financial crimes. They lived it, they can speak to the fear/shame/anxiety/etc. m
Amazon has called me on three different occasions. The third time I didn't pick up so they sent me an email saying they couldn't reach me. So getting a call from them isn't out of the ordinary. Everything else though...
Sure is a lot of victim blaming in here from people who have no understanding of the psychology of how getting scammed usually works. Scammers often ramp up the unreasonableness of their scams slowly. It starts out fairly reasonable, often with something urgent so as to induce stress. Then gets less so in small increments. People are inherently vulnerable to this.
All this ego-stroking(this would never happen to me, this is all her fault for being stupid and naïve) is frankly just asinine and immature. Hell, if you really think that, you're probably a prime target. This could happen to anyone.
Instead of victim blaming, which only makes it harder for people to share stories like this, we should be humble and constructive.
I disagree with the part about it happening to anyone. Some people are really suspicious by nature and have read up on many forms of scams - a scammer will be hard put to pull a fast one on them. Those people are a small percentage of the population though.
I've been excoriated for IP-blocking all of .ru, .ch, and .hk from my funzies, recreational website about a particular game as "racist". Don't care, it's eliminated 99% (I did the math once) of all the hack attempts to it.
Some people lack an ear for accents, especially if they're subtle. Personally, my ear is so bad that I get Brazilian accents mixed with Eastern European accents; and west African accents mixed with Carribean accents.
You never know how you will respond to a situation until you are in it. In this case the scammer threatened family and seemed to have inside information on the victim.
Instead of victim blaming it's important to spread awareness of how this happens in the first place: answering inbound requests: phone, email, social media, etc. Best not to answer cold contacts of any kind.
People tell themselves all kinds of things to maintain their internal narrative about themselves. This person claims not to be a rube, yet engaged in many rube activities.
They knew about number spoofing but ignored it when told. They knew about checking with an attorney, but didn’t do so. So many points at which they could have stopped this and didn’t. They aren’t nearly as sophisticated as they claim in the opening.
Also, in general, you should already have cash stashed away, outside of a bank, in case this or a million other things actually happen. Your assets can be frozen without warning or evidence against you. Going to the bank to withdraw large sums because some guy on the phone claiming to be an authority says so is always stupid.
I got it - was making a sort-of joke - scams don't need to be that sophisticated or work on everyone, because exactly half the population has a below average IQ.
A weird point to make, because in the context of a measure specifically constructed to have a normal distribution (IQ), the median definitely is equal to the mean. You are right in the general sense, and wrong in this instance.
Depending on the context, any representative measure of central tendency, such as the mid-range, median, mode or geometric mean, can be called the average.
(not the GP) No, I don't believe I'm immune, which means I am aware of that tendency and try to take it into account = I'm more resistant even if not immune.
No need to jump to those negative conclusions. This type of scam is very effective and can catch anyone. The attackers trick is to psychologically create a sense of urgency and alarm, whilst providing a solution that makes sense in the scenario they create. It is not easy to not fall for that.
This. When I was a pretty fresh college graduate, with my first non-student job, I got a scam call telling me my student loan payments hadn't properly processed and they were about to notify my employer and start garnishing my wages if I didn't immediately bring my payments current. (I can't recall if worse outcomes than that were explicitly stated, or implied just enough to let my imagination take off.)
I would have eagerly given them my banking information, but I was panicking so badly I accidentally dropped and broke my only phone (this was was long enough ago that it was a landline handset). I eventually got on my neighbor's landline, called the student loan administration... and found out my loans were up to date, and I'd been the target, and nearly the victim, of a scam that would have cleaned out my bank account.
The panic was a key element, and everything about the call from word choice to tone, was designed to encourage it.
Literally not what happened. What happened was:
- "Amazon" called about suspicious activity
- "Amazon" transferred to "FTC investigation"
- "FTC investigation" transferred to "CIA"
This layered approach is key to the tactic. People are much less resistant to manipulation than they think, as is obvious in the current political craziness.
It would be interesting to get the numbers from the perpetrators. What do you imagine their success-rate to be? I think it's quite low, probably sub 1%.
The story is obviously made up. Someone trying to become the main character or something. Maybe covering up a debt that is more embarrassing?
There are plenty of scams where someone calls unannounced, but the idea that they are going to have willing Enemy of the State style targets with such predictability that they can have people on the ground doing cash pick ups, and also never getting caught, is simply less credible than like any number of alternatives IMO.
I also feel like OP forgot how organized crime actually operates. Number one, yes, they can drive a car somewhere and pick up a box. Number two, of course they'll get caught eventually - but this is like saying that car thefts don't happen, because obviously car thieves would get caught.
But I think it's more likely that there are techniques scammers can use to incrementally build trust, and that the rest of us would be wise to watch out for such techniques being used against us.
Quote: If it was a scam, I couldn’t see the angle. It had occurred to me that the whole story might be made up or an elaborate mistake. But no one had asked me for money or told me to buy crypto; they’d only encouraged me not to share my banking information. They hadn’t asked for my personal details; they already knew them. I hadn’t been told to click on anything.
The writer had carried on entire conversations with Krista and Calvin which lacked a scam angle. This wore the writer down to where she was more receptive to the stories being told to her. This is a warning to the rest of us to keep our guard up even after such conversations.
When I posed this theory to Saul Kassin, a psychology professor at John Jay College of Criminal Justice who studies coerced confessions, he agreed. “If someone is trying to get you to be compliant, they do it incrementally, in a series of small steps that take you farther and farther from what you know to be true,” he said. “It’s not about breaking the will. They were altering the sense of reality.”