Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
Taking Action Across the Scam Lifecycle
545 Plays2 years ago
In this episode I introduce the scam lifecycle - all the steps that a scam victim goes through from the first call or message all the way until monetary recovery is attempted by law enforcement. The reality is that is not the end of scam victims at all. There are long lasting emotional effects that must be addressed as well. I discuss education, regulation, parties who have touch points across the scam lifecycle taking responsibility, reporting and finally - technology. Most importantly - how all of these aspects are intertwined. Lot's more to do!!!
This podcast is hosted by Ayelet Biger-Levin https://www.linkedin.com/in/ayelet-biger-levin/ who spent the last 15 years building technology to help financial institutions authenticate their customers and identify fraud. She believes that when it comes to scams, the story starts well before the transaction. She has created this podcast to talk about the human side of scams, and to learn from people who have decided to dedicate their lives to speaking up on behalf of scam victims and who take action to solve this problem. Be sure to follow her on LinkedIn and reach out to learn about her additional activities in this space.
Organizations which fight scams
www.theknoble.com - connecting fraud fighters to combat all fiorms of human crime
www.gasa.org - connecting several groups such as regulatory, law enforcement, vendors and others to drive change
www.romancescamsnow.com - support victims of romance scams
Recommended
Transcript
Introduction to Scam Rangers
00:00:03
Speaker
Scam Rangers, a podcast about the human side of fraud and the people who are on a mission to protect us. I am your host, Ayere Figur Levine, and I'm passionate about driving awareness and solving this problem.
Understanding the Scam Lifecycle
00:00:21
Speaker
Welcome to episode 10 of Scam Rangers. In the previous episodes of this podcast we covered many very important topics which I would like to take a moment and reflect on because the big question in my mind, and this is something I also ask all of my guests to provide a perspective on, is ultimately what can we do
00:00:42
Speaker
to make a real impact and minimize both the emotional toll and financial toll of online scams today. In order to do that, I would like to review what I call the scam lifecycle. So the scam lifecycle has six steps, but really does it ever end for the victim? Let's take a look at the scam lifecycle from a victim's perspective.
00:01:06
Speaker
So the first step is that the victim receives a message. It could be a phone call, SMS, WhatsApp, Instagram, could be something on a dating app or other social platforms. Step two, the victim responds to the text by calling back or replying. Step three, the victim is put in an emotional state of fear or delight, the manipulation. Step four, the victim transfers money to the scammer via payment rails.
00:01:34
Speaker
Step five, the victim realizes that they've been scammed and they complain to financial institutions or law enforcement reporting, which is something that most victims do not do.
00:01:47
Speaker
Step number six, recovery process begins. Reimbursement hopefully happens, but in this case, the recovery attempt will try to get the money back for the victim, the money that's lost. Now, this doesn't really end there, right? Because the emotional toll is also something to consider. So what happens with victims after they were scammed? Well, we know that there are many cases
00:02:13
Speaker
lingering effects such as post-traumatic stress disorder PTSD or even cases of suicide and therefore great work that is done by support groups to help victims of scams is an ongoing effort and it never really ends. So let's cover the scam life cycle step by step and consider
00:02:35
Speaker
different things that we can do across this life cycle because too often we focus on the payment, on the transaction, on the money that's passing hands. But the reality is there are opportunities across the scam life cycle to help victims and even prevent scams.
00:02:52
Speaker
And if we take that broader perspective, we can improve collaboration across different stakeholders, if it's government, law enforcement, private sector. This is something that can really improve the outcome for victims and the outcome for everyone.
The Role of Education in Scam Prevention
00:03:08
Speaker
So let's start with education. Education is something that could help prevent scams. And the more we drive awareness of the problem and the risks that are out there between identity theft and online scams and everything around this and phishing,
00:03:26
Speaker
This is something that we can help to prevent scams. And the question is who is responsible for education? And the answer is it's not that simple. It's really taking responsibility. So governments, of course, are responsible to protect citizens.
