View full transcript
KAREN: I got a text, and I was scammed out of $3,600.
ALLY DONNELLY: Did you think you were the kind of person that would fall for a scam?
KAREN: No. I never thought I would fall for this.
ALLY: These scammers have gotten really good.
SEAN DOWNEY: Don't be embarrassed, and realize there are ways to protect yourself.
KAREN: Anyone I can help from not being scammed, it's a good thing.
ALLY: Year after year, Americans report billions of dollars stolen through cyber scams. Thieves are working overtime using email, text, fake voice messages, and AI videos to steal our personal information and cash. They're relentless, sophisticated, and even the most tech savvy among us can get tricked. The good news is there are clear red flags that can help us spot the scams. Hi. I'm Ally Donnelly, and this is Money Unscripted, Fidelity's personal finance podcast. Today we're going to show you what to do to protect your money and your information. But first, I want to share Karen's story. It's all too familiar. She got a text from what she thought was her bank and ended up getting scammed out of thousands of dollars.
[UPBEAT MUSIC]
KAREN: I find such joy in dancing. I'm 68. I was a social worker for 37 years. I'm retired. And I feel as if I've earned the right to just enjoy my life.
ALLY: Enjoying her life, never thinking she'd be the victim of a cyber scam. Her adult son did have a warning.
KAREN: My son is so wise. And he had advised me that if anything came up that looked at all suspicious, that I should call him first.
ALLY: So what happened?
KAREN: So this is the text I got. "Bank Security: Did you initiate a transfer for $1,700.00 to David?" So I replied, "No." And then I got "Bank Security: Thank you. A temporary regional block has been placed. To speak with a representative, reply 1." So I replied, "1."
ALLY: So what did you think when you saw that?
KAREN: I was very upset. Somebody took $1,700 out of my bank account. I was horrified.
ALLY: And little did you know.
KAREN: And little did I know. They used the pretext of a scam to scam me. But I did start to call the bank. As it was ringing, the fraudster called me back, and I picked up that phone line. So I disconnected from the bank, which would have been, of course, the better thing to do, and I got on the phone with this woman. She asked to share my screen and at that point she had access to my accounts. And she was going to help me take care of this.
ALLY: They're sending you a note to ask if you had transferred $1,700, but in the end, they took $3,600 from you.
KAREN: That's right. They just used it to con me into giving them information so that they could take more money out of my bank account.
ALLY: Tell me the range of emotions-- angry.
KAREN: Angry. I was sobbing. Yeah, I was angry, but I was more angry at myself at that point than anything else. It was shame. There was a lot of shame.
ALLY: What do you do differently now to protect yourself?
KAREN: I wish I had taken a breath. And I can be reactive. And I think that's something to watch. And if I had slowed down for a minute, I might have thought about-- and I think that I did learn that lesson. Because I think anything that happens now, I will not be so quick to respond.
ALLY: So now you'll take a breath.
KAREN: I do. I think I learned my lesson.
ALLY: We've arrived with a camera crew. Why talk to us?
KAREN: Anyone I can help by telling the story-- this is happening to people all over-- I feel like that's something I can give back. And it's also a way for me to make something good out of something bad.
ALLY: I have to ask you this. What did your son say?
KAREN: Oh, that's a really good question. Well, first he was-- Mom, I told you, you should call me anytime this stuff happens. And I was so overwhelmed with emotion that he changed it. And he was like, Mom, this happens. Then he insisted that any money I get back, I should spend on something good for myself.
ALLY: Aw, that's a great thing. That's great advice. Karen was able to recover a few hundred dollars from the scam, but the bulk of the money, she never got it back. A big thank you to Karen for sharing her story, and so many of us can relate to it. I want to bring Sean Downey into our conversation now. Sean's the Head of Cyber Defense here at Fidelity. Sean, thanks for being here.
SEAN DOWNEY: Thanks for the invite.
ALLY: Your job is to detect and respond to cyber scams. And Karen was embarrassed, but it's just such a all-too-familiar story.
SEAN: Yeah. Karen shouldn't be embarrassed. These are professionals on the outside who have made careers in trying to steal money from people like Karen and like you and I.
ALLY: Yeah, yeah. We often think of-- or, at least, I do. When I think of fraud and scams, I think of seniors a lot. Is that a fair picture to paint of who are victims?
SEAN: Victims span all age ranges. More than half of them are under the age of 60 at this point. People over 60 might experience more losses, but that's simply because they've accumulated more assets over their lifetime.
