Security Articles & Alerts

National Cybersecurity Awareness Month

Did you know that National Cybersecurity Awareness Month is observed every October? Launched in 2004, the effort looks to ensure every American has the resources they need to stay safer and more secure online. With the help of the American Bank’s Association and the National Cybersecurity Alliance, we will be promoting awareness and providing resources for our customers about staying safe when banking online.

Here are some resources you can refer to at any point in time:

American Banks Association:

National Cybersecurity Alliance:

Follow us on social media as we post more tips and tricks throughout the month!

 

Security Articles & Alerts

Rising fraud cases come in many different forms

Unfortunately for citizens of the United States, fraud never has been more prominent. Banks around the country have seen the number of fraud incidents in 2021 surpass the total from all of 2020, and we’re not even through the summer yet. Customers of The Village Bank should beware of many different types of fraud. Here are a few examples, along with some ways to protect yourself:

IMPOSTER SCAMS

How they work: You might get a call or email from someone pretending to be a friend, a member of your family, a government official or someone you met online. The fraudster will ask you to wire him/her money for a number of different reasons, usually an emergency.

What you can do: The smartest action would be to call that person. If the email in question is from a family member, call them to confirm their situation. Odds are they would have called and not emailed you in the first place. The same strategy applies if the message is from a government official. No real government agent or agency will ever ask you to wire money to them.

IDENTITY THEFT

How it works: A fraudster will obtain your credit card information, social security number, Medicare number, etc., and compile a bill in your name.

What you can do: The best defense against identity theft is to use strong and secure passwords for all your accounts. Also, never give out your social security number unless it is a trusted source on a secure platform. Another way to protect yourself is to shred any document that has this information of it before throwing it away.

CHARITY SCAMS

How they work: You will be contacted by someone asking you to make a donation to a charity. It might sound like something you’ve heard of or even donated to in the past. Typically, the fraudster will try to pressure you into donating quickly with cash or a money wire. Often they will not send you any specific information about their “charity” or what the money will be used for.

What you can do: One way to deal with this is to ask the “charity” to send you information in the mail. If the person agrees, make sure to do some research before the information arrives to be sure it is a legitimate source. Another option is to ask the “charity” a lot of questions. For example, you could ask how the charity wants to be paid, if the donation is tax deductible, how much of it goes to the charity, what the money will be used for, etc.

“YOU’VE WON” SCAMS

How they work: Somebody will contact you saying you’ve won something, perhaps a trip, a car or another expensive prize. The fraudster will sound excited on the in order to make you to feel like it is real. Then, in order to claim your winnings, the fraudster will tell you there’s a small fee and that your credit card or bank is required.

What you can do: Unless you remember entering a contest and can prove it’s real, never give out this type of information to someone claiming they need it.

At The Village Bank, nothing is more important to us than the privacy and safety of our customers. We are committed to keeping your accounts and personal information safe. If you ever have questions about a potentially fraudulent situation, contact our Customer Care Center immediately at (617) 969-4300.

Security Articles & Alerts

Tech and romance scams on rise

Dear Village Bank customers,

Tech support and romance scams have risen dramatically in recent months. In some cases, the fraudster claims to be a service provider verifying a charge you didn’t make. In others, the fraudster reaches out through social media under the guise of starting a romantic relationship. In both cases, the fraudster wants access to your money and personal information.

If someone you don’t know contacts you unexpectedly, always keep in mind:

  • Never give out personal or bank account information.
  • Never give remote access to your computer to anyone.
  • Never call a provided number. Always look up the number online first.
  • Never send money to people you met on social media.

The Village Bank is committed to keeping your accounts and personal information safe. If you ever have questions about a potentially fraudulent situation, contact our Customer Care Center immediately at (617) 969-4300.

Security Articles & Alerts

How to Spot, Stop, & Report Government Imposter Scams

 

Consumers reported more than 498,000 imposter scams to the Federal Trade Commission in 2020.

  • Nearly 1 in 5 people reported losing money
  • Overall, reported losses were nearly $1.2 billion
  • The median loss was $850
  • Almost one-third of the imposter scams reported involved someone posing as a government representative

How to Spot the Scam

Scammers will call, email, text, or direct message you on social media.

