Scams Are a Product. Here's the Spec Sheet.

The phone rings on a Tuesday at 2:14 in the afternoon. The caller ID shows the bank's actual fraud department number — Anna has called it twice before, once for a stolen card, and the number is saved in her phone.

She picks up. The caller introduces himself by an English first name and a Slavic surname, uses her full name, and reads her the last four digits of her debit card. He is calm, slightly apologetic, vaguely embarrassed on her behalf. There has been an unusual transfer attempt. Atlanta. Five thousand. He needs to ask her a few questions and walk her through a security-hold procedure to protect her funds.

Anna is the chief medical officer at a 200-bed regional hospital. She runs the place. She has read every consent form she has ever signed. She has spent a career not being rushed by polite men who say they only need a minute.

Twenty-eight minutes later she has authorized four separate wire transfers totaling $14,400 to a "secure holding account" in her own name at a "partner institution." Forty-six minutes later the real bank — different number — calls to say none of that was them.

Anna didn't fall for that scam. The scam was built for her.

This post is the spec sheet of the thing that called her.

Most articles about scams are a tired list of forty-seven things to avoid. They don't help, because by the time you've memorized twenty-three of them the industry has invented six new ones and renamed eight. The reframe that does help is this: scams are a product. They have product managers, conversion funnels, KPIs, A/B tests, and onboarding documents for new hires. Every scam, no matter how custom-tailored it feels, is running you through the same five-stage pipeline. Once you see the pipeline, you stop needing to memorize the variations.

What follows is the spec sheet. How a scam is built. Who it targets and why. What the universal tells are. And — calmly, no shaming — what to do if one has just happened to you.

Part 1 — How a scam is built

Treat what follows like a B2B sales pitch deck for a product whose customers are criminals and whose end users are people you love. The structure is so consistent that calling it a pipeline is generous; calling it a script is closer.

The five-stage funnel

Five stages, in order, every time. Anna's call ran through all five inside thirty minutes.

V2 · The product funnel

The five stages every scam runs you through

Stage 1 — The Hook. This is acquisition. The job is volume: the cheapest possible way to put a message in front of as many warm targets as possible. Cost-per-thousand is the metric that matters; conversion happens later. The classic channels are SMS ("USPS package undeliverable"), email ("invoice overdue"), social DM, dating-app first messages, and cold phone calls placed by autodialers. The opening line is engineered to feel like it could be legitimate — wrong number, mistaken identity, mild administrative trouble. The least suspicious things on Earth are the ones that look like they weren't even meant for you.

Stage 2 — The Trust Build. Once you're talking, the goal is to install a small amount of credibility, fast. Three tactics dominate. First, credentials: badge numbers, employee IDs, the last four of your card, your home address, your employer. None of which would be hard to know about you because none of which is actually private — most of it has been leaked, sold, and resold in stolen-data markets. Second, mirroring: the caller speaks the way someone in the role they're claiming actually speaks. Bank fraud reps apologize a lot; the scammer's bank-fraud-rep apologizes a lot. Tax agents have a particular bored register; the scam tax agent does too. Third, micro-proofs — small visible facts you can verify in real time. A fraudulent caller often says, "You'll see a small text from us in about ninety seconds confirming this call," and nine seconds later a spoofed text arrives from a number that looks like the bank's. The text doesn't actually come from the bank. But it lands while your guard is dropping.

V3 · The hook channels

Where scams actually start (approximate)

Stage 3 — Urgency Engineering. Now that you trust them, slightly, the timer starts. There's a deadline, a window, a consequence. Your account will be frozen in two hours. The warrant is being processed. The trading window closes at 5pm EST. The deal is for the next three buyers only. Urgency is not a side effect — it's a deliberate manufactured product, because a calm target makes phone calls and a panicked target follows instructions. The most well-designed urgency is partial: not "you'll lose everything in five minutes," which sounds suspicious, but "this gets harder for me to fix after 4pm today," which sounds like a colleague helping you out.

Stage 4 — The Isolation. This is the stage almost no one talks about. It is also the stage that decides whether the scam works.

V5 · The isolation spiral

How a target gets pulled away from every check

The single best predictor of whether a scam succeeds isn't the polish of the story or the sophistication of the technology. It's whether the target picks up a different phone and calls one trusted person before they transfer the money. Every line a competent scammer says in stages two through four is engineered to keep that call from happening. "Don't tell your bank — they're the ones we're protecting you from." "Don't tell your daughter; she'll panic and the window closes." "This is sensitive — please stay on this line, please don't text anyone, please don't open a browser." The ring outside the target — banker, lawyer, child, friend — is the threat. The whole job of the script in this stage is to pull the target one ring further inward, until there's only the target and the scammer in the room.

