Get Access to Print and Digital for $23.99 per year.
Subscribe for Full Access
July 2022 Issue [Report]

The Victim Cloud

Gullibility in the golden age of scams
Collages by Steven Dana

Collages by Steven Dana


The Victim Cloud

Gullibility in the golden age of scams

Last fall, Deborah, a woman in her mid-sixties whom I’ve known for most of my life, showed up late to a small noontime gathering at our friend’s home in northern California. I hadn’t seen her since 2019, which wasn’t atypical. I hadn’t seen most people, even those I was closest to.

Deborah brought bagels and a quiche, which she placed on the kitchen counter and urged us to eat; she owns a small catering company that she had slowly built up over the past decade. When she sat down, I asked her the most banal question: “How are you?” By then, a year and a half into the pandemic, we had reached the understanding that we were all experiencing variations on a theme. I wasn’t sure what I expected her to say. Deborah looked into my eyes, and then past them. That’s when she told me how she lost it all.

About two months earlier, Deborah, whose last name is being withheld to protect her privacy, received a text message alerting her to some potentially fraudulent activity on her Chase Bank account, and asking whether she had made a particular purchase. She hadn’t, and texted back as much. The next day she got a phone call. “Hello, Deborah,” a voice said. “This is Miss Barbara from Chase Bank.” Miss Barbara explained that someone had used Deborah’s debit card, and that Chase wanted to replace it. Deborah, of course, wanted that, too. Miss Barbara said that since Deborah was already under fraud alert, the bank would need to verify her identity. To do so, they had her read out a four-digit verification code that would be sent to her via text message. Deborah read the string of numbers. Then Miss Barbara asked for Deborah’s address. She supplied it.

When Deborah’s new card didn’t show up, Miss Barbara called again to apologize: UPS had been unable to locate the house. Deborah had heard this plenty of times since moving to the outskirts of a new town, so she didn’t find it suspicious. Miss Barbara said she would place an order for a new card, and she had Deborah dictate another verification code. This happened again and again, six times in all. The card never arrived. Deborah grew frustrated, but the repeated calls didn’t alarm her or her partner. Each time the card failed to appear, Miss Barbara rang, and Deborah verified her account.

While Deborah didn’t suspect fraudulence, she tired of waiting. She told Miss Barbara to forget it, that she would visit the nearest bank branch herself, even though it was a good forty minutes away and she felt out of place among its wealthy clientele. Miss Barbara tried to dissuade her: there had been many bank closures since the start of the pandemic. The hours could have changed, lines could be long, she could be exposed to the virus. Deborah’s last call with Miss Barbara was on Friday, October 8; the following Monday was a bank holiday. That Tuesday, Deborah and her partner drove to the branch, stopping first for lunch. She had two bank accounts; the card in question was associated with her business account. She put her personal card down for lunch—no trouble.

At Chase, Deborah asked a bank employee to issue her a new card, assuming that her current one had been deactivated. When Deborah handed her card over, the employee swiped it and looked at the screen. “Not only is this card not deactivated,” he said, “it’s extremely activated. Last week there were six wire transfers.” The account, which had held nearly $160,000—her life’s savings, as well as the money necessary to run her business—was now $863 in the red. Each time Deborah had supposedly authorized a new card, she had in fact authorized Miss Barbara to make a transfer. He even told her, looking down at the screen, that there was “something interesting” about the case: in one instance, Miss Barbara had been denied access to Deborah’s account, and had called Chase, irate, and persuaded them to acquiesce. Both Deborah and the bank had fallen for her scam.

As Deborah realized that all her money was gone, she looked around at the bank’s physical details—the fluorescent lights shining off the counters, the fake plants dotting the floors, the tellers with their plastic name tags. Her innocence liquidated, she suddenly understood that the bank was not protecting her. A month after she had reported the fraud to Chase, the company told her that they were denying her claim. In their view, her loss was her fault: she had fallen for Miss Barbara’s scam, and as far as Chase was concerned, had given her money away. She was gullible to the point of complicity, and beyond the point of recompense.