  • Scammers say you did not appear for jury duty and must pay a fine or you will be arrested.
  • Scammers say you will be fined, arrested, or deported if you do not pay taxes or some other debt right away.
  • Scammers say your Social Security or Medicare benefits have been suspended because of COVID-19-related office closures.
  • Scammers say you can get a free COVID-19 test kit from Medicare in exchange for giving personal or financial information.
  • Scammers say you owe back taxes, there is a problem with your return, or please verify your information.

STOP. These are all scams!

How to Stop & Report the Scam

  1. Don’t give information or money to anyone who calls, texts, emails, or direct messages you on social media. Keep your Social Security, bank account, debit and credit card numbers to yourself.
  2. Never make a payment to someone you don’t know, especially by gift card, mobile payment apps, money transfer, or cryptocurrency. Only scammers will demand you pay that way. They know these payments are hard to reverse.
  3. When in doubt, check it out. If you’re concerned about the request, contact the agency directly. Look up the government agency’s real number on the agency’s site and call to get the story.
  4. Report the scam to the FTC at ReportFraud.ftc.gov. Tell your bank, and be sure to share these tips with your friends and family.

Learn more at ftc.gov/imposters and aba.com/consumers

 

Newsroom Security Articles & Alerts

Online Shopping Safety for the Holidays

With the holidays already here, many of us will be purchasing items and gifts online; this has become commonplace but is especially true this year as we all deal with the COVID-19 pandemic. Adobe Analytics estimates that online sales this November and December will surge 33% year over year to a record $189 billion making the already rich pandemic cyberspace even more attractive to cyber thieves.1 Cybercrime has become an industry all on its own and gets more and more sophisticated every year and want us to live in a world of fear, uncertainty, & doubt (FUD), but we can protect ourselves by following good personal cyber-hygiene practices.

Everyone can play a role in protecting themselves, specifically around information safety and securing their systems & devices. There are many steps individuals can take to enhance their cybersecurity without requiring a significant investment or the help of an information security professional. Below are several tips you can put into action now:

  1. LOCKDOWN YOUR LOGIN: Make a long, unique passphrase. Length trumps complexity. A strong passphrase is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember, Use 2-factor authentication or multi-factor authentication (like biometrics, security keys, or a unique, one-time code through an app on your mobile device) whenever offered.
  2. WHEN IN DOUBT, THROW IT OUT: Links in email, tweets, texts, posts, social media messages, and online advertising are the easiest way for cybercriminals to get your sensitive information. Be wary of clicking on links or downloading anything that comes from a stranger or that you were not expecting. Essentially, just don’t trust links.
  3. KEEP A CLEAN MACHINE: Keep all software on internet-connected devices – including personal computers, smartphones, and tablets – current to reduce the risk of infection from ransomware and malware. Configure your devices to automatically update or to notify you when an update is available.
  4. BACK IT UP: Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely. If you have a copy of your data and your device falls victim to ransomware or other cyber threats, you will be able to restore the data from a backup.
  5. OWN YOUR ONLINE PRESENCE: Every time you sign up for a new account, download a new app or get a new device, immediately configure the privacy and security settings to your comfort level for information sharing. Regularly check these settings (at least once a year) to make sure they are still configured to your comfort.
  6. SHARE WITH CARE: Think before posting about yourself and others online. Consider what a post reveals, who might see it, and how it might affect you or others. Consider creating an alternate persona that you use for online profiles to limit how much of your own personal information you share.
  7. GET SAVVY ABOUT WIFI HOTSPOTS: Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your laptop or smartphone while you are connected to them. Only connect to known Wi-Fi networks; beware of network names that have typos or extra characters. Limit what you do on public WiFi, and avoid logging in to key accounts like email and financial services. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection.

The Cybersecurity and Infrastructure Security Agency (CISA) also reminds shoppers to remain vigilant. Be especially cautious of fraudulent sites spoofing reputable businesses, unsolicited emails purporting to be from charities, and unencrypted financial transactions.2

CISA encourages online holiday shoppers to review the following resources.

