It Can Happen to Anyone
I remember his voice. Formal, clipped, rote. He sounded exactly how I imagine a police officer delivering bad news might sound. As he spoke, I could feel the hot flush of anxiety in my earlobes.
Ma’am, he said, a bench warrant has been issued for your arrest. It seems you failed to appear for jury duty last month.
The thing was, I had shown up for jury duty on August 28, 2018, just a few weeks earlier. I’d sat in Denver’s Lindsey-Flanigan Courthouse for four hours before being thanked for my service and released, and I told the Denver Police Department (DPD) officer as much. He sighed the sigh of an overworked, frustrated public servant and told me that sometimes things like this happen; that every now and again paperwork goes missing and responsible citizens must pay the price, literally. He told me he was sure we could get it all cleared up, but that I’d have to pay the $1,000 fine first—and then the city and county of Denver would reimburse me. If I didn’t, I’d be arrested.
As the officer began detailing the process I’d need to follow—including the fact that I’d need to stay on the phone with him while I completed the necessary transactions—I sent a note to my colleague on Slack and told him what was going on. I explained that the officer said I’d need to go to the bank, get $1,000 in cash, and then go to a grocery store to convert the cash into gift cards, which was the only form of payment accepted at the courthouse. My co-worker, who’d come down to my desk, cocked his head and then wrote me a note that read: Is this a hoax?
I’m glad he did, because although I followed the officer’s instructions, going as far as pulling cash out of the bank, I’d become wary. Wary enough to hang up on the “lieutenant” while I asked a manager at King Soopers if he’d ever had anyone buy gift cards to use at the courthouse. When the store manager said almost everything involving unsolicited telephone calls and gift cards is a scam, I called the actual police. The woman I spoke with at DPD told me I was lucky because I’d very nearly gotten caught up in what she called the “jury duty scam.”
As I walked back to my office, I listened to three increasingly threatening voicemails the scammer had left. I felt fortunate but also incredibly gullible. At 39 years old, I felt I should’ve known better. After a while, however, the self-doubt turned to anger; then anger swelled into vengefulness.
This two-years-in-the-making package is the response to my brush with being scammed. Interviews with fraud experts and Centennial State victims of fraud all confirmed that public awareness is the single most effective method for combating consumer scams. As it turns out, what you don’t know can hurt you. Let the following pages be your guide to the easiest ways to safeguard what’s yours—and just maybe give the middle finger emoji to fraudsters everywhere.
Colorado Springs resident Doreen Hahn spends a lot of her free time doing online jigsaw puzzles.
The 70-year-old also does some online shopping, most recently for a new mattress she seemed pretty jazzed about. “I’m on the computer a lot,” Hahn says. “But I’m no expert.” That’s exactly the kind of person a tech support scammer was hoping to reach when he called Hahn in July and told her he worked for a tech support company that monitors computers for brands like Hewlett-Packard. He informed Hahn that her machine was sending out error messages and needed new virus protection software. “It alarmed me, of course. He told me it would be $1,000 to start,” she says, “but then he gave me the senior discount for $500.” The fake IT guy then instructed Hahn to write a check, hold it up to her computer’s camera for him to snap a picture, and then he’d install the software. “He was a smooth talker,” Hahn says. “Still, I didn’t get any sleep that night; I just knew something hadn’t been right.” Fortunately, Hahn’s gut feeling led her to make a first-thing-the-next-morning call to her bank, which immediately shut down all of her accounts. Several days later, Hahn began getting angry voicemails from the scammer, who’d been declined by the bank. “He actually threatened to send someone to my house,” she says, “but the calls stopped after a while. I’m sure he moved on to someone else.”
Colorado native Sage Wise was relieved to move back to the Centennial State in December 2019.