ALLY: OK. Let's get a little deeper in. So phishing with a P-H is one of the biggest ways that thieves try to scam us, get into our system, so to speak. We've all had phishing emails, and they keep getting better and better and looking like they're from trusted sources. But we know that scams are coming from texts, phone calls, fake videos, just so much coming at us.
SEAN: Yeah. The whole phrase, "ishing," has really expanded over the years. So to your point, it started with phishing, it was emails. Text messaging is now referred to as "smishing," so SMS. We have quishing, which is using QR codes to trick people. And then you also have vishing, which is simply the voice calls people might receive. So the actors are using the same techniques and the same goals but just using different mediums to try and reach their victims.
ALLY: The best offense is a good defense. So as these emails are coming in, as these phishing emails are coming in-- and they've gotten so good and so sophisticated. And it's hard to hold back from clicking sometimes. So give me the red flags I should look out for.
SEAN: Yeah. I think I like to bucket into a bunch of different Ss, really. So you have your sender. Do you expect to receive this message from that person? When you look at the subject line, does the subject line stand out as something professional or something that looks like it might have been crafted to try and trick you into something? There could be suspicious attachments to it, something, again, you wouldn't expect to see. Look in the body of the message for any grammatical or spelling errors. And then there's a sense of urgency to all of it. I think when you look and you piece that together, and whether it's madam or it's grammatical or spelling mistakes-- just take a second to read it. You'll see the suspicions there arise, and it can give you a chance to pause.
ALLY: I have to say, I have an easier time spotting them when they go to my personal email. But when they come to a work email and they're looking for me to-- your end-of-year this. I'm like, oh, yeah. I'm much more apt to click. Do you find that?
SEAN: People are apt to click, I think, anywhere. But I would say--
ALLY: I probably shouldn't say that to you as Head of Cyber Defense here at Fidelity.
[LAUGHS]
SEAN: I think companies do a really good job now with leveraging tools that will say, hey, this is from an external sender. This is not someone you typically receive an email from. Or you can still look for the same suspicious email address that doesn't make sense. So the same patterns might apply, but companies do a good job of applying controls like that.
ALLY: I personally feel like I get more and more of scam or fake text messages. I got a really weird one the other day that I thought, huh. It took me a minute because it was purportedly from a neighbor. It said, stop throwing trash in my yard. I was like, I would never throw trash in someone's yard. I had such an urge to respond to that. But knowing that I would never throw trash in someone's yard and I didn't know the number-- something as-- what's seemingly mundane as that, could that be a way for someone to get in?
SEAN: I think, frankly, people are used to seeing the phishing campaigns, the emails at this point. I think we've all been trained personally and in our jobs to pay attention for those things. The text messaging, the smishing, is a little bit newer. I've probably had three or four myself just this morning, texting me saying, hey, Sean, how have you been? Looking to start a conversation. And who knows where it's going to go? We're also seeing they're taking advantage of taking a company logo and putting it into the text message to say, hey, this is bank X. Your account's overdrawn. Please contact us by clicking this link.
ALLY: Yeah, yeah. What do you do when you get a text message that says, hey, Sean, how you doing?
SEAN: I usually pick the option delete and report because the carriers do a really good job with taking those numbers and trying to compile into their databases for protection.
ALLY: I'm going to make sure my cell phone gets into yours so you're not reporting me. OK. Let's move on. As we think about these, I also am highly aware, obviously, as we all are, of the rise in AI and AI scams and what it is able to do. And I think even more unsettling when we talk about-- they can clone your child's voice if they can get it off of social media, or they can deepfake a video. That's super unsettling.
SEAN: It is. And AI is going to change some of the warning signs I talked about before. AI helps defeat that. So the grammatical errors will start to go away because they can use AI to generate a more realistic text message or email. When people have videos or their voices that are recorded online, in social media, or YouTube, the actors can take that and then try and clone your voice. And we've seen many situations where that's happened over the years.
ALLY: Yeah. So if I'm getting a call from my teenage daughter who says, hey, I've been arrested by the police at a party, and I need you to send $2,000, what am I supposed to do?
SEAN: Yeah. And those scams are definitely on the rise. I think one of the things that families can consider-- or anybody consider, frankly-- is the use of a code word. So think about, with you and your daughter, if there's a family code word that only you all know-- and it doesn't need to be used just for potentially for a scam. If she's in a situation she's uncomfortable with, she uses it. You know that. But for these situations here, it's really important where you can try and work in that question. And if you don't receive it, you can know pretty quickly that there's something that's not right.