If you believe you are a victim of a scam, consider the following actions.

1 Adobe Communications Team, Oct 28, 2020
2 Online Holiday Shopping Scams, November 24, 2020

Security Articles & Alerts

Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing

CISA Release Date: August 12, 2020

Summary

The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing.

Technical Details

CISA analysts observed an unknown malicious cyber actor sending a phishing email to various Federal Civilian Executive Branch and state, local, tribal, and territorial government recipients. The phishing email contains:

  • Subject line: SBA Application – Review and Proceed
  • Sender: Email sender will be marked as disastercustomerservice@sba.gov
  • Body: Text in the email body urging the recipient to click on a hyperlink to address: hxxps://leanproconsulting.com.br/gov/covid19relief/sba.gov

Below is a screenshot of the webpage arrived at by clicking on the hyperlink.

Click here to read the full alert.

 

Security Articles & Alerts

FBI Reports Increase in Online Shopping Scams

CISA Release Date: August 05, 2020
CISA, Revision Date: November 18, 2019

The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (I3C) has released an alert on a recent increase in online shopping scams. The scams direct victims to fraudulent websites via ads on social media platforms and popular online search engines’ shopping pages. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and consumers to be diligent and be on alert for indicators of fraud and tips to avoid being victimized, as well as CISA’s tip on Shopping Safely Online.

Why do online shoppers have to take special precautions?

The internet offers convenience not available from other shopping outlets. You can search for items from multiple vendors, compare prices with a few mouse clicks, and make purchases from your home. However, the internet is also convenient for attackers, giving them multiple ways to access the personal and financial information of unsuspecting shoppers. Attackers who are able to obtain this information may use it for their own financial gain, either by making purchases themselves or by selling the information to someone else.

How can you protect yourself?

  • Do business with reputable vendors – Before providing any personal or financial information, make sure that you are interacting with a reputable, established vendor. Some attackers may try to trick you by creating malicious websites that appear to be legitimate, so you should verify the legitimacy before supplying any information.
  • Make sure your information is being encrypted – Many sites use secure sockets layer to encrypt information. Indications that your information will be encrypted include a Uniform Resource Locator (URL) that begins with “https:” instead of “http:” and a padlock icon. If the padlock is closed, the information is encrypted. The location of the icon varies by browser; for example, it may be to the right of the address bar or at the bottom of the window. Some attackers try to trick users by adding a fake padlock icon, so make sure that the icon is in the appropriate location for your browser.
  • Be wary of emails requesting information – Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information. Legitimate businesses will not solicit this type of information through email. Do not provide sensitive information through email. If you receive an unsolicited email from a business, instead of clicking on the provided link, directly log on to the authentic website by typing the address yourself.
  • Use a credit card – There are laws to limit your liability for fraudulent credit card charges, but you may not have the same level of protection for your debit cards. Additionally, debit cards draw money directly from bank accounts, unauthorized charges could leave you with insufficient funds to pay other bills. You can minimize potential damage by using a single, low-limit credit card to make all of your online purchases. Also, use a credit card when using a payment gateway such as PayPal, Google Wallet, or Apple Pay.
  • Check your statements – Keep a record of your purchases and copies of confirmation pages, and compare them to your bank statements. If there is a discrepancy, report it immediately.
Security Articles & Alerts

National Elder Fraud Hotline

National Elder Fraud Hotline 1-833-372-8311

Senior citizens are one of the largest groups targeted by financial fraudsters. Last year there was an estimated combined loss of over a billion dollars in elder fraud schemes nationwide. In response to the fraud, The Department of Justice launched a National Elder Fraud Hotline, which will provide services to seniors who may be victims of financial fraud.

If you or someone you know suspects that they have been a victim of fraud, call the hotline’s toll-free number 1-833-FRAUD-11 (1-833-372-8311).

The Hotline is staffed by experienced case managers who can provide personalized support to callers. Case managers will assist callers with reporting the suspected fraud to relevant agencies and by providing resources and referrals to other appropriate services as needed.

