Nearly every day, Sarah* would get a message at 2am. Charles would ask about her day, share selfies and tell her about his job.
Sarah met her new friend on Fitbit, a wearable fitness tracker which she got for Christmas in 2019.
Charles ‘liked’ her posts about step counts on the Fitbit app until the New Year, when he messaged her.
Swapping to Google Hangouts, Charles said he’s a father from Atlanta who works on an oil drilling rig off the coast of Ireland.
Charles then told her he had lent his colleague money. While his friend had paid him back, the cash was in a ‘box’ with a US security company.
The solution was simple – with Charles abroad, the box could be posted to Sarah.
‘Since he was divorced, mum was deceased, no relationship to dad and his daughter was young, he asked me to accept it,’ Sarah tells Metro.
‘And so, the nightmare began.’
The person on the other side of Sarah’s Fitbit wasn’t Charles – it was a scammer who would swindle her out of $64,883 (£49,786) in less than a year.
Sarah is among one in five phone users who have fallen for a cyber scam.
Criminals have tried to extort one in three phone users, according to a new survey by the tech firm MalwarebytesLab.
Many of the 1,300 people aged 18 and older in the UK, US, Austria, Germany and Switzerland surveyed said the demands quickly snowballed.
Charles first told Sarah, who lives in the US, she had to pay $3,600 (£2,700) in shipping fees, then the ‘company’ asked for documents costing $25,000 (£19,000).
‘I got a loan with the promise of payback from the box once I got it,’ Sarah says. ‘Then another document was needed. You guessed it, no one had it, it would cost $60,000. I didn’t send that kind of money, but the security company lowered it and I sent more.’
Several months – and wire transfers – later, Charles ‘admitted’ the box money was made from illegally drilling in Russian waters.
‘This is when I started to figure out that I was being scammed,’ Sarah says, adding that she realised the fraudster was using photographs of an actor.
‘I had never heard stories of “boxes of money” being used as scam bait. I was scared to death, afraid that the money I sent was linking me to some money mule scam.
‘I was worried because no one knew about it. This is when he began threatening me. I was in way over my head and felt there was no way out.’
According to emails seen by Metro, the scammer also tried to gouge Sarah by claiming he needed to pay for medical treatment.
He called her ‘honey’ one minute, before claiming that Russian hit men would target Sarah’s son’s wedding if she didn’t cough up $2,500 the next.
Sarah, who reported the incident to the police, spent years sending $1,000 to debt collectors every month while working for the delivery app DoorDash after cutting ties with ‘Charles’.
‘I have asked to take the money from my work retirement account to pay it off in full so that I can finally be out from under this nightmare,’ Sarah says.
‘It is costing me settlement money plus 25% federal tax, a total of $26,000 in retirement money. But I have to live for today and not worry about 10 years down the road when I am eligible to retire.’
As well as extortion, MalwarebytesLab found that one in six phone users have been targeted by sextortion – threatening to send intimate photographs and pornographic search history to others.
One in five were nearly dragged into a ‘cyber kidnapping scam’, where thieves use voice-cloning tools to pretend to be a loved one.
Survey-takers said con artists messaged daily – and this includes Sarah.
‘Charles’ still emails her, even messaging her photographs of her daughter.
In one email seen by Metro, Charles said: ‘You will cry for help but no one will rescue you when I come after you… Let’s see how all this ends.’
Sarah says: ‘I hope one day he will disappear for good.’
But she was scammed by another Fitbit user, who asked her for money six months into chatting from October 2020.
Malwarebytes said the other user was likely another persona from ‘Charles’ or part of the same scammer group.
She also received letters from two states saying her social security number – used to track retirement funds – had been used to file for benefits.
‘My identity was not stolen, as far as I know,’ Sarah says.
Why phone users are duped is straightforward, says Shahak Shalev, global head of scam at Malwarebytes: AI.
‘Hollywood-level deception tools that once required technical expertise are now available to any scammer with a smartphone,’ she tells Metro.
One in five has been the target of a deepfake con, where scammers use software to create digital puppets.
Of victims of AI-driven scams:
- 32% suffered reputation damage
- 24% had personal information stolen
- 21% had financial accounts opened in their name.
Young people make easy prey for AI-empowered grifters because they treat the internet as a ‘living room’.
‘But growing up online taught them fluency, not security,’ explains Shalev.
‘They’re confident they can spot the Nigerian prince emails their parents fell for, not realising AI-powered scams are playing a different game.’
Eight in 10 who over-share online have also been scammed.
Sarah does anything but over-share now. Her social media is private and she doesn’t accept friend requests from strangers.
‘Has this experience made me wary of people?’ Sarah says. ‘Yes, a thousand times, yes.’
Google, which owns Fitbit, declined to comment, pointing Metro to its support page on avoiding and reporting scams.
The police have been approached for comment.
*Name has been changed by Metro to protect their anonymity.
Get in touch with our news team by emailing us at [email protected].
For more stories like this, check our news page.
MORE: Over 2,000 flights cancelled or delayed by US government shutdown
MORE: Nobel Prize winner who found DNA double-helix dies
MORE: Bryan Kohberger sent ‘thousands’ amid demands he gives money to Idaho victims’ families
