Details of a Scam

Longtime Crypto-Gram readers know that I collect personal experiences of people being scammed. Here’s an almost:

Then he added, “Here at Chase, we’ll never ask for your personal information or passwords.” On the contrary, he gave me more information—two “cancellation codes” and a long case number with four letters and 10 digits.

That’s when he offered to transfer me to his supervisor. That simple phrase, familiar from countless customer-service calls, draped a cloak of corporate competence over this unfolding drama. His supervisor. I mean, would a scammer have a supervisor?

The line went mute for a few seconds, and a second man greeted me with a voice of authority. “My name is Mike Wallace,” he said, and asked for my case number from the first guy. I dutifully read it back to him.

“Yes, yes, I see,” the man said, as if looking at a screen. He explained the situation—new account, Zelle transfers, Texas—and suggested we reverse the attempted withdrawal.

I’m not proud to report that by now, he had my full attention, and I was ready to proceed with whatever plan he had in mind.

It happens to smart people who know better. It could happen to you.

Tags: , , ,

Posted on September 30, 2025 at 7:06 AM12 Comments

Comments

Winter September 30, 2025 7:19 AM

It happens to smart people who know better. It could happen to you.

So true. If any take home message, this is it.

I once read an interview with a British TV personality who had presented 300 episodes of a popular program about how people get scammed (sorry, forgot names).

He was asked, among many other things, how you can recognize a potential mark?

His answer:

Look in the mirror. I see a potential mark every morning I look in the mirror. Having been through these 300 episodes, I know for sure that I too can be a victim of a scam.

(I paraphrase his words)

Clive Robinson September 30, 2025 8:27 AM

@ Bruce,

With regards,

“It happens to smart people who know better. It could happen to you.”

Ever wonder what happens when a supposadly “trusted agency” decides you are dead?

The first I knew was when people broke into my home…

Whilst not a “swatting” as such having emergency services getting into your home when you are barely awake is something that could have been nasty.

Then you find out your bank account is blocked, government payments are stopped, your hospital and health records have you marked as “deceased”.

Then you find insurance etc is “taken for profits”.

And that’s just the start of things. No finances means no food, water, energy or anything else.

How do you go about,

“Unwinding it all to get your life back?”

If you don’t trust them you are probably marginally ahead because the sure don’t trust you so atleast the feelings are mutual. Also they are looking for any excuse not to give you your money back as they see it as “profit towards their bonus” etc. Thus you get impossible request not just of “proof of life” but “propf of residence” and other proofs that are because you are “officially dead” nolonger available.

Then the scum collectors come in… You know how much energy etc you owe on infrastructure, the scum-mers in their official position hit what they thing is your estate with double or tripple charges, then special charges on top…

Try going to court to say they are liers and committing fraud and the magistrate looks confused because they say you can not be who you claim to be as you are dead…

Then you get some bright spark saying “if you had done this…” And you point out that’s exactly what you should not do due to identity thieves and scam artists…

Then their little brains implode and their cognitive bias kicks in and they start behaving much like a gawping fish in a tank, or worse they go into “aggressive denial” and start doing the sway into your personal space routine.

I actually had some bank employee insist to me that “Online Banking is perfectly secure” and I told him that it was not… He called me a lier to my face even when I pulled up evidence of the bank he worked for loosing customer records only a year or so back.

Some moronic twonk above had told him it was secure, so he was going yo push push push. The mountain however was not budging so he had a problem that he tried to resolve by wanting to do things that would just make the problem worse, a lot worse…

And a lot more issues besides.

So yeh the situation is that you should not trust them ever, because they certainly won’t ever trust you, especially when they can “make bonus” simply by saying,

“The computer says NO.”

Or worse they blam money laundering legislation or anything else they can use to keep your money.

Right now investing in Aluminium or Copper bullion and slinging it in the cellar is looking better value than a bank.

Bryan September 30, 2025 8:30 AM

The takeaway from this is that the mark took a call from a plausible but fakeable caller id. This usually seems to be how these things start. I was taught probably 60 years ago that you never, ever took a call from anyone purporting to be representing a financial institution. You call them back on a number you know to be real. The correct response would have been to say ‘yes, I see the number you’re calling from is valid, I’ll call you back’. The end.
Anyone who falls for this may be ‘smart’ but they are gullible and somewhat short of common sense. Transferring to a superior means nothing. The call was still initiated by a third party.

ET September 30, 2025 8:58 AM

I had a client who was phished for about 5K, the dodge they used on him was to pretend to be the Amazon Fraud division. I was IT support for his architecture business, but he didn’t call me because they started pushing his emotional buttons about “wanting to catch hackers”. It was pretty sad. He called me 15 minutes or so after he realized he’d been had. I engaged a private investigator who was able to track some of the activity to an interstate ring running mostly out of Illinois, and we were able to get some of the money back, but not all of it.

These people are VERY slick social engineers. They’re adept at sounding authoritative. They are good at building a false sense of urgency – there’s always pressure to act fast, to leap before you look. They’re quick with the guilt trip or the ego trip. They play to a person’s fears.

The best way to weed these sweethearts out from your life is to ask for a number where you can call them back. Most of them are using spoofed phone numbers and this is the fastest way to get rid of them. If they’re pretending to be a bank, call the bank directly.

If the scam is health care related, such as the one who started asking for very personal health related information, ask them if they have ever heard of HIPAA. They will run away screaming. 🙂

Scott September 30, 2025 9:44 AM

I got one of these calls earlier this year. I hung up before sending money, but it was close. And I’m ‘in the industry’ so to speak. My big takeaway was how slick the social engineering is. Someone just a little less skeptical than I am could easily be taken.