When applicable, case managers will complete a complaint form with the Federal Bureau of Investigation Internet Crime Complaint Center (IC3) for Internet-facilitated crimes and submit a consumer complaint to the Federal Trade Commission on behalf of the caller.

Security Articles & Alerts

Scam Alert: Government Relief Checks Trigger Latest Coronavirus Scam

Source: Better Business Bureau®

The proposed federal stimulus package announced this week includes sending every American a check to offset lost income from the coronavirus crisis. Scammers wasted no time in taking advantage of this news! BBB is already getting reports on BBB Scam Tracker (BBB.org/ScamTracker) about government imposters calling about the checks. Watch out for these phony government grants that ask for personal and banking information.

How the Scam Works
You receive a message or see a social media post claiming that you qualify for a special COVID-19 government grant. With the news stories about the proposed stimulus plan, you figure it must be true. You click the link and are taken to what seems to be an official website asking you to enter your personal information and/or banking details. It’s “necessary” to verify your identity and process your grant.

As always, there are several versions of this con. BBB Scam Tracker has received reports of people contacted through text message, social media posts and messages, and phone calls. One variation is a Facebook post telling seniors about a special grant to help pay medical bills. The link leads to a website claiming to be a government agency called the “U.S. Emergency Grants Federation” (phony, of course). The site requests your Social Security number under the guise of needing to verify your eligibility.  In other versions, scammers claim that you can get additional money – up to $150K in one case – or even receive your funds immediately. All you need to do is share personal details and pay a small “processing fee.” 

No matter what the message, don’t click! In addition to taking your money, these sites also can download malware to your device and use your information for identity theft.

Tips to Spot a COVID-19 Grant Scam: 

  • Remember, government agencies do not communicate through social media avenues like Facebook. So, be wary of unsolicited messages.  
  • Do not pay any money for a “free” government grant. If you have to pay money to claim a “free” government grant, it is not really free. A real government agency will not ask you to pay an advanced processing fee. The only official list of all U.S. federal grant-making agencies is Grants.gov
  • Check for look-alikes. Be sure to do your research and see if a government agency or organization actually exists. Find contact info on your own and call them to be sure the person you’ve heard from is legitimate.
  • Don’t assume an offer in a social media message is from a real friend. It’s easier for scammers to impersonate real people on social media. Call your friend to verify they contacted you (and share this Scam Alert with them if they are spreading false information).

For More Information
Read more about government grant scams in this BBB tip. For more information about scams in the wake of coronavirus, see BBB.org/Coronavirus.

If you’ve spotted a scam (whether or not you’ve lost money), report it to BBB.org/ScamTracker. Your report can help others avoid falling victim to scams.

Security Articles & Alerts

Robocall Scams Escalate – Because They Work

By Sarah Krouse

This article was originally published in The Wall Street Journal on November 21, 2019.

The FBI agent sounded official on the phone. He gave Nina Belis his badge number and a story about how her identity had been compromised. She gave him her life’s savings.

For most Americans, robocalls are an annoyance. For Ms. Belis, an oncology nurse in her 60s, a law-enforcement impersonation scam that appeared to have started with a robocall drew her into financial losses that sapped her family’s nest egg and derailed her retirement.

The scale of her loss — nearly $340,000 — and the ease with which the money was moved out of her accounts show why scam calls persist. They work, even on people who think they would never fall for one.

The caller preyed on what psychologists describe as a habitual reliance on people in authority, and kept Ms. Belis in a state of isolation and heightened emotion to cloud her judgment. He told Ms. Belis her Social Security number had been stolen and that crimes had been committed under her name, and persuaded her to transfer assets to accounts he controlled on the pretext of protecting the funds.

He coached the New York-area resident on how to satisfy compliance questions at financial institutions as she moved the funds and kept her on the phone for hours at a time.

Law-enforcement, telecom executives and psychologists who have reviewed Ms. Belis’s case say it is unique given how much money was lost. It also has all the hallmarks of government impersonation scams that have snared thousands of other consumers.

In the first nine months of the year, the Federal Trade Commission received more than 139,000 reports of fraud in which people claimed to be from the Social Security Administration, with losses totaling nearly $30 million.

