Friday, August 25, 2023
Father-in-law lost $35k to a refund scam
Posting here for any advice, but the damage is already done - just want to make sure we’ve covered all our bases. Hopefully this story helps educate others and reminds you to check in on your parents often. Strap in, this is a long one.
I’m (40m) getting married in a couple of weeks and my future father in law (73m) was victim of a “Geek Squad” refund scam a week ago. My fiancĂ© (37f) has suspected he’s in the early stages of dementia, and we found out the medication he’s on for other illnesses affects his cognition and essentially gave him brain fog. He’s retired state police (former lieutenant), no stranger to criminals but cyber security is clearly a huge blind spot for him.
The scam started on a Wednesday and his daughter and I weren't told what was happening until Saturday morning,l. Because of his mental fog, getting a straight answer out of him was tough since he couldn't remember specific steps and order of events. Essentially it all began with a phishing email, saying he was going to be charged $350 for an auto-renewal of Geek Squad's services. He called the number and the scammers said they could cancel the service but would need remote access to his computer to "remove the software."
It's unclear how they got remote access, but it’s moot. While they had him on the phone, they were using MS Notepad as a way for him to enter info. He mentioned something about a program that "looked like a tree", probably some kind of separate animation to distract him.
They either asked for his banking information through Notepad, or just went to the bank's website where he had his password saved. I've saw videos on Youtube with examples of how they claim Notepad is a “secure server” and to "not make any mistakes while entering the refund amount." As in most of those examples, he probably entered the right amount and then they added two extra zeroes to make it $35,000 instead of $350.
While all that was happening, they had moved $35k from his savings to his checking, and then showed him the result. He was not sharp enough to realize that his savings account was short $35k, instead only focused on the checking account and listening to their claims that he took too much money and had to give it back. When I asked if they were intimidating or threatening him, he said "No, I would have immediately realized - I don't take kindly to threats.” Sounds like the scammers took the “I’m going to lose my job, help me” route.
He asked to send them a check, but they refused. They asked him to buy Bitcoin at a kiosk, but he couldn't figure that out. Then they convinced him to go to the bank and take the cash out. The scammers insisted they be kept on the phone the entire time, and reiterated that the bank wouldn't give him the money if he said what it was for, so he'd need to come up with an excuse. He said it was for his daughter's wedding. The bank only let him take $20k out, so he had to go to another town and get another $15k, all the while keeping the guy on the phone. The degree to which the bank tellers at either location questioned him is up for grabs, but we believe they at least mentioned something about fraud or scams and he just blew it off as not applying to him. The scammers said they would then send someone to his house to get the money and he pushed back, saying "no, we can meet at X parking lot", outside of the VFW he spends most nights at. It's looking like the second withdrawal was around 3pm and he said it was about 5 hours before they were able to meet up and exchange the money.
Hearing a retired cop tell me he waited in a parking lot at 8 or 9pm (Thursday night, now) and handed an envelope of $35k in cash to a stranger who got in his car was bewildering. There was some sort of verification - "our courier will have a dollar bill with this serial number, so you know it's the right person."
Friday comes around and the scammers claim that the same error happened again. He finally smartened up and contacted local police, and he played along to orchestrate another pickup in the same place. Undercover police were there to pickup and arrest two couriers, but these were different guys and were ultimately released on misdemeanor charges. They were able to get warrants for their phones and records, so there's an active investigation, but the detective is not hopeful. That first $35k is gone. The cops told him to notify his bank, so they also started an investigation.
Saturday morning rolls around and he finally calls us. I go to check out his computer and there's a message on Notepad "Hello are you still there?" - clearly they are still remote accessed in. I call the bank again and freeze all his accounts, which the bank hadn't already done. Luckily, he was able to hold onto about half his savings. We notified the big credit companies in case they had other personal info that would let them open up cards in his name. We supplied police with the email it all originated from, to try and extract the IP from the header, but looks like they were spoofing or whatever to California. We live in the northeast and the phone numbers were all from NY, most likely where they drove from that took 5 hours. I've submitted a claim to the FTC, and tried to reset whatever passwords we could, but I'm worried what kind of information they could pull out of his computer since they had remote access for 4 days. Still unsure how much of that time he had his computer powered on and logged in for.
Father-in-law, fiance and I all went to the second bank location where he took the last $15k out and asked what steps they take to ensure someone isn't part of a scam. They claim it's standard protocol to ensure someone's identity a few different ways with that much money, but that it's not out of the ordinary for large withdrawals to happen on a daily basis. My biggest concern is wouldn't they be suspicious of giving $15k to someone who just withdrew $20k at another location, 30 minutes prior? Wouldn't this lead to more questions and possibly getting a manager involved? They weren't willing to budge that they might be partly responsible, since he is the owner of the account and he took his own money out. I get that this is largely his own doing, but when you have a conversation with him on these meds, it's clear he's not 100% there mentally.
The bank investigation is still ongoing, but I’m not hopeful about that either. Losing this amount of money is devastating, as it was about half his savings. But I'm grateful they didn't completely clean him out. Do we have any recourse for getting even a portion of money reimbursed by the bank? Even though they didn't angrily intimidate him, the scammers did purposely mislead confuse and coerce him. In my opinion, someone who can barely finish sentences should be questioned further about large withdrawals before the bank willingly gives it out - especially when his day to day withdrawals never go over a few hundred dollars. He's never withdrawn that much money at once.
TLDR:
Father in law was tricked into withdrawing $35k from his own account and handing cash to a scammer's mule/courier. Bank didn't question $20k or $15k withdrawals from an account that never takes out more than a few hundred at once. Cops caught two low-level guys that were trying to scam him a second time, unrelated to the couriers from the first successful round. Any legal recourse to recoup his money?
Thanks in advance. Call your parents and educate them on spam emails.