I think this problem should be solved politically/legally first, technology can easily track money as you know.
How are scammers able to operate bank accounts without leaving any traces, and why don’t the police and banks have the power to reverse transactions that are obviously fraudulent.
Sometimes, I think some aspects of "the old west" in the US might be worth considering a return to... such as "outlaw" and "dead or alive"
I realize that in society we don't typically care for these kinds of approaches, but how else do you actually deal with literal evil that sits safely on the other side of the globe, when their own governments won't do anything to stop it?
The problem is, in reality any such activity would largely be indistinguishable from terrorism.
It's actually more complicated, but the draining of scam money at scale (ie: billions) is done with the help of collaboration of the Triads and Mexican cartels. IE: Chinese scammers rob the world of billions. They ultimately end up with tons of crypto but still need to launder it. They collaborate with the Mexican cartels to buy USD cash from them paid via crypto. Then the Triads re-launder that cash or sell it to other Chinese nationals in the USA.
I know about corruption; anyone who lives in a third-world country understands it. However, as an engineer who built the technical solution, I feel hopeless. Even though my team has strong technical skills and worked extremely hard, with very little sleep for six months, to create something for the greater good, situations like this still happen. In fact, they are becoming worse and more frequent.
As an engineer, I hope that I can gain more knowledge, connect with more people, and do more to help those who have no one to protect them.
Thanks everyone for your kind words and advice. It really means a lot to me right now. I hope someday I can get over this and turn it into a lesson, and I will share what I learned so others can be more careful.
To @dang and the moderators: I honestly do not understand why this topic was flagged. This situation is real and very painful for my family, and it is beyond my imagination that sharing it would be a problem.
Sorry for any distress over this. The moderators didn't flag (or see) it. Users flagged it, and whilst we never know why users flag things, in this case it may have been because it seemed outside of HN's usual scope. But as moderators we think it's fine if the community is able to discuss a topic like this and provide meaningful advice and help. We're really sorry this happened to your family, and we wish you well in finding a way forward.
Thank you, @tomhow. The quick response and the welcoming attitude from the moderators are something I personally appreciate a lot.
As I mentioned before, HN is a technology community. I hope that one day I can share only technical topics here, so we can focus the discussion on technical matters. I hope we can stand together as engineers, doing our part and taking responsibility, even if that does not fully address the root causes.
It's a growing threat everywhere. Here in Russia it's nearly always in the news. They can even trick a person into selling expensive property (real estate) and then steal the money.
One thing is the government must act. These calls are mostly done from abroad. Phone companies can implement some protective measures. Banks too need to watch for common patterns (doesn't always help because scammers talk the victim around the checks). The society as a whole needs to get aware. What a single person could do is to keep contact with the relatives. I've read an expert report on one such case; the author wrote that even a single close someone could break the trance and stop the scam. In that case the victim happened to be a popular singer seemingly never alone, yet as it turned out she actually was a lone old lady with not a single confidant close enough for more than a month.
She was, of course, shattered with what happened (she lost close to $3M), but after some time in one if her interviews she said: "I will survive". She said it in Russian and did not comment on the phrase further, it must be too personal. Yet of course she meant that song. The song helps her. The song's story is different, but the emotion is same. We have all our love to give. A hard hit will do good if it makes us to commit on that.
One thing both Robinhood and Revolut offer, which I wish was mandatory, is that they detect when on a phone call and their banking apps put a banner on the top warning they are not calling the user and to not give out any information.
A small gesture, but anything that can help I'm all for.
Then the singer went on to use her influence and celebrity lawyers to keep the apartment and not return the buyer's money, screwing the buyer in the process. Literally her defenses were "the buyer should've known this deal was suspect due to below the market price" and that the buyer should have asked for a health report from a psychiatrist (wtf). Not a nice old lady after all. I haven't been following the case closely, but it seems like the decision has been overturned.
Similar to Streisand Effect, there's now in Russia the term Dolina Effect [0] after this singer, referring to these "grandma schemes" where criminals direct the elderly to sell their property and then renege, relying on courts siding with them to keep the property and the money. Whatever the real story is, it's all so messed up.
That "use of influence" is pure imagination. But you are right, there is another even darker half of the story: not only she has lost a large sum of money, she is now hated and bullied by a raging mob of "honest buyers".
(Most such sales happen at a large discount; half price is not uncommon. In many cases the buyer can clearly see something is off. Yet the price is so sweet the buyer cannot resist and risks getting sued afterwards. Of course, maybe this particular case is an exception.)
I must have imagined that she was represented by Mikhail Barshchevsky, one of the highest-ranked government lawyers. Just to be clear, your stance is that the buyer should be the bagholder when the seller gets swindled?
My main background is in mathematics, and after 15 years working in big data, I am now focusing on machine learning and AI. Not flashy technologies, but practical ones that can do things beyond what a normal human can do alone.
As for the human side, I have already shared my story within a closed community where other engineers know me personally. I am not begging for help; my goal is to inform more people about this situation and, if I am fortunate, to find others who are willing to join me in this fight.