If you remember nothing else from this post, remember this: any pressure to keep something secret, even briefly, is a stage-four signal. Real institutions never ask for secrecy. Real partners never ask for secrecy. Real opportunities can survive being mentioned out loud to one other adult. A scam cannot.

Stage 5 — The Extraction. Money has to leave your control fast and stay gone. The payment rails the industry standardizes on are the ones that are reversible the slowest, or not at all. Wire transfers (hard to recall after about twenty-four hours, and routinely impossible after forty-eight). Gift card numbers read aloud over the phone (effectively cash, untraceable). Cryptocurrency transferred to a wallet the recipient controls (irreversible by design). Peer-to-peer cash apps (instant, mostly final). Remote-access software installed on your computer ("so I can help you log in") which is then used to drain accounts directly. The choice of payment rail isn't pragmatic. It is the entire point.

V4 · Where the money goes

Annual reported US losses by scam category (approx., $ millions)

A scam that runs you through Hook → Trust → Urgency → Isolation → Extraction in twenty-eight minutes feels nothing like a scam in the moment. It feels like an unusually competent and slightly stressful customer-service interaction. That feeling is the product.

The supply side

Most readers know what a scam looks like from the receiving end. Almost no one knows what one looks like from the supply side. The reveal of the last few years — the part that turns "scam" from a small-time criminal hustle into a global industry — is what's behind the call.

V6 · The supply side

The infrastructure most readers have never heard of

Recent reporting and law-enforcement disclosures have documented the existence of large fortified compounds, mostly across parts of Southeast Asia, where workers — many of them trafficked under false pretenses of legitimate jobs in IT or hospitality — sit in shifts at computers and run the conversational stages of long-con scams. They work from playbooks. They have shift schedules, productivity quotas, and supervisors who walk the floor. They are, in the operational sense, employees of an organized scam business. When a target somewhere in California sends a wire on a Tuesday afternoon, there is, with disturbing frequency, a person on the other end whose own life is also being damaged.

The industry's tools have escalated quickly. AI voice cloning needs roughly thirty seconds of any person's recorded speech to produce a convincing imitation; the recording can come from a podcast, a voicemail greeting, or a TikTok. Deepfake video is now usable in real time on a video call — including, increasingly, in conference-room settings where multiple "executives" on a Zoom turned out to be the same model wearing different generated faces. Caller-ID spoofing is so trivially available it's effectively standard equipment; any phone call's "from" number means almost nothing on its own. Stolen-data markets sell targeting lists structured by interest, age, recent purchases, and inferred net worth. The data leak you ignored two years ago now sits in someone's CRM.

This is not a hobby anymore. The most plausible global estimate of annual losses to scams is in the tens of billions of US dollars, and informed observers think the real number is significantly higher because the great majority of victims never report — out of embarrassment, paperwork fatigue, or the well-founded belief that reporting won't get the money back. Whatever the precise figure, the mathematical reality is that a worldwide, well-funded, professionally staffed industry is currently running its sales pipeline against a public that mostly doesn't know the pipeline exists.

Why this is now an industry, not a hobby

The economics flipped about a decade ago. Compute got cheap enough to run mass-channel acquisition for almost nothing. Stolen data got abundant enough to drive personalized targeting. Cryptocurrency provided rails that could move large amounts of money irreversibly across borders. AI tools collapsed the cost of producing convincing voices, faces, and text. And the secondary market for selling target lists, scripts, and access to compounds turned the cost structure into something that scales like a SaaS business. None of these forces is going anywhere. Defending yourself from the industry by memorizing the latest tactic is like defending yourself from spam by memorizing the latest subject line. Pattern recognition is the only durable strategy.

Part 2 — Who they target (and why your stereotype is wrong)

The most widely held belief about who scams target is the most wrong belief. Most people, asked to picture a scam victim, will picture someone in their seventies or eighties, alone, on a landline, gently being talked out of their savings.

That picture is incomplete on two axes.

V7 · The age myth, busted

Younger adults report more scams. Older adults lose more per scam.

