John Richards, the 73-year-old former technician from North Yorkshire, was able to turn the tables on hackers attempting to steal thousands of pounds in a complicated PayPal scam. Instead of falling victim, Richards was able to keep the money from the scammer with the help of his bank, and refuses to give it back.
“Don’t take friends for fools,” Richards told the scammer and kept the money – £1380 in total. “Kiss good bye to your cash.” He plans to hold on to the money until PayPal can prove to him that the money belongs to real people, and not the scammers.
Richards talked exclusive to CyberNews about the scam that almost cost him. There are thousands of victims like Richards on Facebook. However, while his story turned out well in the end, others have not been so lucky. It’s been estimated that the complex PayPal scam steals millions of pounds from victims every single month.
Turning the tables
Early in the morning of August 3, Richards received an unusual message from a Facebook acquaintance (the language in the quotes is left as is):
“Can you help me receive a payment for my camera if you know how to?”
In a copy of the Facebook messages shared with CyberNews, Richards agreed and thought nothing of it when the first payment of £690 came in. However, as four more payments for the same amount poured in, Richards started becoming suspicious. “All this for a piano?” he asked his friend – even though initially it was for a camera. He then mentioned: “I smell a bit of a rat.” However, the scammer ignored the comments.
"All this for a piano? ... I smell a bit of a rat."
The first problems for the scammers came when two of the five incoming payments were blocked by PayPal. But the three remaining payments of £690, totaling £2070, went through without a hitch, and Richards was able to transfer those to his bank account.
When he tried to transfer the entire sum to his “friend,” however, Metro Bank blocked it. “My bank spotted the fraud and blocked the transfers I set up, returning £2070 to my current account on Monday morning,” says Richards.
That’s when the scammer, pretending to be Richards’ friend, started becoming agitated, pressuring Richards to call the bank as soon as possible to get the transfer cleared.
“Can u call metro one more time please to confirm for me please?” the scammer asked. “No point,” Richards responded. “They jusdt [sic] confirmed transfers made OK five minutes ago.”
The scammer wrote back, with an offer: “just give them one ring for me just to make sure and then keep £50 for helping.”
However, Richards was unable to help. The scammer then came up with a bizarre proposal: “Could you loan me £1000 if you have it spare and in 2 hours i'll sort it back with £200 on top for all your help mate then that's this done.”
Smelling something suspicious, Richards rejected this idea and asked the scammer for a phone call so that Richards can verify his identity. But the scammer refused, claiming that he was at work: “i want to call you but got managers overlooking me.”
Richards replied: “go to the loo and phone me? waiting on you for confirmation.”
That confirmation never came, and when Richards was certain that his “friend” was in fact a scammer, Richards wrote the final message before blocking him: “Kiss good bye to your cash.”
Since then, one payment of £690 was reversed on Richards’ PayPal account, and he transferred that amount back to his PayPal to bring his account back to zero. A few days later, another £690 payment was reversed, but Richards has flat-out refused to return the money to PayPal until they can prove that the funds were taken from real people, and not scammers.
How the scam works
It’s a popular and complicated scam we’ve written about before: a hacker gets into your friend’s Facebook account. The hacker, posing as your friend, starts messaging you, asking for help. They’ve just sold something, like a camera or piano, but are having problems with their PayPal. They’ll ask if you can receive the money in your PayPal account instead, and for you to transfer them the money to their bank account.
So you receive the money into your PayPal, and transfer it to your bank, then transfer it to their bank account. You shouldn’t lose any money if it was legit, and the hacker will even offer you a small reward – 10 or 15 quid per transfer – for your troubles.
The only problem? He’s hoping you don’t know about PayPal’s “chargeback” feature. In this, PayPal can reverse the money that was sent to you, even if it’s been days after you received the payments in your PayPal. So long after you’ve transferred the money to the hacker’s bank account, you’ll get a negative charge on your PayPal account. Meaning you’ve lost quite a bit of money.