Your last story is deeply moving. It captures the human cost behind these crimes in a way that statistics never can. Her quiet strength, expressed in just a few words, is a powerful reminder that even after devastating loss, people can find the will to endure and move forward.
The guy is one of Putin's top generals, also known as "Bloodhound" (in Russian), anyways, he sounds pretty bloodthirsty too, just from the way he writes. You have to pay for your crimes you monster! You and all your people deserve to die! Every Russian. It's just so monstrous how they decide to just invade another country because they can right? What gives them the right? All their people should pay for it, with blood.
After sharing my story, I realized how widespread this has become. Almost every friend I know has at least one relative who has been a victim. These are not one or two isolated cases. It is almost everyone. This is no longer an exception. It is becoming normal, and that is terrifying.
One urgent warning I want to share is about how scammers are now using AI.
In my country, they are already using AI for video calls, voice cloning, and highly scripted conversations. The person on the screen can look and sound real. The conversation feels natural and authoritative. For many people, especially older relatives, it is almost impossible to tell that it is fake.
This is no longer about obvious scam messages or bad phone calls. AI is making scams feel personal and trustworthy. Please warn your families. No bank or authority will ever ask for OTP codes or urgent transfers, even if it is a video call and the person looks real.
Sorry to hear this. From where I am (India), there’s hardly anything that you can do because it’s likely that the ones with power won’t do anything. As an individual, you can only focus on yourself and those you know and try to educate them as much as is possible.
These kind of scams have become a huge problem in India (look up “digital arrest” scams). People of all backgrounds and age groups have lost a lot of money (to put it in US dollar equivalent amounts, imagine a person losing few hundred thousand dollars to a couple of million dollars). There is nothing like “digital arrest” in Indian laws. The government has tried to warn people about this.
The larger problem seems to be a combination of factors across disinterested entities:
1. The police aren’t interested in solving these (there’s a separate division for cybercrime). Filing a formal report is usually thwarted and avoided by the police. Even if they show some interest, it always involves paying them fat sums of money. There’s no guarantee that they can recover the money.
2. The banks aren’t interested in solving this. It seems like specific bank branch managers are involved and just stand by allowing large transactions (like cash withdrawals) to just be approved without raising any questions or concerns. All the talk by banks about “risk management” (alongside compliance matters) goes out the window just for the victims of these scams.
3. With SMS OTPs being common and the scammers recruiting some locals to run SIM farms/phone farms, the telecom companies aren’t interested in solving issues within themselves either. Though there is a limit of nine phone numbers (total) per person in India, and though there is on paper a KYC process (including a live video) to get a phone number, the telecom companies have systems and employees who can provide numerous numbers based on stolen or fake IDs.
4. The government is a bystander and appears helpless. Instead of creating laws and enforcing existing laws, it focuses on some awareness that these scams are not genuine.
5. The Supreme Court finally ordered CBI (the Indian equivalent of FBI) to investigate these scams.
So there you have it: none of the entities involved has any interest or will to do something about the problem. There will always be excuses that the scammers are in another country.
I'm so sorry to hear this. The best thing you can do is help to educate people, maybe create an organization that can work with other organizations to target youth and senior knowledge. Before they passed both my grandmothers had seen many similar scam efforts that targeted them. One of my grandmothers was way too knowledgeable and crafty to fall for it, even pleas like, "Grandma, I'm in jail and need help..." absolutely failed in practice. For better or worse, my other Grandmother had been scammed a couple times and towards the end of her life didn't have the finances to scam any more from, living with my mom and her sisters.
Unfortunately the scams themselves range from amazingly complex to what should be really easy to spot. I make it a rule to NEVER give personal information to someone that calls me unexpectedly, at least nothing that isn't already effectively public information. Annoying when your doctor's office has an automated system that calls and the first thing it does is ask for your social security number... My response is "nope, not doing it" and that's what I told anyone that would listen at that office every visit... it's training people to get scammed.
This seems like such a simple problem to solve on the institutional level. Allow a person to have 3FA. Two phone numbers being required to log in - yours and trusted person.
I would have that setup for my parents so that if they ever called me for the 2nd code, I could ask questions about why they need it.
While I’m not too worried about my 83 year old mom, she is more tech savvy than most and has been using computers since 1986, I do worry about my dad if my mom passes first. He’s a lot more gullible.
You could reduce it to a single hardware security key without a password and it would be more secure. The problem—in this case and in general—is using passwords and OTPs for anti-phishing; with a hardware key, there is no way for the phishers to gain access to the account (without being in the room or in possession of the key), even if they successfully convince their victim to log in.
There are scams where they tell the user to do stuff themselves even as far as to tell the victim to take all of the money out and deposit it in a bitcoin account
I’m so sorry this happened to your family. Let’s use this as a moment to protect our own.
Think of it this way: If I needed a document from your house, would you give me a permanent copy of your keys? Probably not. Unlike a physical key, a shared password can never truly be taken back.
