FRAUD SQUAD
Thursday, August 1st, 2024
A common way scammers gain access to accounts is through imposter scams. This is where a fraudster poses as someone of authority to scam a victim and commit monetary theft. Fraudsters use psychological strategies, including isolation and instilling a sense of urgency, to take advantage of the trust and emotional vulnerability of their victims. This was just such a case when one senior citizen fell victim to an imposter scam that cost him $740,000 in retirement savings.
THE SCAM: A common way scammers gain access to accounts is through imposter scams. This is where a fraudster poses as someone of authority to scam a victim and commit monetary theft. While anyone can be affected by these scams, the most vulnerable population often targeted are those aged 60 and over. This is because it is assumed that people over 60 not only have larger sums of money reserved for retirement, but they also often have a limited understanding of technology. Often, threat actors pretend to be Internal Revenue Service officers, FBI agents, or local law enforcement. Some might even pose as your financial institution’s (FI’s) fraud department. Fraudsters use psychological strategies, including isolation and instilling a sense of urgency, to take advantage of the trust and emotional vulnerability of their victims. This was just such a case when one senior citizen fell victim to an imposter scam that cost him $740,000 in retirement savings.
THE SCHEME: It began in September of 2023 when 76-year-old Barry Heitin, a retired lawyer, attempted to log in to his 401K retirement savings account. After a few failed attempts, he decided to try again a few days later, but suddenly, a pop-up window appeared with his FI’s logo and phone number instructing him to call their fraud department immediately. Mr. Heitin called the phone number listed, and on the other end of the line was Charles Hunt, who identified himself as a fraud investigator with the FI. Hunt, who was actually a threat actor posing as an investigator, explained to Mr. Heitin that his account was under attack by a cybercriminal attempting to gain access. He then identified other accounts owned by Mr. Heiten which were also at risk – one being an I.R.A. with a large FI.
Mr. Hunt then contacted Hayden Smith, who claimed to be a bank employee managing the victim’s checking account, so he could join their discussion. Smith explained that Mr. Heitin’s checking account was recently flagged for transactions totaling $10,000 related to the illegal purchase of pictures depicting child sexual abuse through a site in China. According to the victim, Mr. Smith began with a barrage of questions: “Ever been to China? Know anyone in China? Buy anything in China?” Mr. Heitin denied having any involvement in the purchases or any connection to China. The “bank employee” then suggested Heitin speak with an officer in the Internal Revenue Service because FIs work with the government agency to investigate cases of fraud and believed he was a victim.
Another man joined the call, this one claiming to be Finn Whitrock, an officer with the IRS. He readily provided Heitin a badge number and notified the victim that his accounts were, in fact, at risk and that an investigation had been opened. $20,000 from Heitin’s account was in peril, and Whitrock offered to help move all his money to a federal locker where it could be safeguarded during the investigation. Additionally, the IRS officer explained that the information that Heitin provided could ultimately bring down a crime syndicate before others were targeted. There was one caveat – if he was going to cooperate, it had to be now, and he had to keep everything private. He was instructed to not even tell his family. Without hesitation, Heitin agreed and gave complete access to his computer. He then took an active role in withdrawing money and transferring it to what he believed were secure accounts.
The fraudsters closely tracked Mr. Heitin through daily calls and step by step instructions to complete the transactions over three months. Their calls became almost friendly, bonding over personal stories. All the while, Heitin’s computer was online 24 hours a day with a special map that looked quite official – with flashing lines to show updates on the phony investigations. One of the updates showed that Interpol had uncovered one of the perpetrators and tracked another one in Singapore.
Within a few weeks, Heitin had withdrawn and transferred $113,000 from his accounts. He was then directed to focus on his retirement savings, which totaled over $830,000 across an I.R.A. and a brokerage account. These accounts were managed by a financial advisor with whom he had entrusted this job for over 20 years. Heitin was instructed to tell the advisor that he was buying a gift property for his children in Canada, but the advisor was immediately suspicious, found inconsistencies in the property story after some research and refused the transfer. Smith suggested he tell them he needed to have the money wired to buy gold, raising red flags, and the bank asked for him to come in so they could speak with him. That’s when Whitrock [the man posing as the IRS officer] began to cast aspersions against the advisor by divulging a list of names on a watchlist for criminal activity, and his advisor’s name was conveniently on that list. They continued to fuel Heitin’s suspicion towards his financial advisor by explaining that his information was likely leaked from the branch where the advisor worked. Frustrated, Heitin insisted that the advisor, a branch manager, and a compliance person at the FI release his money, but they refused because of suspicions of fraud.