Numbers-wise, it would look like this:
- Your “friend” sends you £400 via PayPal. You now have a £400 surplus in your account.
- You send £400 via bank transfer to the hacker’s bank account. You now have a zero balance (you didn’t lose or gain any money).
- The person who sent you the £400 does a chargeback, and the money is removed from your PayPal account.
- You’ve now lost £400, and you can’t get it back.
Except, in this case, it was the 73-year-old former technician who made a profit, and the scammers that lost their money.
PayPal’s fraud detection problems
One big bone of contention here for Richards is PayPal’s irregular method for detecting and preventing fraud.
“If they policed their transactions and user-base better, the frauds would be headed off before the money ever left PayPal,” says Richards. He believes that the manner that PayPal has handled his case has been disappointing, to say the least.
“Throughout my exchanges with PayPal over the last week they have consistently tried to avoid their complicity and claiming no responsibility for what happens outside PayPal,” says Richards.
He also wonders how the transfers were initiated in the first place – since he had not sent a payment request, but instead his “friend” the scammer likely triggered them. He believes that their fraud detection system is lacking: “Five identical inbound transfers from five different people should have triggered at least an internal warning as such a sequence should be seen to be against PayPal rules.”
“One might regard the current situation as indicating a "pandemic of fraud" made possible by PayPal's inability or refusal to take simple actions that would prevent it.”
But PayPal seems to be behind traditional banks when it comes to catching these signals.
“The end result should hopefully mean they would issue warnings when strange and likely unauthorised transactions arrive and when a transfer is triggered of funds from PayPal to a user’s bank account. As an example, I made a transfer to a new payee this morning from my bank and they put up a warning asking if I was sure the payee was OK.”
“One might regard the current situation as indicating a "pandemic of fraud" made possible by PayPal's inability or refusal to take simple actions that would prevent it,” says Richards.
A PayPal spokesperson told CyberNews: "We always recommend that people should never accept or move money on behalf of someone else. If you get such a request, just say no.
"We never lose sight of the fact that we are entrusted to look after people’s money. We take this responsibility very seriously and use advanced fraud and risk management tools to keep our customers and their payments safe. We go to great lengths to protect our customers, but there are still some basic precautions we should all take to avoid scams:
- Be wary if you receive unusual requests about your PayPal account, especially requests to move large amounts of money, even when the request appears to come from someone you know
- Always question uninvited approaches in case it’s a scam, and check directly with the person concerned to verify the request
"PayPal continually works with our customers to educate them of potential scams and explain ways they can protect their accounts and money. Additionally, the UK anti-fraud campaign Take Five also has lots of tips about staying safe from scammers."
Modulr Finance and scammers
The scammer used a Modulr Finance electric money account to accept the money from their victims. Its Google Review page shows an average rating of 1 out of 5 stars, with all four reviewers mentioning the fact that it assists scammers.
While Richards was chatting with the scammer (who he assumed was his friend), Richards’ bank blocked payments to the scammer’s bank account. In seconds, the scammer created another account to receive the money.
Unfortunately for the scammer, this raised another red flag for Richards – normal people don’t create multiple accounts in seconds. The Modulr website states that users can “Open and manage unlimited e-money accounts in seconds, 24/7 via Modulr's API.”
However, a Modulr spokesperson told CyberNews that it is a "business-only proposition" and therefore they "do not allow individual consumers - nor are individual consumers directly able - to open and manage unlimited e-money accounts." Businesses can only open Modulr accounts after AML and KYC compliance checks, and account-generating access is granted only after they received regulatory approval from the Financial Conduct Authority.
Given these requirements, it is unclear how the scammer was able to hold a Modulr account.
When asked about its reputation, the Modulr spokesperson told CyberNews that it does not assist scammers in any way. "We have a zero-tolerance policy to criminal activity and condemn bad actors who exploit and steal money from their victims. Modulr complies with its regulatory obligations and seeks to recover funds where possible," the spokesperson said.