She had left an unhappy relationship and brought her kids home with a vision for a new life. The 26-year-old got a job as a teachers’ assistant and an apartment in Aurora. Less than 10 weeks later, though, the coronavirus began its insidious creep across the country—and the single mother of two lost her job when the daycare center closed. Having not worked in 2019, Wise couldn’t file for unemployment. “I was on the verge of losing my apartment,” she says. “I didn’t want to let my kids down. I was looking for jobs every day, getting emails from potential employers.” Then a job offer popped into her inbox that seemed ideal: a work-from-home position as a local hub inspector for Heies Ecoquest. Promised $3,000 for the month, Wise received packages of electronics, inspected them for damage, and then reshipped them. “It all seemed legitimate,” she says. Wise concedes it was a weird job, but she says she was so desperate she didn’t care—even though she did wonder if the goods she was mailing might be stolen. So long as she could pay rent with her paycheck, she was content. Only, the paycheck never came. “My boss had me email the payroll department,” Wise says. “I gave them my social security number, birth date, everything. And then…nothing.” The website disappeared, the phones were disconnected; Heies Ecoquest didn’t exist. Wise called the police and the Better Business Bureau—both of which said these so-called work-from-home employment scams, often based on the reshipping of (likely hot) items, had been on the rise during the pandemic—but there was nothing they could do. “I felt so fooled,” she says. “I was also so disgusted that people could do this to families during this difficult time.”
The Swindler’s Toolbox
Although the particulars of each ruse may differ, the basic instruments of deception have remained relatively constant in recent years. We explain fraudsters’ favored implements of scammery. Back to Top
Flimflam artists use sneaky tricks to disguise email addresses, sender names, or URLs—often by changing just one word or letter or number—to make it look like you’re interacting with a trusted source. Scammers can even spoof phone numbers, faking the name and number that shows up on your caller ID to make the call look local or like it’s coming from a government agency or even the hospital.
These are the randomized, automated calls you get about your car’s warranty expiring or winning that all-expenses-paid Caribbean cruise or being in trouble with the IRS. Not so long ago, the Federal Trade Commission created the National Do Not Call Registry, and we all thought our cells would stop ringing incessantly. Unfortunately, the Do Not Call Registry only stopped unwanted yet legal sales calls from law-abiding companies. As such, most of the calls you get where a computerized voice asks you to press 1 to, say, enter your social security number, are scams designed to glean personal information that can be used to make purchases with your credit card number or to access your bank accounts.
You’ve run out of cash and the dive bar doesn’t take plastic. The bartender says there’s an ATM near the bathrooms. You’re annoyed by the $3 surcharge in the moment, but completely apoplectic when you realize three days later that someone has emptied your checking account. In all likelihood, someone had placed a skimming device on the ATM that was able to capture data and/or record cardholders’ PINs. Skimming devices can be installed on ATMs, point-of-sale terminals at retail locations, and fuel pumps at gas stations.
The bad guys know we need our computers and all the data stored on them. And that’s exactly why they find ways to distribute ransomware, a type of malicious software that stops you from accessing your files and systems until you pay a ransom for their return. This can be devastating for businesses, but it’s no fun for individuals either. It’s easy to accidentally download ransomware from an email attachment, by clicking on an ad or a link, or by visiting an unsafe website. Generally, you’ll have no idea your computer is infected until your data becomes inaccessible or you begin receiving messages for ransom payments.
Phishing, vishing, smishing
Cybercriminals often blast out tens of thousands of emails devised to lure you in by mimicking the operations of a legitimate business or institution. You might get an email, for example, that says you’ve been approved for a home equity line of credit. Only the email isn’t actually from your bank, even though it may look like it is (see “spoofing”). Once you click on the link in the email, they are potentially able to snooker you into downloading malware to steal sensitive information. Vishing, or voice phishing, is the practice of sending an email—which looks like it’s from, say, your credit card company—that says there has been suspicious activity on your account and instructs you to call an 800 number, where scammers are waiting to extract your personal information. Ditto for smishing scams, which use SMS or text messages.
Typically, phishing campaigns don’t go after specific individuals. Spear phishing, however, is a targeted attack. Using the info we all post online, fraudsters can personalize an assault in a way that makes it more likely you’d engage. You might post on Facebook that you finally bought your dream car and attach a picture of a Corvette. A scammer could see that post, pull your email address from your profile, and send an email that appears to be sent from Chevrolet, which “needs some basic billing information to process your new car’s warranty.”