In New York City alone, consumers lost $5.8 million in 523 Social Security Administration impostor scams between January and late October, according to the New York Police Department. Many of those used law-enforcement impostors to help facilitate the fraud.

The department began tracking that type of theft in greater detail this year for the first time because reports of them spiked. Victims in New York City ranged in age from teenagers to octogenarians.

The uptick in such theft speaks to a dangerous truth for consumers: It’s inexpensive and easy for fraudsters to blast out thousands of internet-based phone calls, and hard for law enforcement to trace those calls back to their origins. Even calls from overseas can be made to appear to be from a local area code.

Scammers benefit from the sheer volume of low-cost calls they can make with web technology, which has become ubiquitous in the past decade, as well as a trove of information on consumers’ email and physical addresses online, and on the dark web from data breaches, according to cybersecurity and law-enforcement officials.

Banks are required to have procedures in place to flag suspect transactions to regulators, but they have some flexibility to set those parameters. And the coaching many scammers give their victims provides them with plausible answers to questions raised. In general, there are few limits to a customer’s ability to move funds at will.

Ms. Belis knew about phone-based scams, but thought they had to do with fake insurance companies or callers who claimed a relative was in the hospital. “I never heard about things like what happened with me,” Ms. Belis said.

Ms. Belis had just started her morning shift at an ambulatory care center when she got a voice mail on Feb. 27, a Wednesday. It was from someone who claimed to be part of the “attorney general’s Social Security office” and said there was an issue with her identity.

“I was terrified, of course,” she said, and quickly called back. She gave the operator her name, and she was connected with the man posing as an FBI agent. He verified Ms. Belis’s name, address and email address and said her identity had been stolen.

Crimes ranging from drug deals to illicit money transfers had been committed under her name, the man said, and while he knew she wasn’t responsible, she would have to cooperate with the FBI and help with their investigation or be arrested. The agency would help her erase her current Social Security number and set up a new one. The combination of threats and assurances of help is common and convincing, law-enforcement officials and psychologists say.

To do that, he told her she would have to move her money out of existing accounts to ones he said were protected by the government or her assets would be frozen permanently.

A few years from retirement, Ms. Belis had emigrated from Eastern Europe, where she was a doctor, about 20 years ago with her husband, who had been a surgeon there. She said she was fearful her savings would become inaccessible.

The scammer asked Ms. Belis about her financial assets, and she told him where her accounts were and the amounts they held.

That conversation set off a string of phone calls and text messages between Ms. Belis and the scammer that spanned 50 of the next 72 hours, and extended further into the following week, records from her wireless carrier show.

The voice mail that started the scam came at a difficult time for Ms. Belis. Her husband was recovering from cancer treatment and one of her daughters had recently suffered a stillbirth.

“What’s being played on is a habitual or socially imposed reliance on people in authority,” Stephen Lea, professor emeritus at Exeter University and a psychologist who has studied fraud, said of law-enforcement-impersonation scams. “That uniform or that representation elicits trust in a situation where you might be less likely to trust.”

In some such frauds, scammers give victims phone numbers of accomplices who they say are local law-enforcement agents to help them navigate the process, sometimes using real officers’ names. That added verification contributes to their believability.

The scammer told Ms. Belis to remain on the phone, leave work and not discuss the problem with anyone.

She worried about her patients, but asked her manager for permission to leave, staying on the phone with her maroon folding phone case closed over the face of the smartphone while it remained connected.

Doug Shadel, state director in Washington for AARP, an organization that educates and assists retired people, spent more than a decade as an investigator in the state attorney general’s office and said criminals in theft cases capitalize on pulling victims into the “ether” — a mental state of heightened emotion, whether it be fear or excitement, that clouds rational judgment.

The scammer told her to make sure she had her driver’s license, pen and paper and phone charger, then told her to get in a cab.

Ms. Belis kept receipts for her taxi rides and an eventual two-night hotel stay and texted them to her scammer at his instruction. He would submit them to a courthouse for reimbursement, he said, a lie that gave her comfort he was who he claimed to be.

