“I Handed Over $50,000 in a Shoe Box”

Tuesday, April 30th, 2024


DefenseStorm cyber security monitoring.

With cybercriminals always devising new methods to target consumers, cybersecurity experts emphasize the importance of security awareness in preventing fraud. However, despite being an acclaimed financial-advice columnist, Charlotte Cowles [Brooklyn, NY] fell victim to a manipulative scam that cost her $50,000.

THE SCAM: With cybercriminals always devising new methods to target consumers, cybersecurity experts emphasize the importance of security awareness in preventing fraud. However, despite being an acclaimed financial-advice columnist, Charlotte Cowles [Brooklyn, NY] fell victim to a manipulative scam that cost her $50,000. It started with a call from an Amazon representative who was verifying suspicious activity on her account. The call seemed legitimate. The caller ID identified Amazon as the caller, and it sounded like any other call to verify activity. The threat actor created a convincing deception by adding details such as “this call is being recorded for quality assurance.”

And that was just the beginning…

THE SCHEME: Over the course of a 5-hour call, Cowles was manipulated into the scam, first speaking with a “representative from Amazon” named Krista. Krista explained to Cowles that her Amazon business account was flagged for fraudulent activity because of $8,000 worth of purchases on Macbooks and iPads. Cowles did not have a business account, and after some conversation, it was established that her identity had likely been stolen and her legitimate account would be frozen so they could investigate. According to the Amazon representative, identity theft and fraudulent activity had plagued the online shopping platform, so they were working in partnership with the Federal Trade Commission (FTC) to investigate and counsel victims. Cowles was given a case ID and then transferred to speak with a man named Calvin, posing as a Federal Trade Commission (FTC) officer. Still a bit skeptical, Cowles waited for the usual red flags – specifically, a request to divulge personal information, but it never surfaced. Why? Because they already had all her information. Instead, the FTC officer went through all her personal information for verification – name, numbers, date of birth, home address, and social security number. He even knew the names of family members, including her 2-year-old son.

The FTC officer, Calvin, claimed that he found 22 bank accounts, 9 vehicles, and 4 properties in her name. The bank accounts had a record of wire transfers of over 3 million dollars to accounts overseas. He also explained that an abandoned car in Texas was discovered, rented in her name, with drugs and blood found in the trunk. Additionally, officials raided a home in New Mexico that was connected to the abandoned car, where they recovered more drugs, cash, and bank statements that contained Cowles’s name and social security number. The ploy didn’t stop there. The FTC officer texted Cowles pictures of the seized drugs and money and indicated that there were warrants out for her arrest in two states in connection with cybercrimes, money laundering, and drug trafficking.

Calvin indicated that he believed she was a victim of identity theft and would help her, but only if she cooperated. He continued under the guise of attempting to investigate the source of the breach, suggesting the possibility that a loved one was complicit in the illegal activity – someone who had access to her personal information. The conman instructed Cowles not to speak to her husband, friends, or any family members regarding the case in the event they were complicit in the scheme. He explained he would continue the investigation and connected her to his colleague with the Central Intelligence Agency (CIA) to assist her in protecting herself, her family, and her assets. Cowles was given a case number and then transferred to the lead investigator from the CIA named Michael.

Cowles was now in complete panic. Was she being helped because she was a fraud victim, or was she under investigation? Should she contact a lawyer? Should she covertly tell her husband? They warned that she was likely being watched by the threat actors and that she and her family were in imminent danger. With the safety of her son in mind, she stayed on the phone and followed his instructions.

