After a San Diego woman lost more than $200,000 in a pair of connected scams, law enforcement announced Tuesday they had arrested a suspect — and are putting other thieves on notice.
“This case should … serve as a warning to scammers who are running these criminal enterprises that we’ve had increased success, working in the first of its kind Elder Justice Task Force, working together to track them and to stop them,” said San Diego County District Attorney Summer Stephan at a press conference.
Stephan didn’t name the victim, but described her as a 65-year old San Diego resident in poor health.
Authorities believe the woman was targeted by a crime ring. After they gained the victim’s trust and extracted more than $200,000 in cash, one of the alleged scammers, Zhi Gao, a 22-year-old San Gabriel resident, was arrested Oct. 12 while attempting to pick up another stack of cash from her, Stephan said.
Gao was charged with attempted grand theft, attempted receiving stolen property and resisting an officer in the performance of their duties. If convicted, he faces a sentence of two years, six months.
The money hasn’t been recovered.
California is a hotbed of elder fraud, FBI Special Agent in Charge Stacey Moy said at the conference.
The San Diego FBI Elder Justice Task Force identified 1,800 reported victims of financial scams last year, with around $49 million in losses in the county. So far this year, the reported losses have exceeded $75 million, according to county data.
Social Catfish, a reverse image search engine, plumbed data from the FBI and the Federal Trade Commission and found that almost 81,000 victims lost more than $2 billion to online scams in California in 2022.
The thieves used two methods here, Moy said. One is the tech-support scam, where thieves ask for money in order to “fix” fake computer problems. The other is a banking scam, where thieves pose as the victim’s bank — on the phone or online — and then find ways to get a hold of funds.
“The number of tech-support scam victims has doubled since 2020. And the loss amount has increased five-fold since 2020,” he said.
These crimes are hard to investigate and prosecute, Stephan said. Often, the stolen money moves out of this region, gets converted to cryptocurrency and leaves the country — and can’t be recovered.
Gao is believed to be just one link in a criminal chain, a “courier” — someone who transports stolen money to another thief, Stephan said.
“It’s believed the defendant is part of a larger theft ring and is a courier for this criminal syndicate,” Stephan said. “Our investigation is continuing.”
Stephan also issued a warning to San Diegans that fraud is underreported and spreading aggressively.
“People of all varying educations — no one is immune to these scams,” she said.
That’s why it’s so important to avoid getting duped in the first place. Here is how this particular fraud unfolded, and what consumers can learn from it and other such cases.
One victim, two scams
It all started with a frustration that will be familiar to anyone who has used a computer.
Back in May, the victim’s computer froze. A pop-up appeared on her screen offering tech support from Microsoft. She called the number it listed and signed up for what she thought was a $120 computer repair service, Stephan said.
It was not Microsoft, but thieves. And they were just getting started.
Some time later, they called her again and impersonated her bank, Chase Bank. The thieves said her account was compromised by fraud and that pulling cash from her account — and giving it to a courier — would keep it safe.
“The victim made several withdrawals of between $20,000 to $30,000, ultimately amounting to $200,000 in her life savings,” Stephan said.
Once her children caught on and alerted police, the woman set up another cash pickup at her home — but this time, law enforcement was waiting and arrested Gao there.
Stephan said scammers can gain access to devices through sneaky links sent via text or email. Once you click, that introduces software that can freeze your machine and display a fraudulent pop-up.
One red flag is anyone contacting you and asking you to withdraw cash, in any amount.
“You should terminate all communication with that person immediately and talk to your family members or another trusted individual about it, before sending any money,” Stephan said.
Another: Scammers thrive on secrecy. “If you’re being asked to keep it as a secret from your family, from anybody,” that’s a bad sign, Stephan said.
At a park near her home, Nadwa Perket answered her phone in August, thinking it was Wells Fargo. In reality, it was a scammer. She said she gave no personal information. But about two days later, she discovered she lost around $8,000 from her bank account.
(Nelvin C. Cepeda/The San Diego Union-Tribune)
A ‘convincing’ phone call
Another San Diego woman described how a scammer zeroed in on her.
On Aug. 18, Nadwa Perket, also her 60s, said she answered her phone, seeing Wells Fargo on the caller ID. “It showed the number and the email — exactly the same as Wells Fargo,” she said in an interview.
The man at the other end asked for her by name, introduced himself and said he was with the bank’s fraud department. He said someone tried to wire money to Florida and the bank blocked it. “We want to make sure that it was you who was wiring this,” he told her, Perket said.
“I told him it’s not me,” she said.
Quickly, she became alarmed that she was the victim of a bank scam.
In fact, Perket said, she was about to be.
Nadwa Perket says thieves gained access to her bank account and nearly emptied it.
(Nelvin C. Cepeda/The San Diego Union-Tribune)
She said the man gave her some online safety tips and then put her on hold, saying he was adding additional security to her account. After some technical issues — the call disconnected, he called her back a few times — the call ended, she said.
Perket said he sounded exactly like a Wells Fargo employee.
“‘Ma’am, you are on a recorded line,’” she recalls him saying. “He was very professional, very convincing.”
A few days later, she said, she got a text notice about a wire transfer and saw her bank balance was $6,800 lower. A few hundred dollars remained in the account. Her daughter provided the U-T with screen shots, copies of bank statements and copies of Perket’s correspondence with Wells Fargo.
Perket says she does not understand what happened. She said is cautious online and did not share her password or username.
Losing the money was hard, but it was just as hard to find out that the bank determined it was an authorized transfer, Perket said. She challenged the finding, several times; each time, the bank concluded the transfer was authorized.
“To them it was right. It was authorized. It didn’t look fishy to them,” she said.