Did you know: 36 percentage of Colorado fraud reports categorized as identity theft, making crimes like stolen credit cards, government benefits scams, and fraudulent loans the most commonly perpetrated cons.
Colorado Attorney General Phil Weiser has long been interested in protecting consumers, but as the digital age dawned, he began focusing on an emerging set of challenging issues. We spoke to the Centennial State’s top legal officer about our state laws, vulnerable populations, and why a Harry Potter character’s defense against the dark arts works with scams too. Back to Top
5280: We know consumer protection falls under the purview of the Office of the Attorney General in Colorado, but is it fair to say that you’re particularly enthusiastic about subverting fraud?
Phil Weiser: Long ago, I worked in the U.S. Department of Justice’s Antitrust Division. That work was a little different, but the ultimate goal was to protect consumers by ensuring lower prices and greater choice. In my job now, I try to ask myself if our current environment is working for or against consumers. With everything being digital, we are facing a set of challenges that we haven’t come to grips with yet. I want to take care of those who are vulnerable to scams.
Everyone is susceptible to fraud, but are there people who are particularly exposed?
There are so many traps out there. Everyone can fall into one, but the elderly are especially vulnerable. About six times a year, I do presentations in conjunction with AARP for its ElderWatch program. People of my generation and older are trained to answer the phone. It rings, you answer. Millennials let everything go to voicemail—it’s annoying but smart. The fewer interactions you have with unknown sources, the better. And during the pandemic, scammers have been preying on all of our vulnerabilities. Scammers use fear and panic to their advantage in selling things like ineffective COVID-19 antibody tests.
Sounds like illegal robocalls are a real headache for you.
We get so many complaints about robocalls. There are some new tech tools that can combat them though. Essentially, this technology can determine if the call is legitimate or not. The 2019 TRACED Act mandates that phone companies implement call-authentication technology, which is why you’ve probably started to see “spam risk” or “fraud alert” pop up on your phone. You should ask your carrier about its technology. But there are two issues. One, the smaller companies don’t have the money for the tech upgrades. And two, no matter how good spam filters are, this is a cat-and-mouse game; fraudsters will evolve.
So, if technology can’t save us, what should we do?
There’s a character in Harry Potter named Mad-Eye Moody. He preaches constant vigilance. I want people to think of Mad-Eye Moody every day. When you open an email—constant vigilance. When you answer the phone—constant vigilance. When you click on an advertisement—constant vigilance. In the AG’s office we can work after the fact to help consumers who’ve been scammed, but it’s not always easy to right the wrong. You have to be proactive. You have to defend yourself with constant vigilance.
That all makes sense, but I’m guessing you’ve done a few things since taking the AG job in 2019 to help us out?
I hope so. I looked at our consumer protection law when I took office; it was like 48th in the country. Since then, I’ve been able to fix the law in several ways. Our penalties were very low; we raised them. We changed language that allowed scammers to defend themselves by saying they didn’t know the products they were selling were defective. So, yes, we’ve been active on the legislative front to create oversight. We also send cease-and-desist letters to companies running frauds and, if necessary, get law enforcement involved. Some scams are so noxious that they can rise to the level of being criminal [versus civil].
Did you know: A Denver entrepreneur rendered $62,500 in payment to the state after the AG’s office found the company misled consumers about its hand sanitizer.
This ancient Greek aphorism suggests there is a benefit in life to understanding both your strengths and weaknesses. Self-awareness comes in handy for shielding yourself from shysters, too. Just as a sidewalk purse-snatcher might see an octogenarian as an easy mark, online or telephone grifters might zero in on vulnerabilities you never realized you had. Keeping in mind that you’ve done absolutely nothing wrong, it’s still a good idea to identify your potential weak spots and turn them into a radar for would-be thieves. Back to Top
Your vulnerability might be: Loneliness
Because you’re: Single; recently divorced; elderly with no family.
Making you susceptible to: Romance scams, in which a fraudster manufactures an in-depth online identity to gain someone’s fondness and trust and then uses the romantic fantasy to manipulate the victim into sending money or divulging bank account information.
