FRAUD SQUAD
Tuesday, April 30th, 2024
With cybercriminals always devising new methods to target consumers, cybersecurity experts emphasize the importance of security awareness in preventing fraud. However, despite being an acclaimed financial-advice columnist, Charlotte Cowles [Brooklyn, NY] fell victim to a manipulative scam that cost her $50,000.
THE SCAM: With cybercriminals always devising new methods to target consumers, cybersecurity experts emphasize the importance of security awareness in preventing fraud. However, despite being an acclaimed financial-advice columnist, Charlotte Cowles [Brooklyn, NY] fell victim to a manipulative scam that cost her $50,000. It started with a call from an Amazon representative who was verifying suspicious activity on her account. The call seemed legitimate. The caller ID identified Amazon as the caller, and it sounded like any other call to verify activity. The threat actor created a convincing deception by adding details such as “this call is being recorded for quality assurance.”
And that was just the beginning…
THE SCHEME: Over the course of a 5-hour call, Cowles was manipulated into the scam, first speaking with a “representative from Amazon” named Krista. Krista explained to Cowles that her Amazon business account was flagged for fraudulent activity because of $8,000 worth of purchases on Macbooks and iPads. Cowles did not have a business account, and after some conversation, it was established that her identity had likely been stolen and her legitimate account would be frozen so they could investigate. According to the Amazon representative, identity theft and fraudulent activity had plagued the online shopping platform, so they were working in partnership with the Federal Trade Commission (FTC) to investigate and counsel victims. Cowles was given a case ID and then transferred to speak with a man named Calvin, posing as a Federal Trade Commission (FTC) officer. Still a bit skeptical, Cowles waited for the usual red flags – specifically, a request to divulge personal information, but it never surfaced. Why? Because they already had all her information. Instead, the FTC officer went through all her personal information for verification – name, numbers, date of birth, home address, and social security number. He even knew the names of family members, including her 2-year-old son.
The FTC officer, Calvin, claimed that he found 22 bank accounts, 9 vehicles, and 4 properties in her name. The bank accounts had a record of wire transfers of over 3 million dollars to accounts overseas. He also explained that an abandoned car in Texas was discovered, rented in her name, with drugs and blood found in the trunk. Additionally, officials raided a home in New Mexico that was connected to the abandoned car, where they recovered more drugs, cash, and bank statements that contained Cowles’s name and social security number. The ploy didn’t stop there. The FTC officer texted Cowles pictures of the seized drugs and money and indicated that there were warrants out for her arrest in two states in connection with cybercrimes, money laundering, and drug trafficking.
Calvin indicated that he believed she was a victim of identity theft and would help her, but only if she cooperated. He continued under the guise of attempting to investigate the source of the breach, suggesting the possibility that a loved one was complicit in the illegal activity – someone who had access to her personal information. The conman instructed Cowles not to speak to her husband, friends, or any family members regarding the case in the event they were complicit in the scheme. He explained he would continue the investigation and connected her to his colleague with the Central Intelligence Agency (CIA) to assist her in protecting herself, her family, and her assets. Cowles was given a case number and then transferred to the lead investigator from the CIA named Michael.
Cowles was now in complete panic. Was she being helped because she was a fraud victim, or was she under investigation? Should she contact a lawyer? Should she covertly tell her husband? They warned that she was likely being watched by the threat actors and that she and her family were in imminent danger. With the safety of her son in mind, she stayed on the phone and followed his instructions.
The CIA agent instructed her to withdraw $50,000 in cash, so she had accessible money while her assets were frozen during the investigation. He would then set up an appointment to get her a new social security number, and the government would monitor her old one for fraudulent activity in an attempt to catch the perpetrator. When she inquired about going to the police or CIA field office in person, he warned her again that she and her family were likely being watched and in danger, so there wasn’t enough time to meet in person. Instead, he would send an agent to her home to collect the $50,000 while all her other accounts and assets would be frozen. They would secure the money by getting her a Treasury check and hand deliver it to her the next morning. With her phone tucked in her pocket, speakerphone on, Michael still on the line, she went to her bank and withdrew the money in cash. Cowles was directed to “put the cash in a shoe box, tape it shut, label it with her name, case number, address, and a locker number he read out to her.” Then, she was to sign it and text a picture to him. Shortly after, a man posing as an undercover CIA agent arrived at her home, and she dropped the money-filled box in the back of the car.
