A criminal syndicate scammed me, with the near loss of my savings and damage to my trusting nature.
Finding Gratefulness and Wisdom after getting off the hook when netted in a deadly phishing scheme.
Vulnerability to a scam
Close calls frighten you to the core but can also provide you with the best lessons for growth and wisdom. I remember when I was young, the incidences where I thought I would lose my life, career, or all that seemed important. Fortunately, almost miraculously, there was a reprieve from a potentially disastrous ending to the misstep or flawed choice. Then there was much repair work, with some gained wisdom and plenty about which to talk.
Similar incidences can occur to anyone when life and its blessings suddenly seem to hang by a string. It feels like falling off a cliff with no assured soft landing. Perhaps they are a silver lining, or as the old reframe, "What doesn't kill you strengthens you," or maybe better stated, "anything that doesn't kill you or rob you of everything can make you wiser and more aware."
Starting a day recently, I thought things were going to flow smoothly for me and that I would get projects done. I was, as usual, getting lost trying to figure out how to do something complex on my computer. I knew I was sucked into wanting to do something that was technically over my head. I feared I would have to spend excessive time figuring out the challenging roadblock. I wasn't sure whether the introduction to a podcast I wanted to do was even needed or if this project was necessary for my already busy life. However, I was determined to figure out and master this technical stuff that stood in the way of accomplishing what I wanted to master and achieve for months.
Caught off guard
When doing this type of project, I will trust technical experts from reputable companies to help me. I rely on and trust them to the extent that I give them access to my computer to get things fixed. So, while working on my current project, I got distracted and checked my emails, which turned out to be a monstrous mistake. I found an email from PayPal which looks very official. It named a person on an invoice unknown to me that was billing me for a large amount of money. I didn't recognize the transaction and was given the option to contact PayPal with a number on the email to call to challenge the claim. The email also had a button to hit to pay the bill if I recognized it. The originating email addresses and links seemed to be appropriately connected to PayPal. Additional official-looking information appeared to come from PayPal and warned about scams.
Though caught up in my tech issues and the project I was trying to resolve, I rightfully did not click any links on the email. Still, I decided to contact PayPal directly with the number listed in the official-looking email. In haste, I just called the number on the email instead of checking and looking up their number. A person answered the phone as a PayPal customer representative said that an imposter had fraudulently charged my account. I checked my PayPal account and saw the charge posted there.
Careful who you trust
At this point, I fully trusted that I was talking to trustworthy company staff. He seemed very knowledgeable about what had happened. He reported that there was significant evidence that my account had been accessed and that other significant changes had been made. If I let him on to my computer, according to him, he could fix the errors quickly. I often had in the past allowed computer tech people from reputable companies to repair things on my computer by giving them internet access to my laptop. I had been a subscriber to PayPal and had trusted them for years. I assumed their customer support person would walk me through the problems so I would see the errors while he fixed them simultaneously. He sent the program "Any Desk" for me to download to my computer and gave me the code to allow him access to my laptop.
He said a temporary blackout would be on my screen briefly while he checked things. My computer screen blacked out for a few minutes, then returned. I was getting alarmed as I hadn't ever seen this done before when working with computer repair techs. The assumed PayPal staff assured me and regained my trust. He then asked me to go into my bank account and check and see if there was a payout for the amount on the invoice I had received. I went into my bank account and saw that the fake invoice charge payment amount had been taken out of my bank account.
When I saw my PayPal account with him, he showed me the primary fraudulent entries and said he would repair things. I saw a significant breach with 100 fraudulently sent invoices from the account. All the fraudulent invoices appeared to be from Apple.com with the same large amount of money due as had been on my fake invoice. I got more alarmed and asked how he could repair all these false entries and invoices. He said it would require a technical person in the company that supervises him. Though complicated, his supervisor could do all the corrections, and he would need to transfer my call.