Recent data from US authorities — primarily the FTC's Consumer Sentinel database and the FBI's Internet Crime Complaint Center, IC3 — paints a more complicated picture, with a lot of asterisks. Younger adults, broadly the 20-to-49 group, file more fraud complaints in absolute terms. Older adults, broadly 70-plus, lose materially more money per scam when they do fall for one. So the mostly-elderly stereotype is wrong on the count and right on the dollar damage; both halves matter. Specific figures move year to year — annual reports update each spring — and you should check the most recent FTC and IC3 data rather than treat the bars in the chart above as gospel. The useful takeaway is the shape, not the values: numerous reports among younger adults, large per-incident losses among older adults, and basically nobody is meaningfully protected by their age.

The real targeting axis isn't age. It isn't intelligence. It isn't education. It isn't financial sophistication. It's emotional state.

The emotional state is the door

Every scam type is built around getting through a particular emotional door. The salesperson on the other end of the funnel isn't trying to fool a generic person; they're trying to fool a specific kind of upset, anxious, hopeful, or grieving person — and to do that, they bait specifically for that state.

V8 · The targeting matrix

Every scam type has a preferred emotional door

A short tour:

Loneliness. Romance scams target loneliness. A person who has been single for four years and recently signed up for a new dating app is the perfect candidate for a months-long, slow-build, attentive-and-available match who happens to live on an oil rig and happens to be deep into cryptocurrency. The attentiveness is the bait; the loneliness is the door.

Authority anxiety. Government-impersonation scams — IRS, ICE, Social Security, "the police are about to come arrest you" — target the part of you that hears an authority figure on the phone and tightens. The specific fear of having unknowingly broken some rule. Authority-anxiety scams almost always come with a deadline measured in hours, because the cognitive load of being in trouble empties the part of the brain that asks whether the IRS actually phones people.

FOMO. Investment scams — fake crypto exchanges, "a friend's friend's hedge fund," signal services — target the fear of missing the financial opportunity that everyone you know seems to be capturing. The dashboards are designed to look credible. Early small "withdrawals" of "profits" are designed to convert. The door is the gnawing sense that you're being left behind.

Competence anxiety. Tech-support scams target the worry that your computer is doing something you don't fully understand. A pop-up that says you have a virus and please call this number. A caller from "Microsoft" or your bank's "fraud department" who needs to install software to fix the issue. Almost everyone with a computer has competence anxiety about computers; the scam exists because the door is large.

Fear and love. Family-emergency scams — "Grandma, I'm in jail and I can't tell my parents" — target the part of you that, the moment a family member is in trouble, will do almost anything in the next hour to help. AI voice cloning has made this category dramatically scarier in the last two years; thirty seconds of someone's voicemail or social-media video is enough to produce a convincing match.

Embarrassment and shame. Recovery scams target people who have already been scammed. A "lawyer" or "investigator" reaches out claiming they can recover the lost funds for a small upfront fee. The door is the desperate hope of getting the money back, plus the intense desire to handle it without anyone in your life finding out. Scammers buy lists of known recent victims for exactly this purpose.

Hope and grief. Lottery scams, inheritance scams, and miracle-cure scams target either side of grief — the desire for an unexpected windfall, or the desperate hope after a recent loss. These are older categories that haven't gone away because the underlying emotions haven't.

The scam-by-scam variations matter less than the principle: every scam type is engineered to walk through a specific emotional door, and the design of the script is downstream of the door choice. Once you see the matrix, the question shifts from "how could anyone fall for that?" to "what door were they standing at when this arrived?"

Why smart people fall harder, not softer

Here is the part of this post I most want senior, accomplished readers to take seriously.

Once a smart, accomplished, financially literate person is two steps into a scam funnel, they are usually a higher-yielding target, not a lower-yielding one.

The mechanism is simple, slightly painful, and worth saying plainly. A high-credentialed target tends to have more money to lose; that's already obvious. Less obvious: the cognitive cost of admitting they have been fooled, even partially, is much higher for someone whose self-image is built on competence. Once $1,200 has been moved to "the secure holding account," the choice in front of the target is not "fall for $1,200 more" — it's "either send the next $1,200 and complete the recovery process the nice man is describing, or stop now and deal with the fact that I've already been fooled out of $1,200." Sunk-cost dynamics inside a scam are vicious specifically because admitting the loss feels like admitting a personal failure.