No legitimate organization needs full, permanent control over your bank account. If a situation feels incredibly urgent, it is almost certainly a scam.
• Taxes? The government already has the access they need.
• Loans or Visas? Ask for payment instructions or a formal bank certification instead.
Everything can wait a day—except a scammer. Educate your circle: urgency is their greatest weapon.
To the OP, be proud that you’re brave enough to share this. I live in one of the 3 countries bordering Cambodia, and yes I have been called by scammers and managed to ignore them every single time. A political solution is a must if the world even intends to solve this growing pain, with the end of Cambodia as a country a good solution. Until then, be vigilant and advise others to be as well, and keep pillaging Cambodia whenever an opportunity arises. I always refer to them as Scambodia in daily conversations, gaining popularity myself for that.
Unfortunately I don't have any advice for recovering the money, as that's just so far outside of my knowledge field.
This may not help, but you have my utmost sympathy. An elderly lady that I know recently lost her husband and her only son, and got scammed out of much of her savings by people exploiting her horrible circumstances. She had to come out of retirement and go back to work because of it.
I think crimes like this are among the most evil you can commit to people. I really wish that law enforcement organizations would chase these down and prosecute as aggressively as they would if there had been a murder or something committed. They are fully capable of doing so when it's something that they care enough about, but they just don't seem to care about people like your mother and my friend. It breaks my heart and I really wish I could do something about it as well.
Thank you very much for your kind words. What I am thinking about most right now is, first, encouraging my mother and helping her through this difficult situation. Beyond my responsibility to my family, I also feel a responsibility related to the system I built. I want to connect with people who have much more knowledge than I do and see whether we can do something meaningful for third-world countries. That has always been my lifelong dream.
Cyber attacks have gotten pretty sophisticated. Lately supply chain attacks are all over HN, I got hacked through a Web3 interview. I managed to get the site down after complaining to their hosting provider.
November 1st I received an email that I had been hacked and all private data including a video of me was owned. I got really emotional but then after reading it, I saw it was a generic threat and nothing could be done.
You are asking, what can be done? Start with the basics, strong password and MFA everywhere. Avoided pirated Windows, and if you can avoid the OS entirely as well. Basic cybersecurity awareness need to be taught in schools. After 23andme, a lot of companies just have very shitty practices as well.
I am really sorry it happened to you, and wish you and your mother lots of resilience.
The following is very naive...
I have no experience in this, but since you're working in the banking system, you may know someone who knows someone etc ? It may go high enough that "something" happens, be it some help, or green light for a project to prevent scamming or anything really.
Where I live, banks have to control wire transfers, so for instance if someone wires money for "Brad Pit's kidney", the bank must prevent this. Actually it's a real case, and an undisclosed deal was made between the victim and the bank. Maybe there's something like this where you live?
As your parents age you should convince them to transfer their assets into a trust where they still maintain control but withdraws etc can be optionally approved by a spouse or other family member. The trust has many other benefits but is especially good for fraud as it can disassociate the holders identity from the assets and have specific conditions for withdrawal. It also can provide a clean transfer of ownership in the event of a death etc. I am sorry this happened to you, it is becoming more common in the us too. And all of these “companies” seem to establish bank accounts and addresses in Delaware…
A technical solution without the will or ability to enforce it will ultimately be unsatisfying. I remember an old group https://www.419eater.com/ (I guess it is still there). They basically "waste the scammers time". The scams rely on low effort ways to find the target, robocalls, emails, etc. But once the target is found they have to put real effort into implementation. With AI, this will only become easier on their end.
I would look into solutions that would make it harder for them. Like AI chatbots that act like targets, both text and voice. If the majority of their efforts end up being weeks of conversation with an AI before they figure it out then it will not be worth the effort.
Right now it may take them hours to find a viable target then days to extort them. Make it take longer, until it is more lucrative to get a legitimate job.
I used to think it was fun to mess with scammers... but I think these days many of them are forced into it. Basically they are lured in with reasonable sounding job offers then once they find themselves in another country with only their "employer" look out for them, they basically become slave labor.
You need to hurt the ones trapping the slaves that run the scams, and your weapon is the same as theirs... technology.
It's interesting that in our digital age there are tens of thousands of text editors emerge every millisecond but hackers won't do any project that would help their own people to build robust communities and educational platforms, that would teach everyday (cyber)security and computer/tech skills.
First off, I'm sorry. I went down this road with my godmother, $300k still unrecovered, despite lots of information documented.
How did the money actually leave her account once they had access? Was it wired?
Unfortunately the solution for you right now is to focus on rebuilding and acceptance. This is a massive problem, you aren't alone, and it's a reminder that there are shitty people in this world. There needs to be an alert and approval mechanism for outbound wires that older people can be strongly encouraged to set up. Sons and daughters can be notified if there's a massive outbound wire pending and intervene -- scammers are often posing as these people.
1. Get police reports
2. Use the police report to start an issue with the bank
3. Work with a lawyer and escalate through the courts.
Do all of these things. Don't let the bank staff dissuade you from getting a lawyer involved now.