The expert says: “The scammer starts by meeting someone on a legit dating site and then often moves to another form of communication. They develop the relationship over weeks and months. Invariably, the scammer says he or she wants to meet in person but can’t afford it because of unforeseen medical bills or a lost job. The victim, believing he or she is in love, sends the money.” —Scott Schons, supervisory special agent, FBI
Your vulnerability might be: An online shopping habit
Because you’re: Stuck at home during a pandemic and looking for secondhand furniture or surgical masks or even a new puppy.
Making you susceptible to: Nondelivery-of-merchandise schemes, in which the “seller” takes advance payment via PayPal, personal check, Venmo, or bank transfer and then never provides the paid-for items.
The expert says: “In these pet scams, you’ll go to a website that looks like a legitimate breeder. There are pictures of adorable puppies. It’ll say ‘Adopt Jax! He’s so excited to meet you!’ They’ll ask you to first send money to purchase the pet; then they’ll get you again when they ask you to wire money for them to ship the pet through private transport. When you go to the airport to pick Jax up, there is no Jax.”—Ezra Coopersmith, investigations coordinator, Better Business Bureau
Your vulnerability might be: Generosity
Because you’re: Someone who has given to charities in the past.
Making you susceptible to: Charity fraud, in which fake nonprofits will use your goodwill to their advantage by asking for donations to help those who’ve been displaced by whatever the most recent natural disaster might be.
The expert says: “There are things called ‘lead lists’ that fraudsters buy and sell. When you donate money to legitimate charities, your name can end up on a list that scammers can use to reach out to people who they know have donated before. My advice: Never give to anyone who solicits you until you have done your due diligence.” —Martha Paluch, chief of economic crimes section, U.S. Attorney’s Office
Your vulnerability might be: Being a grandparent
Because you’re: Likely to do whatever it would take to help your grandkids, no questions asked.
Making you susceptible to: Grandparent scams, in which a con artist uses social media or other methods to find out the name and age of one of your grandkids—who likely lives in another state—and calls you posing as the police or a bail bondsman explaining that Melissa has been arrested for drunk driving and needs you to wire bail money.
The expert says: “My biggest heartbreaker are those grandparent scams. They paid $8,000 to get their grandchild out of trouble. Then they find out it was a scam, and they’re so, so upset. Sometimes they’re so emotional, they end up having to go to the hospital.” —Craig Alexander, detective, major crimes fraud unit, Denver Police Department
The Best Defense Is A Good Offense
Use these 16 proactive strategies—from simple rules and recommendations to valuable mental notes to easy-to-spot red flags—to thwart thieves and counter cyber crooks. Back to Top
- Ask your phone company about its spam filter technology. The 2019 TRACED Act requires voice service providers to develop authentication technology. Most of the larger companies already offer some measures of protection, but it can’t hurt to ask what’s available to you.
- Freeze your credit. Sometimes called a security freeze, this free tool allows you to restrict access to your credit report, which makes it difficult for scammers to steal your identity and open new accounts in your name. Doing this does not affect your credit score, but you may need to temporarily unfreeze it if you need to open a new account. You’ll need to contact Equifax, Experian, and Transunion—the three credit bureaus—to freeze your credit.
- Don’t post your entire life online. We know you reeeeally want to. Trust us: We know the rush of getting “likes.” Before you overshare, though, keep in mind that cyber swindlers can use that information—recent purchases, names of kids and grandkids, images that show your address, your birthday—against you.
- Look at your bank accounts and credit card purchases every day. “We have firewalls and top-notch encryption and biometrics,” says Lavonne Heaviland, president of centralized operations for FirstBank, “but our customers are really in the best position to catch something that looks wrong. Just like you lock your doors at your house and wear a seat belt for protection every day, you should look at your accounts frequently.”
- Sign up for activity alerts with your bank and credit card companies.
- Tricksters can get tricky with card readers. Stand-alone ATMs located in bars (or even outside of banks) or fuel pumps that are situated out of the line of sight of the business proprietor are more likely to have a skimming device. If anything looks added on (like maybe a plastic piece has been inserted inside the typical card reader) or doesn’t look original to the machine, don’t use it.