ALLY: The teenager example is one example. How else are we seeing the voice cloning and the videos?
SEAN: Well, I think you can have-- there's imposter scams out there right now, so whether it's a romance scam or it's tech support. People take advantage of grandparent scams, as we've seen before. So like we've said before, this is a business to the criminals. They play on our emotions.
ALLY: Yeah, yeah. What about investing scams?
SEAN: Investing scams are certainly on the rise. I think everybody has probably received a text there or on some social platform offering to join some investment club. You have to realize that just like if you were to receive an SMS message-- banks and investment firms are not going to start social media investing clubs.
ALLY: Right. Right. Yeah. So it's using that common sense, which leads me to my next question. Let's go beyond the spotting red flags. What else can we do?
SEAN: I think people just need to pause. When you receive an email or a text message like Karen did, pausing and taking control of the situation's important. Once you start to engage, that's when the criminal will start to come back to you with more engagement and try and play on that relationship they're building with you. Pick up the phone and call the bank directly or your investment firm directly.
ALLY: Which Karen started to do.
SEAN: She started to do. And then because she had engaged, unfortunately, the person called her back.
ALLY: Yeah, yeah. I thought it was so interesting too, where she was saying, no, she wasn't pushy. She said we could do it another time. That's pretty good.
SEAN: That's sort of the MO for these criminals. Actually, interestingly enough, when you deal with ransomware events, they offer you customer service to help you recover what they've encrypted and to facilitate fixing problems.
ALLY: What do you mean? Say more.
SEAN: So in order for companies to pay the ransom-- you pay the ransom. Then they'll offer to help you. They'll tell you where the flaws were, and they'll walk you through it. And they literally will offer you customer service.
ALLY: That is wild. That is wild. OK. If I have been scammed, now what?
SEAN: If you think you've been scammed, call the institution that you think you've been scammed from. They'll have resources for you. They can help you. If you think you've had your username and password compromised through the scam, you're going to want to change that and make sure you've got multi-factor authentication enabled to have that second layer of protection for your account.
ALLY: Sure. OK. What about-- you've been talking about the FTC or the FBI. What resources are there?
SEAN: Yeah. There's a lot of great resources. So the FTC's website or the FBI's website will have plenty of information for you. You can even call your local police, and they'll help you.
ALLY: OK. A lot of people-- maybe, perhaps, especially seniors, but I think for anyone-- they're embarrassed if they've fallen victim to a scam, just like Karen was. What do you say to those folks?
SEAN: Do not be embarrassed. In 2025, the FTC estimated more than $15 billion in losses. This is a growing business and something that's going to continue to be happening. We talk about the SMS messages that are continuing. There are some criminal groups that can send up to 100,000 text messages a day.
ALLY: That's amazing.
SEAN: Yes, because there's money in this. They're investing in the infrastructure, and they're sending these messages regularly.
ALLY: Wow, $100,000 a day.
SEAN: Yes. I think it's important to start the conversation with-- like, I started with my mom. I also have the conversation with my teenagers. People need to realize that not everything they receive in email now or SMS is something that they need to respond to. They do need just to pause and think about that. Think, do you really have that subscription? Did you really install that software on your laptop at home? Do you really need to respond to the antivirus message?
ALLY: Before I let you go, let's recap some key points you really want folks to walk away with.
SEAN: Yeah. I think the most important thing really is just to slow down, to pause, take a breath, and get your bearings on the interaction. It's OK to be skeptical. I think we've all become skeptical on emails. You can be just as skeptical on phone calls you receive or SMS. When you do receive emails or text messages, read them carefully. Even with AI, we're still going to see things that might jump out at you that don't seem to be normal. If you're concerned, call the institution that you're concerned about. They will help you immediately. They have resources for you. Remember that you can control these interactions because these are conceivably the banks and the institutions that you work with. You're the customer. You take control. And I think finally, I would say, we talk about take control, but it's-- talk to your families. Talk to your parents. Talk to your kids. Talk to your brothers, your sisters, whoever. The more you actually talk about these situations and maybe events you've gone through, the more you drive awareness in your family to be protected.
ALLY: I love the element of take control. It's just super empowering. Sean, thank you so much.
SEAN: Thank you.
ALLY: And thanks to all of you for joining us today. We have more resources to help you protect yourself from cyber scams. It's in our show notes and on our website, Fidelity.com/MoneyUnscripted. Be sure to like, follow, and share the podcast. And we'll see you next time on Money Unscripted. It's your life. Get your money's worth.