Cowles was waiting on the phone for Michael to confirm an appointment with the social security office. After some time with her phone on speaker in her pocket, she checked to see if the agent was still on the line. Instead, a woman answered and said that the agent was busy and would reach out the next day. The line went dead. Cowles called the number back, and the woman claimed again that Michael was busy. That’s when the events of the day washed over her, and she realized – it was all a scam.
Fraud Geek Explains:
As we delve into this story, typical response is – I would NEVER fall for that. However, prior to the incident, Charlotte Cowles would say the same, especially since she was an expert financial-advice columnist. Throughout the ordeal, she consistently questioned the validity of the claims, but the perpetrators pinpointed a major vulnerability – her family. The moment the fraudsters mentioned her family was in imminent danger, consideration that it was a scam had diminished. What is important to note in this story is the sophisticated psychological technique the threat actors used to manipulate Cowles. They exploited her emotions, and despite her experience and level of security awareness, she was duped.
Fraud Geek’s Advice: This scam was orchestrated perfectly, with multiple threat actors maintaining the ruse. So, let’s break down each step of the scheme and identify the red flags consumers should know to protect themselves:
The Amazon representative
The Federal Trade Commission (FTC) official
The real FTC will NEVER:
Lina Khan, the Federal Trade Commission chair, stated: “…nobody from FTC will ever give you a badge number, ask you to confirm your Social Security number, ask how much money you have in your bank account, transfer you to a C.I.A. agent, or send you texts out of the blue.”
If you believe you’ve encountered an FTC impersonation scam, report it immediately at https://reportfraud.ftc.gov
The Central Intelligence Agency (CIA) agent
CIA agents will NEVER:
More red flags:
Remember: The Social Security Administration (SSA) does not call individuals regarding their SSNs.
How financial institutions can protect their customers:
As a fraud expert, one moment in this story jumped out at me:
When Cowles went to the bank and withdrew $50,000 in cash, what questions were asked? Did her behavior deviate from her normal transactional behavior? If someone had stopped her to ask the reason for the withdrawal, could the scheme have been thwarted before she lost her money? There have been many stories where bank employees inquired about a large wire transfer or withdrawal that helped them identify the possibility of fraud and stop them before they made a mistake. While banks are not required to question withdrawals or wire transfers, many financial institutions have verification processes established.
Financial institutions can put the following into practice to help protect their customers from falling victim to fraud:
The DefenseStorm Difference:
DefenseStorm approaches fraud differently by looking at both monetary and non-monetary transactions to catch fraud before funds leave the bank. Our GRID Active Fraud Prevention product identifies unusual patterns, such as exceptionally large withdrawals within a short period of time not consistent with normal activity. Our ability to monitor, detect, and alert on suspicious activity across all departments – including Originations, Online and Mobile banking, and Internal Fraud with Employee Activity Monitoring – allows the FI to stop fraudsters before funds leave the account.
DefenseStorm is your ally in the fight against cybercrime. Want to learn more about how GRID Active Fraud Prevention can help your FI stop fraud before money ever leaves accounts?
Contact DefenseStorm today!
SOURCES:
“The Day I Put $50,000 into a Shoe Box and Handed it to a Stranger: I Never Thought I Was the Kind of Person to Fall for a Scam.” https[:]//www.thecut[.]com/article/amazon-scam-call-ftc-arrest-warrants[.]html
Scammed financial advice columnist, defenders mocked by critics: Think ‘we are all as dumb as they are’
https[:]//www[.]foxnews[.]com/media/scammed-financial-advice-columnist-defenders-mocked-critics
What Amazon, the F.T.C. and C.I.A. Won’t Say When You’ve Been Scammed
https[:]//www[.]nytimes[.]com/2024/02/16/your-money/scam-new-york-magazine-amazon-ftc-cia[.]html