A few years ago, my elderly parents got a call from an unknown number. My mom picked up and the person said, “Grandma? Do you know who this is?”
My parents are Russian, and they are getting a bit hard of hearing in their advanced age, so my mother immediately identified the caller as my son—my parents’ grandson. “*****, is that you?” As soon as she said his name, the caller knew several things:
The people on the other end of the line are old enough to have grandchildren;
The grandchild is male;
The grandchild’s name;
The grandchild is either an adult, or close enough to adult age, since the caller was an adult male.
The caller proceeded to tell my mother that he was in jail and that he needed bail money.
The claim was, of course, untrue, but the scammer counted on several things:
Grandparents are emotional when it comes to their grandchildren and will not examine the claim too closely;
Hearing my parents’ accents (we are refugees from the former USSR), that my parents did not understand the US legal system;
They would act based on their emotions, instead of stopping and thinking about whether their grandson would, indeed, land himself in jail and call them for bail money.
The scammers were right. My father, upon hearing that his grandson needed help, grabbed his car keys, and headed to the nearest Target, as instructed by the scammer. Once there, he bought $6000 in gift cards, called the scammer back, and read the numbers over the phone. My mother called me to tell me what happened, but by the time I reached my dad, it was too late.
By the time I got in touch with him, I was enraged, and not just with the scammers.
How could my parents not know that the first person my son would call if he was in trouble is me? Did they pay zero attention to the close relationship I have with my kids?
How could they not know that bail is NEVER paid with Target gift cards?
How could neither one of them recognize that the voice on the phone was not my son?
Once I cooled off, I realized that my parents weren’t stupid, but that the scammers played on their emotions, scaring them into ignoring their critical thinking and reasoning skills. My parents are both engineers by trade, but even they were taken in by fear for their grandchild.
So, today, I speak with them daily, they ask questions about emails and calls they receive, I have taught them how to look at email addresses, how to parse the body of the email, and how to block unknown calls.
It’s not easy. English is not my parents’ native language. They both speak Russian, Ukrainian, and Polish. My father also has limited French, German, and Yiddish. Looking for grammar red flags in an email is difficult for them, and listening for specific speech patterns, or even accents, to determine whether a call is coming from one of their grandchildren is nearly impossible. So, they call me every time someone asks for money via email, or they just hang up on the caller.
Worse yet, now scammers are using AI to fool vulnerable people into believing that they’re talking to their grandchildren.
Advancements in artificial intelligence have added a terrifying new layer, allowing bad actors to replicate a voice with just an audio sample of a few sentences. Powered by AI, a slew of cheap online tools can translate an audio file into a replica of a voice, allowing a swindler to make it “speak” whatever they type.
I was also angry with Target.
Did they not train their employees to spot possible fraud victims? An elderly man in a panic buys thousands of dollars in gift cards, and no one warned him that it could be a scam? Did no one care that a member of a vulnerable population was possibly getting defrauded?
Grandparent scams are well known these days, although vulnerable elderly victims still fall for them.
The problem is that scams proliferate, and methodologies change as older typologies are detected and publicized.
OFAC recently issued an alert, warning the public about telephone, email, and letter scams in which individuals falsely claim to represent OFAC and request payments.
One example involves timeshare fraud schemes, where scammers have falsely claimed that OFAC has “blocked” payments of taxes made by the timeshare owner. Third-party scammers subsequently contact the timeshare owner, falsely claiming to represent OFAC, and demand payments in exchange for the release of the purported “blocked” funds. For more information on these scams, see Treasury’s press release on OFAC sanctions against one timeshare fraud network.
How many people out there know what OFAC is, who aren’t compliance nerds like me? So when a scammer calls and claims to be from the Office of Foreign Assets Control, the name itself is intimidating and can pressure a victim into handing over a “fee” or a “financial penalty.”
As I tell my parents and clients often, regulators will never call you on the phone demanding payment. The IRS will never call you, and neither will OFAC. And certainly, neither agency will demand payment over the phone!
FinCEN last week also issued an alert involving mail scams. These are not new and have been on the rise since the COVID pandemic began in 2020; they target the US mail, as well as mail carriers.
Criminals typically steal personal checks, business checks, tax refund checks, and checks related to government assistance programs, such as Social Security payments and unemployment benefits. Following the initial theft and fraudulent negotiation of the stolen checks, criminals may continue to exploit their victims by using the personal identifiable information found in the stolen mail for future fraud schemes, such as credit card fraud or credit account fraud.
Individuals need to monitor their accounts to ensure all withdrawals and payments are genuine and authorized. Set your phone app to alert you to every transaction and report suspicious ones to your bank immediately.
