This article is not a self-help, tips guide. I considered summing this article up with a long list of the tips I’ve learned over the years to help you avoid falling prey to internet fraud. My next thought was that I’m not smart enough to write a comprehensive list that could help you avoid falling prey to everything out there. Those lists are out there, and I encourage everyone to seek out, but I’m not brave, bold or brilliant enough to write one. This article will simply detail my personal and anecdotal experiences in this world.
June 22, 2026: “Florida couple loses $141,000.00 to sweepstakes scam. The couple loses their car, their income, and their home after the dementia-suffering husband fell for a scam that informed him he won $4 million in a lottery.” Yahoo!news
“The stupid things dumb people do,” was how one Yahoo commenter summed up their reaction to this story. I would’ve loved that reaction in my teens and twenties. “They’re just saying what we’re all thinking,” I would’ve said in-between giggles. Working as a fraud agent at a Fortune 500 company changed me. I talked to these dumb people, and if they’re dumb, then we’re all a lot dumber than we think.
Who are the Victims?
“I cannot believe this happened to me,” was the most common thing we heard from victims. They would tell us how intelligent and experienced they were. They would talk about how difficult their jobs were, and how their job required a high level of intellect that should never fall for something like this. “I thought I knew enough to know how to avoid something like this, but here we are,” they would add.
Does that sound like you, and the shocked, embarrassed, and somewhat ashamed reactions you might have for falling for “The stupid things that dumb people do.” If you insist that only morons fall for online fraud, consider this: industry experts suggest that the total figures we have for cybercriminal activity skew low, because most victims are so embarrassed and humiliated that they fell for something so stupid that they won’t even report it to a fraud agent who is as low on the law enforcement totem pole as one could get. They’ll never meet me, so why would they care what I think? They do not want to go through the details, because they cannot bear having one person know how dumb they were. They just want to forget it ever happened.
The fraud agents I worked with rarely characterized victims as dumb or stupid, because we heard from so many victims a day. We heard so many different stories that we knew the victims we were talking to weren’t in the minority. We usually spent the first couple minutes of every phone call talking these victims down. I may have considered these victims dumb or stupid when I first started working there, but I heard so much since that point that I knew I was as vulnerable as they were.
I’ve heard from the prototypical little old ladies living on a pension, who had a little money set aside for a more comfortable living. I talked to hard-working joes who worked so hard their whole life and saved their 10% a year to allow their family to just barely escape lower middle class. I heard from so many representatives of age and economic demographic backgrounds that I progressed through a variety of emotional reactions that ended with sympathy and moved to empathy after I heard the wide array of schemes that our customers fell for. If I were to draw up a pie representing the typical victim, old people on a pension would represent the largest section, but that cut wouldn’t be as large as you might think. If you’re one of those who refuse to accept the idea that you’re a lot more vulnerable than you imagine, let me say that I was you, and you are me.
Other than the ‘I’m too smart to fall for something so stupid,’ the greatest vulnerability I saw among victims was greed. The victims talked about how losing this money meant losing their comfortable lifestyle, which naturally led me to wonder why they would sacrifice that relatively comfortable lifestyle for the prospect of more. Is it an American characteristic, or is it human nature that we’re willing to sacrifice everything we have for the promise of something more? I don’t know the answer to that question, but I saw a wide array of victims put skepticism aside when they thought someone was offering them a pot of gold. The idea that something is too good to be true should require us to do our homework and use the tips that corporations provide to educate ourselves, or perform any checks of verification we can to reduce our risk.
The theme of this article is that the moment after you think you’re general sense of judgement will prevent you from falling prey to one of their schemes will probably leave you vulnerable, but we saw some victims exhibit such poor judgement that it exacerbated what could’ve been a minor incident.
Who are the Cybercriminals?
When we read, watch, and hear exposés about criminals, we often hear investigators characterize the criminal in their case as ingenious or brilliant. In my limited experience in this world, I haven’t found cybercriminals ingenious or brilliant. Most often than not, they just kept trying no matter how many times they fail. They exhibit some ingenuity and temerity, but I never saw one scheme that I considered brilliant or ingenious.