Her first stop was a Manhattan credit union where she and her husband had accounts including certificates of deposit.

Stand outside the bank, the scammer told Ms. Belis, don’t talk on the phone in the branch and don’t hang up. Send him a photo of the transfer request. If the teller asks, say the money is for apartment renovations.

Law-enforcement and bank officials said it can be difficult for banks to strike a balance between allowing consumers to do what they want with their money and asking questions to help them avoid scams, particularly when they are coached on how to answer compliance questions.

Many bank efforts to fight fraud take place after a transaction already goes through. In general, banks are required to report transactions of $10,000 or more. They must also report suspected money laundering or other crimes.

Many banks flag suspicious transactions of more than $5,000, and they must report certain types of activity that are atypical for a given customer. International transfers are typically blocked if the recipient is on a sanctioned list but otherwise usually proceed, even if they involve large amounts of money.

Ms. Belis initiated two transfers that February afternoon to accounts given to her by the scammer at Bank of America that totaled $40,450, her financial records show.

The scammer told Ms. Belis she was being watched by another agent and, as the bank closed for the day, instructed her to rent a hotel room. She told her husband she had to stay the night at work.

Instructions resumed early the next morning. The scammer told her to take a taxi to a credit union where she had an account in New Jersey.

She waited for an hour outside the bank for instructions on where to send the next chunk of money — an account at Panamanian bank Banistmo SA. Ms. Belis bought the taxi driver a cup of coffee and doughnut while they waited.

After sending $19,950 from the New Jersey credit union to the Panamanian account, Ms. Belis headed to Citibank, where she sent $30,500 to a Bank of America account — a different account number from those used the day before but carrying one of the same names.

Her family, meanwhile, was growing worried. She had never spent a night at work and hadn’t been in touch that day with her elderly mother, whom she called daily.

Ms. Belis asked the scammer for permission to call family members, and he told her that her cellphone was wiretapped. She should only use her phone to call him. She stayed another night in the hotel.

The next morning, Friday, brought what appeared to be good news: The agent said he had started to cancel the arrest warrant and the process would be complete once the transfers went through. He asked her to stay at the hotel for another two nights.

Ms. Belis said she became angry and so upset that she shook and asked to go back to her family. She told him she would rather be arrested than stay away from home longer.

The scammer eventually agreed but said she must not discuss the Social Security number issue.

When she returned home, her husband met her at the bus stop and said she looked pale. He had called her co-worker to ask if spending the night at work was normal, and the colleague said no, but he trusted his wife. He thought about going to see her, and then decided that she would likely be home in the morning.

Inside their apartment, Ms. Belis told him her identity had been stolen. While he had some doubts, he believed her and saw that she was scared. She didn’t tell him anything about moving money out of their accounts.

He told her that law-enforcement officials were responsible for investigating the identity theft she described, but she wanted to clear her name. His wife continued to receive calls from a person she said was investigating her case.

Later, at The Wall Street Journal’s request, executives at robocall-blocking services that study telephone network traffic looked at records tied to the phone number Ms. Belis’s caller used. The number was linked to other user-reported scams around the same time, they said.

Jim Tyrrell, senior director of product marketing at TNS Inc., said his company, which works with large carriers, detected about 100 calls from the number in February and a smaller number since then. That is a sign that the number was used for what is called “snowshoe spamming,” he said, in which scammers originate a small number of calls from a large group of phone numbers — spreading out calls to avoid detection, the way a snowshoe spreads a person’s weight out to make it possible to walk on top of snow.

The calls in question appear to have originated in India, said a spokesman for AT&T, Ms. Belis’s carrier at the time, and the number had previously been reported to law-enforcement officials.

Internet-calling technology helps facilitate another tactic popular with scammers: “neighbor spoofing,” in which scammers spoof or fake the number appearing on your smartphone screen to make it look like the caller is close to you. That makes many people more likely to answer the phone.

The number used to scam Ms. Belis was disconnected on Sept. 18 after the Journal notified the company that controlled it that the phone number had been used in a scam. Legitimate companies that sell phone numbers and low-cost internet-based calling services can sometimes be used by scammers to acquire the loads of numbers needed for fraud. Ride-sharing services, school-closure robocalls and businesses often legitimately use the services.