Financial institutions should watch for irregular client activities, uncharacteristically large withdrawals, check stocks that do not match the customer’s usual checks, faded handwriting underneath darker handwriting that could indicate an attempt to erase the original recipient, signature, or amount and others.
I recently warned my neighbors about check scams through mailbox fishing, or theft from personal mailboxes.
Mailbox fishing is a criminal practice in which thieves fish letters out of mailboxes – whether blue ones, or personal ones outside our homes in which we leave our mail for the postman to pick up – find checks, alter them, and cash them. Once the thieves grab the checks from mailboxes, they “wash” them with nail polish remover and fill in new amounts and payees.
Gel pens are being marketed as fraud mitigation devices because checks written in indelible ink cannot be washed.
Criminals also steal boxes of new checks banks mail to customers from their mailboxes, and these thieves are even selling arrow keys mail carriers use to open multiple blue post boxes. Arrow keys can sell for as much as $7000 each, and personal checks can be sold for $250 apiece.
If you’re expecting a box of new checks from your financial institution and haven’t received it in an appropriate amount of time, call your bank immediately. Check your mail often to ensure you grab your checks when they arrive, and make an effort to monitor your mailbox surroundings for suspicious activity. Is someone hanging around your mailbox for an extended period of time? It could be nothing, but it could be someone checking out your mail to see what they can steal.
And if you’re dropping your check into a blue box, do it in the morning, before the first mail pick-up because many of these mailbox thefts take place at night, and choose a mailbox on a busy street.
On the other side, if a bank’s existing customer with no history of check deposits has suddenly started to deposit checks and subsequently withdraw or transfer the funds, there might be fraud involved.
Make an effort to pay your bills online or sign up for automatic payments, which reduces opportunities for illicit actors to grab your check. However, if you are going to use personal checks to pay your bills, go to the post office. I know this requires more effort, but bringing mail that contains personal checks directly to the post office rather than dropping it in the blue box will help mitigate the risk of your check being fished out and altered.
And then there are the IRS tax scams.
One recent IRS consumer alert warns the public about scams that urge people to use to claim false credits in hopes of getting a big refund.
One scheme, which is circulating on social media, encourages people to use tax software to manually fill out Form W-2, Wage and Tax Statement, and include false income information. In this W-2 scheme, scam artists suggest people make up large income and withholding figures as well as the employer it is coming from. Scam artists then instruct people to file the bogus tax return electronically in hopes of getting a substantial refund – sometimes as much as five figures – due to the large amount of withholding.
I know getting a large refund might sound tempting, but I’m pretty sure hefty fines or jail time won’t appeal to anyone.
The fraud typologies are nearly endless. ATM skimmers, phishing attempts, mail fraud, computer repair scams, vehicle odometer fraud… Now, we’re seeing glue and tap scams at ATMs, in which criminals put glue on the card readers, forcing bank customers to tap their cards instead to access their funds (unfortunately, when you tap your card at the ATM, the account remains open for more transactions, unless you proactively log out).
When he was looking for a job after college, my son told me that someone contacted him for a “work from home” gig that would pay him an unusually large salary. They wanted an “interview” and contacted him from a Gmail account using bad grammar and punctuation. The alleged “interview” could have been anything from a “money mule” scam, in which he would have been asked to transfer money through his account, to an employment scheme that bilks victims out of money with promises of a high-level job after they pay for a fraudulent certification. I told him to block the communication immediately. No employer is going to offer you a job from a Gmail account. Trust me.
My heart breaks for the victims! We seem to be inundated with so many scam attempts, that it’s a firehose of fraud in which it becomes ever more difficult not to get splashed.
The best advice I can give is to stay informed, monitor reports about proliferating scams and frauds, and follow your gut.
If it feels wrong, it most likely is.
Never click on the link of an unsolicited email. Almost every email/SMS scam contains a link they want you to click. If you are suspicious login to whatever system it is (Bank, Amazon, Paypal ...) and go check there for notifications and so on. In fact never clicking on a link in a email is generally good practice
The partial exception to this is if the link in an expected transaction/account verification/password reset etc. email. Even then if you set things up so that amazon emails, pay pal emails all have their own destination address (my.name+amazon@... my.name+paypal@...) which is unique to that service you can have a further level of security to confirm that it really is from the service itself. Even then you need to pay attention to the url to make sure it isn't amazon.com.secure.verify.somewhere.in.ru and not amazon.com before you click on it.
Funny that you posted this today- I got a scam TEXT from KYRGHYZSTAN today notifying me my Amazon account had been locked and a link to 'fix' it...