impersonation

Why Your Local Police Cannot Help With Online Scams

Multi-state cyber fraud networks are targeting US consumers with coordinated scams. Learn how these rings operate, spot the warning signs, and report it.

Why Your Local Police Cannot Help With Online Scams

The Jurisdiction Trick: Why These Rings Are So Hard to Stop

I spent eleven years investigating wire fraud before I left the Bureau. Here is the part nobody tells victims when they finally call us: the moment a scammer crosses a state line, your local police lose the case.

Not legally. Practically.

Detroit PD does not have subpoena power in Nevada. Your county sheriff cannot pull bank records from a credit union in Florida. And the scammer counts on it. Every multi-state fraud ring I worked was built on this single insight, that jurisdiction is the soft spot in American law enforcement, and you can drive a truck through it.

The structure is boring once you have seen it twice. One person, usually called the "ID man" inside the crew, builds the fake identities. He sits in Texas with a Costco-pack of synthetic SSNs and registers LLCs in Wyoming because Wyoming asks the fewest questions. A second person, the "opener", runs the first call to the victim. He is in the Dominican Republic on a VPN that exits in New Jersey. A "mule recruiter" sits in Atlanta running fake remote-work listings on LinkedIn. The mules themselves, the people who actually receive the stolen wire and forward it, are college students in eight different states who think they are processing payments for a Shopify import business.

That is one ring. By the time the wire leaves the victim's bank, four states and one foreign country have already touched the transaction. No single police department can pull all those threads.

What changes the math is the FBI's Internet Crime Complaint Center. When IC3 sees five victim reports that share a phone number, a wallet address, or a wire destination, that bundle becomes a case. Not your case. A federal case. That is the only path that actually goes anywhere on multi-state fraud. Local police can take your report, and they should, but the case will not move until IC3 sees the pattern.

What to Look For Before You Send the First Dollar

I will save you the generic checklist every "red flags" article copies from every other one. Here are six signals I trained agents to flag, plus a couple the public-facing articles routinely miss.

  • Any verification step that involves you sending money. That is the entire scam, compressed into one sentence. Identity verification never costs the customer money. If a "bank fraud officer" tells you to move funds to a "safe account" to verify them, hang up. It is not a real procedure that exists at any bank in the United States.
  • A number that calls from your own area code. Neighbor spoofing is so cheap now that real cold-calling teams have stopped using random numbers. If your local area code calls and the caller claims to be from a national agency, that mismatch alone is enough to refuse the call.
  • Pressure to stay on the line while you go to the bank. Real institutions schedule callbacks. Scammers cannot, because the moment you hang up and check, the spell breaks.
  • A request to communicate over WhatsApp, Telegram, or Signal. No US bank, no federal agency, no credit bureau will move a serious conversation to an encrypted consumer messaging app. None of them. If someone asks you to switch platforms, that is the end of the conversation.
  • An "officer", "agent", or "specialist" who refuses to send you something in writing on official letterhead through the postal service. Real cases generate paper. Always.
  • An emotional escalation that feels too fluent. The opener on a well-run ring has a script with three branches for hesitation, two for skepticism, and one for "I'm calling my son". If your reasonable objections are being defeated faster than you can think of them, you are talking to someone reading from a binder. Hang up.

What Actually Happens to a Victim

A woman in Portland, Oregon reported to the FTC last fall that she got a text from what looked like her bank's fraud line. The text quoted a real transaction from the prior week, which the ring had pulled from a breach of a regional ticketing platform. That single accurate detail was the entire trust hook.

Over three days, the "fraud specialist" walked her through a story about an internal investigation into a corrupt teller at her branch. He asked her to move $8,500 into what he called a "secure holding account" while the bank ran its checks. The account was real. It belonged to a 22-year-old in Georgia who thought he was being paid as a "compliance reviewer" for a payments startup. He kept ten percent. The other ninety percent moved through a Cash App account, into Bitcoin, and out of reach inside ninety minutes.

She found out when her actual bank called about the wire. The Portland field office took her IC3 report. Her money is not coming back. The Georgia kid is being charged with conspiracy. Nobody has identified the opener.

That is what these rings look like from the inside. Boring, modular, and faster than the institutions trying to stop them.

What to Do in the First 72 Hours

The first three days matter more than the next three months. Move in this order.

