Three years ago, Bob Hartman fell for a scam that cost him US$50,000 (RM233,125).

He’s still paying for it with US$400 (RM1,865) monthly payments on an interest-only home loan that the scammers pilfered as part of the fraud.

While Hartman acknowledges he was tricked, he says his bank didn’t do enough to protect him.

“If a scammer’s tools are more advanced than Bank of America’s security measures, something is wrong,” he said.

His complaint is shared by others who fall for bank-related scams. They ask why their bank couldn’t help them to protect their money.

The answer isn’t that complicated, really, however disheartening it may be. Successful scammers aren’t typically breaking into people’s bank accounts without assistance. Instead, they fool their victims into moving money on their behalf.

By the time the victim catches on, in most cases, the money is long gone. Freezing the account that received the funds won’t do anything if the money isn’t there anymore.

Returning the funds to a customer would mean the bank taking a loss, something few are willing to do.

Banks, for their part, all have warnings about scams on their websites. But scammers are smart. And they’re nimble, altering their game just enough to trick the next victim.

Despite all the cautions, 2.4 million people reported fraud scams to the US Federal Trade Commission in 2022, agency data shows. They said they lost a collective US$8.8bil (RM41.03bil) to fraud, 30% more than the year before.

Imposter scams – when a con artist pretends to be an official from a company or government agency – were the third most common kind of complaint, making up 14% of reported scams.

It was an imposter scam that tricked Bob Hartman.

How it happened

Hartman’s phone rang and the caller said he was a representative of Microsoft.

“He informed me that I had many corrupted files on my computer and they needed to be removed immediately or my system would crash and become inoperative,” said Hartman, 75.

To demonstrate he was really from Microsoft, the caller gave Harman the real Microsoft phone number and address and offered to install a new security system called “Advanced System Care,” which would fix and preserve the machine, Hartman said the representative told him. And he’d get a US$400 (RM1,865) “thank you bonus” when the work was done.

“In order for him to deposit the bonus, he asked for the name of my bank,” Hartman said, and he replied it was Bank of America. “He never asked me for my password or checking account number.”

Hartman said his account information and passwords weren’t stored on his computer, so how the scammer did what happened next is a mystery.

The fake representative told Hartman to turn on his computer. Hartman said he did, and entered his computer’s password, which he said he never gave to the caller. Hartman also said he never downloaded software to give access to his machine and he didn’t click on any links, so he wasn’t sure how the fake representative suddenly had access to the computer.

“I figured that since he represented Microsoft, he knew which Windows version I used and controlled the computer from his computer at Microsoft,” Hartman said.

The fake representative proceeded to print out on Hartman’s printer what appeared to be his checking account statement. It was supposed to show a US$400 (RM1,865) deposit, but instead, it showed one for US$28,400 (RM132,415).

The representative said he made an error. He overpaid. Hartman, calling himself “honest,” said he wanted to return the extra money.

“He said the accounting department wanted me to wire transfer the overage of US$28,000 (RM130,550) to ‘The Microsoft Bank’ in Bangkok, Thailand,” he said.

When he asked, “Why Bangkok?” the representative said Microsoft gets a better deal per transaction by using an offshore account.

The representative told him to go to his bank branch to initiate the wire transfer.

“Once I arrived at the Bank of America branch, located in Red Bank, he instructed me, through my cellphone, to tell the Bank of America customer service rep that the wire transfer was to pay for my wife’s jewellery that I had purchased for her,” Hartman said.

He said he told the jewellery story to the representative, who completed the wire transfer with no further questions.

The fake Microsoft rep said he’d check back with Hartman the next day to make sure the transfer went through, and that’s when he stepped up the scam.

When the con artist called, per his instructions, Hartman checked his account, but it appeared the transaction was cancelled.

“He told me to resend the wire transfer, this time for the amount of US$24,445 (RM113,974) – this amount would not cause a red flag since it would be under the US$25,000 (RM116,562) limit,” he said. “The representative said that Microsoft would sweeten the pot by giving me another US$3,150 (RM14,686).”

Hartman said he was told to go to a different branch and to send the funds to a different bank in Thailand.

When that was complete, the scammer had a warning: Hartman shouldn’t log into his account until after the weekend because his computer needed to be reset.

Hartman, though, didn’t take that advice. When he turned on his computer a few hours later, he saw he needed a new password to get in.

He called the representative for help, but there was no answer. He called again and again. No answer. He tried texting. No response.

That’s when Hartman called Bank of America and realised he had been scammed.

He learned that the first wire transfer that was supposedly cancelled was indeed not. The scammer had that money, and when Hartman initiated the second wire transfer, his account went negative so US$25,000 was automatically transferred from his home equity line of credit to his checking account to cover the funds.

Hartman said he reported the fraud to Bank of America and also to Microsoft, which confirmed the representative who worked on his computer didn’t exist.

He received letters from the bank two months later, both saying the same thing.

“Unfortunately, the attempt to recover the funds was not successful. We now consider the case closed,” it said.

The money is gone

Over the past three years, Hartman filed complaints to the New Jersey Department of Banking and Insurance, the Federal Trade Commission, the Office of the Comptroller of the Currency, his local police department in Little Silver and his local lawmakers.

No one was able to help, he said.

He argues that the bank should have flagged the transactions just as it would for unusual credit card charges.

“Bank of America did not have sophisticated anti-theft software to prevent the scammer,” he said. “When the scammer printed out my current checking account activity to show the amount deposited into my checking account on July 9, 2020, and on July 10, 2020, that act in itself showed me how vulnerable customers are due to the fact I never gave him my account number or password, yet he printed out my entire current bank statement.”

Bank of America said it offers warnings on its website about scams, including the one that tricked Hartman.

It said in Hartman’s case, it contacted the bank that received the money when the fraud was reported, but the money could not be recovered.

It has renewed that request, spokesman Bill Halldin said, noting that customers who are struggling to make payments can ask the bank for help.

“When a client faces a situation that impacts their ability to make payments, they should contact us and we will review the matter on a case-by-case basis,” Halldin said.

Should the bank have flagged the transactions? Should the tellers have seen red flags? Maybe.

Do financial institutions need to keep better pace with scammers? Absolutely.

But so do we as consumers.

“Banks are not keeping pace with scammers who somehow evade the security systems the banks employ and are at least one step behind them. They have a fiduciary responsibility,” Hartman said. “The very fact that there were no codes, no passwords? What does that say about security? If the scammer’s tools are better than the bank’s, we’re all screwed.” – nj.com/Tribune News Service