[music]

David Furst: This is All Of It. I'm David Furst in for Alison Stewart for part of the show today. I'll be with you for the first hour, Alison will be here for the second. Coming up on the show, we'll speak with the director of a new documentary about Veselka, the beloved Ukrainian restaurant in the East Village. The restaurant's owners will join us as well. We'll finish our full bio conversation about the life of tennis great, Althea Gibson, and we'll speak with Joy Reid about her new book, Medgar and Myrlie: Medgar Evers and the Love Story That America. That's the plan, so let's get started with scams and how to avoid being the victim of one.

[music]

David Furst: Last week, an article in The Cut went viral. Here's the headline, "The day I put $50,000 in a shoebox and handed it to a stranger. I never thought I was the kind of person to fall for a scam." The author, Charlotte Cowles, The Cut's own financial advice columnist. If you haven't read the story, here is a very brief summary. Charlotte received a call from someone who claimed to be an Amazon employee. This person said that someone had been ordering laptops and iPads on Charlotte's account. Charlotte was then transferred to someone who claimed to be an investigator with a Federal Trade Commission who told Charlotte that her identity had been stolen and might have even been connected with a crime.

Things escalated and Charlotte was instructed not to tell anyone what was going on or face the threat of jail time. At the end of it all, she says she put $50,000 in a shoebox, handed it over to a stranger and never saw it again. If you're thinking, "Well, this would never happen to me," you might want to think again. Scams like this are more common than you might imagine, and they don't just target the elderly as some people assume and as our next guest will explain.

Amy Nofziger is the director of Victim Support for the AARP Fraud Watch Network. She says their hotline receives anywhere from 400 to 450 calls a day from people who suspect they might have been scammed. Rachel Tobac is the CEO and co-founder of SocialProof Security. She also uses hacking skills, friendly hacking skills, to show companies where their security weaknesses are. Between the two of them, Amy and Rachel have heard of almost every scam in the book, and they join us now to discuss what types of frauds are common, how to recognize the signs of a scammer, and how to protect yourself. Amy and Rachel, welcome.

Amy Nofziger: Hi. Thanks for having me.

Rachel Tobac: Thanks for having me too.

David Furst: Listeners, please join the conversation. Have you or someone you know been the victim of a scam? What happened? Did you understand in the moment that it was happening, that something wasn't right? This is a judgment-free zone. We want to hear your scam stories. Give us a call at 212-433-9692. That's 212-433-WNYC. Amy, you see so many scams a day. What are some of the most common at this moment? What seems to be really effective at convincing people right now?

Amy Nofziger: I will say the ones that we see are the ones that you're hearing about, those Amazon imposter scams, bank imposter scams, any of the imposter scams are very popular on the helpline. Also, romance scams. This is one that people think only happens around Valentine's Day, but it doesn't, it happens all year round. This is always in our top 10. This is where you meet someone online, start a friendship, a relationship, doesn't even have to have romantic intentions. The next thing you know, they have an emergency and need money.

One of the things that is really popular right now, and actually the FTC just released some data about this is the way that scammers want to be paid. It just bypassed prepaid gift cards, which was the most common and preferred method of criminals, but it's crypto ATM machines and cryptocurrency. That's one thing that's very new right now, is that the scammers are asking their victims to go to these crypto ATM machines and deposit their money. Once you do that, the money is virtually gone and untraceable.

David Furst: Wow. Rachel, I think some of us have this idea that getting scammed is something that usually happens to older, perhaps less tech savvy people. How true is that?

Rachel Tobac: We do see scams hit older folks, but it might surprise you that actually Gen Z is falling for more scams than older folks right now. Older folks and Gen Z are neck and neck every single day with falling for these scams. A lot of times people think, "I would never fall for a scam like that," when in reality, they probably would.

David Furst: If someone told me to do something involving cryptocurrency, I wouldn't know where to begin, so does that help?

Rachel Tobac: These scammers oftentimes will walk you through exactly what you need to do, staying on the line with you the entire time. Even if you don't know how to, say, go to a cryptocurrency ATM, they will walk you through that process step by step to ensure you know exactly what to do. That's what we saw in this Cut article as well. They didn't use one of those Bitcoin currency ATMs, but they stayed on the line with this individual in The Cut article taking her to the bank.

David Furst: Helping.

Rachel Tobac: Helping all the way through.

David Furst: Now, Amy, how do hackers and scammers tend to pick their victims?

