I read the very sorry story of the British mother who is now homeless after handing over £250,000 to Instagram scammers posing as Alexander Ludwig, Charlie Hunnam, Nicky Byrne and Michael Ray. Now, I would never fall for a scam like this (for one thing, I’d never heard of any of these people) but I am sure there are other scams I might fall for. We all think that we are too smart to be scammed, which is why scams work. But what can we (as the industry) do?
There is a particular problem with scams that deliberately target older members of the community, in essence forming a category of elder abuse thar is endemic in the new economy. Telling people to be careful who they answer phone to and who they should ignore on social media is not good enough as is made clear in the fraud figures. The FBI reports that Americans aged 60+ lost more than $3.4 billion to scams in 2023 and the Global Anti-Scam Alliance estimates that scam losses exceeded $1 trillion over a recent 12-month period.
One particulat subcategory of fraud involves Bitcoin ATMs. These are beginnng to show up in the figures too. Bitcoin ATM fraud reached $333 million in 2025, with older adults being the most affected. A typical case is that of Steve Beckett, 66, of Indiana. His computer froze and a message directed him to call what turned out to be a phony Microsoft service hotline. This led to a series of calls with his “bank” and the “Federal Reserve” who told him his life savings were at risk and they must be converted into bitcoin. He withdrew $4,000 from his bank and drove to a Circle K with a Bitcoin Depot ATM. On the phone, the scammers walked him through how to deposit the funds. I could go on. In fact I will. An 80-year-old man who fell for the same scam withdrew almost $60,00 from JPMorgan Chase and deposited it into a Bitcoin ATM.
(Note that according to the FTC older adults reported the highest aggregate losses to frauds facilitated by bank transfers or payments to send money in 2024, the latest year for which figures are available. The second highest aggregate reported losses were on frauds facilitated by cryptocurrency transfers: for those older adult credit cards and gift cards still the main vehicle for shifting life savings to fraudsters.)
TV ads, radio shows, podcasts and pamphlets galore warn people to beware of scams. The FTC’s own “Pass it on” campaign goes back more than a decade and it has distributed more than 23 million items since the campaign began, including nearly 1.7 million items in fiscal year 2025. The materials are distributed through community banks, libraries, police departments, military support groups and educational and community groups nationwide.
In the UK we have the “Take Five” campaign to warn people about frauds and I am sure most other countries have something similar. You certainly cannot accuse the regulators of inaction, though whether their actions actually make any difference to fraud is a different matter. The UK Financial Conduct Authority (FCA) efforts include, rather implausibly, a pop=up ATM with a seal inside (yes, you read that right: Emil the Seal) at a train station to warm commuters about the dangers of investment scams. Inexpliably, these sort of things seem to have a little impact on crime. The Office for National Statistic (ONS) latest crime survey showed more than four million fraud incidents last year and bank and credit fraud up by a fifth.
Did such warnings help the Canadian pensioner who was scammed out of her life savings (totalling approximately $800,000) after her she spoke on the phone to someone that she believed was a representative of her bank. Over a series of phone calls, the woman was told to withdraw all funds from her account and deposit the cash into cryptocurrency ATMs. She was also told to cash in her life insurance policies, and on three different occasions, she met with men near her home and handed over gold bars she had purchased.
Now, you would think that if a pensioner wanders in to a bank branch in Canada to withdraw hundreds of thousands of dollars in cash, an alarm bell would go off somewhere. Come to that, you would think that if someome walked into a bank branch to withdraw six million dollar in cash an alarm bell would go off somewhere too.
(This happened in Thailand, twice, and in a coincidence that is surely uncorrelated, in an election year. The governor of the Bank of Thailand Vitai Ratanakorn recentlly asked the perfectly reasonable question “who needs 250 million baht in cash” at a seminar.)
But then what? After the alarm bell goes off, that is. In the UK, Lloyds did a great job of not only spotting a scam and then not only spoke to the elderly victim on the phone and blocked a number of transactions, even called him into a branch to tell him face-to-face that he was being conned. The customer, though, insisted that the payments went through. Fortunately, Lloyds other customers and shareholders stepped in to make him whole again under what is known as the “contingent reimbursement scheme” (CRM). CRM means that you can send money to fraudsters and it doesn’t matter because banks have to giv eyou back your money. In this particular case the bank ended up paying back the full £153,000 despite the fact that the “customer did not take appropriate steps to verify that the person he met online was genuine”.
Well, quite. But what are these appropriate steps the customers are supposed to take? And what does “genuine mean anyway”?
There are two different problems to be tackled here: first of all the customer needs to know if they are talking to a real person or not and second of all the customer needs to know that the person they are talking to is authorised to do whatever it is they claim to be doing. How can we help customers to answer these questions, bearing in mind that they know nothing about bots or banking or digital signatures or
In many cases, just knowing whether you are talking to a bot or a person is good enough. For example, I recently posted a response to a question on LinkedIn. The question made it clear that the “person” I was discussing the topic with did not know the first thing about it, so I posted a slightly snarky response. A friend on LinkedIn messaged me to point out that I was arguing with a bot whose function was to drive up engagement, not to engage in the relentless pursuit of truth. So when granded gets a message on Instagrambook or whatever, that message should show up in red if it does not come from a person.
Snippings 