This is why senior physicians, lawyers, professors, and executives — people whose competence is core to their identity — are over-represented in the higher dollar tiers of fraud reports. They aren't worse at recognizing scams than anyone else. They are, after the first transfer, more emotionally invested in the scam being real.

The defense is to internalize, in advance, that being scammed is not a referendum on your intelligence. The industry is large, well-funded, and built specifically to catch smart people. Knowing that — believing it before anything bad happens — is what lets a smart person stop at $1,200 instead of escalating to $14,400.

The reframe

The question is never "how could she fall for that?"

V9 · The reframe

“The question is never 'how could she fall for that?' It's 'what state was she in when they found her?'”

The single most useful sentence in this post — share it with anyone in your life who's about to make a quick decision under pressure.

Part 3 — What to spot

Here's the practical part of the post. The next three subsections are the ones to bookmark.

The Ten Universal Tells

Every scam I've ever read about — victims, analysts, friends, family, news reporting — hits at least three of these. Most hit six or seven.

V10 · The ten universal tells

Ten signals that fit on a screenshot

Save this image. Forward it. The point isn’t memorization — it’s pattern recognition.

1. 01
   Inbound contact you didn't initiate

   The vast majority of scams start with someone reaching out to you. Treat any unsolicited contact about money with the same skepticism you'd give a stranger in an alley.

2. 02
   A channel switch, fast

   Email moves to WhatsApp. A dating app moves to Telegram. Your bank's chat moves to a phone number. The switch puts you on a channel they control and your records can't reach.

3. 03
   A request for secrecy

   "Don't tell your bank." "Don't tell your family yet." Real institutions never ask for secrecy. Secrecy is the load-bearing wall of every scam.

4. 04
   Manufactured urgency

   If you don't act in the next two hours, the offer disappears, the warrant gets issued, the account gets frozen. Real things almost never have a 90-minute fuse.

5. 05
   An irreversible payment rail

   Wire transfers, gift cards, cryptocurrency, peer-to-peer cash apps. These move money out of your reach before you've finished the call. Reversibility is what they're avoiding.

6. 06
   Authority claims you can't verify

   "This is the IRS." "This is your bank's fraud department." "This is the FBI." Any real agency is happy to wait while you hang up and call them back at the number on their website.

7. 07
   Returns that are too good

   Guaranteed 12% monthly returns. A crypto platform with no losses. A romance match who's also a wealthy investor with a soft spot for you specifically. The math on too-good-to-be-true has not changed.

8. 08
   Emotional escalation, fast

   Real relationships, real bank conversations, and real legal matters move slowly. If a stranger is asking you to send money in week three, you've been on a structured timeline, not an organic one.

9. 09
   Pressure to install software

   Anyone who needs you to install a remote-access app to fix something is, with vanishingly few exceptions, getting access to your machine to fix themselves.

10. 10
    Anything that fails the Pause Test

    If a request can't survive 24 hours of pausing while you call a trusted person and verify, the request was the trap. Make this your default and you'll catch almost everything.

A scam doesn't need all ten to work. It usually only needs you to ignore two or three. The pattern is more useful than the count.

The Pause Test

Here is the single most useful sentence in this post. Memorize it.

V13 · The pause rule

“Any legitimate request survives a 24-hour pause. If a delay destroys the offer, the offer was the bait.”

Print this. Tape it next to the front door. Repeat it before any wire transfer.

Real banks survive twenty-four hours. Real government agencies survive twenty-four hours. Real romantic partners survive twenty-four hours. Real employers survive twenty-four hours. Real investment opportunities survive twenty-four hours. The structural fact that almost every legitimate request can absorb a one-day pause, and almost every scam request cannot, is the cleanest test you have. If you can build only one habit out of this entire post, build the habit of saying out loud, "Let me sleep on this and call you back tomorrow at this number," and meaning it. Notice the way the conversation changes. The legitimate request will sound the same the next morning. The scam will not be there.

Five archetypes and their signatures

The same funnel runs through countless surface variants. These are the five archetypes worth recognizing on sight.

Pig butchering. The long-con romance + fake-investment hybrid. A wrong-number text, weeks of friendly conversation, an introduction to a "trading platform" the new friend is using to make money, small initial deposits that "grow," screenshots of fake balances, and eventually a withdrawal request that triggers a "tax" or "compliance fee" that requires further deposits. Average loss when it succeeds: well into five figures, often six. The single tell: a stranger with a perfectly aligned investment opportunity. Strangers do not have those.

