Don’t Fall for This Multi-Step Financial Scam

Scammers use urgency to trick their targets into handing over important or secret information. If you believe that your computer is hacked, or your financial accounts are compromised, you may let your guard fall, and unwittingly fall for a scam. 

But some scams are more sophisticated than others. The FBI recently highlighted a multi-step scam with devastating effects. According to the FBI, “Victims often suffer the loss of entire banking, savings, retirement, or investment accounts under the guise of ‘protecting’ their assets.”

Scammers use AI to analyze a target’s social media presence, looking for specific interests to exploit. That lets scammers find targets they’re looking for, and adds credibility when they reach out to targets. Over $1 billion has been stolen since 2014 from these types of scams, with the majority of victims aged 60 and older. 

Here’s how it works:

Step 1: Tech Support 

The first stage is to trick the target into reaching out to “tech support” for the device they are using. Perhaps the scammer sends an email or a pop-up purporting to share a security alert, and to contact the phone number listed in the message. The target calls the number, and a “tech support” agent is happy to help: They instruct the target to download a program that gives the scammer remote access to their computer, under the guise of guided support. 

The scammer will pretend to look for viruses and other irregularities, before recommending the target check their bank and financial accounts, to look for signs of fraud. Once the target leads the scammer to their bank accounts, the scammer tells the target to wait for a call from fraud investigators. 

Step 2: Money Transfer 

The call comes from a “fraud investigator” informing the target that their bank account was indeed compromised. As such, the scammer informs the target they must move their money to a secure location, perhaps the Federal Reserve or a U.S. government agency. The scammers walks the target through transferring their money, usually broken up into multiple transfers via wire, cash, or cryptocurrency. 

Step 3: Legitimize 

This step comes into play if the victim gets suspicious. The scammer may purport to be a representative of the Federal Reserve, and may mail the target a physical letter to confirm the legitimacy of the transactions. This may buy the scammer time, before the target realizes they have been the victim of a scam.   

How to protect yourself 

There are two important cybersecurity considerations to take from this story. The first is to never give an unauthorized party remote access to your machine. If your “bank” tells you to install remote access software, assume it is a scam. 

You also should not move money just because you were told to. If a caller tells you as much, even if they claim to be from your bank, hang up the phone and call back directly—not the number that called you. Most likely, your bank will confirm they did not call you.