I waited for a few minutes for the call transfer, with him coming back twice, saying it's the holidays and people are off and that the call transfer might take a little longer, but to hang on that it was essential to get all the corrections done. The second person took over the call and asked me again to check my bank account to verify the withdrawal amount for the fake invoice I had received. I re-accessed my bank account while he was on my computer and confirmed the amount withdrawn from my account.
A coordinated multi-level attack by a team of skilled scam artists
The second person said he could send money from PayPal to me to compensate for the money now showing on my bank account as a withdrawal of the funds charged initially on the fraudulent invoice. The supposed fix was for him to credit the money back to my banking account to fix the mistaken withdrawal. He opened another screen that looked like the computer boot screen. There were several lines already displayed, and I was told to type on the line the amount of the money removed from my account by PayPal. My bank account would then be instantly credited back to the account mistakenly charged because of the fake invoice. So, I typed in the amount and noticed two other zeros were mysteriously added to what I had entered. He said that adding two extra zeros was a significant error, which was my fault, and he claimed I had inserted these to defraud his company.
It was now fully apparent that I had fallen into a disastrous scam. I was told that if I didn't go along precisely as instructed, I would lose all the money, including all the money in my bank account, over which they now had control. Then, according to the scammer, I would have to go to the police or lawyers to straighten this out, which could take forever, and chances were that I wouldn't recover any of my money, which he said was already in their accounts under their control.
Getting wise but not smart enough yet, with fear and perhaps near panic that I had lost control of the situation and my money
I was then transferred to their third-level scammer, who was presented as an expert in resolving these matters. My call was then turned over to the third-level guy, who was more authoritarian, threatening, and pushy. Every minute he would say, oh, you don't trust me; I can tell by your voice. I challenged the validity of what was happening, and he got furious and threatening. He shifted at this point to be more the thug and criminal and showed me again on my computer screen that he had been into my bank account, and all my accounts showed zero's, appearing that all my money had been transferred out, including my savings.
I panicked then, thinking I had lost everything and had no chance of retrieval. He said to correct my account; I would need to do a bank wire transfer of the erroneous amount of money sent because of my error or on purpose, with the added zeros that got excessive extra money deposited into my account. They would correct my funds as soon as the money got back to them. I would have to follow exactly what he told me to do without question, and all would be straightened out. He emailed a letter to me to print out with information to give to a bank teller and to tell them that the transfer was for business investment. The scammer told me to go to another branch of the bank, which was further away from my house. He said that using the other location would make the transfer quicker.
I was warned that I should always keep my phone and computer on and not touch my laptop. If I did, the scammer threatened, I would lose all the money I assumed had already been transferred out of my account by the scammers. He wanted me to go directly to the bank and let him know when I was in the parking lot before I went in so he could again instruct me on exactly what to do. He then asked how much time it would take me to get there and then not to hesitate and get directly on the road to the branch bank. He continued to be intimidating, angrily raising his voice and reiterating that he had control of all my bank money. I would need to listen and do what he said. He frequently would say in a threatening tone; you're not hearing, you're not trusting me, and if you don't fully cooperate, the police will come after you for the money you fraudulently got from us by putting in the wrong numbers. Again, he repeated he had control of the situation and my money and that everything would be straightened out if I cooperated in the wire transfer of the money back to them. I was again told always to leave my computer and phone on.
Breaking out of the trance of their skilled psychological manipulation
I went upstairs with the phone turned on inside my pocket and the computer left on in my downstairs office. I was terrified and thought we had lost all our money in the bank. I wanted to check with the bank before considering doing what the scammer demanded. I left my phone in the kitchen and went into the back room with my wife with her phone, and we called our bank, thinking everything was beyond repair and that we had lost our savings.
Immediately, the banker told me that all our money was secured, no money had been deposited in my account by them, and that the scam was common. The scammer had accessed my account and moved my funds into my checking account so that a wire transfer could be done from that account. The scammers had made it appear in what I saw on my computer screen that they had control of my accounts and could remove money at will. They were showing some fake resemblance to my account on my computer. The bank then locked our accounts, and all our money was secured. Nothing had been removed or added to our accounts—it was sleight-of-hand fakery at its best. I immediately turn off my phone and computer.