- Take care with person-to-person payment apps. Before you use Venmo or Zelle or any other digital payment solution, assess whether the person you’re sending cash to is actually a friend, family member, or truly trusted source. In many cases, these companies’ terms of service say that if you give someone who’s not a trusted source access to your account and they use it to defraud you, you may be responsible for the transactions made, even if you didn’t give your permission.
- Take a deep breath and slow down. If you receive a phone call from the IRS saying you owe back taxes or an email that appears to be from your bank about fraudulent activity, just slow your roll. “Don’t ever act in the moment,” says Colorado Attorney General Phil Weiser. “Scammers use pressure. They want you to make a snap decision. Legitimate dealings don’t work like that; they don’t disappear overnight. Just tell whoever you’re talking with to give you the information and you’ll get back to them. Then check into it a little.”
- Be wary of anyone asking you to pay with gift cards. Scammers use this ploy because they can instruct you to read off the gift card number over the phone, at which point the fraudster can drain the card’s value. “The gift card is the sign,” says Martha Paluch of the U.S. Attorney’s Office. “If someone asks you to put money on a gift card, it is a scam.”
- If something sounds too good to be true, it almost always is. “Getting a $10,000 check from the Canadian Lottery in your mailbox seems great,” says Bellco Credit Union’s John Rivera, “until you realize you didn’t actually play the Canadian Lottery. If you cash that fake check and spend it and it ultimately doesn’t clear, you’ll be liable for that money.”
- Don’t answer the phone unless you know the person calling you. This is why God created voicemail, people. Use it.
- Do not send sensitive information via email or text, even to a trusted source. If you need to provide your social security number (to your dad) or credit card number (to a trusted vendor), call it in.
- Always use virtual private networks, or VPNs, when you’re out and about. Consumers should not use unsecured public wireless networks to conduct any sensitive personal matters, especially financial transactions. They should set up a VPN—which encrypts data—instead of using their internet service providers’ servers if they need to look at, say, their credit card purchases while they’re at a coffeeshop or the airport. “Furthermore, users should not log into any accounts—even email and social media—over public Wi-Fi because login credentials can be captured and exploited,” says the FBI’s Scott Schons.
- Check your credit. The Fair Credit Reporting Act requires the credit bureaus to provide you with a free copy of your credit report every 12 months. Even if you put a freeze on your credit, you should still check to make sure that no one has been able to open a fraudulent account—making purchases that aren’t paid for, hurting your credit—in your name.
- If you don’t recognize the sender of an email or text, do not open it. (Also watch for misspellings in the sender’s email address: amazan.com instead of amazon.com.) And definitely do not click on any links or download any attachments to your computer. “There are lots of scams involving commonly used services and big, national brands,” says Lawrence Pacheco, director of communications for the Colorado Attorney General’s Office. “We see AppleCare scams, UPS scams, Netflix scams. Criminals are often phishing around for saved password information.”
- Be smart about login information. Select strong, unique passwords that don’t use common number combinations or personal information, like your date of birth or address. Even more important, don’t use the same password for multiple logins. If you use skibum12345 for your credit cards, your bank accounts, and your investment accounts, a scammer who figured out your password for one login can now infiltrate all of your accounts. If you can’t remember seven different login combinations (and who can?), try a password manager app like Dashlane, LastPass, or Bitwarden.
In Hot Pursuit
Reporting scams is the only way to help law enforcement investigate these crimes—and potentially save others from being victimized. Back to Top
Although it’s a frustrating reality that many scammers ultimately get away with their cons, being able to learn about and track consumer fraud is the best way to fight it—for everyday citizens as well as law enforcement. “We know people often feel too embarrassed to report being a victim of a scam,” says the FBI’s Scott Schons, “but people need to understand they didn’t do anything wrong. These crime organizations are very sophisticated.” If you’ve experienced consumer fraud (whether you lost money or not), you can and should report it to one or more of the organizations or government agencies below. And whether or not you’ve ever encountered a scam, you need to know what’s out there so you can spot it when it does inevitably happen; luckily, these groups can help you with that too.