There is a second "thing to do" which is to regather yourself. You seem to feel, justly, as if your house was robbed. Take care of yourself as if that was true. Do a personal security audit if that is the sort of thing that makes you feel better. Journal, meditate, pray, etc as appropriate.
No defense is perfect and complete. That doesn't mean the defenders stop trying.
Every country needs a digital firewall so outside scammers and scammers can't harass its citizens. This is the primary reason for borders in the first place: allow police to enforce a countries laws.
There are only 3 countries neighboring Cambodia. It could help to mention the country as different countries have different guarantees.
The thing you can do right now is to try and get hold of someone in the bank that can freeze the flows, for the possibility of returning the money. Otherwise, not much can be done.
It's always going to be near impossible to get money back out of Cambodia, which is the implication in the post. You can trivially figure out where the author of the post lives too, but I'm not sure there's much usable advice here.
It is almost impossible. Unlike in developed countries, where banks can offer some level of protection to customers, in third-world countries, banks mainly protect themselves. All responsibility is pushed onto users. Banks take no accountability, and the government protects the banks.
Let me give a concrete example. When money is transferred to scammer accounts, it is immediately distributed across hundreds of other accounts and moved out of the electronic system in under 30 seconds. At that point, everything is gone.
I hate to be the one that says it, but there is only one way to handle scammers like this. They need to be hunted down and put down. All of them and anyone who is involved.
Truth be told that scamming is becoming easier and easier. The problem is that most countries not only allow it, it is part of their GDP. Look at the number of scammers that originate in India. Everyone there knows who they are, there are numerous YouTube channels souly dedicated to exposing them and reporting them to the authorities, yet they still remain active.
Until a more brutal and direct response is used, these organizations and countries will continue to operate. If the attacks Trump has used on drug boats has taught us anything is that a direct response is the best response when dealing with the underworld.
This really should be way this problem is approached. There have been people who have committed suicide because their private data was leaked. It's an altogether serious matter.
It is much easier than you might imagine. Hundreds of thousands of people live together almost like a city, scamming their own people, speaking the same language as their victims. They train day and night to manipulate the human mind, supported by an underlying system of fake accounts. When I was building the system against that, I felt like David facing Goliath. The problem goes far beyond what technical systems alone can solve.
https://cybercrime.gov.in/ you can report cybercrimes here for india. The problem is the police is short staffed and their tech is also not on part with that of the scammers. The slow judiciary system due to staff shortage again makes this difficult
(If you're OP: this is not a solution per se but more of a generalist rant; just so you don't waste critical time)
People talk about changing laws or technical solutions, but the inconvenient truth is that technically literate people should peer-pressure nearby friends/family/etc. into being more aware of such possibilities. I've done so, to the extent that some people find it ether borderline schizophrenic/paranoid (to my "luck", I live in an ex-communist country, where most people are usually skeptical in many contexts with strangers; so this group of people is relatively small).
People who know better bear a responsibility towards helping others who don't; towards those who are too kind (or naive) for their own good; Even though I'm the "tech guy" in my close circles (family, friends,etc.) like many here, I often do the >opposite< of what other "pro-technologists" do these days: I don't encourage people, especially the older generation OR the more tech-illiterate ones to use more technology, because it is obvious that doing so "injects" another vector of attacks into their lives. More often these days this is not possible, everything gets digitalized to the detriment of such groups, but this also delves into the politics of keeping "older options" (cash, paper trails, etc.) available even if digitalization happens. Often times the older options are more secure, though obviously less convenient.
This is a non-solution, yes, but it is the correct way to approach this (imo), as more and more places LEGALLY force digitalization of different institutions(banking, gov. agencies, etc.) which inherently either add, or worse, completely shift the risk into virtual spaces. This is why a "legal" solution is more often than not either a slow one or a completely pointless one. It will always be an arms-race between scammers(which operate more effectively[in theory] due to their decentralized nature) and the gov./banks/etc., which operate in a more centralized fashion, thus demanding and imposing more control above all included parties. A legal way will always demand more than it's worth.
I digress from my shift into politics, but bottom line is this: don't let your peers/family/closed ones get into these situations. If you have "an authoritative" voice regarding tech, use it to first cultivate awareness regarding dangers, before cultivating hype/or anything else. (Obviously not talking about anyone specifically, but the whole "geeksphere" as a whole)
The bigger issue here (imvho) is that financial institutions / systems / companies accept (maybe even invite) / tolerate a small degree of fraud as it's "good" for the system.
I think this problem should be solved politically/legally first, technology can easily track money as you know.
How are scammers able to operate bank accounts without leaving any traces, and why don’t the police and banks have the power to reverse transactions that are obviously fraudulent.
Sometimes, I think some aspects of "the old west" in the US might be worth considering a return to... such as "outlaw" and "dead or alive"
I realize that in society we don't typically care for these kinds of approaches, but how else do you actually deal with literal evil that sits safely on the other side of the globe, when their own governments won't do anything to stop it?