Over the weekend, the scam against Ms. Belis continued. The person called her to ask about her retirement savings, and she filled him in with the details. He told her she had to transfer that money to the government-protected accounts, too.

She needed her husband’s authorization to withdraw those funds and persuaded him to sign, telling him that she would go to jail if she didn’t move the money. She told him about the transfers from the prior week but didn’t show him the documents, so he didn’t know some of the funds had been sent to Panama.

A customer-service representative at her retirement-account administrator asked why she was withdrawing the $273,000 in her account, but the scammer had prepared her to answer questions. She said she was using it to open a business — the fake agent had made her believe that everything about the purported identity-theft investigation had to remain secret. She paid more than $50,000 in taxes when she withdrew the retirement funds on Tuesday, and transferred the rest to her account at Citibank.

On Wednesday, Ms. Belis sent $190,000 from her Citibank account to a second account at the Panama bank Banistmo. She believed the ordeal was over.

After dinner on Sunday, she thought the transaction had cleared and told her husband she was feeling better. He asked to see the paperwork, and she showed it to him. When he saw that the money had been moved to a bank in Panama, alarm bells rang.

“I lost my speech,” he said.

He realized it was fraud, and the couple went to see one of their daughters. They called Citibank that night to stop the transfer, but the fraud department was closed.

They went to the police and filed a report at 8:30 p.m. It was 12 days since she first received the scammer’s voice mail. Ms. Belis’s losses, including taxes she paid when withdrawing her retirement funds, the banking fees and hotel and taxi costs, totaled $337,105.

A Citibank spokesman said the bank encourages customers to be alert to confidence schemes. “In this instance, the beneficiary bank reported that the recipient received the funds on the same day they were sent,” he said. Customers who receive unsolicited and suspicious requests should file reports with law enforcement and contact the bank, he said.

Self Reliance New York Federal Credit Union didn’t respond to requests for comment. Val Bogattchouk, chief executive of Nova UA Federal Credit Union, the New Jersey credit union, said: “Our credit union is very concerned about the ever increasing frequency of fraudulent financial schemes impacting unknowing individuals, including a member of our institution,” adding the credit union works to educate its staff and customers to be vigilant and encourages international regulators to investigate and pursue scammers.

A spokesman for TIAA, the retirement-account administrator, said “customer security is a top priority, and we have robust processes in place to authenticate clients’ transactions.”

A spokeswoman for Banistmo declined to comment.

Ms. Belis said the FBI and NYPD have so far helped her recover about 8% of her money, and she recently learned she may be eligible for part of an additional $10,000 that law-enforcement officials recovered.

The family is in touch with a Citibank manager who works on security and investigations after emailing top executives about the scam. Law-enforcement officials have told her it is unlikely she will get back additional assets, particularly money sent overseas. The FBI declined to comment on the investigation.

The family has changed Ms. Belis’s phone number and purchased a robocall-blocking app. The police told them victims of fraud are far more likely to be approached by new scammers, and to fall for fraud again.

Ms. Belis said she is embarrassed but decided to share her story to help others avoid becoming victims. She had hoped to help raise her grandchildren and travel in retirement but knows those things are no longer possible. She will have to keep working.

“I know my kids won’t leave us alone, but I don’t want to use their money,” she said. “I pray to be able to work full time as long as possible.”

Write to Sarah Krouse at sarah.krouse@wsj.com

Posts navigation

You are now leaving The Village Bank

Weblinks – By clicking the link to an outside URL, you will enter a web site created, operated and maintained by a private business or organization. The Village Bank provides this link as a service to our website visitors. We are not responsible for the content, views, or privacy policies of this site. We take no responsibility for any products or services offered by this site, nor do we endorse or sponsor the information it contains. Village Bank is not responsible for the accessibility of this link. Email – Email is not secure. Time-sensitive requests or private information, such as account numbers, should not be sent via email.

You will be redirected to

Click the link above to continue or CANCEL

Skip to content