Amy Nofziger: Let's just first and foremost put it out there that all of us have a target on our back. That's not to scare anyone. It’s really to empower people to know that you might be the next person that gets this Amazon imposter phone call, and so to be aware that it might be you. They can certainly just do a whole random dialing. They'll dial 10,000 people at one time and hope that the next person picks up. Or we're seeing a lot of these scams come in via text messages now, same way. They just have a bunch of numbers. I received one of these yesterday and it pretends like it's a wrong number scam, like, "Hey, Jenny, you want to go to dinner this weekend?" Me, as a nice person will write back and say, "I'm sorry, you have the wrong number," then the conversation ensues, and it ultimately turns into some sort of scam.

It is pretty random. We will say in some of the higher dollar amount scams that we're hearing about, they are targeting admin at a large tech company, and they're trying to do some, "I'm your boss and I need you to wire this money right away." Some of those, they are gathering a bit more information. But in this Cut article, they could have gotten Charlotte on the phone, and then right then and there, their team is working to find out other pieces of information about her to really give the impression that it was her that they were dialing in particular.

David Furst: There's a whole team involved.

Amy Nofziger: It’s a whole team, absolutely. We know that about these criminals is they do work in teams. And that's how quickly they were able to put the pieces of the puzzle together about Charlotte, what her birthday was, what her last four digits were, where she lived, et cetera.

David Furst: We'd like to have you join this conversation. We're getting some calls in already. Have you been a victim of a scam of some kind, or perhaps somebody you know? Let us know. 212-433-9692, that's 212-433-WNYC. Let's hear from Joe in New York City. Welcome to All Of It.

Joe: Hi, how are you?

David Furst: Great. Tell us about what happened to you.

Joe: It happened five years ago, and I still can't talk to anybody. I know it wasn't me. I got a phone call and they just lead you down a rabbit hole. They kept giving me more information and scaring me. In the back of my mind, I knew it was a scam, because I'm a smart person, but they to stop believing you, and then you get more scared, and then it just goes on and on and on. I lost a bunch of money. It still affected me five years later, but it can happen to anybody, and it's so scary how much information-- this was five years ago. I can only imagine how much more information people have now.

David Furst: Joe, you say it's affecting you five years later. Do you mean financially or emotionally?

Joe: Financially and emotionally. Financially, of course, I'll never get that money back. Emotionally, I read the article and cried because I saw the bad people with all the bad comments people were writing. Until you are in the shoes, you'll never learn to accept, and you blame yourself, and you're just like, "How'd this happen?"

David Furst: Rachel, do you want to speak to that?

Rachel Tobac: Absolutely. We really see these attackers trying to build a sense of shame, fear, urgency, to make you take these actions, telling you they're from Apple support, or your bank, or Amazon support, and oftentimes the caller ID matches what they're saying they're from. I'm curious if people out here are listening and thinking, "I didn't realize that they could display my bank's phone number on the caller ID," when in reality that's easy for us to do. It takes less than 30 seconds with an app available on the App Store, and it costs less than $1.

David Furst: Oh, boy.

Rachel Tobac: Just like this caller is saying, they build that sense of shame, and they blame you so that you stay quiet- -and they can continue these types of scams without you talking about them.

David Furst: What about what Joe was just saying there about feeling so upset reading the comments, people saying essentially, “How could you fall for that?”

Amy Nofziger: Yes, David, if I could jump in really quick. This is something with my 22 years of experience working with victims at AARP that we hear all the time. We in society put shame on these people. That's one thing that AARP is really trying to do, is take away that shame and stigma, and thank you Joe for sharing your story because it really is important to share. You need a safe place to share these stories. You were a victim of a crime. There really is no difference than if they stole $10,000 from you off of the street or stole $10,000 off of the phone. You need to share your story.

The difference is is how we in society then treat that victim. The victims of financial crimes, we say, “Oh, my gosh, you were a professor. I can't believe that happened to you.” Someone steals $10,000 on the street, you're baking them a casserole and set up a GoFundMe account. We need to just remember that if anyone comes to us, a friend, a family member, a neighbor, and shares their story with you, that we lead that conversation with kindness and empathy. I'm so sorry that happened to you.

David Furst: Join this conversation and share your story. Again, the number, 212-433-9692. Let's hear from Rebecca in Montclair, New Jersey. Good afternoon.

Rebecca: Hi. Yes, this topic is so interesting. Just recently, I got a phone call from individuals who were claiming to be from US Customs and Border Protection and they were inquiring about my travel. Long and short, they had said that they intercepted packages and parcels containing everything you could imagine. That they were intercepting parcels with meth and cocaine and heroin, and that it was crossing over from Mexico. They were asking about my travel to Texas, asking addresses in El Paso.

