When Fraud Prevention Becomes the Fraud
How Scammers Posing as Bank Investigators and Anti-Fraud Agencies Weaponize Institutional Trust
Scammers have learned that the most powerful disguise is the protector’s. By impersonating anti-fraud agencies, bank investigators, and recovery services, fraudsters exploit the very defenses people rely on—creating a recursive loop of manipulation that erodes the victim’s ability to trust anything at all.
The Anti-Scam Scam: A Call from the Protector
A woman in Singapore—a finance professional in her fifties—picked up the phone one day in December 2024 and heard exactly what she expected to hear from a police officer calling about suspicious activity. The voice was calm, procedural, authoritative. It identified itself as belonging to an officer at the Anti-Scam Centre—the government unit established, with some fanfare, specifically to protect citizens from fraud. The call was then transferred to a “police inspector,” who informed her she was suspected of money laundering and needed to “prove her innocence.” Over the following month, she lost 1.2 million dollars. The officers, of course, were not officers. The Anti-Scam Centre had been the scam.
Her case was not an anomaly. In 2024, Singapore recorded fifteen hundred and four reported instances of government-impersonation fraud, with aggregate losses of at least a hundred and fifty-one million Singapore dollars—figures independently confirmed by The Straits Times and Channel NewsAsia. The numbers are startling, but the underlying logic is more startling still: the most effective mask a con artist can wear turns out to be the face of the person you’d call for help.
The Bank Investigator Scam: Spoofed Caller IDs and Flawless Scripts
Two cases in Canada illustrate the same architecture from different angles. In Ottawa, police warned of a sophisticated variant in which scammers impersonated police investigators via email, defrauding victims of approximately four hundred thousand Canadian dollars in total. Separately, a Royal Bank of Canada customer living near Montreal lost exactly 14,510 Canadian dollars after a phone call from someone who appeared—via spoofed caller ID—to be calling from RBC’s own fraud department. The scammer replicated the bank’s fraud-alert script with such precision that the victim told CBC something that lingers: “There were absolutely no warning signs.” She did not mean that she had been careless. She meant that the performance had been flawless—that the fraudster’s script was indistinguishable from the bank’s actual protocol, because it was the bank’s actual protocol, studied, rehearsed, and delivered with the fluency of someone who had done this many times before.
In Australia, the National Anti-Scam Centre—a body created to serve as the country’s central clearinghouse for fraud prevention—issued a warning that criminals were now impersonating its own employees, calling people to tell them their phone number was being used in a scam. A subsequent alert confirmed that scammers were spoofing the ACCC’s own phone numbers. The warnings were the scam. Dr. Kam-Fung Cheung, a researcher at the University of New South Wales, has a term for this. As he told ABC News Australia: “This tactic—authority exploitation—leverages people’s trust in authority to make them less likely to question the authenticity of the communication.” The phrase is clinical. The phenomenon is not.
Recovery Room Scams: How Fraudsters Victimize the Already Defrauded
If impersonating a fraud investigator is the first turn of the screw, the second is what the British Financial Conduct Authority calls the “recovery room.” The term has a grim aptness. Recovery room scams are operations that target people who have already been defrauded—approaching them with offers to reclaim their stolen funds, for a fee. The cruelty is architectural: the victim, already wounded, is offered what appears to be a hand up. It is, instead, a hand reaching into a pocket that has already been emptied once.
The F.C.A. has documented cases in which the people behind the original fraud also operated the recovery room, contacting the same victim under a different name, from a different firm, with a different pitch—but the same intent. The F.C.A. confirms that operators “sell on their details to other recovery rooms.” In American parlance, the resulting databases are known as “sucker lists”—a term documented by the Federal Trade Commission, which explains: “Scammers buy lists of people who’ve paid scammers. They call it a ‘sucker list.'” If you have been scammed once, your phone number and your psychological profile—your demonstrated susceptibility—become commodities.
