Customer service imposter scams (also known as customer service fraud), is a serious issue in the United States. In 2023, the Federal Trade Commission (FTC) said that imposter scams are the number one most frequently reported fraud. In fact, the FTC received 2.6 million fraud reports for customer service fraud. 27% of those reports resulted in a financial loss to the victim – about $800 was the median loss. That’s about one in five people losing money to a customer service imposter scam. The total losses for customer service fraud mounted to a whopping $10 billion nationwide, which is a 21% increase from 2022.
There are different variations of the scam, but they all involve a scammer pretending to be some type of customer service representative, whether from the government, technical support help, or even a relative that needs help. Customer service fraud exploits people’s sense of fear and manipulates their victims into making decisions they wouldn’t otherwise do.
How does customer service fraud work? It can come in many forms, but they all share a basic premise: a scammer gains your trust by pretending to be a customer service representative and uses that trust to gain either personal information, or to get you to send money. The internet has really super charged these types of scams. I’m sure we’ve all heard of the Microsoft customer service scam.
This involves a person (usually from overseas) that calls to tell you that your computer has a virus in it. They then tell you in order to get rid of the virus you have to send them some money. The amount of money is usually a smaller amount like $40. And this is to make it seem legitimate service. But oftentimes they’re not after the $40 fee.
What they’re after is your personal identifying information such as your address, Social Security number, and date of birth. This information is usually more valuable than a few bucks. Fraudsters can use this information to do a lot of damage such as open up lines of credit in your name, take out a loan in your name, or log into your various online accounts. What we’ve seen over the past several years is an uptick in scammers pretending to be customer service representatives of banks.
Here’s how bank customer service fraud usually works: the victim will get a call from a person pretending to be their bank representative. Now, how did the criminal know where the victim banks? Good question. You don’t have to look too far to discover the massive data leaks that happen all the time. Chances are some of your information is out there on the dark web waiting for a criminal to purchase it.
So back to the scam, the impersonator will usually say something like “we’ve noticed some fraudulent activity on your bank account. Can you please confirm some details for us?”. To gain your trust, the criminal will provide you some personal information about yourself, making it seem like they are legitimate. For example, they will usually know your name and address.
That’s usually enough to get their victim comfortable enough to give further information. So the scammer will ask you to verify your Social Security number, email address, and maybe even your password. If they’re successful in doing that then they have access to your bank account. They then thank you for your time and hang up. After that, they’ll do everything they can to drain your account.
So what are some of the best ways to prevent impersonation scams? For starters, never share your full debit card number with anybody. A legitimate bank will only ask you to verify the last four or five digits of your debit card number – never your full debit card number.
Don’t ever allow anyone to remotely access your computer or cell phone. We’ve seen fraud victims being asked to download an app on their phone for purposes of the fraud. There are a few different types of apps, but they all have one goal: to remotely access and control your cell phone. In one case we heard of a victim downloading one of these remote access apps, and literally seeing the scammer steal their money in real time right before their eyes.
Bottom line legitimate banks will not have you download an app especially remote access app. Never disclosure online banking details. These are things like your account number, your pin number, or your Security questions to log into your account. We wouldn’t even recommend disclosing where you bank.
Finally, and perhaps the most important thing to remember, if you do receive a suspicious call, hang up and dial the number on the back of your debit card. The number on the back of your debit card should always connect you to the bank’s real customer service.
What about searching on Google for your bank phone number and not using the phone number on the back of your debit card? Unfortunately, this might also be a bad idea. We’ve heard numerous reports from our clients saying that they’ve called customer service numbers that they found online only to be duped by a customer service impostor. How can this happen? Well, sophisticated scammers can easily spoof a bank website. “Spoofing” is just a fancy way of saying faking a website.
Scammers will create a website that looks just like your bank website but use a fake customer service number. That fake customer service number will connect you to a scammer. Scammers are even going as far as purchasing Google ads to promote their fake website. They do this because Google ads show up at the very top of the search results. That way, an unsuspecting victim might not scroll all the way down to go to the legitimate bank website. Instead, they’ll click on the fake website found in the Google ads on top.