I had just happened to be in the car when I took this phone call and it just didn't seem right to me. I kept asking them to verify their information because they're pretending to be from the government and so how do I know if this is real or not? The long and short of it is I basically said to the individual on the phone we're going to drive to the police station and continue the phone call with a police officer in the room because if you are who you are, I want to comply, because obviously is it me I'm not doing this.

But I also, this doesn't feel right, because then they started to ask about international bank transfers, and it started to get a little hairy. The information that they were giving, they kept saying, "Go on the internet if you want to verify our badge numbers. Go log in to the internet." My advice would be if you have the ability, if you can take the phone call to a police officer if you're not sure of it, that was my advice. They ended up hanging up the phone call. I would like to think of myself as pretty savvy and it was intense. I didn't know what to do on the call.

David Furst: Rachel, what about that advice?

Rachel Tobac: Absolutely. Taking this to the police is not a bad idea at all, because these attackers are often pretending to be from a government agency. They might say, "Hey, you have been a part of a cybercrime that you didn't know you were a part of. You have been involved in money laundering or drug trafficking." That's what we saw with the Cut article. We also often hear people saying, “Your nephew or your grandchild has been a part of a crime.” They often pretend to be from a bail agency saying, "Hey, you got to stay on the phone because you have to pay bail."

David Furst: It’s so scary.

Rachel Tobac: It is. “So this nephew can be released.” Sometimes we even see voice cloning where the nephew's voice is voice-cloned and saying, "Hey, please help me grandpa, I'm so scared." These types of scams are only going to get more complex, more urgent, and more fearful as we're able to see AI leveraged within those attacks.

David Furst: That's what's happening right now, so what's going to be happening down the line?

Rachel Tobac: It's going to be even scarier, potentially the use of deepfakes with video in addition to audio, we're just going to have it become more and more convincing, which is why it's so important that we use another method of communication to confirm this is authentic. Talking to the police is an example, talking to your nephew, calling them back to thwart spoofing. There's a lot of examples of using multiple methods of communication to ensure that we make sure this person is who they say they are.

David Furst: We're speaking with Rachel Tobac and Amy Nofziger. Thank you so much for your call, Rebecca. If you'd like to join this conversation, 212-433-9692. Let's go to Jay and Yonkers. Good afternoon and welcome to All of It.

Jay: Good afternoon. One of my favorite pastimes is messing with these guys because I constantly get phones, "Hello, grandpa." Right away, I put on my old man voice, "Harold is that you? I haven't seen you a long time." Then they give me the whole story and it's always the same script, that they were at a party, they had one drink, they got into a car and a woman hit them with her car and she was pregnant. Now I'm in jail and I have a $8,000 or $5,000 bond to be posted and they give me the name of their lawyer. It's always Mr. Green.

Having nothing better to do, I call Mr. Green and he gives me this whole schmear story and then I tell him, my usual thing is, "Does your mother know you do these bad things?" he hangs up. I have his phone number and I keep on calling him, and he finally has to shut off that number. This happens quite often, and the same thing has happened, I get a phone call from the bogus IRS. Once again, I was at my office and we have Optimum, so it's unlimited phone service, so I just kept on calling the agent back until they shut down their number. They're out there and nobody, of course, a government agency is going to call you.

David Furst: What about that?

Jay: Of course, one hour after my grandpa phone call, I get another phone call from, "Hello grandma." I put on my high falsetto voice and mess with them for a while.

David Furst: What about that though, Amy, messing with people, prolonging these conversations? Is it better to move on?

Amy Nofziger: Yes. I get that you're having a lot of fun with that Jay, but I do recommend that you don't. The reason is because oftentimes that will show that you're staying on the phone. We do know that these criminals do share phone numbers of people who pick up their phone and stay on. Even though you might be messing with them for 20 minutes, that might indicate why you're continuously getting more phone calls. My best recommendation is don't pick up the phone unless you absolutely know who's calling. There's even some technology in some of the smartphones today where you can silence unknown callers, meaning anyone that's not in your contacts list will go directly to voicemail.

Just know that your phone number and your personal information is big business with these scammers and it's shared among them. The longer you're on the phone, another scammer might think, “Ooh, that's a good target to go after.”

David Furst: Wow. Amy Nofziger, director of Victim Support for AARP Fraud Watch Network and Rachel Tobac, co-founder and CEO of SocialProof Security. We’ll continue this conversation on All Of It here on WNYC coming up in just a moment.