Belgium’s financial regulator, the FSMA, has traced this pattern into the cryptocurrency markets. Entities with names engineered to sound institutional—”Blockchain Agent Ltd” was one, operating under multiple aliases and targeting victims of earlier crypto platforms including CFD Advanced and Winngroup—contacted victims, expressed sympathy, and requested upfront payments to initiate “recovery proceedings.” The proceedings, naturally, did not exist. In many documented cases, losses from the recovery room scam exceeded the losses from the original cryptocurrency fraud. The wound was smaller the first time.
Epistemic Collapse: How Scammers Exploit Trust to Destroy the Ability to Think Clearly
What makes these schemes so corrosive is not merely the financial damage—though it is substantial—but the epistemic damage. That is a word researchers use, and it is the right one. Each layer of deception degrades the victim’s capacity to evaluate information, to distinguish a legitimate communication from a fraudulent one. The effect is cumulative and, in its advanced stages, profoundly disorienting.
Psychologists describe several mechanisms at work. The first is trust oscillation: a pendulum swing between credulity and paranoia. A person who trusted completely—who followed every instruction from a voice that sounded like authority—may, once burned, trust nothing at all. But total distrust is not a stable state. It is exhausting, isolating, and, paradoxically, it opens a new vulnerability. The person who believes that “everyone is lying” is susceptible to the one voice that says, “You’re right—everyone is lying. Except us.” The instability is not a side effect of the fraud. It is the objective.
The second mechanism is gaslighting applied to financial fraud. Lisa Mills, a Senior Fraud Manager at Victim Support and a recognized expert on romance fraud who has spoken on the topic at the LSE and appeared on BBC and ITV, has described how financial scammers systematically undermine their victims’ confidence in their own perceptions—their memory, their judgment, their sense of what happened and when. The mechanism parallels the gaslighting documented in domestic abuse literature: victims are led to doubt their own grasp of reality. Douglas Shadel, formerly Strategy Director for AARP’s Fraud Watch Network and now Managing Director of Fraud Prevention Strategies, uses a more visceral metaphor. In interviews about his conversations with convicted scammers, he recounts that when asked about their strategy, they all gave the same answer: “Get the victim under the ether”—a state of heightened emotional arousal in which the apparatus of logical reasoning simply ceases to function. The metaphor is medical, and deliberately so. It implies a procedure performed on someone who cannot feel what is being done to them.
The third mechanism is learned helplessness—a term borrowed from behavioral psychology, where it describes the condition of an organism that has been exposed to inescapable aversive stimuli until it stops attempting to escape, even when escape becomes possible. In the fraud context, repeated exposure to deceptive content that mimics legitimate warnings produces something analogous: a fatigue so deep that people stop processing alerts altogether. When real fraud warnings sound identical to the frauds themselves—same tone, same urgency, same institutional branding—the rational response, verify everything, becomes functionally impossible. There are only so many hours in a day, and only so much suspicion a person can sustain before the cognitive budget runs dry.
The Firehose of Falsehood, the Illusory Truth Effect, and the Liar’s Dividend
In 2016, the RAND Corporation published a study identifying a propaganda strategy it called the “firehose of falsehood”: a high-volume, multichannel information assault characterized not by consistency but by its opposite. The messages contradict one another. They are not meant to persuade. They are meant to exhaust—to flood the zone with so much noise that the audience loses the ability, and eventually the desire, to determine what is true. Repetition exploits the illusory truth effect, the well-documented cognitive bias in which a statement heard multiple times begins to feel accurate regardless of its content. Contradiction, rather than undermining the strategy, reinforces it: when everything is contradicted by something else, belief itself becomes untenable. And fact-checking, however diligent, is structurally outmatched—it is slow, unemotional, and always playing defense.
RAND was writing about state-level disinformation campaigns. But the architecture maps neatly onto individual fraud. When every phone call might be spoofed, every e-mail might be phishing, and every “fraud alert” might be the fraud itself, the victim inhabits a closed epistemic loop: the tools of protection have become indistinguishable from the instruments of attack.
