Frum Man Victimized by Bank Scammers

By Matis Glenn

Most online scams attempt to trick people into giving up their social security numbers, purchase fake products, repay an overcharged “refund,” or pay advanced fees to claim “prizes” – all of which are able to be accomplished without having much prior information on the victims.  Often scammers – who disproportionately target the elderly – will buy advertisement space on Google or other search engines, to masquerade as companies like Apple, Microsoft, or Best Buy, to trick people into giving them money or identification information. These websites will have names which are very similar to the real websites, with one letter missing or added, or other words added to the name.

Some scammers, however, already have their foot in the door, and need just a small verification from the victims to proceed with wiping out their savings.  

 A frum man unfortunately fell victim to a scammer impersonating Wells Fargo bank on Tuesday, and offered his cautionary tale to Hamodia.

This scammer was able to crack the victim’s password, but was stopped by the two-step verification that most banks and credit card companies use to protect their customers. Two-step verification requires customers to not only enter their passwords on new devices, but also to verify that they are the owners of the account by punching in a code sent to the mobile device or email address that they have on file.

This is an effective bulwark against scammers, who sometimes are able to crack victims’ passwords.

What do scammers do when faced with the two-step verification? They have to call the victims and pretend to be the bank which they’re trying to defraud. They can even mask their number to appear as if it is coming from the financial institution. They will tell the victims that people are trying to access their accounts, and that they need to change the password to secure them.

The last step is to convince the victim to give up the code sent to their devices – banks will say in their messages specifically not to share the code with anyone, and that the bank will never ask for the code.

Sometimes, people don’t notice the text, especially when under a verbal barrage from a scammer telling them that if they don’t “secure their account,” they will lose their entire savings. Some people don’t bother to read the text, because they’re busy and just want to take care of the problem quickly; such was the case with our victim. He gave the code many times to the scammers, who thankfully were not very proficient in their “profession.”

Usually, scammers who gain access to an account will change the password, and have large sums sent to anonymous accounts or converted to mostly untraceable cryptocurrencies. The scammers in this story attempted to add someone as a recipient, and to send around $400 to the account. That money was sent, but when they attempted another transfer – this time of $600 –  the victim finally began reading the messages, and saw that not only did the bank tell him not to share the password, but that he had authorized a transfer of funds. During his conversation with the scammer, he was told that he had to prevent unauthorized transfers that people in other states were trying to make from his account.

When questioned, the scammer read from a script, detailing a long description of the danger the victim was in.

The victim called the bank immediately to set his affairs in order; he isn’t sure yet if he will be able to recover the $400 that he lost.

Most often, these scammers are based in India, Nigeria, or Jamaica, but they sometimes have U.S. based contacts, and sometimes the scammers are American themselves.

Be aware whenever someone calls claiming to be from a bank, financial institution, insurance company, or any other business. Never give out personal information over the phone, and call the institutions themselves, with phone numbers that are clearly linked to the company – don’t rely on Google to always give the correct numbers.