00:03:43
Speaker
Other stakeholders are e-commerce brands. Using those secure channels of communication when customers go to the sites or go to the apps to purchase and transact with the legitimate brands, that's an opportunity to educate and explain to customers what the risks are. Telcos who are
00:04:02
Speaker
the ones who oversee all the traffic as well as social media platforms. Definitely platforms have the opportunity to do more and we can see an example where Match, the Match group had taken initiative to protect their customers on online dating apps to be aware of the risks and also filter out more risky type activities.
00:04:27
Speaker
And then we have the payment rails. And I think banks have taken all the heat here, but the payment rails are the bank application, P2P platforms, all the money transfer apps like PayPal and CashApp and others. And those payment rails are anyone who has a touch point in the scam lifecycle from a payment perspective can definitely educate the customer.
00:04:52
Speaker
either proactively or at the point of transaction. Additional payment reels are cryptocurrency exchanges and gift cards. And we've seen a lot of education at point of sale when it comes to gift cards, if it's signs next to the gift cards in retail stores or point of sale that has electronic messages before the transaction is complete. So those are some examples of education in the point of transaction.
00:05:20
Speaker
There's an opportunity for education every step along the way. One of the challenges is how not to overwhelm people and how to find the right balance where we don't scare people from the digital realm, but we enforce their safety. And that education has to be about the modes of operation, about the scans that are happening, but also about where to go if you are scammed and how to verify if something is a scammer or is not a scam. So we readily need to incorporate
00:05:49
Speaker
the why into this training and we need to incorporate the what to do. So that's education. Education is not enough. Once someone is thrown into that emotional state or the case presented or the case that is happening is different from the education, it might not be effective. So it's important, but it's not enough.
Regulations and Responsibilities in Scam Prevention
00:06:10
Speaker
So that's the first step. Then there's regulation. And regulation really drives hearties along that scam lifecycle to take more responsibility. In the past, when robocalls were happening very, very often, we've seen telcos taking more responsibility because of pressures from government to reduce the amount of scam and spam calls, robocalls, car warranty, IRS scams. So that's decreased. Unfortunately, a lot of those scams did not disappear. They just
00:06:39
Speaker
shifted to text messages. But when it comes to regulation, we see more and more focus on financial institutions. There are many discussions about reimbursement and asking financial institutions to take responsibility. Today, financial institutions are most commonly around the world
00:07:00
Speaker
responsible or liable to reimburse customers for their financial losses in the case of account takeover fraud when someone else stole their credentials or took over their device or did something to steal money from their account that did not involve them directly within the transaction.
00:07:18
Speaker
However, when it comes to authorized push payment fraud, where the victim themselves will transfer the money to the criminal, today there is no liability to reimbursements. And we talked to Ken Palla about this a lot in episode five, and how there is development of legislation around the world. And the most advanced is the UK.
00:07:38
Speaker
where in the past there was a voluntary code where financial institutions in 2019 started reimbursing some of the customers in some of the cases to really help them when they were scammed with authorized push payment fraud where they transfer the money.
00:07:55
Speaker
That has now about to turn into regulation that mandates reimbursement 100 percent of the time, and it's something that's going to be divided by the origin bank and the receiving bank. Payment systems regulator in the UK is driving that, and there was recently a new development where the House of Commons, which is part of parliament, is asking to expedite this and make sure it happens in 2023.
00:08:22
Speaker
So that's really interesting. In the U.S. there have been conversations in the Senate about Zelle fraud in particular and the Zelle owners are now taking responsibility and enforcing also 100% reimbursement for scams in Zelle under some circumstances. Now the question is this trying to avoid regulation or being proactive?
00:08:42
Speaker
The fact is this is a great development. A lot of conversations in Singapore, Australia, Greece has also recently announced that they're going to reimburse customers looking at the UK. And I think that often the UK sets the tone for many evolutions in the space and the financial space when it comes to legislation.
