America’s Scam Crisis

Ken, thank you so much for coming on the podcast today.

Well, I’m happy to be with you.

Awesome. Can you give me a little bit of background about who you are and what you do?

My name is Ken Westbrook, and I am the founder and CEO of Stop Scams Alliance, which is a nonprofit dedicated to reducing the scourge of scams in the United States.

There are a lot of groups out there focused on education and on law enforcement support. We’re not there at all. We’re focused on what I call “left of boom,” which is before the scam happens, trying to prevent the scam from hitting your computer or your phone in the first place.

“Left of boom” seems to imply that you have some military or pseudo-military background.

You’re right. “Left of boom” is a military phrase used in the counter-terrorism business quite a bit. And yes, I served for 33 years in the CIA. I was an analyst there and later on, a manager.

For the last 10 years, I was an executive doing IT, data analytics, and cybersecurity. I worked for the CIA and later, for the Office of the Director of National Intelligence. I was the Director of Information Sharing there.

Wow. So you’ve got a lot of experience dealing with sensitive information and routing stuff.

Yeah. And then later on, I worked for the second- and third-largest software companies in the world—SAP and Oracle. These are very large software and database companies, and security is their bread and butter.

Absolutely. What motivated you to start Stop Scams Alliance?

Well, I was happily retired from the government, and in 2023, on Valentine’s Day, my mom got a pop-up on her computer that led to her losing most of her life savings. I’ve been an analyst and a national security person, and I started looking into this issue of not only my mom, but others’ moms being scammed too.

I became absolutely horrified at what I found. So many people are being scammed, and the vectors are going up, up, up. We’re not doing a good enough job as a nation to defend ourselves. That’s why I decided to come out of retirement and create a nonprofit.

I became absolutely horrified at what I found. So many people are being scammed, and the vectors are going up, up, up. We’re not doing a good enough job as a nation to defend ourselves. That’s why I decided to come out of… Share on X

Now, we have a board of directors that can’t be beat. A lot of former government officials have decided to join us in this fight because we are literally under attack by foreign organized crime and we’re not doing enough to stop it.

How big is the scam issue in the US?

Stop Scams Alliance went to the Gallup organization, the premier polling firm in the country, in 2023. They did a poll and found that 8% of US adults said they’d been scammed in the last year, 15% of US households.

What that amounts to is 21 million Americans each year. Twenty-one million Americans is about the size of Florida or New York. It’s 57,000 people per day. It’s totally enormous and it’s going up, up, up every year.

What does that trajectory look like?

The best data we have on trajectory comes from the FBI and the FTC. The FBI, for its part, is relying on reports from victims. Last year, the FBI reported a 33% increase between 2023 and 2024. If you take it back over a 10-year period, there's been a 20-fold increase in losses reported to the FBI over that period.

Last year, the FBI reported a 33% increase between 2023 and 2024. If you take it back over a 10-year period, there’s been a 20-fold increase in losses reported to the FBI over that period. -Ken Westbrook Share on X

So terms like “skyrocket” or “rocket ship” are absolutely appropriate in this case. It looks like a hockey stick kind of growth, unfortunately. The scammers are getting much, much better at what they do. It has become a business.

The scammers are getting much, much better at what they do. It has become a business. -Ken Westbrook Share on X

There is an article in The Economist magazine recently called “Scam Inc.” because of the business that it’s become worldwide. It’s become a trillion-dollar-plus enterprise.

When you look at the operations here, it looks just like a business with revenues to go along with it. They have HR, onboarding, IT, payment systems, all of the computer systems, just like a business has, and they’re making money hand over fist, and it’s growing, growing, growing.

Do we know where these criminal organizations have become established over the last decade or so? Are they new, or are these organizations that have previously been around doing other stuff and this is now their bread and butter? Or is it now one more tool in their tool chest?

The real start of this as a business can be traced back to 2018–2019, just before and into COVID. There was instability in Myanmar and Southeast Asia, so a lot of Chinese criminal gangs set up casinos there and shifted into scamming operations.