The downstream consequence is what law professors Bobby Chesney and Danielle Citron described in a 2018 paper as the “liar’s dividend”—the paradox in which the very prevalence of deception makes it easier for any particular deception to succeed, because nothing can be trusted, and therefore anything can be denied. Authentic communications get dismissed as fabrications. Genuine evidence is waved away. As CSIS researchers have discussed, sustained exposure to synthetic and manipulative media erodes trust not only in the false content but in all content—a dynamic they describe as “distrust of everything.”
Pig-Butchering Scams Explained: The Three-Layer Architecture of Long-Duration Fraud
The closed loop is most fully realized in what are known as pig-butchering scams—long-duration investment frauds that combine financial manipulation with sustained emotional grooming. (The term, borrowed from Chinese criminal slang, refers to the practice of “fattening” a victim before the slaughter; it is as unpleasant as it sounds.) Researchers studying these operations have identified a three-layer architecture of fabricated legitimacy and platform-enabled fraud:
Layer one: algorithmic exposure. Fraudulent content is normalized through its presence on mainstream platforms, where recommendation engines treat it no differently from legitimate material.
Layer two: fabricated legitimacy. Fake trading interfaces, fake payment portals, fake customer-service chats—all designed with sufficient fidelity to pass casual inspection. Early positive signals (a first payout, a rising balance) establish initial trust through carefully managed positive feedback.
Layer three: relational maintenance. Group dynamics, emotional bonds, social pressure, and the sunk-cost psychology of someone who has already invested time, money, and trust make exit socially and emotionally costly.
A single warning cannot disrupt a belief system that has been constructed through dozens of reinforcing signals across weeks or months. Risk perception, as one study put it, “is repeatedly recalibrated across interactions”—each small positive experience shifts the baseline. By the time the victim encounters a red flag, the flag has to compete with an accumulated weight of evidence—all of it fabricated, but all of it felt.
The human toll is illustrated by an academic study conducted by researchers at UC Davis, based on in-depth interviews with twenty-six pig-butchering victims. Within that group, twenty-two participants—eighty-four point six per cent—reported that, afterward, they found it difficult to trust anyone online, including people they had known before the fraud. The study is qualitative and its sample is small, but its findings are consistent with broader clinical observations: the scam did not merely take their money. It damaged the faculty by which they form and maintain relationships.
How to Protect Yourself: Structural Defenses Against Trust-Based Fraud
The conventional wisdom about fraud prevention—”be vigilant,” “don’t trust strangers,” “if it sounds too good to be true, it probably is”—belongs to a simpler informational environment. It assumes that the victim can distinguish the warning from the threat, the protector from the predator. In the current landscape, that assumption no longer holds. Effective protection requires something more structural.
Independent verification, not personal trust. Banks and regulatory agencies across several countries have begun emphasizing a stark message: no legitimate institution will ever ask you to transfer funds to a “safe account,” provide complete login credentials over the phone, or make an immediate decision under time pressure. If any of these things happen, the interaction is fraudulent, regardless of how authentic the caller sounds. The operating rule is simple and non-negotiable: never verify the identity of a caller using information the caller has provided. Hang up. Find the institution’s number independently. Call back.
Cognitive inoculation against manipulation. Researchers in the field of psychological inoculation—notably teams at Cambridge University and Cornell University—have demonstrated that exposing people to weakened forms of deceptive arguments, accompanied by detailed refutations, before they encounter the real thing functions as a kind of mental vaccine. RAND researchers support this approach, recommending “finding ways to help put raincoats on those at whom the firehose of falsehood is being directed.” Studies suggest that people who have been walked through the mechanics of a manipulation technique are better equipped to recognize not only that specific technique but related ones they have not yet seen. The logic is immunological: the body learns to recognize a category of threat, not merely a single pathogen.
Breaking the shame cycle that keeps victims silent. The same UC Davis study (N=26) found that nineteen participants—seventy-three per cent—felt too humiliated to discuss their experience with anyone, and seven participants—twenty-six point nine per cent—said that fear of judgment prevented them from reporting the crime at all. The sample is small, but the pattern is consistent with what organizations like Victim Support observe across thousands of cases: shame is the con artist’s most reliable ally after the fact—it isolates the victim, prevents them from seeking help, and keeps them vulnerable to the next approach. Professional legal counsel operates under privilege and confidentiality. There is no audience for the disclosure, and no judgment.