Modulr is authorised and regulated by the Financial Conduct Authority as an electronic money institution (under its Modulr FS Ltd entity FRN: 900573). A Modulr representative informed us that Modulr has "strict controls in place to protect both our clients and their customers. This means we work closely across the industry to prevent, detect and disrupt all aspects of financial crime.
“While we are unable to comment on individual cases, we are aware of sophisticated impersonation scams that attack the financial industry. These are known as authorised push payment fraud (‘APP fraud’) and meet the description you provided. In the unfortunate event that fraud occurs, we will undertake a joint investigation with our partner to resolve the issue.
“We are actively engaged in activities working closely with industry bodies (such as UK Finance) and law enforcement to prevent and disrupt all types of financial crime. APP fraud is a significant problem shared by the industry. We also run educational marketing campaigns on how consumers and businesses can spot and protect themselves from APP fraud. We continue to follow best practice and participate in current and future initiatives such as Confirmation of Payee, even when not mandatory for our business.”
Unfortunately, the story did not turn out so well for other victims, who were also Facebook friends of the compromised account. Another victim, who prefers not to be named, was also involved in a similar scheme.
However, things turned out worse, as she received all five payments of £690, and transferred four of the payments, totalling £2760, to the scammer’s bank account. All five of the PayPal payments were reversed, and she’s essentially lost out on that sum.
One of the people that transferred the money into hers PayPal account, Mubarak Hassen, told CyberNews that he had no idea how the money was transferred from his account to this victim's account in the first place. “I never sent it, never sent it,” he said. “I just got a notification that someone had made a transfer and I canceled it.”
She believes that the other accounts used to transfer money into her PayPal may also belong to real victims, although some may be from scammers.
As with Richards, this victim is frustrated by PayPal’s lack of assistance. In a copy of the customer support conversations seen by CyberNews, a PayPal representative claims to know of the scam, but disavows any association with it: “PayPal doesn't have any involvement in this scam modus.” Instead, the agent says, “the bank will be the one who needs to pull out the money coming from the hacker's account.”
Unfortunately, Lloyds Bank has informed her that she will not be able to get her money back. In the response letter provided to CyberNews, Lloyds says:
“As you didn’t conduct sufficient checks before making the payment we are unable to offer shared liability with you as we had sufficient mechanisms in place to protect you.”
A Lloyds Bank representative told CyberNews:
“Helping keep our customers’ money safe is our priority and our specialist fraud-fighting team works 24/7 behind the scenes with industry-leading defence systems to protect against scammers.
“It’s important for people to remember that if they’re contacted out of the blue and asked to move, receive or transfer money for someone else, they should take steps to verify that the person who’s asking is genuine and if the payee details cannot be checked or don’t match via the Confirmation of Payee name-checking service, this should be an immediate red flag.”
“I am a single parent and have managed to provide for myself and my 16-year-old son, without having to ask for government handouts and now, because of a message asking for help from a ‘friend’ I find myself in all this trouble.”
The victim says the stress from the scam has affected her mental health: “I have taken the rest of August off so that I can deal with this mess and look after my mental health.” Unfortunately, this means that she will lose three weeks of earnings from her business.
“I am a single parent,” she laments, “and have managed to provide for myself and my 16-year-old son, without having to ask for government handouts and now, because of a message asking for help from a ‘friend’ I find myself in all this trouble.”
She’s also not sure what actions PayPal will take against her and how that will impact her business ventures. “Even if they can’t take money out of my personal bank account, they can take money from my PayPal balance, meaning that I now have to tell customers that they cannot use Paypal to pay for services. I will need to find a secure online payment service, because it is clear that Paypal are not fit for purpose as they obviously do not vet their ‘buyers’ who could all be part of a nationwide scam.”
Richards and the second victim have both contacted the Action Fraud agency, as well as the Financial Ombudsman and the Financial Conduct Authority. The cases are still under investigation.
Update August 13: This article was updated to address inaccuracies with how Modulr's services were represented.