Smith, the man posing as a bank employee, suggested that Heitin roll over the amount in his I.R.A to another FI. With $834,000 in a new I.R.A. at a different FI, Heitin was free to empty the contents of the account – no questions asked. Over the course of just two weeks, Heitin made small withdrawals from different bank branches, but when the FI began to ask questions, he just wired money to a gold dealer, as suggested by the scammers. Even the gold dealer was suspicious and contacted Heitin, warning him that he was concerned this was a scam. Despite the warnings from various people, Heitin then purchased $416,000 worth of gold ingots and coins. He was then instructed to place all of it in a brown paper bag and, while on the phone with Smith, deposit the bag in a car that would arrive at his apartment.
Heitin sincerely believed he was not only protecting himself, but that he was also playing an important role in an active case to stop thieves before they committed more crimes. It was in November, three months since the ordeal began, when a New Jersey detective contacted Heitin after finding a receipt in a car for the gold he purchased, which listed his name and address; she believed he was the victim of a scam. It wasn’t until he met with two FBI agents that he learned he was one of at least seven victims of a scam based in India.
In addition to the money lost through the scam itself, Heitin was also responsible for the taxes associated with that sum of money. New York Times reporter Tara Seigel Bernard, who interviewed Mr. Heitin, explained that “withdrawals from tax-advantaged retirement accounts like traditional I.R.A.s are taxed as ordinary income, so to the government, it looks like Mr. Heitin lived large last year: He still owes nearly $285,000 in federal and state taxes.”
Mr. Heitin is currently working with a lawyer to fight the tax bill and recover the money.
Fraud Geek Explains:
Imposter scams are widespread, and this elaborate ruse is not unique. Fraudsters often orchestrate these scams through a phone call, text, or a pop-up window on their computer, notifying the victim that their accounts have been hacked and their money is at risk. The victim is then either given a link to click or a number to call and it spirals from there.
According to the FBI’s 2023 Internet Crime Report and data collected by the Internet Crime Complaint Center (IC3), “Impersonation scams defraud thousands of individuals each year. Two categories of fraud reported to IC3, Tech/Customer Support, and Government Impersonation, are responsible for over $1.3 billion in losses. Call centers overwhelmingly target older adults, with devastating effects. Almost half the complainants report to be over 60 (40%) and experience 58% of the losses (over $770 million).”
Fraud Geek’s Advice:
It’s important to remember that there are no limits to what scammers will do to exploit a victim. While all age groups are at risk, fraudsters take advantage of the older demographic because they often make easier targets. A pop-up window indicating your computer is at risk and to call your FI for help can be stressful for the boomer generation, who are just getting comfortable with online banking and money management.
Here are some recommendations to stay protected and avoid becoming a victim of imposter scams:
If you believe you’ve encountered an imposter scam or are a victim of one, report it immediately at https://reportfraud.ftc.gov.
You can also file a report to the FBI’s Internet Crime Complaint Center (IC3) https://www.ic3.gov.
How financial institutions can protect their customers from imposter fraud:
In this scenario, the victim was warned not only by his FI but also by a trusted financial advisor and even the gold dealer. These people did acknowledge the red flags and continually attempted to warn Mr. Heitin, even refusing to complete transactions. The best course of action is to do exactly what these professionals did to protect the customer; however, unfortunately, Heitin did not heed those warnings because he was just too entrenched in the scam.
The DefenseStorm Difference:
With DefenseStorm GRID Active Fraud Prevention, FIs can proactively detect fraud before funds leave the organization. Using User Behavior Analytics (UBA), FIs can better detect activities that are outside the norm of the customer. For example, a customer typically uses online banking for low monetary transfers but then comes into a branch with documents to do a large transfer to an account that has not been associated with that user before. UBA within GRID Active Fraud Prevention would flag that potential fraud, protecting both the FI and customer from any money moving out of the account until that transaction could be verified.
DefenseStorm is your ally in the fight against cybercrime. Want to learn more about how Fraud Prevention can help your FI stop fraud before money ever leaves accounts?
Contact DefenseStorm today!
SOURCES:
Federal Bureau of Investigation Crime Report 2023 (IC3)
https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf
How One Man Lost $740,000 to Scammers Targeting His Retirement Savings
https[:/]/www[.]nytimes[.]com/2024/07/29/business/retirement-savings-scams.html