00:09:00
Speaker
Why is this so important? Because one, there's going to be financial relief for many of the scam victims, but also I believe that it will actually reduce the amount of scams happening because evidence of the past is shown that when financial institutions are mandated,
00:09:16
Speaker
to do something they will throw a lot of technology and resources at the problem and they're definitely financial reasons and ROI and customer retention causes here that we talked about a lot of motivation for financial institutions to take care of this problem even before regulation but definitely regulation will help. Now there's a whole conversation if financial institutions really need to take responsibility what about the customer responsibility here their personal responsibility to this that's definitely
00:09:45
Speaker
an interesting conversation. However, again, it's proven that when they are liable, they do take more responsibility and grow technology at the problem and process. So that's definitely a good thing in my mind. But then there's the whole manipulation that's happening on the social media platforms.
00:10:04
Speaker
Now, there are different considerations here between monitoring content and privacy. It's not very straightforward, but it's going to be interesting to monitor that and see how that unfolds.
Challenges in Reporting and Coordination
00:10:16
Speaker
So next, reporting. Now, reporting is not perfect. It's not global. But reporting really helps us understand the size of the problem.
00:10:26
Speaker
And one of the challenges is when people report to authorities, they oftentimes think that this means that the authorities and law enforcement will be able to help them and take their case. But unfortunately, that's not always going to happen because law enforcement is limited with resources and they need to pick those cases where
00:10:45
Speaker
the amounts are higher or they can be successful. But reporting actually helps better understand what is going on, what the risks are, and global reporting will help facilitate global collaboration to later seize the funds that are transferred internationally. We see in the United Kingdom there's a central reporting service
00:11:06
Speaker
through action fraud and in other countries there are many places to report for example in the US you could report to the FBI and to the FTC and your local police and other organizations so the more we can get to central reporting and Australia and New Zealand are on the way to get there the more we can get to central reporting
00:11:26
Speaker
the better and the more unified the stats will be, and we can better understand and quantify the problem. And why is it so important to understand the problem? First of all, to put the right controls in place and to be able to understand how to seize the money. But also, it's really important for people to understand the size of the problem because people feel shame, they feel alone. And the reality is it happens to almost 1 in 100 people according to the stats.
00:11:55
Speaker
So those numbers are staggering and the more people talk about it and report, they can help prevent the next scam from happening and that's something that we need to advocate for.
Support from Nonprofits and Alliances
00:12:07
Speaker
Next, I've learned over the last few months that there are a number of nonprofit organizations and alliances that are focused on fighting scams, and they take different approaches. One, for example, we heard from Ian Mitchell from the Noble about their activity and the way they're kind of recruiting financial institution fraud fighters to fight human crime in general. There are others like the Global Anti-Scam Alliance who are
00:12:34
Speaker
really trying to get different entities and stakeholders together to discuss globally, like law enforcement and regulatory and data and tool specialists to think together about how to solve this problem. Next, and I mentioned this before, there are a number of support groups for scam victims. There are support groups for romance scam victims and there are support groups for crypto investment scam victims and others. Having these support groups
00:13:02
Speaker
is something really critical and i hope that governments take more in helping scam victims because ultimately if the numbers that we're talking about are one in a hundred and it can be very small or very large scams but at the end of the day trust is broken people who used to trust and use digital rails to perform activities are now more hesitant and that is something that we will
00:13:29
Speaker
see the full impact of in years from now. We need to step up and help these victims and normalize the fact that it can happen to everyone.
Why Current Tech Falls Short and Future Solutions
00:13:39
Speaker
And finally, I want to talk about technology. So the big question is, why do existing solutions fail currently?
00:13:47
Speaker
in protecting people against scams. Let's take a look across the scam lifecycle. Step one, victim receives a message or a phone call or communication on a social media platform. Step two, they respond. Step three, the emotional manipulation happens. Step four, money transfer. Step five, victim realizes this is a scam, they complain to financial institution law enforcement, and then the recovery process begins.
