Today’s digital world is full of thieves and scammers looking to access your information and use scare tactics to steal your hard-earned money from you and your family. Victims of these fraud scams are often retirees and the elderly, who are so scared that they send thousands and thousands of dollars before realizing what is happening.
To help you protect yourself and loved ones from the seemingly infinite number of cyber criminals out there, we’re chatting with former FBI agent Dave Chaves. Dave investigated some of the biggest scammers in the world, and he remains an expert in his field.
Today, we talk about red flags to watch out for to determine if you’re about to get scammed, what to do if you fall victim to a scam, and how AI is making the scams of tomorrow so much more believable.
In this podcast interview, you’ll learn:
- The common traits of almost all online scammers, including romance and investment scams–and why the IRS will never call you asking for money.
- How the prevalence of Bitcoin and cryptocurrency has made scams so much worse and harder to recover from.
- What you should and shouldn’t do if a scammer reaches out to you.
- Why email phishing scams have gotten so much more effective and why you now need to be very careful with confirmations from UPS, Amazon, and other businesses.
- Steps you can take to improve the security of your most sensitive accounts right now.
Inspiring Quotes
- “Scammers will steal your joy if you let them.” – Dave Chaves
- “When you hear of a breach, you’ve got to get in there and change your passwords because this stuff is festering, sitting on the dark web for people to purchase.” – Dave Chaves
Interview Resources
- Dave Chaves
- SHP’s Guide: Beware the Bait: Avoiding the Hooks of Scammers
- FBI
- Federal Trade Commission
- Internet Crime Complaint Center
- Quorum
- UPS
- Amazon
- Chase
- Bank of America
- Publishers Clearing House
- IRS
- Live Nation
- United States Office of Personnel Management
Keith Ellis, Jr.: Welcome everybody to the Retirement Road Map show, brought to you by SHP Financial. Today, we’re joined by FBI agent or former FBI agent, I should say, David Chaves. And the reason why we want to do this podcast and bring this information to you today is, a lot of folks out there fall for all these different types of email scams or Bitcoin scams, or there’s so many predatory people out there trying to get at your information, your financial situation, whatever it is. And we wanted to bring an expert in the field to you folks out there as a way to, one, educate yourself, maybe see what can be done to prevent, what to look out for. So, with all that being said, I just wanted to take a minute and say thanks, Dave, for coming in.
Dave Chaves: Keith, thank you for having me back. It’s a pleasure to be back here.
Keith Ellis, Jr.: Yeah, it’s always fun to do this with you. You know what I mean? It’s natural, right?
Dave Chaves: It is. It feels so good. By the time we’re finished, it’s like, where did that time go?
Keith Ellis, Jr.: Exactly. It does go quick. And we have a ton of information to cover. So, with that all, let’s jump in.
Dave Chaves: It is a lot of information. And when I spoke with Jamie about putting together a program for scammers, I’m like, “I did investigations on the biggest scammers in the history of the world. This shouldn’t be a problem.” And I started to look at this, and I’m like, “Wait a second, what’s all this new stuff?” I’ve been retired from the FBI now for seven years. I started to look at this and I was amazed. We’re going from phishing to vishing to whaling to pig butchering, all of these terms that I’m like, “I better get up to speed on this.” So, as an attorney…
Keith Ellis, Jr.: Oh, I need to be up to speed on this now because I know what you just said is foreign language to me. No, go ahead, sorry.
Dave Chaves: Yeah. And just like the advent of AI, too, and how that plays into everything, but the most important thing is not understanding all the schemes, I think, looking for traits and the most important things because scammers have certain traits, one or maybe all of these. So, it’s unsolicited contact, unrealistic promises, which is the hook, right? That’s how they get you because they’re promising returns. Yes, and that’s really a big part of this. And there’s always urgency, you have to make a decision out. That is the big thing because people feel panicked and they feel they’ve got to make a decision.
Keith Ellis, Jr.: They’re going to miss the boat.
Dave Chaves: Right, right.
Keith Ellis, Jr.: They’re going to miss their opportunity. They’re going to miss their chance.
Dave Chaves: That’s exactly right. And that leads to providing personal information, banking information, and finally, how you’re going to get the payment to the bad guy. And there’s so many different ways of doing that, whether it’s gift cards or Apple cards, like Google Play or Wire, Western Union, cash. They even have people come to your house as a courier. Could even be an Uber driver unsuspectingly being sent to a house to pick up a package so that they cover their tracks.