The problem is, in reality any such activity would largely be indistinguishable from terrorism.
Ah yes the old west. A time of peace and low crime.
You mean like today?
When’s the last time your horse got rustled?
It's actually more complicated, but the draining of scam money at scale (ie: billions) is done with the help of collaboration of the Triads and Mexican cartels. IE: Chinese scammers rob the world of billions. They ultimately end up with tons of crypto but still need to launder it. They collaborate with the Mexican cartels to buy USD cash from them paid via crypto. Then the Triads re-launder that cash or sell it to other Chinese nationals in the USA.
The problem is corruption, and that's not easy to fix.
I know about corruption; anyone who lives in a third-world country understands it. However, as an engineer who built the technical solution, I feel hopeless. Even though my team has strong technical skills and worked extremely hard, with very little sleep for six months, to create something for the greater good, situations like this still happen. In fact, they are becoming worse and more frequent.
As an engineer, I hope that I can gain more knowledge, connect with more people, and do more to help those who have no one to protect them.
Crypto
Thanks everyone for your kind words and advice. It really means a lot to me right now. I hope someday I can get over this and turn it into a lesson, and I will share what I learned so others can be more careful.
To @dang and the moderators: I honestly do not understand why this topic was flagged. This situation is real and very painful for my family, and it is beyond my imagination that sharing it would be a problem.
We've turned off the flags.
Sorry for any distress over this. The moderators didn't flag (or see) it. Users flagged it, and whilst we never know why users flag things, in this case it may have been because it seemed outside of HN's usual scope. But as moderators we think it's fine if the community is able to discuss a topic like this and provide meaningful advice and help. We're really sorry this happened to your family, and we wish you well in finding a way forward.
Thank you, @tomhow. The quick response and the welcoming attitude from the moderators are something I personally appreciate a lot.
As I mentioned before, HN is a technology community. I hope that one day I can share only technical topics here, so we can focus the discussion on technical matters. I hope we can stand together as engineers, doing our part and taking responsibility, even if that does not fully address the root causes.
It's a growing threat everywhere. Here in Russia it's nearly always in the news. They can even trick a person into selling expensive property (real estate) and then steal the money.
One thing is the government must act. These calls are mostly done from abroad. Phone companies can implement some protective measures. Banks too need to watch for common patterns (doesn't always help because scammers talk the victim around the checks). The society as a whole needs to get aware. What a single person could do is to keep contact with the relatives. I've read an expert report on one such case; the author wrote that even a single close someone could break the trance and stop the scam. In that case the victim happened to be a popular singer seemingly never alone, yet as it turned out she actually was a lone old lady with not a single confidant close enough for more than a month.
She was, of course, shattered with what happened (she lost close to $3M), but after some time in one if her interviews she said: "I will survive". She said it in Russian and did not comment on the phrase further, it must be too personal. Yet of course she meant that song. The song helps her. The song's story is different, but the emotion is same. We have all our love to give. A hard hit will do good if it makes us to commit on that.
One thing both Robinhood and Revolut offer, which I wish was mandatory, is that they detect when on a phone call and their banking apps put a banner on the top warning they are not calling the user and to not give out any information.
A small gesture, but anything that can help I'm all for.
Then the singer went on to use her influence and celebrity lawyers to keep the apartment and not return the buyer's money, screwing the buyer in the process. Literally her defenses were "the buyer should've known this deal was suspect due to below the market price" and that the buyer should have asked for a health report from a psychiatrist (wtf). Not a nice old lady after all. I haven't been following the case closely, but it seems like the decision has been overturned.
Similar to Streisand Effect, there's now in Russia the term Dolina Effect [0] after this singer, referring to these "grandma schemes" where criminals direct the elderly to sell their property and then renege, relying on courts siding with them to keep the property and the money. Whatever the real story is, it's all so messed up.
[0] https://en.wikipedia.org/wiki/Dolina_effect
That "use of influence" is pure imagination. But you are right, there is another even darker half of the story: not only she has lost a large sum of money, she is now hated and bullied by a raging mob of "honest buyers".
(Most such sales happen at a large discount; half price is not uncommon. In many cases the buyer can clearly see something is off. Yet the price is so sweet the buyer cannot resist and risks getting sued afterwards. Of course, maybe this particular case is an exception.)
I must have imagined that she was represented by Mikhail Barshchevsky, one of the highest-ranked government lawyers. Just to be clear, your stance is that the buyer should be the bagholder when the seller gets swindled?
My main background is in mathematics, and after 15 years working in big data, I am now focusing on machine learning and AI. Not flashy technologies, but practical ones that can do things beyond what a normal human can do alone.
As for the human side, I have already shared my story within a closed community where other engineers know me personally. I am not begging for help; my goal is to inform more people about this situation and, if I am fortunate, to find others who are willing to join me in this fight.
Your last story is deeply moving. It captures the human cost behind these crimes in a way that statistics never can. Her quiet strength, expressed in just a few words, is a powerful reminder that even after devastating loss, people can find the will to endure and move forward.