The CIA agent instructed her to withdraw $50,000 in cash, so she had accessible money while her assets were frozen during the investigation. He would then set up an appointment to get her a new social security number, and the government would monitor her old one for fraudulent activity in an attempt to catch the perpetrator. When she inquired about going to the police or CIA field office in person, he warned her again that she and her family were likely being watched and in danger, so there wasn’t enough time to meet in person. Instead, he would send an agent to her home to collect the $50,000 while all her other accounts and assets would be frozen. They would secure the money by getting her a Treasury check and hand deliver it to her the next morning. With her phone tucked in her pocket, speakerphone on, Michael still on the line, she went to her bank and withdrew the money in cash. Cowles was directed to “put the cash in a shoe box, tape it shut, label it with her name, case number, address, and a locker number he read out to her.” Then, she was to sign it and text a picture to him. Shortly after, a man posing as an undercover CIA agent arrived at her home, and she dropped the money-filled box in the back of the car.

Cowles was waiting on the phone for Michael to confirm an appointment with the social security office. After some time with her phone on speaker in her pocket, she checked to see if the agent was still on the line. Instead, a woman answered and said that the agent was busy and would reach out the next day. The line went dead. Cowles called the number back, and the woman claimed again that Michael was busy. That’s when the events of the day washed over her, and she realized – it was all a scam.

Fraud Geek Explains:

As we delve into this story, typical response is – I would NEVER fall for that. However, prior to the incident, Charlotte Cowles would say the same, especially since she was an expert financial-advice columnist. Throughout the ordeal, she consistently questioned the validity of the claims, but the perpetrators pinpointed a major vulnerability – her family. The moment the fraudsters mentioned her family was in imminent danger, consideration that it was a scam had diminished. What is important to note in this story is the sophisticated psychological technique the threat actors used to manipulate Cowles. They exploited her emotions, and despite her experience and level of security awareness, she was duped.

Fraud Geek’s Advice: This scam was orchestrated perfectly, with multiple threat actors maintaining the ruse. So, let’s break down each step of the scheme and identify the red flags consumers should know to protect themselves:

The Amazon representative

  • An unsolicited call from a representative of any company should be considered a red flag – even if the caller ID shows the correct company name and number.
  • If you receive an unsolicited call verifying purchases or flagging fraudulent activity, hang up and either log into the official store site or App. Or call the customer service number listed on the website.
  • Don’t engage in conversation with the caller. Don’t answer any questions. Don’t verify any information.
  • Never click on any links or call any numbers provided by the caller.

The Federal Trade Commission (FTC) official

  • FTC officials, specifically the Criminal Liaison Unit, collaborate with prosecutors on criminal consumer fraud cases. The FTC itself does not conduct criminal investigations or make arrests—law enforcement agencies handle tracking criminal behavior, issuing warrants, and making arrests.

The real FTC will NEVER:

    • Tell you to move money so they can “protect” it.
    • Instruct you to visit a Bitcoin ATM, buy gold bars, or withdraw cash to hand over in person.
    • Demand money, threaten arrests or deportation, or promise a reward for cooperation.
    • Attempt to isolate you from friends or family by threatening that they cannot tell anyone “or else.”
    • Rush you into immediate action with the pressure of urgency.

Lina Khan, the Federal Trade Commission chair, stated: “…nobody from FTC will ever give you a badge number, ask you to confirm your Social Security number, ask how much money you have in your bank account, transfer you to a C.I.A. agent, or send you texts out of the blue.”

If you believe you’ve encountered an FTC impersonation scam, report it immediately at

The Central Intelligence Agency (CIA) agent

  • Criminal investigators with the CIA primarily focus on intelligence gathering overseas and do not have a direct law enforcement function to combat domestic criminal activity. Unlike the Federal Bureau of Investigation (FBI) which is a domestic security service, the CIA mainly operates outside the US. The entity has limited domestic intelligence collection capabilities.

CIA agents will NEVER:

    • Come to your house to collect cash or bring a Treasury check.
    • Ask you to wire money.
    • Call victims or suspected fraudsters directly to investigate a domestic case.
    • Threaten you, your family, or your friends to get you to cooperate.