V12 · One scam, mapped

Pig butchering, broken into the five stages

AI voice clone of a family member in distress. A call from a number you don't recognize. Your son, daughter, or grandchild's voice — pitched right, cadence right, the way they say "Mom" exactly the way they really say it. They're in jail / hospital / Mexico / a car accident. They can't talk long. They need money sent right now via a specific app. The voice is real-time-cloned from any thirty seconds of recorded audio the family member has ever had online. Defense: pre-agree on a family password. A single word that no scam can know. If a "family member in distress" call doesn't include the password, it isn't a family member.

Tech support and refund. A pop-up, a phone call, or an email warning that your computer is infected, your subscription was charged in error, or your account is at risk. The fix requires installing remote-access software (so they can "show" you the problem) or buying gift cards (to "refund" the charge to). Both are extraction rails dressed as solutions. Defense: real tech support never cold-calls you and never asks you to install anything to fix something. Hang up; call the company back at the number on their website.

Government impersonation. A call or letter from the IRS, Social Security Administration, ICE, or local police saying you owe back taxes, your benefits will be suspended, or there's a warrant for your arrest. Payment is demanded in gift cards, cryptocurrency, or wire — none of which any actual government agency in any country accepts. Defense: real agencies communicate primarily through paper mail, never demand instant payment by gift card, and are happy to wait while you hang up and call them at their published number.

Recovery scams. The second wave. Someone reaches out claiming to be a lawyer, an investigator, or a "crypto recovery specialist" who can get your lost funds back for a small upfront fee. They have your name. They know how much you lost. (They got both from a list of known victims.) Defense: legitimate recovery is rare, slow, and never demands an upfront fee from the victim. Anyone reaching out unprompted to recover money for you is the second scam in the same series.

A 60-second decision flow

The next time something pings the alarm — an unexpected call, a surprising message, a too-good text — run this.

V11 · The pause test

A 60-second flowchart for any incoming ask

Five steps. None take more than ten seconds.

1. Stop. Don't respond, don't agree to anything, don't click. Even "let me check" is a commitment.
2. Screenshot. Capture every message, number, email, and detail before anything has a chance to be deleted by you or the sender.
3. Ask one trusted person. A spouse, an adult child, a friend, a colleague. Out loud. The voice you use to describe the situation will tell you how it sounds.
4. Look up the institution's number yourself. From their website, from your old statement, from the back of your card. Never the number in the message.
5. Never let urgency win. If they push back when you say "I'll call you back tomorrow," that's the answer.

Take the full sixty seconds. The cost of being wrong about a real call is annoyance. The cost of being wrong about a scam call is everything.

Part 4 — If it has just happened to you

Calmly. In this order.

V14 · If it just happened to you

The first seven things to do, in order

Calm, sequenced, and in this order. Save this image. Forward it to anyone you know in the first hour after they’ve been scammed.

1. 1
   Stop sending money. Now.

   If a transfer is in flight, call the sending bank's fraud line immediately. Some wires can be recalled if you reach the bank inside 24 hours.

2. 2
   Document everything before deleting

   Screenshot every message, save every email, note every phone number, and keep the originals. Reports and recoveries depend on this.

3. 3
   Report to the right authority

   US: ReportFraud.ftc.gov and IC3.gov. UK: Action Fraud. Canada: CAFC. AU: ReportCyber via Scamwatch. NZ: Netsafe / CERT NZ. Reports feed pattern detection even if your money doesn't come back.

4. 4
   Tell your bank and freeze credit

   Banks have a fraud workflow they can run only if you call them. Freeze credit at all three US bureaus (or the local equivalent) so a leaked identity can't be used for new accounts.

5. 5
   Change passwords. Enable 2FA.

   Start with email, then bank, then anything financial. Use a password manager. Enable two-factor authentication on every account that supports it.

6. 6
   Warn the people in your life

   Recovery scams target known victims. A 'lawyer' or 'investigator' who finds you out of nowhere is the second wave; the people in your network getting an unexpected call is the third.

7. 7
   Talk to someone, out loud

   Shame keeps people quiet. Silence makes the problem worse. Being scammed isn't a referendum on your intelligence; it's a referendum on a well-funded industry. Tell at least one person who loves you.

A few notes on the steps that need them.

For US readers: the fraud reporting infrastructure runs through three channels — ReportFraud.ftc.gov for general consumer fraud, IC3.gov for cyber-enabled crime including most online and phone scams, and your local police department for in-person or large-dollar incidents. Reports feed pattern-detection databases that law-enforcement agencies use to identify and disrupt operations. They don't typically get individual money back. That's not the point. The point is making the next victim less likely.