00:14:17
Speaker
So if we start from the very, very beginning, what controls are in place? We already discussed the telco level monitoring for robocalls. There are also a lot of robocall blocking offerings out there, apps that perform robocall detection and SMS filtering based on volume of messages and numbers.
00:14:40
Speaker
And I would say that the operating systems for mobile platforms are not making it so easy to create controls and protect customers against these threats. I think this is really the most effective place to create controls and create technology that can actually stop the scam from happening altogether. So that's the first step, the actual receiving of the message.
00:15:03
Speaker
Then there's the second step of really understanding if a message is a threat and if it can harm the user if they continue to interact. When you look at different types of scams, there are different links to the communication. So for example, some scams are very, very short. These could be account lockout scams or phishing scams or scams that require quick reaction and money transfer.
00:15:33
Speaker
and those are typically smaller amounts as well. They don't require too much. It could be a one-and-done type thing. Identifying those typically generic messages would be very, very helpful for users. The second type of scam is those relationship scams. It could be a Roman scam that could
00:15:53
Speaker
last for months and months until trust is built and enough emotional capital is created to get someone to transfer money for a trip or to save their loved one from something bad that can happen to them and that would probably take a few months until the victim is willing to transfer money until the criminal will ask for money because they know that the more trust they build the more money they can cash out.
00:16:20
Speaker
When it comes to crypto scams, these are typically shorter and can span from a few weeks to a couple months or a few months. And again, for those relationship scams, it's really the back and forth and the whole conversation. And it's harder to detect because some of this could be really real romance text that is happening between two legitimate people.
00:16:41
Speaker
But at the end of the day, there's always that warning sign. There's always the sense of now, the time bomb that will blow off if you don't do it now, if you don't take action immediately. If you don't, there's a threat in all of this.
00:16:57
Speaker
So being able to detect these things before the emotional manipulation happens and alerting the victims is critical. Today, there are no efficient controls to do that. Moving on across the scam lifecycle.
00:17:13
Speaker
So the next step is the point of transaction. This is a really, really interesting place because today there is a ton of technology at the transaction phase when it comes to financial institutions, banks, e-commerce platforms, payment applications, but most of this is focused on account takeover fraud.
00:17:37
Speaker
on detecting a case where a cybercriminal is taking over a user's account and transferring money. So they can take over their account with stolen credentials, the result from username and passwords leaked into the dark web via data breaches or identity theft scams. And in this scenario, the cybercriminal will actually complete the transfer themselves. It could be device takeover with malware. There are many ways for cybercriminals to take over
00:18:06
Speaker
Someone's account and the controls are there and that's actually why cyber criminals had to go and attack the weakest link Which is the human now the challenge of catching scams in this phase is really we're looking for
00:18:22
Speaker
a tool, a technology that can detect intent. And that's something that's really hard to do. Now, there are a few technologies out there, especially those that use behavioral biometrics, that are able to identify signs that even if this is the legitimate user, even if everything looks okay and they can pass all forms of multi-factor authentication, which the legitimate users will do,
00:18:47
Speaker
There are still signs that show hesitation or something is off. Now, one of the challenges here is even if these cases could be detected in some specific use cases, I've heard from many financial institutions, insurance companies, and we talked to Chris Elgato, a private investigator about this in an earlier episode. And he talked about the fact that people are reluctant to accept that they're being scammed.
00:19:16
Speaker
And when you are on the phone with someone who's telling you they're the bank and you need to move all your money right now to a new account and this is an impersonation scam and suddenly you get a phone call from your bank. You have a distorted sense of reality and it's really confusing.
00:19:32
Speaker
to know which call is really the bank. It's really very, very confusing for the victim under this massive case of distress. So even if controls were effective to detect scams, the emotional manipulation makes it so hard to stop the actual transfer. And while people are invested in investment scams and most of their money is in this, what they believe is crypto investment scheme,
00:20:03
Speaker
They almost can't admit to themselves that this can't be real because the impact of that is so critical for them that they can't let go of that sense of, I hope this is real. It has to be real because otherwise it feels like life is over. Unfortunately, we know about many cases of suicide.
