The scams start out innocently enough.

Maybe a phone call from someone who says he works for Amazon, claiming he noticed someone hacked into your account. Maybe someone who says she works for Microsoft, offering a refund for a computer security service you bought a few years ago that stopped working.

Lisa Hernandez was trying to reach Match.com, the dating site, to cancel her account when it happened to her. The 50-year-old single mother of four had signed up for the service but decided she didn’t want to stay with it.

She searched on Google for a customer service number to call. What she found instead was a fake website, built to look legitimate but with a phone number that connected her to a scammer posing as Match customer service. Kevin, the man on the other end of the line, said he could help. First, though, he told her she needed to install a program called TeamViewer, which allowed him remote control of her computer.

He then directed Hernandez to log into her bank’s website. «We’re going to directly refund you your money,» he promised and asked her to fill out a computer-generated form for her refund of $93. Instead, Kevin set his scam in motion by manipulating the code on her computer to make it look like he had deposited $9,000 into her bank account instead, effectively doubling her savings.

The only way to fix the mistake, he told her, was to buy gift cards with the extra money she’d received and give him the numbers. Then he could put the money back into Match’s bank accounts and all would be settled. «I need you to go to the store to get Target cards,» she remembers him saying. Otherwise, he’d lose his job. She did as he asked, giving him nearly $9,000 worth of gift cards.

Moments just like this happen to tens of millions of Americans every year. While it’s easy to assume most victims are elderly, surveys suggest it’s much broader. Victims are old and young, rich and poor. Some people get scammed multiple times. Some victims have family members who fight fraud for a living. It’s struck my family. Likely, it’s happened to yours, too.

When you think of computer crimes, identity theft usually comes first to mind. That’s because it cost Americans a staggering $56 billion last year, according to Javelin Strategy and Research. But it tends to feel more like an inconvenience than theft, because you usually get your money back thanks to a nearly half-century-old law designed to protect consumers from any «unauthorized» credit charges. The fees we pay help cover the losses to that fraud. But it’s different with gift cards — they have no such legal protections. When a victim shares the card number with a scammer, they’ve effectively authorized its use. Even identity fraud insurance, which would cover ID theft in the case of a data breach, often doesn’t apply when you’ve given the information willingly.

«If someone coerces you, then you’re out of luck,» said Kathy Stokes, director of fraud prevention programs at AARP.

It’s impossible to fathom how much money these scammers have taken. Many victims don’t report the crime to authorities, often because they’re embarrassed and quickly learn the hard truth that they’re unlikely to get their money back. So when the Federal Trade Commission counted more than $245 million in money lost to gift card scams since 2018, most experts said the actual number is likely many multiples worse than that.

«This is only the tip of the iceberg,» said John Breyault, vice president for public policy, telecommunications and fraud at the National Consumers League.

The anecdotal data suggests he’s right. The FBI’s Internet Crime Complaint Center, for example, said it receives more than 2,000 complaints each day about all sorts of internet scams, from fraudulent business impersonation to fake romances to gift card scams. All told, the FBI tallied $4.2 billion in fraud losses reported by victims last year.

Some stores put up signs next to gift card racks and checkout counters warning about fraud. Others say they’re training employees to spot potential victims. But they aren’t doing much else. «The business incentive in the gift card space is for these cards to be used with as little friction as possible,» Breyault said. «They don’t want to get into the way of someone buying a gift card and buying a Coke on the way out.»

From gift to fraud

The gift card industry is already larger than the gross domestic product of all but a handful of countries. It’s still growing, too, and surveys suggest its use is pretty evenly split along racial, gender and economic lines.

By 2027, gift card spending is expected to reach $2.7 trillion — topping all but the US, China, Japan, Germany and the UK. That’s already up from $1 trillion in 2020 when the COVID-19 pandemic supercharged consumer spending, according to Research and Markets. And this year, as a congested global supply chain is causing a shortage of some popular gifts, more than one in five people plan to use gift cards when shopping during the holidays, according to a YouGov survey commissioned by CNET parent company Red Ventures.