[music]

David Furst: We're talking about phone scams and online scams here on All Of It on WNYC. I'm David Furst in for Alison Stewart. Have you been the victim of a scam of some kind? Let us know with a phone call, 212-433-9692, that's 212-433-WNYC. I want to read a text that we just received. “Since looking for jobs on various sites, I have been contacted by scam job recruiters via text. I have almost fully set up a profile before they start asking for personal or financial information before I got suspicious.” What about that text scam, Rachel?

Rachel Tobac: Very common right now. We are seeing attackers pretending to be even the real organizations on these job sites where folks are going to apply to fake jobs or receiving outreach from fake jobs. Because of the layoffs happening right now, a lot more people are falling for these scams. The attackers often will say, "Hey, you're going to be working from home. Please send us $500 so we can send you a laptop, so we can send you your microphone or your speakers that you'll be using while you work from home." These people think, “Well, I guess that does sound reasonable. I'll go ahead and do that.” But oftentimes this is a scam. These types of organizations will not ask you to send money. That's not going to happen. They will provide those tools for you.

David Furst: I want to get another phone call in just a moment, but Amy, I want to read this other text to you, very upsetting. “My 25-year-old high-functioning autistic son is desperate for a girlfriend. He responded to someone on Instagram. Next thing we knew, she had drained his bank account of everything. I say she because it was obviously a group of people doing this. Thank goodness we bank together so I was able to fix it. It was very painful for him as well.” Tell- -us about that.

Amy Nofziger: Yes, unfortunately, we hear these stories every single day on the helpline. Whether you're younger or older, we all want companionship and we all want someone to share our life with. Just know that wherever you are online, so is a criminal and just be aware. I'm proud of the mother for taking a stand and getting involved, but it's unfortunate that there's a lot of people out there that don't have someone that they can turn to and trust. Whether it's your minister or a police officer, someone that you trust, if you're involved in a scam right now, reach out for help. You can certainly call us on the helpline, but you're going to need support in this fraud recovery journey.

David Furst: Let's get to another phone call right now. If you'd like to-- We have a lot of calls coming in right now, 212-433-9692. William from Brooklyn, welcome to All Of It.

William: Hi. About five years ago, I wanted to contact PayPal and I googled their number, called the number. The person who answered the call said, "Are you aware that somebody has been-- used your account recently in an airport?" I said, no. They're like, "Okay, we're going to send you a code." I read them the code, and then they told me that-- I can't remember how they did it, but they convinced me that I had to go get a Google Play card. I'm 37,and I feel that I'm pretty savvy, but I’d never heard of a Google Play card. My emotions, I was getting quite angry by the whole thing, and I thought it was absurd that I had to go out of my way to go get a Google Play card. I hung up the phone and then they kept calling back, and I was seeing that they were doing a little activity on my PayPal account.

I went to a CVS and I got the Google Play cards. I was at the cash register and I said to the woman checking me out, "Listen to this crazy story, I have to buy these Google Play cards," and she was like, “That’s a scam.” I hung up and didn't buy the cards, thankfully, but it was so jarring to me because I sought out them and I thought that Google, the number that would appear right on the top would be the correct number. I reported it to Google and I never heard back from them. Now whenever I'm trying to contact the company, I'm super cautious about finding it on eBay's website or Instagram's website as opposed to just trusting any number.

David Furst: Rachel Tobac, good advice there?

Rachel Tobac: Yes. Unfortunately, any phone number can be spoofed and display on your caller ID. That's possible for almost every phone number in the US. In addition, I really want to highlight what happened in that specific scam. When they asked you to read that code out, they were stealing your multi-factor authentication code or your two-factor code from that site you were using. They likely had your password. That means they logged into the site, they were able to generate a multi-factor authentication code, send it to you and siphon it out from you on the phone. Do not give your codes out to people over the phone and recognize that spoofing can happen to anyone, and any phone number can be displayed on caller ID.

David Furst: Amy, what are some of the real concrete steps we can do to protect ourselves? I mean, I’m just ready to hide under the blanket, never answer the phone, never look at email, I shouldn't be talking to you right now. What can we do?

Amy Nofziger: Right, I might be a scammer. First and foremost, have awareness and don't be scared, be empowered because when you're in a state of fear, you're less likely to act and use your cognitive thinking. In the story that we just heard from William, he thought he was doing his due diligence and going on and googling the phone number, but the criminals can place fake phone numbers. Use his example for a good step. If you're ever looking for a customer service phone number, go directly to the website of the company you want to call and go to their contact us page. Do not just take the first number that comes up on a Google or Bing return.