> Here in Russia it's nearly always in the news
And that is bad because...?
The guy is one of Putin's top generals, also known as "Bloodhound" (in Russian), anyways, he sounds pretty bloodthirsty too, just from the way he writes. You have to pay for your crimes you monster! You and all your people deserve to die! Every Russian. It's just so monstrous how they decide to just invade another country because they can right? What gives them the right? All their people should pay for it, with blood.
I don't have any solution for you, but I'm really sorry for this happened to you. It makes me really sad. I hope you get justice legally.
Thanks for your kind words.
After sharing my story, I realized how widespread this has become. Almost every friend I know has at least one relative who has been a victim. These are not one or two isolated cases. It is almost everyone. This is no longer an exception. It is becoming normal, and that is terrifying.
One urgent warning I want to share is about how scammers are now using AI.
In my country, they are already using AI for video calls, voice cloning, and highly scripted conversations. The person on the screen can look and sound real. The conversation feels natural and authoritative. For many people, especially older relatives, it is almost impossible to tell that it is fake.
This is no longer about obvious scam messages or bad phone calls. AI is making scams feel personal and trustworthy. Please warn your families. No bank or authority will ever ask for OTP codes or urgent transfers, even if it is a video call and the person looks real.
Sorry to hear this. From where I am (India), there’s hardly anything that you can do because it’s likely that the ones with power won’t do anything. As an individual, you can only focus on yourself and those you know and try to educate them as much as is possible.
These kind of scams have become a huge problem in India (look up “digital arrest” scams). People of all backgrounds and age groups have lost a lot of money (to put it in US dollar equivalent amounts, imagine a person losing few hundred thousand dollars to a couple of million dollars). There is nothing like “digital arrest” in Indian laws. The government has tried to warn people about this.
The larger problem seems to be a combination of factors across disinterested entities:
1. The police aren’t interested in solving these (there’s a separate division for cybercrime). Filing a formal report is usually thwarted and avoided by the police. Even if they show some interest, it always involves paying them fat sums of money. There’s no guarantee that they can recover the money.
2. The banks aren’t interested in solving this. It seems like specific bank branch managers are involved and just stand by allowing large transactions (like cash withdrawals) to just be approved without raising any questions or concerns. All the talk by banks about “risk management” (alongside compliance matters) goes out the window just for the victims of these scams.
3. With SMS OTPs being common and the scammers recruiting some locals to run SIM farms/phone farms, the telecom companies aren’t interested in solving issues within themselves either. Though there is a limit of nine phone numbers (total) per person in India, and though there is on paper a KYC process (including a live video) to get a phone number, the telecom companies have systems and employees who can provide numerous numbers based on stolen or fake IDs.
4. The government is a bystander and appears helpless. Instead of creating laws and enforcing existing laws, it focuses on some awareness that these scams are not genuine.
5. The Supreme Court finally ordered CBI (the Indian equivalent of FBI) to investigate these scams.
So there you have it: none of the entities involved has any interest or will to do something about the problem. There will always be excuses that the scammers are in another country.
https://cybercrime.gov.in/ report cybercrimes here i shared more insight on a different comment on this post
I'm so sorry to hear this. The best thing you can do is help to educate people, maybe create an organization that can work with other organizations to target youth and senior knowledge. Before they passed both my grandmothers had seen many similar scam efforts that targeted them. One of my grandmothers was way too knowledgeable and crafty to fall for it, even pleas like, "Grandma, I'm in jail and need help..." absolutely failed in practice. For better or worse, my other Grandmother had been scammed a couple times and towards the end of her life didn't have the finances to scam any more from, living with my mom and her sisters.
Unfortunately the scams themselves range from amazingly complex to what should be really easy to spot. I make it a rule to NEVER give personal information to someone that calls me unexpectedly, at least nothing that isn't already effectively public information. Annoying when your doctor's office has an automated system that calls and the first thing it does is ask for your social security number... My response is "nope, not doing it" and that's what I told anyone that would listen at that office every visit... it's training people to get scammed.
This seems like such a simple problem to solve on the institutional level. Allow a person to have 3FA. Two phone numbers being required to log in - yours and trusted person.
I would have that setup for my parents so that if they ever called me for the 2nd code, I could ask questions about why they need it.
While I’m not too worried about my 83 year old mom, she is more tech savvy than most and has been using computers since 1986, I do worry about my dad if my mom passes first. He’s a lot more gullible.
> Allow a person to have 3FA.
This might not be sufficient. We need 4FA or, better, 5FA.
You could reduce it to a single hardware security key without a password and it would be more secure. The problem—in this case and in general—is using passwords and OTPs for anti-phishing; with a hardware key, there is no way for the phishers to gain access to the account (without being in the room or in possession of the key), even if they successfully convince their victim to log in.
No affiliation other than using their products:
https://www.yubico.com/
There are scams where they tell the user to do stuff themselves even as far as to tell the victim to take all of the money out and deposit it in a bitcoin account
I’m so sorry this happened to your family. Let’s use this as a moment to protect our own.