Since then, got a boost during COVID. People were economically desperate, and made them susceptible to being coaxed into either joining voluntarily or in some cases, people are actually kidnapped and brought into Myanmar. Their passports were stolen. They’ve been human slaves and they were made to scam 12, 15, and sometimes even 20 hours a day. If they didn’t meet quotas, they were beaten, starved, or electrocuted.

This started in Myanmar, Cambodia, and Laos. But since then, the UN and other think tanks are reporting they’re starting to expand around the world. There’s now been scam camps identified in Ghana, Peru, and Mexico. It’s so lucrative for these guys that they’re starting to now expand their operations around the world.

Diversifying, but not in a good way.

Yeah. Well, speaking of diversification, the US Treasury Department put out a report about last year that said that some of the drug cartels in Mexico are now starting to scam Americans, especially in the timeshare scam area. If you’re trying to get out of a timeshare lease, then there are these companies that will call you and offer to help you, and then it turns out to be a scam.

Well, these now increasingly are Mexican drug cartels, and they’re using the money stolen from Americans in timeshare scams and plowing that into more drug production, fentanyl production, and dissemination. So there are ties between the drug cartels and scam operations.

Now that’s particularly scary because the cartels are bringing ruthlessness into financial crimes.

Yes. It’s a combination. It’s just this witches’ brew of transnational organized crime that’s now dealing in human trafficking, in fentanyl production and distribution, and increasingly in scams to bolster their bottom line.

While this is a worldwide phenomenon, some of them scam Chinese. They’re Chinese criminals, mostly in Southeast Asia. They started off scamming their own citizens in China. Well, China got wise to that and started to warn their population and started to crack down on the scam compounds a little bit.

So now, according to the reports that I’ve seen, the scammers in Southeast Asia are starting to target and try to recruit more English speakers in order to scam Americans, Australians, British people, more.

We’ve established that this is a crazy problem, and clearly if I’m doing a podcast about it, it’s a crazy problem. At least in the United States, things are getting worse. Are things getting better anywhere else?

Well, it turns out that starting in 2021–2022, the British and Australian governments saw this phenomenon coming and decided to really start getting their act together.

The British government in 2022, as I recall, issued a national strategy, and they appointed someone to be in charge. It’s actually a former member of parliament. He’s the scam czar attached to the British Home Office. The Australian government, for its part, also appointed a scam czar. It’s in the Treasury Department of Australia.

In both cases, they have someone in charge of fraud policy. They’ve developed a strategy. There are slight differences, but in both cases, the government is starting to pay a lot more attention to this. Importantly, the governments are starting to develop public-private partnerships to have the government work hand-in-glove with the tech community.

These scams are a complex problem that involves, very often, the tech community, also telecom, social media, also the banking community. What you have to do is to work together across those industry lines, and the UK and Australia are really making efforts to do that.

Also—we can talk more about this too—they’re starting to put into place authentication means so that it’s easier to detect when you’re talking to a bad guy via phone or text messages or advertising. They’re putting in place methods to discern the good from the bad in terms of communications, and that’s, I think, helping to bend the curve as well.

I think that’s the biggest challenge with the scams. You think you’re dealing with someone that you’re not actually dealing with. What are the programs they’re putting in place and the techniques that they’re using to be able to authenticate better in communication?

Well, let me just foot-stomp what you just said, by the way, to make sure everybody understands that. Very often, you said that it’s because you think you’re talking to a good guy and you’re really talking to a bad guy. You think you’re talking to the IRS, and you’re not. You think you’re talking to your bank, and you’re not.

In fact, a lot of people think that the main ways that scams take place is identity theft. You must have clicked on a link that stole your identity somehow. People tend to think that, and identity theft is a thing. But when you look at the FBI data, that’s about number 10 or 11, as I recall, in the dollar losses.

Whereas the main scams that are taking place are fake investment scams, business email compromise where you’re tricked into sending an invoice to the wrong place, and then number three on the list is the tech support scam that got my mom. All of those are impersonation scams.

In the first case, you think you’re making a real cryptocurrency investment, and you’re not. In the second case, you think you’re sending your invoice on the instructions of your CEO, and you’re not. Then in the third case, the tech support scam, you think you’re talking to Microsoft or your bank, and you’re not. These are all impersonation scams.