And more importantly, they’ve moved with the times, because now, so it’s not traceable, they’re having you send money via Bitcoin and people are going to be like, “Well, I don’t have a Bitcoin account.” Well, you can Google ATM Bitcoins in this area and you’re going to see seven of them pop up within a couple of miles from here. And you’re going to see how easy it is to effectuate that transaction. You’re going there with cash. You’re putting it into the Bitcoin machine, ATM. The bad guys are giving you a QR code that’s on your phone that will link to their cyber wallet. You hit send, the money goes into their wallet, never to be traced, never to be regained. You’ve lost it at that point. And this is how things are being run. Now, there is a legitimate Bitcoin cryptocurrency world out there, but with the advent of this technology and the way scammers have kind of graduated to the next class, this is the stuff we have to be so careful about.
Keith Ellis, Jr.: It’s interesting because, obviously, doing what we do and building plans for retirees down here all around Massachusetts, the amount of security that we have to have is, sometimes you look at all the different pieces that we have in place. You feel kind of almost like Fort Knox in a way. You know what I mean? Because you have to take the proper precaution, a client calls in for withdrawal, we have to call, verify all the information. So, I feel like we do a good job of going over and above, but even then, then it’s on the individual person, the person on the other end to make sure that they’re taking responsibility on this side, which is really what we wanted, why you’re here to talk more about that. And I guess, from my perspective, what is the most common way that people are contacted? I guess, is there a more common way than not?
Dave Chaves: There are a couple common ways. Romance scams is a big one. So, you’re out there, you’re looking for love, you find this person that’s just right for you. Unfortunately, they’re in Nigeria, they’re in South Africa, they’re in a lot of different places. And they always have a story because you’re always going to be set up with a story. It’s going to be, oh, I work on an oil rig or on a boat so that they can account for lost time from time to time. Or it’s always a sick relative that is someone that they’re introducing into the equation because that predication is going to lead to further conversation when they’re getting ready to visit you on a trip.
Keith Ellis, Jr.: And then they can’t.
Dave Chaves: They can’t, because they got to take care of their ailing grandmother. If they were to get a house aide, a home aide, it’s going to be $5,000 for the month that they’re gone while they’re visiting you and making plans for the wedding. So, what happens? They send over the $5,000. And then radio silence.
So, romance scams are big for that, but the trading aspect of it. So often in the romance scams, it’s not about getting that quick $5,000. It’s about introducing them to sham Bitcoin cryptocurrency websites. And in that, they’re making larger investments and they’re also getting fake statements or a website showing that they have doubled, tripled their investment. And so, what does that cause them to do? To put more money in. They want to take back some of their profits. These companies will actually let you take some of your profits because that encourages more investing, that encourages you going to family and friends, saying, “Wow, I’ve got a deal here.” Next thing you know, this has snowballed. And what was started out as a $3,000 investment could turn out to be your life savings gone.
And when you take that and you realize that your money is gone, let’s call it $100,000, and you tell them that you want a withdrawal and they come to you to say, “Well, you can take a withdrawal, but it’s going to cost you more money.” It’s going to require some type of tax payment, certification payment, a transfer payment, you can call it whatever you want, but that money is going in into the black hole, into their pockets, not to be seen. And this is the common scheme for Bitcoin and other cryptos.
Keith Ellis, Jr.: Yeah. It’s common that you hear that. You know what I mean? I actually have a friend of mine who sadly fell for this. It didn’t get taken for too much money, because I think it’s the initial shock and I don’t want to say embarrassment, but a lot of people don’t want to admit when they’ve been duped. You know what I mean? So, they kind of keep trying to prove themselves right, and then all of a sudden, rubber meets the road. And they’re like, “Okay, I am in trouble. So, I need to reach out for help.” So, say something does happen, I mean, to jump ahead here because I want to talk about this more at the end, but let’s say something does happen, what are the steps you should take immediately to correct this?