If their first scheme does not convince us to part with the money we earned, these cybercriminals have a “no harm no foul” attitude. There was no crime committed, and thus no evidence of wrongdoing. Depending on the nature of their activity, we fraud agents might be able to restrict the cybercriminal’s access to their account, until they can prove their activity is not suspicious. If they can’t, they just open another account, and another, until they complete a fraudulent transaction. At that point, we can link up their accounts and activity to build a narrative. Long story short, most cybercriminals change, adapt, and tinker with their approach, until they can find a victim. The key word in that sentence is tinker. They might add a little something here or delete something there, “They are going to try hundreds of different approaches,” a fraud trainer once told us, “Because they only need one successful scheme to qualify as successful.” For example, professional fraud operations often use botnets, compromised servers, or spam-as-a-service tools that blast out millions of emails per day. Success rates are extremely low (often 0.01% to 0.1% click/open rates), so high volume is essential to generate enough victims to be profitable. How is that brilliant? My guess is that the investigators on the TV exposés on crime are the ones who cracked the case, so calling their case’s criminal brilliant enhances their profile for the audience. We should also note that I base my characterization of cybercriminals on the cases I investigated, and we could say I base my personal profile of them on anecdotal information. In my experience, cybercriminals aren’t ingenious or brilliant, they just tinker, adapt, and change their approach until they find the best way to prey on our vulnerabilities.
Some fraudsters aren’t piece of junk who manage to distance themselves from empathy and sympathy, because their victim is some anonymous, faceless entity on the internet. (Their victims often have online nicknames, like rugrat, as opposed Peter J. Hansen, the electrician, who has spent his whole life saving this money.) This anonymous, faceless designation also permits us to characterize victims as “The stupid things that dumb people do,” because we don’t talk to them, see them, or feel their pain. Other cybercriminals are desperate people living in no hope situations, until they are employed by a shady outfit in their home country that exists to defraud victims out of our money. Their employees have quotas, and if they fail to hit their employers’ numbers, be they quantitative or qualitative, the employees are back out on their country’s desperate streets of abject poverty. These shady outfits provide their employees with tight scripts, but they also reward employees for creative improvising.
When the shady enterprises from other countries are ‘caught’ engaging in fraudulent activity, some of the countries make it known they “don’t encourage such activity”, but the employees and the shady outfits receive little more than a slap on the wrist. The countries “don’t encourage it”, but the countries receive a Gross Domestic Product boost from the amount of money that the shady enterprises generate. We can only guess this doesn’t result in greater taxable revenue for the country, as most of the activity is “undetected” by the government, but we can guess that kickbacks are appreciated.
One vulnerability we all share to ploys generated by cybercriminals is the ‘I’m too smart to fall for all that’ mentality. This is also where “The stupid things that dumb people do” line comes into play. In a manner somewhat similar to the original reason man created fictional monsters (vampires, werewolves, and mummies) to essentially zoomorphise the inhuman acts of sadistic murder that gives good men and women some comfortable distance between those who would commit mass murder. I think we label victims of cybercrimes as dumb and stupid to try to create a comfortable distance from the horrific possibility that this could happen to us too. The one thing I would tell people who scoff at the possibility that this could happen to them is I’ve talked to people like you every day. I talked to Midwesterners who appeared to know everything about the internet, fast-talking New Yorkers, Surfer dudes, and individuals with a pleasant, Southern Drawl. I talked to little old ladies on a pension, fathers with kids in private schools, and mothers who thought they could supplement the family’s finances. I talked to people who would remind you of your family members, your neighbors, and people who would remind you of you. The one thing they all had in common is they never thought they would fall for something like this. “I thought I’d be able to spot something like this,” they’d often say through tears. “I can’t believe I fell for it.”
The Fraud Calls
“This was my life savings,” was such a common phrase we fraud agents became numb to it. I loathe writing that all these years later, but it happens to us when we hear the same complaint, working on a phone line, forty hours a week. At lunch and on breaks, we would talk about the calls we took, and in the beginning, we talked about the heartbreak and devastation we heard, but it happened so often that our conversations switched to a callous competition about the dollar figures we witnessed. “I took a call today where a guy lost $50,000.” “That’s nothing, I took a call last week, where a guy lost $200,000.” It was our way of dealing with all of the sadness we heard.
These victims called us to fix the devastation they put their proverbial foot in, and we could help them at times...if those victims called in in time. I wrote out a detailed description of process involved in our calls with customers, but I just … deleted it, because my guess is you don’t want to read the particulars the processes involved in these calls. Suffice it to say, I was able to help some of these victims, and I wasn’t able to help others.
When these worst-case scenarios occurred, the resultant desperation I heard on the other end of the line still haunts me. “This was my life’s savings, my child’s tuition to a better life,” or “my family will be ruined by this,” were things I heard.
When I first started taking these calls, I felt sympathy for the poor saps that fell for “Something like this.” It didn’t take long for that sympathy to evolve into empathy, as I began to see falling for these fraud schemes did not involve just the prototypical victims I imagined. I realized it could happen to anyone, including those I knew and loved, and a couple hundred more calls convinced me that this could happen to me. It wasn’t every call, of course, as some people did fall for some dumb tactics, but there were others, usually a couple calls a month, when I’d receive a call from someone who reminded me of myself, falling for something that I knew played on my vulnerabilities. I’d go back and investigate the history of the cybercriminal, through linked accounts, and I’d spot their tinkering.
