My father was almost scammed out of $80k!
 

My parents were recently almost scammed out of $80k. I thought I would post this hear to help others take steps to prevent this kind of thing.

Background
My father was a regional manager at Bank of America for 35 years and currently banks at Bank of America. I don't think the scammers knew that he previously worked at Bank of America, but the fact that he did previously work there made him more likely to believe their story.

The Scam
My father, 83 but fit and mentally acute, received a call from "Bank of America security". They told him that someone had stolen his identity and opened a line of credit at Wells Fargo and stole $80k from that line of credit.

The scammers pretending to be Bank of America security then told him that they had transferred $80k into his checking account for him to repay Wells Fargo. They gave him the routing info to do a wire transfer into their Wells Fargo account.

They even called the Bank of America branch nearest to his address to make an appointment for the next day for him to come in and do the wire transfer (they did this just before calling my father).

They told him not to tell anyone at the branch what was going on because they believed that someone at the branch was responsible for opening the account at Wells Fargo.

My father wrote all this down and told them he would do it. Immediately after the call, he called Bank of America to confirm the appointment and confirm that there was an extra $80k in his checking account....remember he does not have any online bank account access, so he needed to call in to verify the balance. My father confirmed there was indeed an extra $80k in his checking account.

The next day, about 15 minutes before he was going to leave to do the wire transfer my sister happened to call him. She could tell that he was upset about someone and got him to say what was going on. My sister told him that it was a scam and he should not do it, but because of his connection to Bank of America, he told here that he had spoken with Bank of America security and validated the money was there and was going to do the transfer. He then hung up and left for the bank. My sister was furious and also hopped in her car and headed to the bank and tried to call the bank to tell them what is going on but did not get through and did not get there before he had arrived and tried to execute the transfer.

My dad arrived at the bank for his appointment to do the wire transfer, but the teller he worked with could tell something was up by the way he acted and told him that he should go home and think about it before executing this transfer. My sister arrived moments later and was relieved to find that the bank had refused to do it.

How did this happen?
I think this all started because my dad regularly pays with checks and does not have any online accounts setup. I think the scammers got ahold of one of his checks which gave them his name, address, phone number and account numbers. My guess is that they then went to a dark web database to get his SSN and DOB which they would have needed to create an online account in his name.

I imagine their initial plan was to try to reset the password on his online bank account. But given that my dad did not have an online account setup, the scammers were able to setup new online access to his bank account without having to try to reset the password on an existing account.

Once they had online access to his account, the scammers should have been able to do the wire transfer themselves using the online account, but Bank of America does not allow new online accounts to execute wire transfers. You have to come into the bank to do your first wire transfer in person.

Where did the $80k in his checking account come from? When the scammers got online access to his account they saw that he had a checking account with a few thousand in it, and a savings account with about $80k. They knew that he could not go online to see the balances, so they simply executed an online transfer of $80k from savings to checking so that when he called up to check the balance of his checking account he would see the extra $80k and not immediately realize it was his own money.

Aftermath
My sister and I went back to the bank with him the next day to create all new accounts and reset the online account. We then went through all of his banking and investing accounts and setup online access with two factor authentication that only goes to either my sister's or my phone, this way he needs to call one of us to do anything online. He is okay with this because he does not want to do any online banking.

The primary learnings here are:

1) Whenever possible do not pay by check
2) Don't think that not having any online access to your financial accounts makes you safe
3) Setup online access with two factor authentication, enroll your phone as the only two factor if your parents don't need online access
4) If your parents are not likely to do any wire transfers from a given account call the bank and ask them to require wire transfers to be done in person
5) Let your parents know that if anyone from their "bank" calls them up and asks them for their account numbers or to do a wire transfer or to reset their password to not do it and call you.

Thanks for posting the warning.

You dad sounds like my mom. I think I'm going to go do a check-up with my mom's banks...

Wow! They are getting more sophisticated. Thanks for the heads up.

Wow, so glad that this was a "near miss", and yes, it's possible for almost anyone including folks that are quite savvy to be taken under just the right (wrong) circumstances. The "don't tell anyone" is a huge tip-off, but at the same time, they had a valid sounding reason for it.

It's too bad these folks are rarely caught.

The biggest take away from this story was how furious he was and his insistence on going through with it.
I'm still in repair mode for a friendship damaged when he got scammed for $14K. The $14K was transferred from his savings without his knowledge and he insisted the scammers should get "their" money back from his checking account for a simple mistake.

OP I have a client that lost $100k this way. He's pissed the bank let him do the transfer but in the end it's on him. In his case they called saying they were from 'geek squad' at Best Buy and needed to log in to his computer to fix something. they did the transfer from savings thing and he fell for it.

An M&T manager client also told me this exact scenario shows up from time to time.

I've been through this with my parents who are no longer with us. There is no school to teach us how to take care of the elderly. This happens way more than you think - especially with modern banking and communication technologies. These scammers are the scum of the earth and we need to protect the elderly.

Take over their finances. Get a joint account with your parent(s) and take away their bank card. A credit card with a reasonable limit will do anything they need to do day-to-day.

Monitor their email account

Dissuade them for owning a smart phone

Get a POA

Call them daily.