KC September 30, 2025 9:45 AM

Distraction is a real theme here.

A few months ago, I made a call to a financial institution. However, I mixed up the last 4 digits. Think ‘5775’ instead of ‘7557’

A message answers: ‘Congratulations! You’ve been selected for a $100 Walmart gift card. Press 1… ‘

Listen, I don’t need a gift card, but distractedly I pressed 1.

A rep picked up and I went into the original reason for my call. And, I kid you not, they proceeded to ask me what my entire account number was.

My spidey senses tingled. And I hung up.

Surely, no one in their right mind would ask me for my account number. So I called the number again.

I proceeded through the prompts. And I begin speaking with a lady. I asked who I was speaking with. She said: ‘The Redemption Center.’

I guess the Redemption Center who hands out gifts cards and needs your account numbers.

I was decidedly not very clever. And at some point she hung up on me. Now when I called back the line was a busy signal. But just for my phone. Not from a different one.

I was a little freaked out.

Is this all in my imagination?

A few days later I thought, well if not just me, someone else might get ensnared.

So I went ahead and filed some reports with different parties.

However, just this morning I called the fake, I guess fake, number. I can’t believe it, but it’s still up and operational.

I don’t really want to keep messing with it, but it’s a wild, wild world out there. And, it’s unfortunate but true, we’ll all find ourselves at a point where we’re momentarily distracted.

Wayne September 30, 2025 11:26 AM

My dad, in his late 70s at the time, almost got taken by the “Oops, I accidentally wired $20,000 into your bank account!” schemes. The bank stopped him when he tried to wire the money back to them, but the police weren’t remotely interested in investigating a crime of elder abuse.

I received, and continue to receive, a call concerning a veterinary office that (when the calls started) we hadn’t done business with in many years. It alleged a law suit. I knew we always paid as we went, I called them, and confirmed there was no legal action or balance due. These calls started in 2018 and continue a couple times a month since. I blocked the number and my phone is undisturbed with the voice mails shunted into the ditch. The phone number is reported as a scammer, I have no idea what they’re trying to accomplish.

Clive Robinson September 30, 2025 12:26 PM

@ Wayne,

With regards,

“I have no idea what they’re trying to accomplish.”

They have probably purchased “bad debt” and then sold it on several times.

In the UK the EE Phone company used every trick they could to keep extracting money.

Even after being informed in “signed for letter” they kept using the “Direct debit” and would not stop.

I had to close the bank account and I thought it was finally over. No… Several years later I started getting “Debt Collection” letters claiming I owed EE ~$1200.

I sent copies of paperwork to prove it was not owed. The debt collector just sold it on to another debt collector and it all started again.

There are two solutions to this nonsense in the UK the expensive legal way, and that which is more direct.

After discussing with a “Repo Man” I went for the direct way as it causes the debt collector direct pain and surprise after a couple of visits by blokes with sledge hammers to gain entry and place distress stickers on all the property, they got the message and they finally stopped.

Clive Robinson October 1, 2025 11:05 AM

@ ALL,

Some will say,

“Don’t talk finance on an inbound call.”

Sorry folks this is at best very poor advice.

Consider even if you make an outbound call to things apply,

1, You can not rule out third party “eves”.

2, You can not rule out “call re-routing” thus you can not tell who your call gets through to.

3, We know that AI can do voice and language type impersonation with very little “real source”… So you can never know who you are talking to.

4, We’ve known with banking by phone that “authenticating the channel” is easily defeated by MiTM attacks. So every transaction has to be “FULLY Authenticated”.

5, We know from the nut-bar US Banking that for any reliable system the Authentication has to go fully through the human.

6, We know that due to the old “Human Failing” most people can not go through a sufficiently secure authentication process.

7, We know attackers will attack any system that is “user convenient” because any kind of convenience not just weekens security in many cases it actively makes it “worse than nothing” because it makes it insecure at vest and generally leaks information that aids an attacker.

There are other points that make “Convenient ByPhone or OnLine system” a significant security risk for account holders. Four such that immediately come to mind being the desire of the bank to get,

1, “Maximum worker Productivity”
2, “At minimum Cost”
3, “Higher Shareholder Return”
4, “Higher C suite exec bonuses”

All of which says “Minimise Security” and only legislation with significant fines in the $Billion and up will attract their attention.

And if you remember the EU GDPR, two things,

1, Non of the things the Corps claimed would happen, realy happened.
2, The Corps paid lots of money to lawyers to find legal loop holes to abuse.

That and the Internet users world wide got harmed in various ways. Due to US Corps taking punitive actions against European entities and the Europeans not having “alternative products” to the US Corps.

Oh and more recently Europeans and others developing products against US Corps have the Trumper spitting vitriol every where…

Thus the advice when it comes to financial institutions and your finance is,

Never talk about your finances in any way that helps an attacker via ‘The Phone’ or ‘On Line’. Because they can not and will not be made secure.

Because the financial institutions will not put the investment in to making them secure. They never have in the past half century, so are never likely to as long as lobbying / bribing legislators is less expensive.

lurker October 1, 2025 1:38 PM

@Clive Robinson, ALL

There are two forms of personal business that I never transact on the phone: finance, and medical. Always face to face with a human. There are many people who are unwilling (not unable) to work this way, because convenience beats security.

We knw the mega-corps running these businesses want to force users onto insecure channels for profit. Unfortunately there are enough sheeple that we few unbelievers have little chance of changing things.

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.