Think of it this way: If I needed a document from your house, would you give me a permanent copy of your keys? Probably not. Unlike a physical key, a shared password can never truly be taken back.
No legitimate organization needs full, permanent control over your bank account. If a situation feels incredibly urgent, it is almost certainly a scam.
• Taxes? The government already has the access they need. • Loans or Visas? Ask for payment instructions or a formal bank certification instead.
Everything can wait a day—except a scammer. Educate your circle: urgency is their greatest weapon.
To the OP, be proud that you’re brave enough to share this. I live in one of the 3 countries bordering Cambodia, and yes I have been called by scammers and managed to ignore them every single time. A political solution is a must if the world even intends to solve this growing pain, with the end of Cambodia as a country a good solution. Until then, be vigilant and advise others to be as well, and keep pillaging Cambodia whenever an opportunity arises. I always refer to them as Scambodia in daily conversations, gaining popularity myself for that.
Unfortunately I don't have any advice for recovering the money, as that's just so far outside of my knowledge field.
This may not help, but you have my utmost sympathy. An elderly lady that I know recently lost her husband and her only son, and got scammed out of much of her savings by people exploiting her horrible circumstances. She had to come out of retirement and go back to work because of it.
I think crimes like this are among the most evil you can commit to people. I really wish that law enforcement organizations would chase these down and prosecute as aggressively as they would if there had been a murder or something committed. They are fully capable of doing so when it's something that they care enough about, but they just don't seem to care about people like your mother and my friend. It breaks my heart and I really wish I could do something about it as well.
Thank you very much for your kind words. What I am thinking about most right now is, first, encouraging my mother and helping her through this difficult situation. Beyond my responsibility to my family, I also feel a responsibility related to the system I built. I want to connect with people who have much more knowledge than I do and see whether we can do something meaningful for third-world countries. That has always been my lifelong dream.
Cyber attacks have gotten pretty sophisticated. Lately supply chain attacks are all over HN, I got hacked through a Web3 interview. I managed to get the site down after complaining to their hosting provider.
November 1st I received an email that I had been hacked and all private data including a video of me was owned. I got really emotional but then after reading it, I saw it was a generic threat and nothing could be done.
You are asking, what can be done? Start with the basics, strong password and MFA everywhere. Avoided pirated Windows, and if you can avoid the OS entirely as well. Basic cybersecurity awareness need to be taught in schools. After 23andme, a lot of companies just have very shitty practices as well.
I am really sorry it happened to you, and wish you and your mother lots of resilience.
The following is very naive...
I have no experience in this, but since you're working in the banking system, you may know someone who knows someone etc ? It may go high enough that "something" happens, be it some help, or green light for a project to prevent scamming or anything really.
Where I live, banks have to control wire transfers, so for instance if someone wires money for "Brad Pit's kidney", the bank must prevent this. Actually it's a real case, and an undisclosed deal was made between the victim and the bank. Maybe there's something like this where you live?
As your parents age you should convince them to transfer their assets into a trust where they still maintain control but withdraws etc can be optionally approved by a spouse or other family member. The trust has many other benefits but is especially good for fraud as it can disassociate the holders identity from the assets and have specific conditions for withdrawal. It also can provide a clean transfer of ownership in the event of a death etc. I am sorry this happened to you, it is becoming more common in the us too. And all of these “companies” seem to establish bank accounts and addresses in Delaware…
A technical solution without the will or ability to enforce it will ultimately be unsatisfying. I remember an old group https://www.419eater.com/ (I guess it is still there). They basically "waste the scammers time". The scams rely on low effort ways to find the target, robocalls, emails, etc. But once the target is found they have to put real effort into implementation. With AI, this will only become easier on their end.
I would look into solutions that would make it harder for them. Like AI chatbots that act like targets, both text and voice. If the majority of their efforts end up being weeks of conversation with an AI before they figure it out then it will not be worth the effort.
Right now it may take them hours to find a viable target then days to extort them. Make it take longer, until it is more lucrative to get a legitimate job.
I used to think it was fun to mess with scammers... but I think these days many of them are forced into it. Basically they are lured in with reasonable sounding job offers then once they find themselves in another country with only their "employer" look out for them, they basically become slave labor.
You need to hurt the ones trapping the slaves that run the scams, and your weapon is the same as theirs... technology.
It's interesting that in our digital age there are tens of thousands of text editors emerge every millisecond but hackers won't do any project that would help their own people to build robust communities and educational platforms, that would teach everyday (cyber)security and computer/tech skills.
First off, I'm sorry. I went down this road with my godmother, $300k still unrecovered, despite lots of information documented.
How did the money actually leave her account once they had access? Was it wired?
Unfortunately the solution for you right now is to focus on rebuilding and acceptance. This is a massive problem, you aren't alone, and it's a reminder that there are shitty people in this world. There needs to be an alert and approval mechanism for outbound wires that older people can be strongly encouraged to set up. Sons and daughters can be notified if there's a massive outbound wire pending and intervene -- scammers are often posing as these people.