Dave Chaves: So, depending on the method of payment that you’re using, if you sent a wire, that’s almost a good thing because the FBI, other agencies, Federal Trade Commission, your own bank, we have three days to work with to pull that wire back before it’s satisfied. So, if you recognize you’ve been a victim in a scheme, you need to contact your local police. You need to contact the local FBI office, file a complaint with the Federal Trade Commission, go on to the FBI’s cyber complaint system, which is called ic3.gov. And that is a database that pulls in all of this information, collects it, and actually collates it and connects it to other schemes, perhaps, with the same individuals involved.
So, you got to start somewhere. The hope is you’re still able to retrieve that money. And you can, in some instances, but if you’re paying by Bitcoin, it’s gone. And the worst part about it is you may go on to Facebook or Quora or Reddit and say, “Oh, I lost all this money.” And next thing you know, someone’s reaching out to you to say, “I’m familiar with that scheme. I can get you your money back.” So, they’re sitting there waiting in these forums seeing that you’re a victim.
Keith Ellis, Jr.: And then going to victimize you again.
Dave Chaves: Victimize you one more time. And the thing is, as you mentioned, people are embarrassed, right? They don’t want to admit it. They don’t want to report it. And then they get taken again. Sad. Very sad.
Keith Ellis, Jr.: It is. So often, people also fall for email scams.
Dave Chaves: Yeah.
Keith Ellis, Jr.: I don’t know if you’ve ever had any experience with that or could speak to that. That’s very common because nowadays, the emails, I get one almost every morning. It looks like it’s coming from UPS, but it’s not UPS. So, I have to kind of look at it for a second, realize, okay, this isn’t, and then I just delete it. Finally, they stopped sending it to me because they knew I wasn’t going to click on the link or fall for it. But it happens to everyone. I’ve seen some that look like Amazon. You know what I mean? So, I figured, maybe you’ve had some experience there.
Dave Chaves: So, that’s called phishing emails. And they have varieties of different phishing that goes on, but this one here is of the email variety. And they are doing exactly what you said. They’re hoping for you to click on it or to respond to it. They’re copying typically a website like Amazon, but if you hover over the sender address, you’re going to see it wasn’t from Amazon.
Keith Ellis, Jr.: Yeah, it’s from some crazy, yeah, it’s interesting.
Dave Chaves: It really is. So, they’re going to give it all the appearance that it should, but you being vigilant now are going to look a little step further to see exactly what they were trying to do. And don’t forget, these people will give you a link to a website that looks like Amazon and looks like Chase or Bank of America. You’re putting in your login credentials, you’re filling in personal information, and you are on a sham site. And with AI and other technology, it just takes a few clicks to copy those websites, create a new domain name, and have people visit them.
Keith Ellis, Jr.: Yeah, and they’re trying to gather just all your personal information, I’m assuming, like bank information, passcodes, things like that.
Dave Chaves: Right. Yeah. And they’re very successful. Now, you didn’t click on it, but maybe 1 in 50 people, 1 in 100, that’s a good day in the office for these scammers.
Keith Ellis, Jr.: Yeah, and then they just got you to get in and now that they hold that ransom, like, how does that work?
Dave Chaves: Yeah. So, typically, they’re going to bleed you. So, before you notice that there’s a problem, they are already into your financial account, say, they’re in a bank account and they are collecting information. They’re sending wires to an account overseas. So, they’re sending out information right from your own checking account.
And banks do have fraud protection that should have an algorithm that picks up a lot of this stuff, but not always. You’ll notice, a lot of times, it’s a very small transaction, $0.29. They’re testing the waters to see if it works, and then they’ll put in the big one. So, these people, if nothing else, are very enterprising in their thinking. They work together to develop these schemes.
Keith Ellis, Jr.: Yeah. And I’ve heard of many other types of schemes. I know you have a list here. I don’t know if you want to run through one type of lottery.
Dave Chaves: Yeah, we can pick out a few.
Keith Ellis, Jr.: I mean, that’s amazing. How many people think they win the lottery, and then all of a sudden…
Dave Chaves: Right. Well, the lottery is a big one, right? And this is one of the oldest ones. And people, like, wow, how do people still fall for that? They do because here, we’ve won something. We’re excited and we’re thinking, “Oh, we only have to pay a certain dollar amount.” And they pay it, and then they have to pay something else. Or now, they’ve got routing and account numbers that they can tap into.