A Wells Fargo spokesperson declined to comment specifically on a customer’s case due to privacy but said she would look into her concerns. In a letter dated Aug. 24 to Perket, the bank wrote: “After reviewing all the information available to us regarding the online wire transaction you are disputing, we have determined that the transaction was performed by you or someone using your username and password.” The bank said that under its terms and conditions, “you are responsible for online wire transfers that originate using your username and password.”
In a Sept. 12 email, Wells Fargo told Perket the bank was unable to recover her funds and her case was closed, according to a screenshot provided by Perket’s daughter.
The interaction has left Perket feeling “betrayed” and “insulted” by her longtime bank. She filed a police report and has had to borrow money to pay rent, she said.
“I was bitter because the bank did not protect me as a client. They didn’t do their job,” she said.
According to the Consumer Financial Protection Bureau, a transfer is unauthorized under certain limited circumstances. Among them: “When a consumer is fraudulently induced into sharing account access information with a third party, and a third party uses that information to make an EFT from the consumer’s account, the transfer is an unauthorized EFT,” it states in an FAQ.
Lauren Saunders, the associate director of the National Consumer Law Center, pointed to a loophole in the way the liability for certain kinds of bank-to-bank transfers is sometimes treated by banks.
Under the federal Electronic Fund Transfer Act, consumers liability is limited for unauthorized electronic transactions if they report the fraud in a timely manner. Companies must promptly investigate claims, and unless they can show the transfer was authorized, they must reimburse the consumer, generally within 10 days of the complaint, with some exceptions. The protection does apply in P2P (or peer-to-peer) transfers through apps such as Venmo, CashApp and Zelle.
“Consumers have protection from unauthorized transfers, but transfers that the consumer initiates are not considered unauthorized,” Saunders wrote in an email.
But bank-to-bank wire transfers are not covered by the EFTA. Instead, a uniform state law called UCC Article 4A protects people from unauthorized bank-to-bank transfers, while federal law — through the Electronic Fund Transfer Act — makes an exception for such transfers.
“UCC Article 4A has far weaker protections than the EFTA and has some loopholes that banks sometimes use (sometimes wrongly, in our judgment) to escape protecting people whose funds have been stolen through wire transfers,” Saunders said.
“We have urged Congress and the CFPB to close that gap and extend the EFTA to wire transfers.”
Lessons from a former scammer
A 24-year-old Nigerian man named Chris Maxwell has this advice: don’t be so trusting.
“Please, when you’re talking to someone who is a stranger you are meeting online for the first time — someone you don’t know — you need to make sure you have every information possible to confirm that person is real,” Maxwell said in an interview from Lagos over WhatsApp. “You can ask for an ID, you can ask for an address. You can ask him to call (on video). ‘Show me your face.’”
Maxwell would know. From 2016 to 2021, he said he contacted hundreds of women on social media — Instagram, Tik Tok, Baidu. Step one: make fake profiles using photos of attractive military men. Step two: be friendly. Step three: let them fall in love. Step four: Steal their money. This kind of fraud is known as a “romance scam.”
One woman sent money after four days, he said. With others, it took a few months or a year for him to build trust, lower their guard and strike.
Today he is an anti-fraud consultant with Social Catfish, the Murrieta-based reverse search company. Maxwell said he has not faced legal consequences or repaid his victims. He is “keeping a low profile” — though he agreed to be interviewed.
Could banks do more?
Stephan said banks could do a better job of protecting their customers from fraud — especially at the moment when a red-flag transaction is about to happen.
“We want to see the banks do more,” Stephan said. “Banks are mandated reporters. And they are supposed to stop when somebody is withdrawing these kinds of amounts.”
She added, “More needs to be done in order to stop it, because if there is more communication — if there is a way to have the bankers educate the victims when they try to withdraw the money — that would be a lot better for everyone.”
Sarah Grano, a spokesperson with the American Banking Association, said banks have been boosting efforts to prevent fraud.
“As the popularity of P2P payments soars, so does the threat that scammers will target consumers,” she said in an email. In P2P payments, one person sends money directly to another, often through an app. “In response, the banking industry has ramped up anti-fraud efforts, including customer alerts and other warnings to only send funds to people you know and trust and increased behind-the-scenes security controls.”
How to stay safer
“Trust is the currency of fraudsters,” said Tyler Adams, the co-founder CEO of CertifID, a fraud prevention and recovery company. “What they’re trying to do is establish trust in every single way that they can. And they do that through a bunch of different tactics.”
With so much happening online — from renting movies to paying for a down payment on a home — fraudsters have many more opportunities than they used to. And their tools have gotten far more sophisticated. Artificial intelligence gives scammers even more ways to dupe consumers.
“We have to find a way to be safe online, because people aren’t going to stop being online,” Adams said.
Security and law enforcement officials suggested these tips:
- Slow down. Scammers are “going to try to make you act quickly,” Adams said. “They’re going to try to make you feel like you’re missing an opportunity.”
- Verify everything, Adams said. Triple-check email addresses. Look if a single letter is off. An “I” masking as an “L,” for example. When someone calls or texts you from an institution (one you do want to interact with), disregard and call the number you have on your official statement. Or find the number online from a trusted source.
- Use multifactor authentication for all online accounts. That means receiving a text or phone call back from the provider to confirm you are the authorized user.
- Use a password manager and use longer passwords. Avoid common names and phrases, and don’t repeat passwords across sites.
- Banks will never call, text or email you asking for account information or urging you to send money to anyone, including yourself. If something doesn’t seem right, contact your bank through a trusted channel like the number on the back of your debit card or the bank’s mobile app.
- If you uncover or suspect fraud, time is of the essence. Call your bank, the police, the FBI, go to IC3 — the Internet Crime Complaint Center. “There is still some hope sometimes of getting money back, but you have not a lot of time to waste. So you have to move really quickly,” Adams said.