The FTC says this. The main scams now are impersonation, where bad guys are able to assume the identity of your bank or a government official and then trick people into making the transfer themselves.  Now, how do you stop impersonation?

: The main scams now are impersonation, where bad guys are able to assume the identity of your bank or a government official and then trick people into making the transfer themselves. -Ken Westbrook Share on X

Let’s start with advertising. In the case of Google, Google now in 17 countries around the world, in order to place a financial ad, you have to be on a government-sponsored allow list or whitelist. A bad guy now has real trouble placing a financial ad.

A financial ad can be particularly dangerous because it could be a well-known actor who says, “I have a cryptocurrency deal for you. Click here.” What Google does now in 17 countries around the world is make sure that financial ads are authenticated.

Meta, for its part, does this in four countries around the world. None of these countries happen to be the United States yet. That’s perhaps a lesson for us. Other countries are finding value in authenticating, especially financial ads, because of the extra risk that they impose.

Other countries are finding value in authenticating, especially financial ads, because of the extra risk that they impose. -Ken Westbrook Share on X

Is some of the reason why they’re going for those first because those are the largest losses in terms of money per event?

Financial ads can be particularly dangerous because they can be like a cryptocurrency, insurance, or things like that that people are used to giving their money to. In the experience of other countries, they do have losses that are outsized compared to other types of advertising. I think that’s why they focus there.

Moving to the telephone, which is another way—especially with older people—scammers love to get scam victims on the telephone because psychologically, you can put people’s hair on fire and create more urgency over the telephone than you can in a text message, email, or other types of communication. In fact, I’ve heard scammers talk about this. When you interview scammers, they say, “Yeah, we like to get people on the telephone.”

So there are now 19 countries in the world that, when an international call comes into their country and it’s pretending to be a domestic call—it’s spoofing a domestic call—the telcos block it. In other words, these countries now know when you’re getting a foreign phone call.

Some countries allow you to opt out of getting foreign phone calls altogether. In addition to the 19, other countries are labeling the phone calls as foreign so that the person is warned about that. These countries are finding great value in that.

Now, in the US, we have a lot of telephone carriers, and that would be more complicated and more expensive to do. But the thing is, we’re going to have to start putting authentication measures like that in place so that we have better confidence in whom we’re dealing with.

Text messages also. There are now three countries around the world that allow you to know when you’re getting a text message from, let’s say, Bank of America. If “Bank of America” appears in the sender ID, then you know it’s really from Bank of America because it’s been authenticated.

We don’t have authenticated text messages in the US. What we have is a phone number or a domain name that shows up, and you don’t really know who’s behind that.

Increasingly, other countries are starting to expand too. I know in the UK, they have a private organization that does this. They’ve expanded it to Portugal, I believe, and a few other countries in Europe. This idea of authenticated text messages is starting to take off around the world.

What are some of the hurdles to that happening here in the US?

We have a lot of hurdles because we have a lot more banks than there are in Australia. We have a lot more telcos here than there are in Australia. It’s more complicated. We have a free enterprise system here, and we allow even very small banks or telecommunications firms to be established, and they tend not to have the money to invest in proper security.

I think we’ve put in place an economic system—for good reason—to allow small companies to flourish, but then we end up paying the price in security as a result of that decision.

I think we’ve put in place an economic system—for good reason—to allow small companies to flourish, but then we end up paying the price in security as a result of that decision. -Ken Westbrook Share on X

Got it. How much success have Australia, the UK, and a few other countries had with these programs? Is it, “Hey, we’re just holding the line and we’ve got this to flatline,” or are they actually seeing a decrease in successful scams?

I happen to have the statistics right here. Let me just say first of all, measuring scams is not easy, and different countries do it in different ways, so it’s a little hard to compare apples to apples. But the best I can do is to say, in Australia, the losses are down 35% since 2022, whereas in the US, it’s up 61% over the same period. So it looks kind of like that.

And then in the UK, it looks flat to down in the last couple of years, where again, in the US, it’s up very significantly in the opposite direction. So it does appear as if the UK and Australia have found ways to start bending the curve. What I tell people is, when they ask me what’s the difference, I think it boils down to three main things.