So, lottery sweepstakes scams, it’s all about verification. If I won something, Publishers Clearing House or whatever it may be, I’m getting off of that phone call. I’m making sure that the number that was provided to me goes back to Publishers Clearing House. I’m speaking to reps there, going to their website and verifying. So, in this business, it’s no trusting and verification. So, instead of trust/verify, we’re going to reverse that, which is so important.
I got to tell you a story about this veteran that I did a closing for, and he had to take out an additional $175,000 to cover living costs. And it’s an unfortunate situation. His wife, who had dementia, answered the phone one day, and it was a tech support scam, “Your Microsoft Windows account is expired. You need to continue this service. Do you have a checking account that we can make the $250 payment for?” And she’s, “Oh, yes, honey, I have that for you.” And she provided the account number, the name, and the routing number. So, they depleted about $6,000 in that account.
But they don’t stop there. When all the money was gone in that account, they call back to say, “Oh, it was insufficient funds. Do you have another account?” And in this case, to the tune of about $150,000 went out the door because of this circumstance. The FBI gets involved. They end up arresting some people in Providence. But by that time, the money is long gone and not recoverable. So, these are the hazards of these types of scams. They change people’s lives. They devastate people.
Keith Ellis, Jr.: And for folks out there that are concerned or just maybe even want to learn more about this, we have a guide on our website, SHPFinancial.com, that speaks pretty in-depth about all these different types. Again, we’re talking extremely high level right now. And the list that Dave has next to me is almost three pages long. So, we’re not going to be able to go through all of these, where in our guide, we dive a lot deeper and into a lot more of these types of scams. So, please feel free to visit the website, SHPFinancial.com. Just protect yourself. You know what I mean? It doesn’t hurt the information and be prepared. So, in that vein, what can people do to protect themselves?
Dave Chaves: So, they have to, and I’m going to call, we’re going to change the acronym for SHP today because…
Keith Ellis, Jr.: Okay, I like this.
Dave Chaves: Yeah. S is going to be stop. Whatever is going on, it sounds too good to be true or you’ve been put in a position of fear, right? Your family members in danger, you’ve got to take action. You are going to stop and you’re going to evaluate what’s going on. And for H, we are simply going to hesitate before we provide any information to anyone, personal information, name, last four digits of our Social Security number, whatever it is, we’re going to stop, hesitate, and we’re going to protect. We are not allowing any personal information to flow to these individuals until we can demonstrate and verify that these are legitimate sources. And I can tell you that anyone that asks for a cryptocurrency for anything, likely, it’s a scam. So, we avoid all of those triggers. So, stop, hesitate, protect, SHP.
Keith Ellis, Jr.: I like that. And I know some other steps that folks can take. It’s third-party verification, like the text that you get or the email that you get that has the code. Is that a great way to secure? Should you go beyond that as well?
Dave Chaves: The two-factor authentication is just another layer of protection. But very sophisticated scammers, through gaining information through you, can have your number ported to their phone through your phone company. So, now, you’re getting the verification authentication for the bank for any other transaction. These are things that are going on today.
Keith Ellis, Jr.: Wow. Being in the FBI, dealing with this type of stuff, any particular stories that really resonated with you? Or any particular stories that you want to speak to? Obviously, these names, but I mean, you think of folks out there that are driving along today or listening to this and this could be them. So, to kind of humanize it, I think it makes a lot of sense.
Dave Chaves: It does. And the folks that I dealt with on the scamming level, they were more in this variety, but we dealt with large Ponzi schemes, market manipulations, boiler rooms, these millions or tens– even billions of dollars, right? So, we saw it on a scale that is much larger than this, but this affects the average Joe on Main Street. This is why it’s so important. With accounting frauds, with Ponzi schemes, we’re seeing people get their statements each month with inflated numbers, right? And they’re thinking everything is just great.
Keith Ellis, Jr.: Sure. Absolutely. This is why we want to do this podcast, to make people aware of this type of stuff.
Dave Chaves: Everything is just great until it’s redemption time. And you’re looking to pull some money out. And then you’re being pushed along this delay after delay after delay, and you’re not thinking anything of it at first, but at some point, it comes crashing down because at some point, they’re not going to be able to pay you back, and you’re going to start to look at this relationship and think, “Oh, my gosh, I don’t know why I did that. I don’t know why I trusted that person. I don’t know why I continue to give them money.” You’re just going to feel awful about yourself. And doing that due diligence up front, if someone comes to you, one of your clients, like, “Oh, I’d like to get involved with crypto,” there are very valid exchanges doing this type of work.