Those of us who worked in this department also received death threats, but the more common reactions involved customers threatening to harm themselves. We heard these desperate people threaten to take their own life so often that our company developed a policy that instructed us to immediately contact their local law enforcement to do a wellness check on them, regardless if we felt we talked them down or not.
To avoid hyperbole, most of the calls I received involved customers who got “A little ticked that they got got.” They got swindled, cheated, or tricked into paying for an item that was priced so low it was too good to be true. Most of the people I talked to paid twenty to thirty bucks for a product that should’ve cost four hundred to five hundred bucks. They were a little ticked, but “I should’ve known it was too good to be true”was their reaction. I took more than my share of calls from victims who were absolutely devastated by the amount of money these fraudsters tricked them into submitting, however, and “I really thought this was legit,” was their reaction. “I thought I was on the road to a better life.” What do we say to that? That guy probably couldn’t wipe the smile off his face one week, thinking about how he was going to spend all that money, and he then probably had trouble finding reasons to smile for a long time after this.
When I was able to stop the money, the potential victims celebrated my name, and we laughed for a couple minutes, and they cried tears of joy at the end of our call. They said I was “Their hero.” One old woman wasn’t laughing or weeping with joy, she was bawling uncontrollably. She was so choked up that she couldn’t even speak. Her daughter took the phone from her mother and made me feel like the most special person in the world for one day of my life.
There were times when the money was gone, out of our system, and the fraudster’s bank account. I instructed them that they would need to contact their local authorities. I instructed them what they should say, what evidence they should provide, and how I was going to provide notes on their account to detail the transaction(s) in a way that would bolster their case.
These worst-case scenario calls would inevitably end with the victim saying, “Thank you, but let me ask you, based on your experience.” I would close my eyes with a lump in my throat, because I knew the back half of this question. “What do you think are my chances of getting my money back?” I’m in so deep at this point that I’m almost incapable of answering this question. I should add here that I was forbidden by my company from offering my opinion on a case that reached this point (This was for my protection and the company’s). Yet, even if my company hadn’t protected me in this way, I still would’ve felt so bad for them that I would’ve found it difficult to find the right words to say. How do you tell a little old woman that her worst fears of losing her home, her car, and the independent lifestyle she’s enjoyed her whole life are likely gone.
“Your chances of recovering the funds increase substantially if you follow the standard procedures I’ve outlined for you,” is what I would say. This would start a back and forth that would involve them trying to break me down for my opinion. “I’m just asking you, based on what you see and what you’ve seen, what are my chances?” I understood their need to badger me of course, because I was their only point of contact at this point, and they were imagining a bleak future. Before they allowed me off the phone, they wanted to know if they should have some small nugget of hope, or if they should concede to the idea that some criminal managed to not only steal their money, but the life they knew, and the future they planned. These people were devastated, and they wanted some low-level employee on the phone to give them some hope. I froze up on more than one occasion when they made the full breadth of their devastation apparent to me. I was incapable of telling them that the hopeless nature of their situation was probably just beginning.
“You’re not paranoid if they’re really after you”
We’re smart enough to spot a fraudster, and we know we wouldn’t fall for some piece of junk’s little games. We know how to spot a fraudster, because we’ve seen them on TV, and we’ve met them at our local, neighborhood liquor store. My experience as a fraud agent has informed me that I don’t know what to look for or how to spot a cybercriminal. There have no bullet point characteristics, and AND there are no bullet point characteristics of a victim either. Neither of them are more “worldly,” “street smart,” and it doesn’t matter if you “know how to play the game, because you’ve dealt with pieces of junk your whole life.” After dealing with both ends of the spectrum, receiving calls from victims and calling fraudsters, I didn’t grow more confident in my ability to spot a fraudster, I grew less confident. I became so uncomfortable with these situations that I became paranoid. I wouldn’t answer the phone from anyone I didn’t know, and on the rare occasion when I answered a call, I didn’t try to showcase my decade’s long experience. I hung up on them, or delete the email, or text as quickly as I could to avoid learning how vulnerable and susceptible I am. (I also avoid signing up for Customer Plus programs, petitions for local bills, and I now run from anyone associated with sales.) I provided a list of tips in the original draft of this article and I deleted it as I wrote earlier, but the best piece of advice I could provide anyone seeking how to avoid falling prey to internet fraud from cybercriminals is get paranoid. I write that knowing the cinematic phrase, “You’re not paranoid if they’re really after you,” and in my experience they’re all after you. Get paranoid!