00:20:24
Speaker
And at this point I want to iterate that it's so, so important to understand that life is a lot more than money. The emotional manipulation is something that is caused by criminal rings who are very, very savvy at what they do, and this can happen to anyone. So people really should get help, and there is hope. And it's really important to know that there are support groups out there, and there are people who can help, and there are things that can be done to support victims.
00:20:51
Speaker
The controls that happen in the transaction phase are almost too late, although I do truly believe in a layered approach, and I think we need to put technical controls all across the scam lifecycle.
The Importance of Immediate Reporting
00:21:04
Speaker
So next step, the victim reports to law enforcement or financial institutions, and now the recovery process begins. So it's very, very hard to trace money if it's moved fast, and it's harder to do that when the
00:21:21
Speaker
the scam cases are not reported immediately. That's why it's so, so important for victims to immediately report scams because then there is hope and there are cases where money is recovered. Now, there are two types, I would say generally speaking.
00:21:36
Speaker
There's the traditional money transfer. Typically, what happens is that the criminals will manipulate the user into transferring money into a mule account. That mule account is actually a middle station that is served to mask the real criminal because the criminals can't just open a bank account and expect to not be caught by law enforcement. Those mules are middle people
00:22:01
Speaker
And they also facilitate the exchange between different currencies where typically the scammer will be out of country. So these mules are actually also people who are manipulated into transferring money. Some of them know what they're doing and they're willingly participating in the scam.
00:22:20
Speaker
And some of them are unknowingly participating in crime. But regardless, they're all meal accounts. And one big problem that we need to address is the meal account schemes and how youngsters are being tricked into becoming meals where they don't really understand what they're doing.
00:22:39
Speaker
What happens in that case is that if the money is already gone overseas, then there needs to be collaboration between law enforcement, Interpol, Europol, different government authorities to collaborate and take action. And that becomes really, really hard, which is why in many cases, law enforcement needs to focus and prioritize their resources for cases that could be recovered, which again, so important to do it very quickly.
00:23:08
Speaker
And then there's the newer type of money transfer method, which is crypto. Now what crypto does for the criminals is actually skips the need for mules and it helps them transfer money immediately to a currency that is global. And also from their perspective, kind of easier to move money around. Why is it easier? Because there is lack of knowledge today in law enforcement on how to
00:23:34
Speaker
investigate crypto cases. The good news is that actually that money is traceable on the blockchain and today there are people like Aaron West in Santa Clara County who is part of the REACT team which is a cross-functional team that focuses on investigating the blockchain and seizing money and they're providing a lot of education and a blueprint for other law enforcement groups to
00:23:59
Speaker
investigate and seize the money. So again, there's a lot of technology and there are many tools that help to analyze the money movement on the blockchain. But it has to be very fast because once cyber criminals move the money out of those exchanges where they can put their hands on the money and then it becomes too late.
00:24:17
Speaker
So that is the scam lifecycle and the technology perspective of the scam lifecycle. And I think there is going to be a boom in creation of technology because of the regulatory evolution and because of the size of this problem. So I always ask my guests at the end what they're hopeful about.
Engaging in Scam Prevention and Future Content
00:24:37
Speaker
I'm really hopeful about all the movement that's happening around protecting people from scams and there are so many people out there who are really passionate about this. Some of them were guests on the podcast and some will be guests on the podcast and some aren't just out there but there is a lot going on and thank you for listening in and just listening is also being part of the solution.
00:25:06
Speaker
I really hope you enjoyed this episode of Scam Rangers. If you're interested in hearing more about online scams and how we can protect against them, follow me on LinkedIn. I also have a LinkedIn page, Scam Rangers. Be sure to follow that as well.