UK: Action Fraud (actionfraud.police.uk) is the single national reporting channel. Canada: the Canadian Anti-Fraud Centre (antifraudcentre-centreantifraude.ca). Australia: ReportCyber via cyber.gov.au, plus Scamwatch (scamwatch.gov.au). NZ: Netsafe and CERT NZ.

For the bank step: speed matters more than people realize. Wire transfers can sometimes be recalled within twenty-four hours of being sent if the receiving bank cooperates and the funds haven't been moved out yet. Calling your bank's fraud line in the first hour after a transfer is meaningfully different from calling them the next morning. Most bank fraud lines are 24/7. Most people don't know that.

For the credit-freeze step: in the US, freezing credit is free at all three bureaus, takes about ten minutes, and prevents new accounts from being opened in your name. Equivalents exist in most other countries and are worth doing the same day. A scammer who got enough information to convince you they were your bank has, by definition, enough information to try opening a new account.

For the warning-others step: this matters more than people initially think. Recovery scams target known victims, so your contact information is now on a list that will be sold. A "lawyer" or "investigator" or "blockchain recovery specialist" who finds you out of nowhere over the next two weeks is the second wave. Tell the people in your life. The third wave often goes through your contacts, using your information to reach them with a scam tailored to their relationship with you.

If significant money is involved, it is worth talking to a lawyer who handles consumer fraud or financial crime. The hour with a lawyer almost always pays for itself in either filing leverage or sanity.

A last paragraph, and it matters more than the practical steps. Shame keeps scam victims silent. Silence makes the problem worse — for the next person, for your bank's pattern detection, for law enforcement, for the family member who could have helped if they'd known. Being scammed isn't a referendum on your intelligence; it's a referendum on the existence of a billion-dollar industry that has spent the last decade getting better at this. The most common thing scam victims say after going public is, "I had no idea so many people had had the exact same thing happen to them." Tell at least one person. Then tell another.

Part 5 — The meta-lesson

Five questions that protect you against scams nobody has invented yet.

1. Who initiated this contact? If you didn't, the burden of proof is on them. Always.

2. What emotional state am I in right now? Loneliness, financial anxiety, authority anxiety, FOMO, fear about a family member. If a request that involves money arrives at exactly the door you happen to be standing at, slow down.

3. Why is the timeline this short? Real things almost never need an answer in the next ninety minutes. The structure of urgency is a tell.

4. What payment rail is being requested, and is it reversible? Wire, gift card, crypto, peer-to-peer cash app — all chosen specifically because they're hard or impossible to reverse. A request that insists on an irreversible rail is a request that knows what it is.

5. Who profits if I don't pause? Every legitimate request for money has a counterparty whose business model survives a 24-hour delay. Every scam has a counterparty whose business model collapses if you make one phone call. Identifying the counterparty's incentive answers the question by itself.

That's the spec sheet. It's deliberately short. Five questions can carry you through a scam category that hasn't been invented yet, because the underlying funnel and the underlying targeting are the same. The story changes; the structure doesn't.

If you'd like to sanity-check something that feels off in real time — a strange call, a suspicious message, a too-good investment pitch — Ask Molecule, the orange button at the bottom-right of every page on this site, will walk through the five questions with you. No signup, no email gate, free.

Bookmark this. Share it with one person who'd benefit. Forward the action checklist above to anyone you know who's been scammed in the last month. The most useful thing a thoughtful reader can do for the people in their life is hand them the pattern, before they need it.

Series Roadmap

Five follow-ups already in the queue:

1. Pig butchering, in detail. A long-form anatomy of a single composite case from first text to final transfer, with the script visible.
2. AI voice cloning — what it can and can't do, and how to harden a family against it. The family password, the pre-agreed callback number, and what to actually say to your parents this weekend.
3. A guide for adult children helping aging parents. What to set up, what to install, what to watch for, and how to have the conversation without feeling like you're treating them like a child.
4. What banks actually do — and don't — reimburse. The Reg E rules in the US, the Authorized Push Payment fraud rules in the UK, and the gulf between what people think their bank covers and what it does.
5. Rebuilding after a major scam. The financial and emotional first ninety days. The credit and identity housekeeping. The therapist conversation that turns out to matter more than any of it.