Additionally, other steps to take. If you're on social media, lock your page down tightly. Most social media pages will show you how, whether it's LinkedIn, Facebook, Instagram, they'll take you through the steps. You do not want to have these open pages where people can get information about you.

Then finally, a great step that everyone can do today, I mentioned it earlier, is if you have a smartphone, pull it out right now. Make sure your contacts are up to date. Go into your phone settings and hit the toggle that says silence unknown callers. That will have anybody that's not in your contacts list go directly to your voicemail. You'll still get the phone call, but it will not ring and catch you off guard. That's what we hear about, and that's what happened in that Cut article. She's at her desk, it's Halloween, it's busy, her mind is somewhere else. The phone rings, she's caught off guard, her defenses are not up, and that's how they were able to criminalize her.

David Furst: Rachel, what kind of information should we be careful about posting online? We all sometimes overshare a little bit online. What should be really be careful about, things that might leave us more vulnerable to being scammed?

Rachel Tobac: Yes. A lot of times, people will post on social media that they use specific tools. The attacker can pretend to be from that specific tool and give you a call to trick you. I also want to highlight that it's really important that you use long, random and unique passwords on every single site and app. When we reuse our passwords, attackers can find that in a data breach online, log into our account and siphon out additional codes or information from us. It's important to make sure we don't reuse our passwords and turn on multifactor authentication for every site and tool we use and recognize that spoofing is easy. Caller ID can show anything on our phone. It's really important that we don't just trust our caller ID and we make sure that we use another method of communication to confirm that's authentic.

Also, if you google a site, sometimes those ads at the top of Google can be malicious. A lot of times these malicious actors will take out an ad telling you that the phone number that they want you to call is right there at the top, when in reality that's not actually the bank or Amazon support or Google support. It's important that you use trusted phone numbers and like Amy mentioned, go directly to a known trusted site, their contact us page, and ensure that you do not get tricked by spoofing by calling them back. If you call them back, you're going to go to the real person or the real organization, not the attacker.

David Furst: Then you're initiating the phone call to what you know is the trusted place. Let's hear another phone call. This is Will in Brooklyn. Thanks for joining us this afternoon.

Will: Hi, good to talk to you. I was in the middle of a long job search and I was on the phone with your screener. When I finished telling them about my situation, I was hearing the end of the description of the same thing that happened to me. I actually had a Google Meet interview with someone who kept pressing me for bank details to get the money over for the home office equipment. I wound up saying I had to take a break. I called the company that they were purported to be calling from, and they said they'd never heard of the person. They didn't have that job open and it was new to them.

I avoided paying for this bogus office equipment, but I had a couple of other instances where the same scam was brought up and the companies already knew about it. They knew that their LinkedIn pages had been spoofed and they were ready for it, but they couldn't really do anything preemptively. It seems like an easy way to keep reaching out to vulnerable people.

David Furst: Amy?

Amy Nofziger: You hit the nail on the head when you said vulnerable. Even though we all have targets on our back, we have to remember that in our life stages that we do might have more vulnerability. When you are unemployed or looking for a new job, you are a target for job scams. If you are a grandparent, you are a target for a grandparent scam. If you are recently widowed, you are a target for a lot of these scams. Just know that when you're out there looking for employment, the scammers are looking for you.

I think, again, bottom line, regardless what scam it is, one of the classified a hundred that are out there right now, listen for the key things. You said it again, Will, they asked for your bank account information. No legitimate employer that is interviewing you is going to ask you that until you have a signed offer in front of you and you need your check direct deposited. No government agency is going to ask for payment and prepaid gift cards, cryptocurrency, or a peer-to-peer app. No law enforcement agency is going to call you and basically give you a heads up that they're coming to arrest you unless you pay. Again, don't get caught up in all of the scams that are out there. Listen for those key red flags.

David Furst: Just to wrap up, Rachel, if it's too late, if you believe you are the victim of a scam, who should you report it to? What else should you do?

Rachel Tobac: If you believe that you are a victim of a scam, it's important that you talk to your bank or your credit card and let them know what happened. Sometimes they can shut it down. Oftentimes the money is lost, but it's important to at least try.

David Furst: It's important to at least try. Okay. Rachel Tobac, the CEO and co-founder of SocialProof Security and Amy Nofziger, the director of Victim Support for the AARP Fraud Watch Network. Thank you both for joining us on All Of It today, and thank you for all of your calls and your texts and sharing your personal stories with us.

Copyright © 2024 New York Public Radio. All rights reserved. Visit our website terms of use at www.wnyc.org for further information.

New York Public Radio transcripts are created on a rush deadline, often by contractors. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of New York Public Radio’s programming is the audio record.