> FBI's IC3 and the FTC.
OP is not in the U.S.
Got so wrapped up in the story I forgot the first sentence of it. Thanks, removed that note.
and they wouldn't be able to do anything anyways. That money is moved out of the country and has been laundered 100 fold by now.
I'm sorry this happened to you and your family.
1. Get police reports 2. Use the police report to start an issue with the bank 3. Work with a lawyer and escalate through the courts.
Do all of these things. Don't let the bank staff dissuade you from getting a lawyer involved now.
There is a second "thing to do" which is to regather yourself. You seem to feel, justly, as if your house was robbed. Take care of yourself as if that was true. Do a personal security audit if that is the sort of thing that makes you feel better. Journal, meditate, pray, etc as appropriate.
No defense is perfect and complete. That doesn't mean the defenders stop trying.
Every country needs a digital firewall so outside scammers and scammers can't harass its citizens. This is the primary reason for borders in the first place: allow police to enforce a countries laws.
There are only 3 countries neighboring Cambodia. It could help to mention the country as different countries have different guarantees.
The thing you can do right now is to try and get hold of someone in the bank that can freeze the flows, for the possibility of returning the money. Otherwise, not much can be done.
It's always going to be near impossible to get money back out of Cambodia, which is the implication in the post. You can trivially figure out where the author of the post lives too, but I'm not sure there's much usable advice here.
It is almost impossible. Unlike in developed countries, where banks can offer some level of protection to customers, in third-world countries, banks mainly protect themselves. All responsibility is pushed onto users. Banks take no accountability, and the government protects the banks.
Let me give a concrete example. When money is transferred to scammer accounts, it is immediately distributed across hundreds of other accounts and moved out of the electronic system in under 30 seconds. At that point, everything is gone.
I hate to be the one that says it, but there is only one way to handle scammers like this. They need to be hunted down and put down. All of them and anyone who is involved.
Truth be told that scamming is becoming easier and easier. The problem is that most countries not only allow it, it is part of their GDP. Look at the number of scammers that originate in India. Everyone there knows who they are, there are numerous YouTube channels souly dedicated to exposing them and reporting them to the authorities, yet they still remain active.
Until a more brutal and direct response is used, these organizations and countries will continue to operate. If the attacks Trump has used on drug boats has taught us anything is that a direct response is the best response when dealing with the underworld.
This really should be way this problem is approached. There have been people who have committed suicide because their private data was leaked. It's an altogether serious matter.
It is much easier than you might imagine. Hundreds of thousands of people live together almost like a city, scamming their own people, speaking the same language as their victims. They train day and night to manipulate the human mind, supported by an underlying system of fake accounts. When I was building the system against that, I felt like David facing Goliath. The problem goes far beyond what technical systems alone can solve.
https://cybercrime.gov.in/ you can report cybercrimes here for india. The problem is the police is short staffed and their tech is also not on part with that of the scammers. The slow judiciary system due to staff shortage again makes this difficult
(If you're OP: this is not a solution per se but more of a generalist rant; just so you don't waste critical time)
People talk about changing laws or technical solutions, but the inconvenient truth is that technically literate people should peer-pressure nearby friends/family/etc. into being more aware of such possibilities. I've done so, to the extent that some people find it ether borderline schizophrenic/paranoid (to my "luck", I live in an ex-communist country, where most people are usually skeptical in many contexts with strangers; so this group of people is relatively small).
People who know better bear a responsibility towards helping others who don't; towards those who are too kind (or naive) for their own good; Even though I'm the "tech guy" in my close circles (family, friends,etc.) like many here, I often do the >opposite< of what other "pro-technologists" do these days: I don't encourage people, especially the older generation OR the more tech-illiterate ones to use more technology, because it is obvious that doing so "injects" another vector of attacks into their lives. More often these days this is not possible, everything gets digitalized to the detriment of such groups, but this also delves into the politics of keeping "older options" (cash, paper trails, etc.) available even if digitalization happens. Often times the older options are more secure, though obviously less convenient.
This is a non-solution, yes, but it is the correct way to approach this (imo), as more and more places LEGALLY force digitalization of different institutions(banking, gov. agencies, etc.) which inherently either add, or worse, completely shift the risk into virtual spaces. This is why a "legal" solution is more often than not either a slow one or a completely pointless one. It will always be an arms-race between scammers(which operate more effectively[in theory] due to their decentralized nature) and the gov./banks/etc., which operate in a more centralized fashion, thus demanding and imposing more control above all included parties. A legal way will always demand more than it's worth.
I digress from my shift into politics, but bottom line is this: don't let your peers/family/closed ones get into these situations. If you have "an authoritative" voice regarding tech, use it to first cultivate awareness regarding dangers, before cultivating hype/or anything else. (Obviously not talking about anyone specifically, but the whole "geeksphere" as a whole)
Good luck to you and your family.
The bigger issue here (imvho) is that financial institutions / systems / companies accept (maybe even invite) / tolerate a small degree of fraud as it's "good" for the system.