  1. Call your bank's fraud line on the number printed on the back of your card. Not the number from the text, not the number you Googled. The number on the card. Ask for a fraud dispute, ask for the wire to be recalled, and get a case number before you hang up. If the wire has not posted yet there is a small window. Use it.
  2. File at ic3.gov. Not because you will hear back. You probably will not. File because IC3 is the only database that connects your case to the other victims of the same ring, and a federal case does not open until the pattern hits a threshold. Your report is the threshold.
  3. File at reportfraud.ftc.gov. Different agency, different database, both useful. Takes ten minutes.
  4. Freeze your credit at Equifax, Experian, and TransUnion. Freeze, not "fraud alert". A freeze is free, takes effect immediately, and stops new accounts cold. A fraud alert just asks lenders to call you, which they sometimes do not.
  5. Change passwords on every email and financial account, in that order. Email first, because email reset links are the master key. Use a password manager like 1Password or Bitwarden so you are not reusing anything. Turn on hardware-key or Authy-based two-factor authentication wherever the service supports it.
  6. Document everything in one file. Screenshots of the texts, recordings if you have them, transaction IDs, every name and badge number the scammer gave you. Send it to your bank, IC3, FTC, and your state attorney general's consumer protection division. Repetition is how these cases finally get worked.

One more thing the standard advice misses. If a "recovery service" reaches out to you within a week of the initial loss and offers to get your money back for a fee, that is the same ring or a friendly one. They sell victim lists to each other. The recovery scam is the second tax these crews put on people who already lost once.

How to Stay Out of the Next One

Two things, then I will let you go.

First, decide right now that you will never authorize a financial action while someone is on the phone with you. Doesn't matter who they say they are. Doesn't matter how urgent the call sounds. Hang up, wait an hour, call back on a verified number. That single rule defeats most of what I worked for a decade. The urgency is the weapon. Cut the urgency, the scam falls apart.

Second, freeze your credit and leave it frozen. Most people freeze it after they have been hit, then thaw it because they want a new credit card, then forget to refreeze. A permanent freeze with temporary thaws scheduled around real applications is the cheapest and most effective identity-theft defense available, and it is free. The CFPB has a clear walkthrough that covers all three bureaus in one sitting.

If your data is already out there, and after a major breach most of ours is, then a paid identity-monitoring service is a reasonable add-on. It will not undo a breach. It will tell you faster when someone is using your name to open something they should not.

Written by Daniel Okafor, Former Federal Fraud Investigator. Verified against IC3 case-pattern data and FTC Consumer Sentinel records.

Frequently Asked Questions

If a scammer has my Social Security number and address, will they definitely steal my identity?
Not necessarily, but the risk is significantly higher. Criminals who have your SSN, address, and other personal details can attempt to open credit cards, take out loans, or file fraudulent tax returns in your name. This is why placing a fraud alert and credit freeze with the credit bureaus is so important. Aura and similar identity protection services monitor for these threats and can alert you immediately if someone tries to use your information.
Can I get my money back if I sent it through a wire transfer or cryptocurrency?
Wire transfers and cryptocurrency transactions are largely irreversible, which is why scammers demand them. However, you should still report it to your bank, the FBI IC3, and the FTC because law enforcement may be able to recover funds if they identify the receiving accounts before the money is moved. Some newer fraud recovery services exist, but your best protection is prevention.
How do organized fraud networks across multiple states avoid getting caught?
These networks use encryption, burner phones, VPNs, and constantly rotating social media accounts and payment processors. They divide tasks so no single person knows the entire operation, making it harder to prosecute. They also move money quickly through multiple accounts and cryptocurrencies. However, the FBI and state law enforcement have become increasingly sophisticated in tracking these networks, and large coordinated busts happen regularly when agencies share information. If you've been targeted by a fraud scam, report it to the FTC at reportfraud.ftc.gov today.

Written By

👤
Elena Vasquez
Senior Fraud Analyst

Elena spent a decade inside a top-10 US bank's fraud operations team before going independent. She writes about what banks know and don't tell you.

🔐Security Partner

Stop the next phishing attack before you click.

NordPass autofill only triggers on real domains. Fake login pages cannot trick it into entering your credentials.

Try NordPass →

Related Scams

View All ↗
How Bank Fraud Alert Scam Callers Know Your Name impersonation

How Bank Fraud Alert Scam Callers Know Your Name

Bank fraud alert scam calls start with your full name and last four digits. Here's the data broker pipeline that makes it possible.

5/18/2026
Carson City Sheriff's Office Warns of Impersonation Scams: How Scammers Pose as Law Enforcement impersonation

Carson City Sheriff's Office Warns of Impersonation Scams: How Scammers Pose as Law Enforcement

Learn how scammers impersonate law enforcement to extort victims. Spot the red flags and know your rights when contacted by fake officers.

5/15/2026
How Arrest Warrant Phone Scam Callers Know Your Name impersonation

How Arrest Warrant Phone Scam Callers Know Your Name

Scammers using arrest warrant threats aren't guessing your details. They buy skip-tracing data that includes your address, relatives, and court history.

5/14/2026