Platform accountability for detecting fraud patterns. Because modern fraud exploits the design conventions of legitimate platforms to build trust—mimicking interfaces, payment flows, and verification processes—the platforms themselves bear a responsibility to detect patterns of manipulation. Prolonged grooming engagements from unverified accounts, transaction patterns inconsistent with a user’s history, sudden large transfers to unfamiliar destinations: these are detectable signals, and failing to act on them is a choice.
A Protocol That Doesn’t Require Trust
The fundamental difficulty remains, and it is worth stating plainly. In an environment where protective institutions can be impersonated with near-perfect fidelity, trust itself becomes a vulnerability. The solution is not to restore trust in any single institution, any single voice, any single call or e-mail or alert. The solution—imperfect, demanding, but durable—is to build habits of independent verification that function regardless of who appears to be on the other end of the line. The woman in Singapore trusted the voice of authority. What she needed was not a better authority to trust. What she needed was a protocol that did not require trust at all.
Frequently Asked Questions
What is a bank investigator scam? A bank investigator scam occurs when criminals pose as fraud investigators from your bank, using spoofed caller IDs to display the bank’s real phone number. They replicate the bank’s actual fraud-alert script—including verification questions, hold music, and transfer procedures—to convince you that your account has been compromised and that you need to move money to a “safe account.” The safe account belongs to the scammer.
How can I tell if a fraud alert from my bank is real? Never verify the caller using information they provide. Hang up, wait a moment (scammers can hold the line open), and independently call the number printed on your bank card or listed on the bank’s official website. A legitimate institution will never pressure you into an immediate transfer or demand full login credentials over the phone.
What is a recovery room scam and how does it work? A recovery room scam targets people who have already lost money to fraud. Criminals—sometimes the same people behind the original scam—contact the victim offering to recover their lost funds in exchange for an upfront fee, a “tax payment,” or a “legal deposit.” The recovery services do not exist. The FCA, FSMA, FTC, and other regulators consistently warn that legitimate recovery of stolen funds does not require advance payment.
What is a pig-butchering scam? A pig-butchering scam is a long-duration investment fraud combined with emotional manipulation. The scammer builds a relationship with the victim—often through dating apps or social media—over weeks or months, then introduces a “can’t-miss” investment opportunity on a fabricated platform. Early returns are paid out to build trust. By the time the victim tries to withdraw a larger sum, the platform locks access and the scammer disappears. Warning signs include: unsolicited contact that quickly turns to investment advice, a trading platform not registered with any financial regulator, and early “profits” designed to encourage larger deposits.
How do I recover money lost to a scam? Report the fraud to local law enforcement and the relevant financial regulator. Contact your bank immediately—in some cases, transactions can be reversed if reported quickly. Consult a lawyer with experience in financial fraud matters. Do not engage with any company that contacts you offering to recover your funds for an upfront fee—this is very likely a secondary scam.
Founder and Managing Partner of Skarbiec Law Firm, recognized by Dziennik Gazeta Prawna as one of the best tax advisory firms in Poland (2023, 2024). Legal advisor with 19 years of experience, serving Forbes-listed entrepreneurs and innovative start-ups. One of the most frequently quoted experts on commercial and tax law in the Polish media, regularly publishing in Rzeczpospolita, Gazeta Wyborcza, and Dziennik Gazeta Prawna. Author of the publication “AI Decoding Satoshi Nakamoto. Artificial Intelligence on the Trail of Bitcoin’s Creator” and co-author of the award-winning book “Bezpieczeństwo współczesnej firmy” (Security of a Modern Company). LinkedIn profile: 18 500 followers, 4 million views per year. Awards: 4-time winner of the European Medal, Golden Statuette of the Polish Business Leader, title of “International Tax Planning Law Firm of the Year in Poland.” He specializes in strategic legal consulting, tax planning, and crisis management for business.