We lose our money in different ways all the time, but some losses hurt more than others. Deborah was, presumably, just one of Miss Barbara’s marks, people making up what security analysts call a “victim cloud.” During the pandemic, millions of Americans were similarly duped; the FTC reported a 70 percent increase in fraud reports in 2021, including $770 million in losses to social media fraud and a record number of romance scams. Sixty million people lost money to phone-based scams between 2020 and 2021—other analyses estimated that their losses totaled nearly $30 billion. Of those who lost money this way, 19 percent were duped more than once.

If COVID-19 has been an X-ray of society’s fracture points, scammers have not only looked at the film but pressed on the wounds. Since the start of the pandemic, both prophylactic and postexposure measures have been rife with fraud. Masks on Amazon have been passed off as being higher grade. Many have touted false cures such as ivermectin, the antiparasitic drug. This past winter, as the omicron surge made PCR testing nearly impossible, sham testing sites swabbed patients’ noses but returned no results, collecting their data and then their cash.

Economic insecurity during the pandemic—and the governmental tools meant to redress it—offered new opportunities for fraudsters, who used data breaches to redirect stimulus checks and unemployment benefits. These scams work better on larger scales: the more data there is on the net, and the more people might stand to collect resources during a crisis, the better. Swindlers traffic in vulnerability, and these are vulnerable times.

As fraud has enveloped a growing number of Americans, we have reached the saturation point of scammer stories. We had an appetite before the pandemic; in her best-selling book Trick Mirror, Jia Tolentino calcified the now common analysis that “the con is in the DNA of this country.” Streaming services have continued to bet on our sustained interest in scammers: in their charisma, their self-made ascents, their hijacking of our economy’s exploitative logic. Earlier this year, two miniseries about viral scammers—Anna Sorokin, a socialite who duped Manhattan’s elite, and Elizabeth Holmes, charged with fraud for her work as the founder of Theranos—were released within weeks of each other. But the deluge of these stories also reveals our high metabolism. We are enthralled by con narratives, then grow bored with our own enthrallment. The theorist Sianne Ngai calls this “stuplimity”: an experience of astonishment and dullness that “reveals the limits of our ability to comprehend” vast quantities of repetitive information.

As we sprint from one scammer story to the next, we offer less attention to the growing number of people who fall prey to their schemes. This is truer off-screen—there are too many conned to care, their errors mundane in their similarity. But facing our boredom is a crucial if unpleasant task. Boredom is, as the psychoanalyst Adam Phillips calls it, a “prehesitation.” It arrests us, allowing us to turn away from both the understimulating and the overthreatening. There is always, of course, some consolation close at hand: the thrill of the scam that we did not fall for ourselves. The gulled all but move into the shadows.

This leaves the gullible as props: necessary, but flattened. To keep the many from feeling like part of the growing victim cloud, gullibility is treated as syndrome rather than symptom. But this is a category error. In focusing on the scammers, and in believing their marks to have erred, we separate those who are gullible from those who supposedly are not, and we do what Americans do best: project the demands of a vulnerable age onto its casualties.

Collages by Steven Dana

Getting someone to pay you when you have nothing to give them is the subject of Herman Melville’s dizzying final novel, The Confidence-Man, a series of interlocked stories in which everyone is running their own con.* There is the herb doctor peddling cures; the cosmopolitan selling charity as confidence; and the agent of the Philosophical Intelligence Office, whose trick is pressing youth into work. Even the mystical master, a clairvoyant who warns people of scams, has something to gain. Melville wrote the book in 1857, on the brink of the Civil War, when the everyman made use of a loose, unchecked system of currency. There were ten thousand different bank notes in use nationwide, half of which were estimated to be counterfeit. But the problem of authentication—and of identity—ran alongside the dollars themselves. Melville knew as much, writing, “Money, you think, is the sole motive to pains and hazard, deception and deviltry, in this world. How much money did the devil make by gulling Eve?”

As in Melville’s moment, when dealing with counterfeit bills was the price of dealing with money, being scammed is now the price of doing business on the internet and over the phone. Before life became digitally arranged, scamming as we know it didn’t exist. The word “scam” only appeared in the early Sixties, shortly before the first message was successfully sent on ARPANET, an early computer network that laid the groundwork for the internet. Scamming is defrauding from a distance, a con with little to no lead-up. Being a successful scammer does not necessarily depend on charm, though it certainly helps if one specializes in romance scams; it is also about leveraging access to a population and capturing the largest pool of marks possible.

The first wide-reaching digital scams were incidents of phishing, in which a scammer pretends to be an authority or corporation; phishing networks themselves grew out of midcentury communities of “phone phreaks,” who used whistles and tone generators to exploit the telecom system and avoid toll charges. But as Finn Brunton details in Spam: A Shadow History of the Internet, life on the early net, with its established digital social contracts, did not immediately invite corruption. While spamming happened from time to time, including on the message-board network Usenet and the Whole Earth ’Lectronic Link virtual community, the networks had both written and implicit rules and expectations for behavior. As in any small community, these checks made repeated spamming and scamming difficult, especially since many users knew each other, either as digital companions or in real life (often from events called “flesh meets”).

But as the networks grew, the limits of communal goodwill strained. New students, PhD candidates, and faculty were continuously being ushered onto the net at the same time as the internet’s aims were rapidly being reconfigured. By March 1994, when AOL connected its one million subscribers to Usenet, soft moderation tactics had begun to dissolve; the newbies had no idea that there were particular social mores, folkways, and protocols that had been designed by their predecessors. These wide-eyed users, less able to distinguish between digital neighbors and intruders, made for easy marks. From the Nigerian prince scheme—in which a mark is promised great fortune for providing a service and some money up front—to the first mass-phishing attacks inside AOL in the mid-Nineties, fraud depended on the dissolution of digital amity, and on people who had never experienced it in the first place.

The net continued to grow as the American economy stratified. During the Great Recession, people flocked to the web to sort through the economic ruins, looking for cheaper goods, jobs, and coupons. Then, as now, scams increased in the wake of disaster; fraudulent emails claimed to offer financial assistance or better mortgage deals in exchange for fees. While we may be more knowledgeable digital citizens today, in some senses, we are stripped especially bare in concurrent ways: by spending more of our lives on a growing, unchecked web, and by being plunged into successive—or continuous—crises.

Scam victims could be called innocent to the misdeeds of the net, but being deemed gullible is the more disparaging and stubborn charge. Gullibility is typically described as an abnormality: being “too willing to believe or accept,” as one dictionary has it. We are all willing to believe or accept injurious situations under the right circumstances, but those with an excess of faith are marked as superbelievers, oozing irresponsible trust. We have an appropriate level of belief; they have too much. Our judgment exists on a spectrum: we might delight in the losses of those who participate in moneymaking schemes, the elite victims of white-collar fraud, or the people who parrot lies from our political enemies. Arbitrary marks like Deborah, meanwhile, can’t be helped. Even if they deserve pity, they have failed to adapt to the connected world that the rest of us inhabit, where the low hum of possible deception reverberates.

Designating the gullible, however, obscures how ordinary people suffer deception in tiny increments all the time. There are ageist stereotypes of clueless, elderly marks, gullible to even egregious phishing, but this doesn’t align with how common financial scams are among the supposedly tech savvy. The FTC has found that 41 percent of people aged twenty to twenty-nine have lost money to fraud—far more than the elderly, though in smaller sums.

Delusions quietly shape our lives as well as disrupt them. Sometimes we’re too invested in our attachments to enter reasonable suspicion—too “stuck,” in Lauren Berlant’s terms. Misplaced belief can, say, deflect the pain of a fraying marriage (“My husband is working late”) or buoy a downtrodden worker (“I will be promoted”), at least for a time. We are fairly poor judges of our own credulity, even in controlled settings: the psychologists Detlef Fetchenhauer and David Dunning have found that people trust others more than they claim to. Our errors are, for the most part, forgettable or undetectable when they do not snowball into financial ruin.