One is to have somebody in charge. Let me put it this way. I think that we are at war with transnational organized crime gangs who are using cyber-enabled means to attack us over your phone and over your computer. They believe it’s a war, by the way.

There was an Economist interview of a guy who served in a scam camp in Myanmar, and he described how the scammers begin their day. As they come into the room, a Chinese crime boss walks to the front of the room and leads them in a chant.

You know how often in Asian countries you have calisthenics or something to get the blood flowing before work? Well, in Myanmar, when the scammers begin their day, the Chinese crime boss leads them in a chant, and it goes like this: Cripple the economies of the US and Europe. This is World War III.

It’s an economic war.

This is an economic war that transnational organized crime is attacking us with. Now, if you believe that we’re under attack—which I certainly do, as you can tell—what you have to have now is you have to have a general, and you have to have a war plan.

What I told you earlier is what the UK and Australia are creating is they have a general and a war plan. In the US, if you ask the question in our government, “Who’s in charge of fraud policy?” The answer, according to our General Accountability Office, is nobody.

They did a survey recently. There are 13 agencies involved in scams, and the GAO came right out and said that we don’t have a national strategy to fight this. That’s number one—you need to have somebody in charge and a strategy.

Number two, the UK, Australia, and other countries—there are now nine countries in the world—have created national anti-scam centers to centralize the data from banks, from telcos, from victims, so they get a better threat intel picture and are able to move faster to stop scams. This is just like any company would do. You get threat intel in order to identify the attacks, and then shut them down as you see them.

So nine countries have figured this out. Let’s treat this like a cybersecurity problem. Create a threat intel center, and they’re having success with that. So that’s the second thing. I mentioned organization, centralization, and better threat intel.

And then the third thing they’re doing, which I described earlier, is the increased authentication practices, so that you have a better idea of who you’re talking with on the phone, in a text message, or in an advertisement.

Let me tell you the story of fake websites. When you look at the FBI data, the number one scam by far when it comes to losses is fake investment scams.  These have the characteristic, usually, of people being tricked into making what they think is a cryptocurrency investment, but it turns out to be a fake website that is manipulated by the scammers to make it look like you’re making money hand over fist, which prompts you to put more money in, and then they take it all. This is called pig butchering. Very often, you may have heard that term.

When you look at the FBI data, the number one scam by far when it comes to losses is fake investment scams. -Ken Westbrook Share on X

So in Australia, today, the government will take down 20 of those websites. They take down 1300 a week. They’ve taken down over 10,000 of them since they started doing this. Investment scams in Australia are down significantly, on the order of 35% in the last year.

The US doesn’t have that system. We don’t have the threat intelligence to know about them in the first place, and then when we do, we don’t have a quick process in place to take them down quickly.

The UK has a similar system, and it’s done by the government by an arm of GCHQ, which is the equivalent of our National Security Agency. The government in both the UK and Australia is focused, laser-like, on trying to find these fake investment websites and shut them down quickly, and they find that they protect their citizens quite well.

I don’t want to blame existing law enforcement, but the issue is that they’re just not equipped to handle these types of crimes?

Well, I’m not going to blame our law enforcement either. I’ve spoken to them, and they are doing the best they can under tsunami conditions. These folks are being hammered with what they say is a tsunami or an epidemic of scam cases.

According to a district attorney I speak to in San Diego—and San Diego is one of the best jurisdictions in the country when it comes to dealing with scams; they have a task force they’ve created to try to really hammer on this problem—he’ll say that they can’t even open investigations on more than about one-tenth of 1% of the cases that they receive.

The FBI has a program to try to claw back money from people when scam victims report it to the FBI. Last year, they opened up 3,000 cases to do this. But when you compare that to the overall number of complaints they get, again it’s less than one-tenth of 1% that they’re able to even look into. So that’s the tsunami our law enforcement is facing.

I think as a nation, we have to really start looking at how do we raise our defenses against a transnational organized crime threat that’s only going to get worse and worse and worse for three reasons: (1) Artificial intelligence is going to make it very, very difficult to know whether you’re talking to your bank or not in the future. It’s already difficult and it’s going to get a lot harder. (2) The US is increasingly adopting fast payment systems and cryptocurrency, both of which are convenient but they provide criminals the ability to get their money offshore and evade seizure much more quickly too. (3) As I’ve explained, Australia and the UK are raising their defenses, and your cybersecurity guy, where do criminals go when they see defenses being raised?

Path of least resistance.

Yup. They go to the softest target. The Secret Service in testimony last year said that criminals are now telling the Secret Service that they’ve noticed the bank authentication practices going up around the world and are increasingly targeting the United States and our financial institutions because it’s easier for them to operate here. So that’s something of an alarm.

We need to raise our defenses across the board. We need to raise them in the tech space, in the social media space, in the telco space, in the banking space. And consumers too. Let’s not forget consumers who are going to have to become a lot more educated about these very sophisticated threats that are going on. We’re all going to have to raise our defenses. This is an all-hands-on-deck, all-of-society thing in order to fight these transnational organized criminals who are surging and are getting much, much worse.

Let’s go back to your mom’s case. What are some of the tactics that they employed with her to get her to take down her guard or to manipulate her?

Earlier, you talked about your background in the CIA. I know that people are not willingly handing over the keys to their bank accounts to people. What’s happening? Why is this actually working?

This is a very instructive story. I learned a lot from listening to my mom describe what happened to her. Just to set the stage, she was the victim of what’s called the tech support scam. When you look at the number of victims reporting to the FBI, this is the number one scam affecting seniors in the United States of America, by far. Double the number of victims of any other scam is a tech support scam.

What happens is the attack could come through email or a link, but according to Microsoft, most of these occur because of malicious ads. In my mom’s case, she went to look up the obituary of her sister. She looked up in a Google search an obituary website, and when she clicked the link for that advertisement, she said, “Ken, I didn’t click on anything on that site. But then here’s what launched.”

It’s called scareware. It launches on your computer, and it does this. “Please do not attempt to shut down or restart your computer. Doing that may lead to data loss and identity theft. The computer lock is aimed to stop illegal activity. Please call our support immediately.”

This is called scareware, and not only does it have a voice shouting at you, it is saying, “Do not turn off your computer.” Why? Because your best defense is to turn off your computer. -Ken Westbrook Share on X

This is called scareware, and not only does it have a voice shouting at you, it is saying, “Do not turn off your computer.” Why? Because your best defense is to turn off your computer. But older people not only have the audio file and it looks scary, but also sometimes it disables your mouse. It hides the navigation buttons so people don’t know how to close out of their browser when they get this. They can’t use their computer. Your computer still works, of course, but this is put on top of your computer, so you can’t see your computer. All you can see is this pop-up ad.

Then what happens? The whole point of this is to get you to call that 1-800 number. When you call that 1-800 number, you think you’re talking to Microsoft because your phone is spoofed to say Washington State. But in fact, you’re talking to criminals in India who run call center operations. They're pretending to be Microsoft and they’re very friendly to try to help you clear up the computer problem that you’re having.

This used to be a crime that would steal $500 or something for technical support. We did charge $500 for this. Well, these criminals have gotten so much more sophisticated. The FBI now calls the new innovation of this the Phantom Hacker. What the Phantom Hacker is, starting a couple of years ago, my mom was a victim of this.

Once the criminals convince you that you can trust them because they’re Microsoft and they know what’s going on, they told my mom, “Mrs. Westbrook, we see 39 hackers on your computer right now. Very often when hackers take over your computer, they take over your bank account too. Let me put you in touch with the fraud department at….” They didn’t even ask her name. They instead asked for her phone number.

I’m convinced that with the phone number, they were able to look up where she banked, because of various leaks that have occurred in the past. Their next words were, “Oh, we see you have two bank accounts at Chase Bank. Let’s put you in touch with the fraud department at Chase Bank.”

Then her phone is spoofed to say Connecticut, and she thinks she’s talking to Chase Bank. She’s really talking to the guy in the next cubicle over in the call center in Mumbai. But she thought at first she’s talking to Microsoft and now she thinks she’s talking to Chase Bank and, “Oh, Mrs. Westbrook, we can confirm that there’s fraudulent activity on your account right now. We see your money being stolen before your eyes. What you’re going to have to do is go down….”

They sent her to Home Depot to buy gift cards, which is where it started. They had her, 83-year-old woman, driving around town to buy gift cards. Then it progressed to cashier’s checks. -Ken Westbrook Share on X

They sent her to Home Depot to buy gift cards, which is where it started. They had her, 83-year-old woman, driving around town to buy gift cards. Then it progressed to cashier’s checks.

You were telling me earlier that the tellers are now trained. Very often, an elderly person walks into a bank and tries to make a large withdrawal. They’re trained to quiz them about, “Well, do you know the sender? Do you know who you’re saying this to?” The thing is that the criminals are wise to that, and they tell the victims, they coach them about what to say when they walk in the bank.

First of all, they tell them that the bank is in on this. The banks are watching. There are criminals in the banks and they’re helping the cyber criminals steal your money, so you can’t divulge to them that you know what’s going on.

“We are here as government bank investigators helping you recover your money and we’ll keep it safe for you if you transfer it to us. You have to walk into the bank and tell them that it’s a home renovation.” Or later on, she was told to say that she was buying a pickup truck because she was sending cashier’s checks to a company in New York that had an auto business, supposedly.

Finally, a teller and a bank executive were able to tell her that, “Ma’am, the company that you’re sending this check to doesn’t exist. We’ve done a search on the Internet, and this company doesn’t really exist. It’s not a legitimate business. You have to talk to your sons about the situation.” When she did, we were able to unravel it.

Fortunately, the banks, through their training, were able to intervene, but after she lost most of her life savings.

Fortunately, the banks, through their training, were able to intervene, but after she lost most of her life savings. -Ken Westbrook Share on X

If you don’t mind asking, how did that conversation with mom go? I know so many people are really concerned about, “I don’t want to shut them down. I want to be caring. I don’t want her to hide the fact that she was a victim of a crime.” How did that conversation come about?

The first thing that I told her was, “Mom, you have been attacked by transnational organized criminals, and it’s not your fault. It’s not your fault.” Now, unfortunately, too many families don’t really know that. They ask questions about how you could possibly have done that? And how can you be so stupid? That is very unfortunate because just too many Americans don’t know that we’re under attack by transnational organized crime, and that’s where this stuff is coming from.

One brief anecdote here. You’ve probably gotten the toll road scam.

Yup.

Everybody in America’s gotten the toll road scam. Do you know where it’s coming from?

I did find it interesting that at least most of the text messages that I get come from a Philippine country code telephone number.

Well, so they do sometimes come from Philippine telephones, or they come from web domains that have been taken over too. But that’s not really where they’re coming from. The perpetrators here are, according to many investigators, Chinese cyber criminals who live in Southeast Asia.

They have bought Chinese SMS phishing kits. They use Chinese character keyboards. They speak Chinese. The volume of these attacks goes down around Chinese New Years. It’s very clear that these are the same gangs, probably, who used to do the UPS package on the way, and then they shifted to toll road.

The most recent innovation in the last month is you have a ticket from the DMV.

Yes. I’ve started to get those ones.

You started to get those just about a month ago, right? It’s probably the same Chinese criminals who are doing this. You, my friend, have been attacked by Chinese cyber criminals. Congratulations. So have I and everybody in America has been. We have to start recognizing that we’re being attacked here, and we have to raise our defenses.

When you phrase it that way, the visceral and gut response to me is different. Normally, when we think of a scammer, we think of some guy in his mom’s basement, whether they’re in the US or not. We just think of it, “It’s just a lone-wolf guy trying to make a few extra easy bucks.” Not, “This is a well-run, well-organized assault.”

Correct. There are some criminals and cyber criminals in the US—let’s not forget that—especially the money mules, the people who collect the money.

When my mom was sending cashier’s checks, she was sending them to addresses in California, Colorado, and New York. There were people there picking up those checks, cashing them, and laundering that money. Those criminals were here in the US, but the kingpins are mostly overseas. According to law enforcement, people I talk to, they use words almost all or 90% to describe where it’s really coming from.

What Americans have to realize is not only our people’s, not only was my mom’s life savings stolen, not only are 21 million Americans are being scammed each year, you have to realize that these dollars are leaving our economy and they’re going overseas in rivers to fund more and more and more transnational organized crime, support more human trafficking, more drug running, more human slavery, and even in some cases, terrorism.

All that is absolutely terrifying. You and I were talking before we started recording. At some point, we’re going to age out of this. Our parents and our grandparents will pass away. We’re young, we’re resilient, we’re tech aware. This isn’t going to happen to us. Even if society doesn’t take care of this, we won’t have to because it’s just going to go away because we’re all going to be educated.

I’m told that sometimes in presentations that I do, “Aren’t we going to age out of this? Isn’t this mainly an older person thing?” The US Congress has phrased this as an elderly issue. There are a lot of laws on the books that talk about elder fraud. The Department of Justice is required each year to put out a report on elder fraud. The FBI puts out a report on elder fraud.

People get the impression that this is mainly people of diminished capacity who are falling victim to these things. But it turns out that there are many surveys, including the one that Stop Scams Alliance worked with Gallup in 2023, that shows that younger people, people under the age of 50, according to Gallup, are reporting victimization rates at twice that of older people.

Remember I told you the number one scam by dollar loss is fake cryptocurrency investments. That’s not discrimination on the basis of age at all. Younger people are being sucked into that as much as older people are. It’s the second costliest crime that the FBI tracks as a business email compromise. Again, that’s not an older person thing. Younger people are being attacked equally.

Is it just that maybe people who are older have more resources and they’re less quickly able to recover from it? Whereas someone who’s a millennial, the theft may only be $1000? Whereas if it’s our parents or grandparents, it might be 10 times or 100 times that? But the younger person at least has the opportunity of, “OK, I’ve got decades ahead of me of working to make up for this.”

Of course, it is important as a society that we protect our elderly population. You’re right to say that, as I said, by numbers, people under the age of 60 are more often victimized. But you’re absolutely right to say that people over the age of 60 lose a lot more money in these things.

The average loss reported to the FBI last year from an older person is $83,000. Some people lose millions. They lose it at a stage of their life where they can’t recover. -Ken Westbrook Share on X

The average loss reported to the FBI last year from an older person is $83,000. Some people lose millions. They lose it at a stage of their life where they can’t recover.

Let me tell you one other thing about older people too. There’s strong evidence that criminals are attacking older people through malicious advertising, through ads that are geofenced to where seniors happen to be living. Even looking at their computer, fingerprinting their computer to see the characteristics of their computer. When you add up where the person is located and the characteristics of their computer, you can be quite confident this is an older person. That’s how tech support scams can be targeted at older people, for example. It’s very scary what’s going on with that.

There was a company that I talked to who analyzes this stuff. They said, for example, after the presidential election last year, there was a spike in malicious ads, the scareware that I showed you, right after the election on news sites where older people were going to look at the news. Older people are being targeted by cyber criminals because of their demographic.

And I assume younger people are just being targeted with something different. I don’t know what the scam would be, but probably more on dating apps and things like that are the more target vectors.

Advertisers are very smart people in the advertising business, and they’re getting better and better at micro-targeting for advertising purposes. Well, guess what? The criminals are studying that very closely, and they’re using the same techniques to do more and more micro-targeting of potential scam victims.

What is the individual to do? Clearly, there needs to be a concerted joint effort and bigger plans, but how does the individual play into that?

We all need to be aware of our surroundings and the threats out there. Do your best to observe the FBI public service announcements that are out there as to what the main threats are and how to deal with them. That’s one thing.

But people need to know too, just to be very wary about getting communications from someone you don’t expect. When you get a phone call from someone you don’t expect, you have to assume that that is not a legitimate call. -Ken… Share on X

But people need to know too, just to be very wary about getting communications from someone you don’t expect. When you get a phone call from someone you don’t expect, you have to assume that that is not a legitimate call. When you get a text message, you have to be very wary. Basically, links cannot be trusted unless you absolutely know who’s sending it to you. I would advise people just don’t click on links because you cannot really know where that thing’s going to take you.

The toll road scam is not designed to steal your $10. Instead, what it’s doing is presenting a link that takes you to a webpage that looks like an official toll road website where you’re enticed to put in your bank information, and then they steal money out of your bank account for more than $10. That’s what they’re trying to do, and it’s all through that link that you can’t trust that they’re able to hook you. You think it’s authentic and it’s really not.

Unfortunately, we’re at a stage where we just can’t trust any interactions that we didn’t start.

That’s correct. You have to be very wary about that. Older people tend to fall into that quite a bit. They’re used to answering the phone. They’re used to being able to tell who they’re doing business with.

There are a lot of stories out there now of the grandparent scam, where someone on the phone is pretending to be your grandson, he’s in jail, and he needs help from grandma.

Increasingly in the future, it’s going to be quite easy to clone someone’s voice. It will really be your grandson’s voice. You won’t be able to tell the difference because it is his voice. You won’t be able to know whether you’re talking to a family member or your bank or whatever, unless we start taking actions to authenticate our communications, which is what we’re going to have to start doing.

If you have any suspicion that you’re not talking to the person who you think you’re talking to, you’ve got a code word.

Exactly. Two-factor authentication.

Yeah, two factor authentication for different situations. I just need to remember 8,000 code words now for every person and business that I do business with.

If people want to learn more about what Stop Scams Alliance is doing, where can they find you online?

We do have a website. It’s a very well-designed website. I designed it myself. It’s www.stopscamsalliance.org. I’ve now written five op-eds in major newspapers. I’ve written now three statements for the record for the US Congress to lay out a strategy of how we need to start thinking about this problem and how to start more effectively fighting back against the transnational organized crime gangs.

I would invite anyone to read those, to contact us through the website, to help out in any way you feel fit. This is an emergency. We are under attack by transnational organized crime, and we need to start raising our defenses.

Awesome. Ken, thank you so much for coming on the podcast today. I really appreciate everything that you’ve shared with us today.

You’re welcome. It’s a pleasure to be with you.

 

 

Click to tweet: I became absolutely horrified at what I found. So many people are being scammed, and the vectors are going up, up, up. We’re not doing a good enough job as a nation to defend ourselves. That’s why I decided to come out of retirement and create a nonprofit. -Ken Westbrook

 

 

Click to tweet: Last year, the FBI reported a 33% increase between 2023 and 2024. If you take it back over a 10-year period, there’s been a 20-fold increase in losses reported to the FBI over that period. -Ken Westbrook

 

 

Click to tweet: The scammers are getting much, much better at what they do. It has become a business. -Ken Westbrook

 

 

Click to tweet: The main scams now are impersonation, where bad guys are able to assume the identity of your bank or a government official and then trick people into making the transfer themselves. -Ken Westbrook

 

 

Click to tweet: Other countries are finding value in authenticating, especially financial ads, because of the extra risk that they impose. -Ken Westbrook

 

 

Click to tweet: I think we’ve put in place an economic system—for good reason—to allow small companies to flourish, but then we end up paying the price in security as a result of that decision. -Ken Westbrook

 

 

Click to tweet: When you look at the FBI data, the number one scam by far when it comes to losses is fake investment scams. -Ken Westbrook

 

 

Click to tweet: This is called scareware, and not only does it have a voice shouting at you, it is saying, “Do not turn off your computer.” Why? Because your best defense is to turn off your computer. -Ken Westbrook

 

 

Click to tweet: They sent her to Home Depot to buy gift cards, which is where it started. They had her, 83-year-old woman, driving around town to buy gift cards. Then it progressed to cashier’s checks. -Ken Westbrook

 

 

Click to tweet: Fortunately, the banks, through their training, were able to intervene, but after she lost most of her life savings. -Ken Westbrook

 

 

Click to tweet: The average loss reported to the FBI last year from an older person is $83,000. Some people lose millions. They lose it at a stage of their life where they can’t recover. -Ken Westbrook

 

 

Click to tweet: But people need to know too, just to be very wary about getting communications from someone you don’t expect. When you get a phone call from someone you don’t expect, you have to assume that that is not a legitimate call. -Ken Westbrook