Keith Ellis, Jr.: Yeah, go to them.
Dave Chaves: Go to them. Because if you go to, even if you trust– if you go to Google and you put in Bitcoin platform, you’re going to see at the top all these paid advertisements, mostly criminal. Mostly criminal. Because they’re listed there doesn’t legitimize them in any way. It’s creating– so you’re going to the top of that list saying, “Oh, this is the top selection.” And needless to say…
Keith Ellis, Jr.: It’s the one that’s going to clean you.
Dave Chaves: Yeah.
Keith Ellis, Jr.: And like you said, the reason why Bitcoin has been– and think again, we’re not here to put down Bitcoin or…
Dave Chaves: No. I like Bitcoin, by the way. I do. Just use properly.
Keith Ellis, Jr.: There we go. So, I mean, or make it a negative investment, per se. But again, go to the actual real exchanges that exist. And from a criminality standpoint, as you said, it’s an easy way to take people’s money without a trace.
Dave Chaves: Yeah, it is untraceable.
Keith Ellis, Jr.: What about other crypto? Is it just Bitcoin?
Dave Chaves: No. Bitcoin is the big one because Bitcoin is so pervasive in the crypto space.
Keith Ellis, Jr.: It’s the one that everyone knows.
Dave Chaves: Yeah, it’s the one everyone knows. There are certainly others which are very valid, but the ability to manipulate aren’t easily achieved. So, that’s a big one. One other thing I wanted to bring up, because I think it happens to everyone. Have you ever gotten a phone call, one ring, and then nothing? It just shows up one ring. And you’re like, “What is that number?” And you might even call it back.
Keith Ellis, Jr.: I have called it back, so I know.
Dave Chaves: Well, sometimes, they’re like just a call of– but dial or whatever it may be. Other times, it’s like collecting to a 900 number. You’re getting a $20 connection fee because that call is being routed to a scammer. And you’re getting billed $20 for the connection fee, and you’re probably going to be put into a voicemail bot where they want to keep you on the line at $9, and that before you hang up. You might not even look at your phone bill next month. That charge will be on there.
Keith Ellis, Jr.: Wow.
Dave Chaves: So, crazies, yeah.
Keith Ellis, Jr.: And the phone company doesn’t do anything about that?
Dave Chaves: Some phone companies may work with you to reverse the charge if it’s fraudulent, but the bad guys are just hoping you don’t pay attention.
Keith Ellis, Jr.: There’s not many people, in my opinion, that sit through it and look over there. They look at the balance of the phone bill, but they might not look at that.
Dave Chaves: I know. I don’t always, dude, right?
Keith Ellis, Jr.: They didn’t know the actual details in there. Every once in a while, I probably do it quarterly, but not every month. I just don’t have the time with the kids and everything else that’s going on.
Dave Chaves: These are normal things that we would see in our lives, like, oh, one ring, okay. But these are scammers for the most part and to top it…
Keith Ellis, Jr.: I’ve never heard of that one.
Dave Chaves: Yeah. I got one more for you maybe you haven’t heard about. The no-response call. You get a phone call usually later at night, 8 or 9 o’clock at night at your home phone or your cell phone, and you pick it up. Hello? No one responds. Hello? No one responds. So, what’s happening there? The scammers have a bot that is reaching out to you, first to determine whether or not there’s a live person on the other end of this phone number because they’re going to take that information, they’re going to bundle it up and give it and sell it to other scammers for scamming purposes. Because we have a live person, this is a good number, it’s an active number. So, they’re going to package that up and sell it forward. Also, with the advent of AI…
Keith Ellis, Jr.: There’s a secondary market of scamming?
Dave Chaves: Yes.
Keith Ellis, Jr.: Geez. Go ahead, sorry.
Dave Chaves: And that’s a whole other discussion when we talk about the dark web and the deep web, but yes, there’s a secondary market for resale here. And also, the AI technology, just by those simple words, hello, hello, is capturing the character of your voice.
Keith Ellis, Jr.: I was going to ask about this. Go ahead. Continue.