So let’s say you or someone you know fell victim to an imposter scam. What recourse do you have? Believe it or not you actually do have options and have a fair shot and getting your money back. There is a little used law that was passed in 1978 called the Electronic Fund Transfer Act, or EFTA. The EFTA protects consumers against unauthorized transactions. While the EFTA does not specifically address customer service imposter frauds, the regulations and official guidance from the Consumer Financial Protection Bureau does.
If the charge or money transfer was not authorized, the bank must reverse the charge and give you your money back. However, the law does not protect you if you “initiated the transfer”. Well, what does it mean to “initiate the transfer”? Simply put it means whether you “clicked the button” for the charge or transfer. There is a fine distinction in the law that could make the difference between getting your money back and being out of luck.
Let’s say the customer service imposter convinced you to give your personal information to them. If the scammer then used that information to transfer money out of your accounts then you are protected under the law and the bank must give you your money back. On the other hand, if the scammer convinced you to send them money, then you are not protected and the bank is not obligated to give you your money back.
So what’s the difference between both scenarios? In the first case the victim only gave their personal information – they did not make the transfer themselves (the scammers are the one that made the transfer). In the second situation, it is the victim themselves that initiated and made the transfer. The law says that the first scenario is unauthorized, and the second scenario is authorized. It’s a fine distinction, but it’s an important one. A good consumer protection attorney should be able to advise you on whether you have a claim under the law.
Is it as easy as it sounds? Will the bank really give you your money back if you fell victim to a customer service scam? Unfortunately, the short answer is no. Notwithstanding the official guidance from the CFPB, banks typically will say that you authorize the transaction because you provided your personal information to the scammer. They go on to argue that but-for you providing that information, the scammer would have never gotten your money. But this is incorrect for several reasons.
First, the law says that is the banks burden to prove that the transaction was in fact authorized by you. Read that again – it is the banks burden to prove that the transaction was authorized. What does this mean? That once you report a fraud on your account, there is essentially a presumption that you were telling the truth and that you should get your money back. It is up to the Banks investigators to find evidence and prove that you are the one who actually made the transaction and not a scammer.
Often do the opposite. Banks usually have you jump through hoops and convince you that you have to prove that you’re innocent . In other words They place the burden on you to prove that you were the victim of a scam. Not only is this unfair, but is a complete violation of the law.
Second, banks seem to disagree that they are obligated to reimburse victims of customer service fraud. They typically take the stance the providing your personal details to a scammer is good enough to say that the transaction was authorized. There has been some litigation around the country about this very issue. There are a few cases where the court has agreed with the Banks and said a fraud victim is responsible for the loss. However, those cases had bad facts for the victims. For example, in one of the cases, the “victim“ was found to actually have been working with the scammers.
On the other end of the spectrum, there is a case out of the Southern District of New York, where the judge expressly found that providing your personal information to a scammer is not enough to make it an authorized transaction. We will see how these cases play out in the courts in the years to come, but for now we can confidently say that victims of imposter frauds are entitled to get their money back from their bank.
Third, banks will argue that they cannot be on the hook for their customers’ negligence. This is also untrue. In fact, the CFPB has issued official guidance that says that a customer’s negligence cannot be held against them. They even go as far as to say that if a customer writes their PIN number on the back of their debit card and is later a victim of ATM fraud, that customer should still get their money back from the bank. This just shows how strong the EFTA really is.
Customer service imposter fraud is way too lucrative for criminals. We don’t see it going away anytime soon. In fact, we see it only becoming more of a bigger problem. It is up to banks to come up with better ways to police this type of fraud and prevent it. They can do this by upgrading their cyber security systems and enhancing their fraud detection programs. But until then victims should know that the law is on their side.
Victim should not be afraid or ashamed to report the fraud and seek recourse from the bank. It’s important to report it to the bank right away. If the bank denies your dispute, then you should reach out to an experienced consumer protection lawyer. The experienced lawyers at DebitCardLawyer.com have handled these types of cases and specifically worked on customer service imposter fraud cases. Contact us today for a free, no hassle analysis of your case.