Better Business Bureau
In 2015, the BBB launched its Scam Tracker program, which now receives thousands of reports each year. The program is national (and operates in Canada and Mexico as well); however, reports are processed locally first, allowing the BBB to analyze what scams are happening where.
Stop Fraud Colorado
Launched in 2014 by the Colorado Attorney General’s Office, Stop Fraud Colorado is the AG’s platform for educating consumers about scams. Not only does the website describe dozens of common hustles happening in Colorado, but it also offers a way to report fraud and the opportunity to sign up for its consumer alerts.
This nonprofit focuses on issues affecting the elderly, one of which is fraud. AARP launched ElderWatch in the early 2000s; the program hosts consumer fraud seminars, has a fraud help line, offers alerts sent via email or text, provides a Scam-Tracking Map, and has an easy-to-use form for reporting fraud.
Federal Bureau of Investigation
The Internet Crime Complaint Center is the FBI’s reporting mechanism for internet-facilitated misdeeds. The information is included in a database, where it can be used to enhance investigations. Click on Consumer Alerts for trends the FBI is seeing in the expanding world of flimflammery.
Hiding in Cyberspace
Law enforcement agencies work diligently to bring fly-by-nighters to justice, but successful cases are rare. Back to Top
Listening to Martha Paluch talk about her job will destroy any anxiety-suppressing denial you might’ve been allowing yourself about the shadowy recesses of the internet and the threats that lurk therein. As chief of the economic crimes section for the U.S. Attorney’s Office in Colorado, Paluch discusses “money mules,” “tracking international IP addresses,” and the “dark web” like other people talk about the weekly budget report. However, the tenor of her voice changes from nonchalant to something approaching glee when the name Leonard Luton comes up. “We got lucky with that case,” she says, “because the fraudsters were here in Colorado.”
Although Paluch couldn’t discuss details because Luton had yet to be sentenced at press time, a release from her office in February revealed that Paluch helped prosecute and convict the then 43-year-old Jamaican national for stealing more than $700,000 from an elderly Colorado woman using a lottery scam for which she was told she had to pay hefty upfront fees to receive her $2.8 million winnings. The case was investigated jointly by the FBI, the Estes Park Police Department, and the Larimer County District Attorney’s Office. “The outcome of this case is indicative of the success that can be attained when agencies combine resources to tackle cyber-related matters such as the greed-driven lottery scam Mr. Luton fabricated,” said FBI Special Agent in Charge Dean Phillips. What the release didn’t plainly lay out is just how unusual it is for a case like this one—which could have straddled state and international lines—to come together as successfully as it did.
“We get calls every week asking us if we can take fraud cases,” Paluch says. “We get them from the IRS, Health and Human Services, the Social Security Administration, the Veterans Affairs department. Unfortunately, we can’t take them all.” That’s due in part to resources, of course, but it’s also because fraud cases are challenging to investigate and, in some cases, even harder to prosecute. Huge percentages of the scams perpetrated against Americans originate from overseas, which means having to get foreign governments involved. “The FBI has overseas agents who try to identify scammers,” says the FBI’s Scott Schons. “We try to charge them, but being able to extradite someone depends on the country. Not all countries will extradite for fraud.”
When swindlers are operating stateside, they are often using multiple layers of unwitting participants and crossing state boundaries, creating jurisdiction issues among law enforcement agencies. “We have lots of victims in Denver,” says Detective Craig Alexander, who works in the major crimes fraud unit of the DPD, “but the majority of our suspects are not here. It’s difficult to find internet criminals. It’s hard to get assistance from other cities and states. Criminals know to cross jurisdictions. We have very few successes.”
All of which makes the Luton case an even bigger win. Yet Paluch stresses that consumers are the ones who have to be diligent. “The U.S. Attorney’s Office is really committed to protecting the public,” she says, “but we can’t do it alone.” She says we all need to protect our data, be wary of unsolicited contact, and think twice before investing with an unknown entity. “These scammers are so darn good,” Paluch says. “We can’t make it any easier for them.”
Did you know? There has been a 50% increase in use of mobile banking apps in the first half of 2020, likely attributable to the pandemic. The FBI says this surge in mobile banking can be exploited by scammers.