A couple of weeks ago, a team of con artists conned me out of nearly $10,000. In retrospect, I should have known better. Rather than thinking rationally, however, I panicked.

The scam started when I clicked on “notifications” in a different box I assumed to be yet another of Facebook’s many changes. A popup filled the screen with a recorded alarm message playing over and over again. The box included a number for Windows Security.

Mistake #1. I called the number. I should have used ctrl-alt-delete to turn off the laptop and restart–like I ended up doing after the scam. The laptop restarted without any alarms or popup boxes.

“Susan” asked for permission to remotely access the laptop. I said yes, but never clicked on anything to grant access. She said my network had been hacked and 24 hackers were currently accessing my laptop, phone and other devices. She removed five as we talked. She gave me a case number, a direct line number to reach her, and insisted I call my financial institution right away.

Had she asked for any financial information, I would have hung up. The remote access never happened. I was suspicious about not granting permission, but too freaked out at the time to think about it. Using the number on the back of my debit card, I called the bank.

I was eventually connected to Samantha. I don’t recall how she confirmed my identity. She tells me there are fraudulent transactions totaling more than $50,000. She asks if Windows Security gave me a case number, gives me her direct line number, and tells me she’ll work on it and call me back.

When Samantha called back, she’d talked to Susan. Her team had removed all but eight of the hackers and were working with my bank to catch them so I could press charges. She’d called the merchants and been able to back all but $6000.

Missed Red Flags: Both Samantha and Susan insisted saying anything to anyone could potentially alert the hackers. None of these fraudulent transactions showed up when I checked, but Samantha explained they hadn’t yet been downloaded from the database. She went into a long-winded explanation of how the hackers had taken over my phone so they could approve the suspicious transactions when the bank called to check.

Samantha then explained a complicated process involving the creation of duplicate transactions so she could void the fraudulent transactions. She directed me to withdraw the money from my bank, being careful not to say anything as they could be in on it. Then I was to purchase gift cards from Lowe’s.

Missed Red Flags: Keeping it quiet was a mistake. Any request to buy gift cards is a scam. The request did give me pause, but I believed I was talking to my bank and followed directions. When I got home, Samantha took all the card numbers and PINs.

The next day, Samantha called again. Susan told her the hack actually occurred a day earlier than she’d thought. Samantha looked back and found $3000 more in transactions she couldn’t undo. My cash reserves were depleted, so she encouraged me to put gift cards on my credit card.

Samantha urged me to say nothing at the bank–a teller could be the hacker. She also said the clerk at Lowe’s would be suspicious. I should say the cards were Christmas gifts. I even came up with a great lie about why I had to come back again.

Sigh.

At some point, Samantha had asked me to confirm my account balances. Susan asked me as well as part of the paperwork for FDIC coverage. She said as a victim of senior financial fraud, I would be entitled to a minimum of $45,000.

Uh oh. That’s when the alarms finally went off. The FDIC doesn’t work that way. I now believe they would have kept hitting me up, using the $45,000 to make me think I wouldn’t lose any money.

I called my bank again. This call was different, including identify verification and an automatic update of my account balances. The woman I spoke with said she had no record of my earlier call and saw no unusual activity outside of my cash withdrawal. Since I’d taken out cash, there was nothing she could do. I called the credit card company, explained what happened and disputed the charge.

Susan and Samantha were working together. Somehow, Susan stayed on the line when I called the bank and connected me to Samantha–not my bank’s fraud unit. I’m wondering now if they were the same person.

Since then, a complete scan of my laptop turned up nothing out of the ordinary. My network was not hacked and the scammers never accessed my laptop, phone or bank accounts. They didn’t have to. I voluntarily gave them everything they wanted.

Rebooting my laptop would have averted the whole fiasco. Sticking with the number on the back of my debit card rather than the direct line would have ended the scam. And I just should have known better.

Aside from the valuable (and expensive) lesson, no harm done. I was able to replace the stolen funds with money from my retirement accounts. I’m widely sharing my story and hope to keep someone else from making the same mistakes.

As always, I’ll keep you posted. Thanks for stopping by and Happy New Year.