The scammers were too greedy, or maybe I woke up and took the needed actions
According to my banker, the scammers on my computer were in my bank account and could have transferred up to a quarter of my account money into their accounts. But by shutting down my phone and computer, I prevented that. They were waiting to see if they could get all my bank accounts, a hundred percent of it, with the bank wire transfer they thought would happen. They believed that fakery and psychological manipulation were effective with me. Thankfully, I was the fish that got off the hook from their convoluted, complex phishing scheme that played into my vulnerabilities.
My bank transferred me to the Fraud Division. They carefully walked me through everything, like changing my passwords, putting a freeze or lock on all the credit bureaus, and doing a malware check for rogue programs they might have installed on my computer. There were two malware programs on my laptop that I removed. I then changed my main passwords to prevent identity theft. I went back into my PayPal account, and I saw the scammers had placed and sent out a hundred false invoices asking people to pay the same amount sought from me in the fake email that I had received appearing from Apple.com. I read an article that said the invoices sent out would be like the one I received, and if people called their number, they would be caught up in the scam trap. I imagine if people paid that somehow, the money would go to the scammers.
I felt violated and traumatized because I thought we had lost everything at one point—scary stuff. The malware occupying my computer was part of the scammers' criminal scheme to spy on my computer, or worse. The malware could act like ransomware to lock me out of my laptop in the future and demand a ransom payment to regain the use of my computer. I realized my vulnerability and how easy it is to get caught up in such a sophisticated scam. It reminded me of getting sucked into a fictional series on TV, a great fictional novel, or any sales funnel by a clever salesperson. As consumers, we are often trusting of marketers and imposters of businesses with which we've had a past relationship. The expression, "buyer, beware," or maybe "curiosity killed the cat," somewhat applies to all adrift in our commercial-like society.
The lesson and takeaways
In 2022 there were blatant examples of bad actors scamming and robbing people of millions of dollars by exploiting the psychological and social behavior essential for everyday life. Criminals, scammers, and exploitative people or organizations prey on people's normative psychological mechanisms to gain control over minds and behaviors. Cooperation and efficient communication require a level of trust learned from most of our prior experiences. Trust must be present for most human interactions and relationships to occur. Likewise, sincerity and truthfulness are critical requirements for most basic communication. Researchers showed that when people are in doubt, they trust or default to the truth option more often. See the below-referenced article from The Conversation.
Looking at last year's major events, 2022 was notably the year of scams. A long list of lucrative scammers and scams bilked unsuspecting contributors of millions of dollars, including prominent political figures, FTX, Bitcoin, and phony lab schemes. See below for a reference article in the December edition of The Conversation.
We get drawn into a narrative or story that seems accurate, like sophisticated, manipulative propaganda techniques or misinformation campaigns to gain control of our thinking and behavior. If effective, we become highly vulnerable to coercion and manipulation. As one gets caught up in the manipulative scheme, the usual mental checks and balances, clarity, and perspective get submerged or lost. I can't give an accurate picture of the neuroscience and psychology of all this because I don't think anyone has completely figured it out yet. But what is known and the technology that goes with it has been brilliantly applied by political entities, criminals, and large crime organizations to prey on vulnerable people caught up in their nets with called phishing—trying to hook prey like fish in a large, deceptive scheme.
To fall prey was scary for me. At one point, I felt like an innocent caught up or held up by a criminal at gunpoint or someone with an opposing or radical set of values and ideology. You are an object for their gain, a target for their hatred, or an enemy in a war. Catastrophic thoughts for me were that I had or was about to lose everything to a threatening and malicious criminal.
l mostly am cautious and have safeguards for my computer and online work, such as malware protection on my laptop, password protection, two-step verification, and so on. Luckily, I put on the breaks with this scam and didn't lose anything but some of my self-confidence. Now I can pontificate about it and even can write this article. I hope to make you wiser and more cautious than I was at the time of my fall into a web of deception. It was a profound lesson for me; it was traumatic at the time of its occurrence, and it took me days of hard work to change my accounts and do safeguards for future protection. The best defense will be my better understanding of my vulnerabilities, constant awareness about the pitfalls and dangers of online work, and being a little less trusting of things that appear authentic.