Dave Chaves: And synthesized in a way that can be useful to scammers down the road, whether they’re setting you up or anyone up, family member in distress and trouble, using that to create a script to play back to one of your family members in order to get money for a lawyer, money for bail, whatever the case may be.
Keith Ellis, Jr.: Wow. So, AI is really becoming prevalent in this, I would think. How much of a foothold do you think or where do you think that technology is now in regards to the usage and implementation in scamming?
Dave Chaves: It is pervasive. When I think about the technology that’s there today, and interestingly enough, I’m doing a segment on this tonight, you’re going to hear how convincing the AI technology is to duplicate voices. You just won’t believe it. And they’re going to be responsive at some point. So, it’s not just going to be your voice with the statement. It’s going to be responsive to whatever the question may be on the other side. And the thing I have to tell you, how do we fight against this, is that you got to have a safe word with your family members so that you know it’s genuinely them. It could be SHP. It could be the eagle has landed, right? Whatever it is, you’re going to be in a high, intense situation thinking that your son or daughter is in trouble, that they’re in Mexico. They were riding a moped. They ran into a pregnant woman. Now, we have the police involved in a bail. How will you know it’s really them or not because the AI is so good? And the thing is you’re asking them, what’s the safe word? What’s the safe word? Whatever trigger you wanted to use to make sure that was them.
Keith Ellis, Jr.: Wow. That’s really good advice. That’s really good advice. I have one more question.
Dave Chaves: Sure.
Keith Ellis, Jr.: And maybe I’m not going to ask this correctly, is there a seasonality to different types of scams? Like, I hear around, from the beginning of the year to April, there’s a lot of scams going around taxes. You know what I mean? Is there things for people to look out for throughout the year?
Dave Chaves: I think that spot on and taxes are a big thing that time of year. And trust me, the IRS never calls you for money. It’s not happening. You’re going to get that letter with that terrible font on it saying you owe money. You don’t want that letter, but that’s what you’re going to say. No one’s calling you from the IRS, but they do follow any major news event. And look at, we had Live Nation this past week breached with their data. You might see some scams evolving out of that. So, the thing you want to keep in mind, say we have the Live Nation breach now, and we had a bank breached last month. And we get those letters right from the company saying the data was breached and you have access to have credit monitoring, take advantage of that.
But understand that every breach, like the Office of Personnel Management in the government, I’ve had my information put out there so many times, and it includes Social Security numbers, personal identifiers, and passwords to accounts. So, when you hear of that breach, you got to get in there and you got to change your passwords because this stuff is festering, sitting on the dark web for people to purchase. It’s like a laundry list of services they have in the dark side that you can purchase to access people account information.
Keith Ellis, Jr.: Wow. Holiday seasons, is there anything that people should be looking? Because, I mean, before you know it, it’s going to be here. So, is that something that where people are trying to sadly, during a joyous time and fun time, a family time, typically, take advantage of other people?
Dave Chaves: Sure. Scammers will steal your joy if you let them. That’s why you’ve got the SHP. Stop, hesitate, protect is something I want people to keep in mind because they will, at the best time of the year, be able to take away some of that joy, and they’re going to step up their game. So many times, you’re going to get those phishing emails, sale going on at wherever it may be. You’re clicking on it. You’re allowing them to collect personal information, credit card information to put malware on your computer so they can access other information.
Keith Ellis, Jr.: And they just follow you around with that malware, correct?
Dave Chaves: Right.
Keith Ellis, Jr.: Gather, gather, gather.
Dave Chaves: Yeah. So, the holidays is a big time for scammers.
Keith Ellis, Jr.: Yeah, I mean, there’s a lot to take in there, and we really appreciate you in your expertise coming in to speak on this. And like I said earlier in the show, for those of you that are interested in learning a little bit more about this, we have a guide on our website SHPFinancial.com. Dave was nice enough to come in and kind of go pretty high level in regards to this stuff, but we wanted to take it a little bit deeper and provide a little bit more content around each one of these areas. So, again, go to the website SHPFinancial.com and start to read it and protect yourself. I mean it’s very important to protect your information and not be vulnerable. So, again, Dave, thanks for stopping in. Really appreciate your time. And I’m sure you’ll be back.
Dave Chaves: It’s a pleasure. Thank you for having me back.
Keith Ellis, Jr.: Have a good day, everybody.
Dave Chaves: Thank you.