Thank you for the heads up and I am very happy your father did not get scammed.

Using a 2-factor authentication is a good idea, but there are inherent weaknesses with using your cell phone for text notifications. If a bad guy https://www.finra.org/investors/insights/sim-swapping-risks#:~:text=The%20fraudulent%20holder%20of%20a,g aining%20access%20to%20your%20account. "Sim Swapped" your phone, the 2-factor authentication security factor is voided because the "holder of the new phone" will receive the authentication text and simply approve it. A better way for now is to use an app authenticator such as "Google Authenticator." Below is some information to a Sim Swap:

What Is SIM Swapping?

But the convenience of eSIM cards has opened a potential security hole for bad actors: If they can convince your provider that they’re you—say by collecting personal information you post on social media—they can have your eSIM transferred to their device and potentially access your personal information, financial accounts and incoming messages. This type of fraud is known as SIM swapping.

The fraudulent holder of a SIM can access a wide range of content on a phone, which can serve as a gateway to financial, social media, email and other accounts. Thus, SIM swapping has a lot of potential for harm, as does port-out fraud, which is a related tactic that involves bad actors deceptively transferring a phone number from one wireless provider to another to gain control of the account.

The risks of these types of fraud are high for investors because mobile phone numbers have become a key to establishing customer identity and securing financial data. Websites commonly use multi-factor authentication (MFA) to verify the identity of someone attempting to access secure online data. If you try to log in to your bank or brokerage firm account, the institution might ask for more information than just your ID and password. This additional “factor” is often your mobile phone number since that’s unique to you and easy to access. If you set up MFA using this number, you’ll get a text message including a task to complete (like entering the accompanying numerical code) before you can access your account.

However, if someone swaps your SIM, they’ll be able to intercept the message meant to confirm your identity, thus fraudulently gaining access to your account.

Wow is right.

In my business, we cover cyber fraud. This has grown to become a huge and successful industry. I have seen many very sharp people get scammed.

Caution.

Wow. Thats the most sophisticated scam I’ve heard of. Normally they don’t call on the phone, were the scammers native English speakers? We are fortunate that many scams come from outside the US and are easy to identify due to the poor grammar, typos, and incorrect phrasing.

Thanks for posting, I sent it to my wife because I can see her parents falling for something similar.

I would like to be able to send an electrical "spike" through the Internet to the scammers that blows them to smithereens. We have not been scammed (yet) but there have been many attempts.

Whatever penalties we have for these crimes are not sufficient to deter these rat bastards. Make it 25 years of actual prison time, no BS good time, work time, with full restitution required regardless of how long it takes. Take every cent they make until it is paid back and when convicted of any of these crimes, cut any and all social services/funding they or their family receive until the restitution is repaid.

Unfortunately, most of the scams are from other countries. The easiest way to massively reduce or stop it is to make real 100% caller ID. Make the spoofing of numbers impossible, and if the number is called, you know where and who it really comes from. I received a call from myself. I used some salty language to the caller as there was zero doubt I did not call myself, (which impossible) and they hung up.

Congress would have to pass new last for that. And the telecom would scream it is impossible, but they can do it.

The other law they need to pass is for prisons to enable cellular blocking. Make any cell phone usage impossible. They block all cell use in an area around the POTUS. They can blocks all prisoners from using a cell phone. Many on-line "romances" are done from a prison.

Congress will act right after peace in the middle east is achieved by a bigfoot riding into Washington DC on the back of a unicorn.

Call calling indeed! Glad to hear that everybody was able to prevent a scam.

Fortunately, for my parents when they were alive, they had no online presence , my brother and sister paid all of their bills and their financial advisor was on top of it.

I've heard/read that is intentional. By making a few mistakes, they don't end up wasting their time with smart folks that may either take longer to scam, or waste their time and end up not being scammed. By making mistakes (spelling, grammar, etc...) they only catch the folks that are a little less sharp, and therefore easier to scam and more of a "sure thing".

I remember seeing a movie years ago, when a super villain-type was able to send a signal through a phone line that killed the guy on the other end of the call. I've fantasized about being able to use that plenty of times.

Slightly more realistic and functional would be a way to send that spike to their phone and computer and fry those beyond fixing.

Dang ... now how am I gonna pay for my new Cybertruck :(?

Freeze credit at all three agencies. Everyone's info (banking, etc.) has been compromised already .... ASSUME that .... yes!

2-Factor (stage) access to EVERYTHING ...

Then hope they don't get scammed ... I watch all acount activity (and have access to everything) ... now.

Good luck!

my wife is a registered nurse for Adult Protective Services. she sees it all.

loneliness and isolation paint a huge target on the backs of the elderly. we won't even get my mom the internet.

my wife said the elderly sometimes find themselves converting their cash into bitcoin as instructed. there is apparently a bitcoin ATM at the casinos. scary.

Sounds like how my bil lost 40k of bitcoin in 2018.
“Coinbase” called him. He gave access to his account and lost everything.

Yeah! When we went back the next day to create new accounts, the teller brought in the branch manager and a few others to hear the story. They were surprised that the scammers actually called the bank to create an appointment...they had not seen that before.

How good was the scammer's English?