Sometimes failure or a near-fatal occurrence can be an opening, bringing clarity to see a more realistic perspective on life, happiness, love, and values. Sometimes a painful experience that we surmount leaves us with a more realistic sense of ourselves and perhaps a better appreciation of our over-striving for perfectionism and success. We need to stop only trying to strive for success and use our missteps and failures to learn.
Be aware that most of us are being scammed and gaslighted daily. Today I received two marketing emails alleging they were from companies with which I have accounts. Each turned out not to be an actual company but some related entity that wanted to sell me an unnecessary service. The bottom line is that scams and gaslighting are more common today than ever, so be super aware and don't fall asleep at the switch as I did on the recent almost fateful day.
Tips to Ponder:
Krebs on Security has looked at phishing attempts such as the false PayPal-like scam email I received. A snare is set by scammers using invoices sent via PayPal.com that trick recipients into calling a phone number to dispute a pending charge. If the recipient calls the provided toll-free phone number to challenge the charge, the scammers then manipulate them to download software that lets them seize control of their computer. People are vulnerable to the scam, as the email and invoice are both delivered via PayPal's infrastructure, making them appear as official emails from the company. The invoices appear to have been sent from a compromised or defrauded PayPal Business account that allows sending invoices that appear as real things.
Large organizations like PayPal need more accessible emergency call numbers for consumers who inadvertently get caught up in scams praying on their customers. I sent them a copy of the fraudulent invoice to their website, asking for copies of any received scam emails. There is a number on their site, but there was no answer when I called it, and it was even difficult to find an easy way of emailing them.
Be mindful and aware of the scams out there and follow recommended precautions. I usually follow all of them, but in haste, I made a call from the number on the fraudulent email, which ended up being a harrowing experience for me.
Scammers commonly use email and text messages to trick you into giving them your personal and financial information. The scams and complex phishing schemes are getting much more sophisticated, especially with all our modern technology. So, try to learn more, as there are ways to protect yourself. See "How to Recognize and Avoid Phishing Scams" from the Government Federal Trade Center.
Keep a list of known and proven numbers to reach when needing help, as your bank and companies with which you do business, so if you need to contact them, you will go to the right place. And for heaven's sake, don't trust numbers on websites, texts, emails, or links, no matter how official they look.
Be mindful and aware as best you can of unscrupulous people and business concerns that may put you at risk. Keep a balance between focusing on essential things of immediate need but not to the extent that your view gets overly restricted so that you miss potential harm coming your way.
The sequence of the events may not be entirely accurate as I did not take notes at the time as things were moving along rapidly, and I was anxious but remembered as best I could.
How scammers like Anna Delvey and the Tinder Swindler exploit a core feature of human nature, Published: February 21, 2022, Vanessa Bohns, Associate Professor of Organizational Behavior, Cornell University, https://theconversation.com/how-scammers-like-anna-delvey-and-the-tinder-swindler-exploit-a-core-feature-of-human-nature-177289
The Conversation article: The Year of the Scam https://theconversationus.cmail20.com/t/r-e-tjdddta-bhjutgyhk-r/
New York Times book review "In Praise of Failure," by Costica Bradatan, examines a handful of thinkers who rejected worldly success in favor of struggle. https://www.nytimes.com/2022/12/28/books/review/in-praise-of-failure-costica-bradatan.html
Article by Krebson Security: https://krebsonsecurity.com/2022/08/paypal-phishing-scam-uses-invoices-sent-via-paypal/
"How to Recognize and Avoid Phishing Scams" from the Government Federal Trade Center; https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams