Q&A highlight
Posted16 days ago
Key Takeaways
How are scammers able to operate bank accounts without leaving any traces, and why don’t the police and banks have the power to reverse transactions that are obviously fraudulent.
As an engineer, I hope that I can gain more knowledge, connect with more people, and do more to help those who have no one to protect them.
I realize that in society we don't typically care for these kinds of approaches, but how else do you actually deal with literal evil that sits safely on the other side of the globe, when their own governments won't do anything to stop it?
The problem is, in reality any such activity would largely be indistinguishable from terrorism.
The thing you can do right now is to try and get hold of someone in the bank that can freeze the flows, for the possibility of returning the money. Otherwise, not much can be done.
Let me give a concrete example. When money is transferred to scammer accounts, it is immediately distributed across hundreds of other accounts and moved out of the electronic system in under 30 seconds. At that point, everything is gone.
This may not help, but you have my utmost sympathy. An elderly lady that I know recently lost her husband and her only son, and got scammed out of much of her savings by people exploiting her horrible circumstances. She had to come out of retirement and go back to work because of it.
I think crimes like this are among the most evil you can commit to people. I really wish that law enforcement organizations would chase these down and prosecute as aggressively as they would if there had been a murder or something committed. They are fully capable of doing so when it's something that they care enough about, but they just don't seem to care about people like your mother and my friend. It breaks my heart and I really wish I could do something about it as well.
How did the money actually leave her account once they had access? Was it wired?
You went to the police station, I presume they also had you file with the FBI's IC3 and the FTC.
OP is not in the U.S.
Truth be told that scamming is becoming easier and easier. The problem is that most countries not only allow it, it is part of their GDP. Look at the number of scammers that originate in India. Everyone there knows who they are, there are numerous YouTube channels souly dedicated to exposing them and reporting them to the authorities, yet they still remain active.
Until a more brutal and direct response is used, these organizations and countries will continue to operate. If the attacks Trump has used on drug boats has taught us anything is that a direct response is the best response when dealing with the underworld.
I find this comment quite out-of-touch. There is significant state effort throughout South-East Asia to combat cyber scams. Yes, those include education, they include cybersec, they include banking regulation, they include police work.
On just the front of education, you have to accept the reality that (not specifically referring to OP) you have a significant population who only understand to use the phone to call relatives, then trust relatives with everything online, as they forget in a week or month what they learned today owing to their advanced age, instead requiring relatives to guide them through navigating the digital world every time they interact with it (something that is becoming unavoidable).
One thing is the government must act. These calls are mostly done from abroad. Phone companies can implement some protective measures. Banks too need to watch for common patterns (doesn't always help because scammers talk the victim around the checks). The society as a whole needs to get aware. What a single person could do is to keep contact with the relatives. I've read an expert report on one such case; the author wrote that even a single close someone could break the trance and stop the scam. In that case the victim happened to be a popular singer seemingly never alone, yet as it turned out she actually was a lone old lady with not a single confidant close enough for more than a month.
She was, of course, shattered with what happened (she lost close to $3M), but after some time in one if her interviews she said: "I will survive". She said it in Russian and did not comment on the phrase further, it must be too personal. Yet of course she meant that song. The song helps her. The song's story is different, but the emotion is same. We have all our love to give. A hard hit will do good if it makes us to commit on that.
And that is bad because...?
Just like not all Ukrainians were slaughtering Polish people in most barbarian ways, icluding newborns and pregnant woman in Wołyń
Similar to Streisand Effect, there's now in Russia the term Dolina Effect [0] after this singer, referring to these "grandma schemes" where criminals direct the elderly to sell their property and then renege, relying on courts siding with them to keep the property and the money. Whatever the real story is, it's all so messed up.
(Most such sales happen at a large discount; half price is not uncommon. In many cases the buyer can clearly see something is off. Yet the price is so sweet the buyer cannot resist and risks getting sued afterwards. Of course, maybe this particular case is an exception.)
As for the human side, I have already shared my story within a closed community where other engineers know me personally. I am not begging for help; my goal is to inform more people about this situation and, if I am fortunate, to find others who are willing to join me in this fight.
A small gesture, but anything that can help I'm all for.
People talk about changing laws or technical solutions, but the inconvenient truth is that technically literate people should peer-pressure nearby friends/family/etc. into being more aware of such possibilities. I've done so, to the extent that some people find it ether borderline schizophrenic/paranoid (to my "luck", I live in an ex-communist country, where most people are usually skeptical in many contexts with strangers; so this group of people is relatively small).
People who know better bear a responsibility towards helping others who don't; towards those who are too kind (or naive) for their own good; Even though I'm the "tech guy" in my close circles (family, friends,etc.) like many here, I often do the >opposite< of what other "pro-technologists" do these days: I don't encourage people, especially the older generation OR the more tech-illiterate ones to use more technology, because it is obvious that doing so "injects" another vector of attacks into their lives. More often these days this is not possible, everything gets digitalized to the detriment of such groups, but this also delves into the politics of keeping "older options" (cash, paper trails, etc.) available even if digitalization happens. Often times the older options are more secure, though obviously less convenient.
This is a non-solution, yes, but it is the correct way to approach this (imo), as more and more places LEGALLY force digitalization of different institutions(banking, gov. agencies, etc.) which inherently either add, or worse, completely shift the risk into virtual spaces. This is why a "legal" solution is more often than not either a slow one or a completely pointless one. It will always be an arms-race between scammers(which operate more effectively[in theory] due to their decentralized nature) and the gov./banks/etc., which operate in a more centralized fashion, thus demanding and imposing more control above all included parties. A legal way will always demand more than it's worth.
I digress from my shift into politics, but bottom line is this: don't let your peers/family/closed ones get into these situations. If you have "an authoritative" voice regarding tech, use it to first cultivate awareness regarding dangers, before cultivating hype/or anything else. (Obviously not talking about anyone specifically, but the whole "geeksphere" as a whole)
Good luck to you and your family.
These kind of scams have become a huge problem in India (look up “digital arrest” scams). People of all backgrounds and age groups have lost a lot of money (to put it in US dollar equivalent amounts, imagine a person losing few hundred thousand dollars to a couple of million dollars). There is nothing like “digital arrest” in Indian laws. The government has tried to warn people about this.
The larger problem seems to be a combination of factors across disinterested entities:
1. The police aren’t interested in solving these (there’s a separate division for cybercrime). Filing a formal report is usually thwarted and avoided by the police. Even if they show some interest, it always involves paying them fat sums of money. There’s no guarantee that they can recover the money.
2. The banks aren’t interested in solving this. It seems like specific bank branch managers are involved and just stand by allowing large transactions (like cash withdrawals) to just be approved without raising any questions or concerns. All the talk by banks about “risk management” (alongside compliance matters) goes out the window just for the victims of these scams.
3. With SMS OTPs being common and the scammers recruiting some locals to run SIM farms/phone farms, the telecom companies aren’t interested in solving issues within themselves either. Though there is a limit of nine phone numbers (total) per person in India, and though there is on paper a KYC process (including a live video) to get a phone number, the telecom companies have systems and employees who can provide numerous numbers based on stolen or fake IDs.
4. The government is a bystander and appears helpless. Instead of creating laws and enforcing existing laws, it focuses on some awareness that these scams are not genuine.
5. The Supreme Court finally ordered CBI (the Indian equivalent of FBI) to investigate these scams.
So there you have it: none of the entities involved has any interest or will to do something about the problem. There will always be excuses that the scammers are in another country.
To @dang and the moderators: I honestly do not understand why this topic was flagged. This situation is real and very painful for my family, and it is beyond my imagination that sharing it would be a problem.