More red flags:

  • The caller knows all your personal public information. A variety of personal information is easily found online. Just because they know this information DOES NOT mean they are a legitimate officer, agency, etc. Information included but not limited to the following are all easily found:
    • Name
    • Address (current, previous)
    • Phone number
    • Professional details
    • School information
    • Social media profiles
    • Family members’ information
    • Public records available through public court records
  • They know your social security number (SSN), claim your SSN has been suspended or compromised and/or offer to assign you a new social security number. Private information can be secured from a data leak and sold/purchased on the dark web. Information including but not limited to:
    • Social security number
    • Financial details
    • Health records
    • Personal conversations (text messages, emails)
    • Passwords/Pin numbers

Remember: The Social Security Administration (SSA) does not call individuals regarding their SSNs.

How financial institutions can protect their customers:

As a fraud expert, one moment in this story jumped out at me:

When Cowles went to the bank and withdrew $50,000 in cash, what questions were asked? Did her behavior deviate from her normal transactional behavior? If someone had stopped her to ask the reason for the withdrawal, could the scheme have been thwarted before she lost her money? There have been many stories where bank employees inquired about a large wire transfer or withdrawal that helped them identify the possibility of fraud and stop them before they made a mistake. While banks are not required to question withdrawals or wire transfers, many financial institutions have verification processes established.

Financial institutions can put the following into practice to help protect their customers from falling victim to fraud:

  • Train employees to recognize and report potential fraud.
    • Empower employees to understand, recognize and call out red flags and suspicious activity.
    • Educate employees on the most current tactics.
    • Train employees on what questions to ask in the event they encounter a suspicious individual or possible signs of fraud through coercion.
    • Establish a process for employees to request support to handle possible fraud.
  • Educate customers on common fraud schemes, including bank spoofs [texts, emails, and calls], and how to avoid them.
  • Consider a security awareness campaign with emails and banners reminding customers of red flags for fraud.
  • Monitor customer accounts for unusual activity, such as large or frequent wire transfers, and contact the customer to verify the transactions.
  • Use fraud detection software to identify suspicious patterns and behavior.
  • Partner with law enforcement agencies to share information and coordinate efforts to combat fraud.
  • Conduct regular audits of security protocols and procedures to ensure they are up-to-date and effective.
  • Implement strict verification procedures for wire transfers and other high-risk transactions.
  • Use encryption and other security measures to protect customer data from unauthorized access.
  • Stay up-to-date on the latest fraud trends and tactics and adjust security protocols accordingly.

The DefenseStorm Difference:

DefenseStorm approaches fraud differently by looking at both monetary and non-monetary transactions to catch fraud before funds leave the bank. Our Fraud Detection product identifies unusual patterns, such as exceptionally large withdrawals within a short period of time not consistent with normal activity. Our ability to monitor, detect, and alert on suspicious activity across all departments – including Originations, Online and Mobile banking, and Internal Fraud – allows the FI to stop fraudsters before funds leave the account.

DefenseStorm is your ally in the fight against cybercrime. Want to learn more about how Fraud Detection can help your FI stop fraud before money ever leaves accounts?

Contact DefenseStorm today!


“The Day I Put $50,000 into a Shoe Box and Handed it to a Stranger: I Never Thought I Was the Kind of Person to Fall for a Scam.”  https[:]//www.thecut[.]com/article/amazon-scam-call-ftc-arrest-warrants[.]html

Scammed financial advice columnist, defenders mocked by critics: Think ‘we are all as dumb as they are’


What Amazon, the F.T.C. and C.I.A. Won’t Say When You’ve Been Scammed





Adam Barrett

Sr. Product Manager, Fraud Detection

Adam is the DefenseStorm Fraud Geek with an extreme passion for protecting financial institutions and the people who trust them to provide a safe banking experience. He is currently the Senior Product Manager for DefenseStorm GRID Active Fraud Detection product. With 25 years of experience in banking operations, fraud and risk, you would think he’s seen it all, however, the constantly evolving schemes keep him motivated to stay in the fight.