Retailers love gift cards, too. They get to hold onto any money we don’t spend for years, industry experts say. And when we do use up our gift cards, we tend to buy things more expensive than the gift card can cover, a term some companies internally call «up-spend.» So retailers try to make gift cards as easy to buy as they can. You can find all manner of gift cards for all sorts of things at drug stores, convenience shops and grocery chains.

After reading the FTC’s data last year, Stokes at AARP set out to take on gift card scams. In April, the organization began a three-year program to throw its educational and marketing weight behind the problem, and for good reason. One study it commissioned found that a quarter of US adults were unsure whether it’s a sign of a scam for a business to ask for payment in gift cards, something no legitimate business would do. AARP also built up parts of its website, Fraud Watch Network, publishing articles about the scams and examples of the scripts they use, and it expanded its fraud hotline with hopes of helping victims spot a scam as it’s happening.

So far, things haven’t gone as she’d hoped. «We thought it would be an easy message,» she said. But it turns out most of the people who end up coming to AARP for help do so after they’ve been scammed.

People like Hernandez. She got in touch after she was scammed in August. Though she’s accepted that the money’s mostly gone, she can’t shake how violating the whole experience was. As a nurse in the San Francisco Bay Area, Hernandez built her career on trust. She works a second job as a caregiver too, where she’s regularly given her client’s bank card to withdraw money from an account or buy stuff from the store. «I would never think of taking from them,» Hernandez says. «I would never betray that.»

Which is maybe why she trusted Kevin, who was begging her to buy gift cards. Hernandez spent $3,500 on seven Target cards, then withdrew another $5,000 to buy more. As she gave him the card numbers, Kevin told her not to look at her bank account for a couple days. She did anyway and found that the extra money he’d manipulated the bank webpage to show in her account was gone. Instead, she had just about $500 balance left.

Kevin called her again, saying one of the $500 cards didn’t go through. When she began to ask questions, one of Kevin’s colleagues got on the phone and began yelling at her. As they kept demanding Hernandez get more gift cards, the horrible realization dawned on her. «I said, ‘You just took my money.'»

Read more: You’d better watch out: ‘Tis the season for holiday shopping scams

New twist

The confidence game, as some call it, has been around since ancient times. Con artists are even in the Bible where they’re referred to as false prophets, «who come to you in sheep’s clothing, but inwardly they are ravening wolves.» Scammers are the reason we all bristle about snake oil, the fake cure-all elixir sold in the 18th century and 19th century, born from supposedly old Chinese medicinal techniques.

To be successful, a con artist typically needs to be charismatic, quick-witted and intelligent. After all, they have to be good at gaining people’s confidence.

«It exploits people’s trust,» Cathy Scott, a true crime author, wrote in Psychology Today. «Even the most rational people have proven susceptible to crimes of trickery.»

The internet’s anonymity and quick communication helped to supercharge fraud. Gift card scammers can come from all over the world, too. All they need is a mic and an easily downloaded phone app installed on their computer. The phone app hides their location behind a toll-free number or a seemingly local US one.

The scam that victimized Hernandez isn’t the only one out there. A scammer might pretend to be an FBI agent, calling with a warrant for your arrest. They might pose as an IRS agent threatening to cancel your Social Security number for some offense of which you’re innocent. In those schemes, the only way to stop the police supposedly coming to your door is with the help of another scammer who pretends to be a lawyer, conveniently a phone call away, who takes payment in gift cards.

Sometimes the scammers pretend to be tech support, calling to repair your printer. Or they say your internet is hacked and then get you to install screen-sharing software like TeamViewer or AnyDesk to show technical gobbledygook that they say is proof the hackers have taken over. You just need to buy security, they say, with gift cards.

«Scammers know if they make it emotional and create this sense of urgency and fear, the logical part of your brain disconnects and the fight-or-flight kicks in — which is great for protecting you, but it’s terrible at making decisions,» said Eva Velasquez, head of the nonprofit Identity Theft Resource Center, and a former law enforcement investigator of economic and financial crimes.

Her team’s research found that if you can interrupt that emotional response, the logical side has a chance to kick in. That’s partly why retailers have put signs up at gift card racks, warning about potential fraud. «Have you been asked to buy gift cards to pay a fine, taxes, fees or to help someone?» one sign at a Giant grocery store in Maryland reads. «Never provide numbers to ANYONE over the phone or by email.»