Sorry for any distress over this. The moderators didn't flag (or see) it. Users flagged it, and whilst we never know why users flag things, in this case it may have been because it seemed outside of HN's usual scope. But as moderators we think it's fine if the community is able to discuss a topic like this and provide meaningful advice and help. We're really sorry this happened to your family, and we wish you well in finding a way forward.
As I mentioned before, HN is a technology community. I hope that one day I can share only technical topics here, so we can focus the discussion on technical matters. I hope we can stand together as engineers, doing our part and taking responsibility, even if that does not fully address the root causes.
I would have that setup for my parents so that if they ever called me for the 2nd code, I could ask questions about why they need it.
While I’m not too worried about my 83 year old mom, she is more tech savvy than most and has been using computers since 1986, I do worry about my dad if my mom passes first. He’s a lot more gullible.
This might not be sufficient. We need 4FA or, better, 5FA.
No affiliation other than using their products:
I would look into solutions that would make it harder for them. Like AI chatbots that act like targets, both text and voice. If the majority of their efforts end up being weeks of conversation with an AI before they figure it out then it will not be worth the effort.
Right now it may take them hours to find a viable target then days to extort them. Make it take longer, until it is more lucrative to get a legitimate job.
I used to think it was fun to mess with scammers... but I think these days many of them are forced into it. Basically they are lured in with reasonable sounding job offers then once they find themselves in another country with only their "employer" look out for them, they basically become slave labor.
You need to hurt the ones trapping the slaves that run the scams, and your weapon is the same as theirs... technology.
Unfortunately the scams themselves range from amazingly complex to what should be really easy to spot. I make it a rule to NEVER give personal information to someone that calls me unexpectedly, at least nothing that isn't already effectively public information. Annoying when your doctor's office has an automated system that calls and the first thing it does is ask for your social security number... My response is "nope, not doing it" and that's what I told anyone that would listen at that office every visit... it's training people to get scammed.
1. Get police reports 2. Use the police report to start an issue with the bank 3. Work with a lawyer and escalate through the courts.
Do all of these things. Don't let the bank staff dissuade you from getting a lawyer involved now.
There is a second "thing to do" which is to regather yourself. You seem to feel, justly, as if your house was robbed. Take care of yourself as if that was true. Do a personal security audit if that is the sort of thing that makes you feel better. Journal, meditate, pray, etc as appropriate.
No defense is perfect and complete. That doesn't mean the defenders stop trying.
One urgent warning I want to share is about how scammers are now using AI.
In my country, they are already using AI for video calls, voice cloning, and highly scripted conversations. The person on the screen can look and sound real. The conversation feels natural and authoritative. For many people, especially older relatives, it is almost impossible to tell that it is fake.
This is no longer about obvious scam messages or bad phone calls. AI is making scams feel personal and trustworthy. Please warn your families. No bank or authority will ever ask for OTP codes or urgent transfers, even if it is a video call and the person looks real.
Think of it this way: If I needed a document from your house, would you give me a permanent copy of your keys? Probably not. Unlike a physical key, a shared password can never truly be taken back.
No legitimate organization needs full, permanent control over your bank account. If a situation feels incredibly urgent, it is almost certainly a scam.
• Taxes? The government already has the access they need. • Loans or Visas? Ask for payment instructions or a formal bank certification instead.
Everything can wait a day—except a scammer. Educate your circle: urgency is their greatest weapon.
November 1st I received an email that I had been hacked and all private data including a video of me was owned. I got really emotional but then after reading it, I saw it was a generic threat and nothing could be done.
You are asking, what can be done? Start with the basics, strong password and MFA everywhere. Avoided pirated Windows, and if you can avoid the OS entirely as well. Basic cybersecurity awareness need to be taught in schools. After 23andme, a lot of companies just have very shitty practices as well.
Not affiliated with Hacker News or Y Combinator. We simply enrich the public API with analytics.