Still, Velasquez said, scams of all sorts have become even more prevalent during the pandemic. «It’s been growing and growing, and the explosion over the last 18 months is unprecedented,» she said. «It’s going to take at least a decade to unwind and get to the bottom of how big a problem it is.»

Read more: Don’t fall for these clever Black Friday scams this year

Trust betrayed

One of the first things Mark told me when recounting his experience being scammed was how bad it made him feel. It had only happened a few weeks earlier, in October, and it still stung. He requested his full name be withheld to avoid embarrassment with his family.

The call from the scammers started out seemingly normal. The person calling claimed to be from Amazon, concerned about a rogue $750 purchase with his credit card.

The person on the other end of the phone claimed Amazon had already stopped the supposed charge but asked Mark to buy gift cards that they could use as bait to track down scammers. Once all the scammers were caught, Mark was told, they’d give the gift cards back.

«Dumb me, I believed that,» he said.

Mark is in his 70s and retired after a successful career as crew for some of the most memorable summer blockbuster films from the 1990s. But he says he’s not computer savvy. «I have trouble getting along on it,» he said. «I mostly use it to play puzzles and stuff.»

At first, the scammers asked Mark to buy $3,000 in gift cards from Target and Apple. If a store employee asked why he was spending so much money, the scammers told him to say the cards were gifts for a party.

Retailers have a blind spot for situations like Mark’s. The companies have sophisticated software and entire teams devoted to detecting customers who are trying to scam them. But when a customer comes in, buying gift cards, «the retailers are learning it’s very difficult to track,» said David Fletcher, senior vice president at ClearSale, which helps detect fraud at the online stores of more than 4,000 merchants, including Motorola, Under Armour and Bath & Body Works.

That’s why some retailers train employees to ask probing questions at checkout. Best Buy, in a statement, said it’s also added warning signs to gift card displays and checkout counters. Its systems flash a warning on the credit card reader screen when customers purchase gift cards above a certain limit.

But it still isn’t enough. Fletcher himself became a victim when scammers emptied a $100 gift card his mother had bought for the fishing store Bass Pro Shops. He suspects scammers took photos of the account codes on the back of cards while they were still on the rack and waited until they were activated.

«Gift cards are so hard to trace back to fraudsters,» he said.

Not that any of the questions the clerk asked Mark made any difference.

Read more: Cryptocurrency scams are all over social media. Don’t get duped

At his first stop, the teller would only let him buy a couple cards, at $500 each. «It was kind of a surprise,» he said of the limit. In retrospect, he appreciates it now.

But the scammers convinced Mark to go to more stores. Mark remembers checkout clerks asking what the cards were for a couple times. The scammers kept asking Mark for more money until he became suspicious and checked the value on the Target cards he had purchased. That’s when he learned most of the money was gone.

When Mark contacted the police, they took down his information but didn’t ask for the phone numbers the scammers called from. Experts say it’s nearly impossible to track fraudsters through their numbers anyway. Instead, the police suggested Mark contact AARP for support and also to help guide him through reporting and other things to do. His bank, from which he’d ultimately withdrawn $5,000, declined to refund his losses.

«I feel so stupid about the whole thing,» he said.

Like Hernandez, the nurse, Mark hopes that sharing his story will help people learn some of the tricks the scammers use and avoid the same mistakes he made.

While Mark said his savings are enough to cover the losses he suffered, the fraudsters made off with nearly all of Hernandez’s money. And she gave up getting a refund from Match too.

«It’s tough and embarrassing, and I feel kind of dumb,» Hernandez said, adding that she tends to keep the tough things that happen in her life to herself, though eventually she did tell some details to her kids. «I had to go and pray a lot.»

She also decided she’s going to stay away from dating for now. But she did have one last confrontation with Kevin, who promised to make it better.

Hernandez was desperate to get her money back, but she was also upset. «I don’t know how you can do this to people,» she remembers saying. Kevin asked for her address and ended the conversation saying he’d send her the money in the mail. She hoped his conscience might have changed him.

She hasn’t heard from Kevin since.

The story continues Friday, when we look at efforts to fight back at the scammers.