Although many people manage to avoid falling for scams, it’s easy to relate to the motivations of Deborah and other victims. Hapless marks often go along with scams to protect their dependents and loved ones, argues Viviana Zelizer, an economic sociologist and the author of The Social Meaning of Money. People will do almost anything to guard their child from the shame of an FBI visit, or to shield their romantic partner from an audit by the IRS. When emotions are high, cognitive function drops; some victims are even pulled into cons by a desire to please the scammer, looking for any guidance through the confusion. According to Jenny Radcliffe, who is hired to mimic cyberattacks for companies, humans are always more malleable than digital barriers. “Everyone has something they want to protect,” she says. Gullibility may deliver a victim to a false end, but its urges originate in our shared social ties: the desire to depend on someone, and the desire to protect.

The gullibility label helps us frame “falling for it” as individual fault—as privatized stupidity rather than ideology. As the sociologist Tressie McMillan Cottom has shown in her book Lower Ed, we feel contempt for people rather than for markets, moving responsibility to the smallest unit and obscuring the exploitative field in which it’s set. Cottom discusses this idea as it relates to for-profit colleges, institutions that saddle debt on their students, who are often non-white and female. “If you think that a strong work ethic can trump all manner of troubles, you might disdain the ‘weak’ people who go to a ‘predatory’ school,” she writes, rather than recognize the limited options of those who enroll. Much like weakness, gullibility can be used to pathologize people for understandable mistakes, misplaced bets, and desperate behaviors generated by the very effort to survive modern life.

Classifying people as gullible is also good business for banks. Out of self-protection, they distinguish the defrauded from the insufficiently skeptical. Customers like Deborah are told that their gullibility makes them culpable—not the corporation or the government—and complicit in their own defrauding. This gives belief a quasi-legal status: one is liable for one’s capacity to trust. When justice is sought in the wake of a scam, skepticism is positioned as the norm, while gullibility is treated as a maladaptive, pathological, deviant form of socioeconomic being.

The aftermath of a scam involves recounting the story to many actors, all with different capacities for empathy. Before turning to the bank, Deborah’s first instinct was to consult her family. She wanted reassurance that she had done nothing wrong, that anyone could have fallen for Miss Barbara’s trick. She called two of her brothers, who advised her to get a lawyer. Deborah reached out to more than thirty attorneys. Only one called her back. Deborah’s eldest brother consulted another, who called her situation “a terminal case.” “There’s no life here,” he said. Her claim was dying, if not already dead.

Deborah followed the post-scam playbook and entered a bureaucratic fun house in the process. She filed a fraud report with Chase a few days after visiting the bank, which started an internal investigation. She also filed a police report with her local precinct; the detective on duty brushed it off. One officer told her that it was possible for her to get her money back, but only if it hadn’t left the account that it had first been transferred to. When the police looked into it, though, they determined that the money was already gone. (The first rule of scamming: move the money immediately.)

The bank had been tricked as much as Deborah, but the similarities ended there. Deborah called customer service agents almost daily, explaining what had happened over and over again. Chase finally denied her request with a form letter: “We are denying your claim because during our review we found that you did not take the appropriate steps to protect your account from theft or unauthorized use,” it read. “We will not reimburse your account.” Then the kicker: “If this caused your account to be overdrawn, please bring it up to date as soon as possible.” Their recommendation for future protection? That Deborah set up electronic fraud alerts. (When asked for comment, Chase noted that customers should never share their credentials with anyone, and suggested they opt in for alerts “so that they can monitor for suspicious activity and immediately report it to us.”)

Recourse for the scammed, no matter their fate, is a hard road. The path is least promising for those who knowingly participated in some kind of scheme. This was the case for James Adler, who lost more than $5 million in an extended Nigerian prince scheme in the early Nineties. He visited Lagos multiple times and met with his scammers, who showed him a check for $60 million made out in his name. When he finally found out that he had been bilked, Adler sued the Nigerian government, the Central Bank of Nigeria, and more than a dozen other entities, claiming that he had thought the deal was legitimate right up until he realized it wasn’t. Adler was denied recovery under the doctrine of “unclean hands,” which determined his actions to be unethical; for him, gullibility was considered a precondition for bad faith.

It is just as difficult to find restitution or justice for those who are taken in by scammers posing as financial institutions or authorities. There are occasional sting operations that lead to arrests; in 2017, Indian police officers raided call centers in a Mumbai suburb where employees had posed as IRS agents, and during the pandemic, police arrested three men in Massachusetts who scammed victims out of tens of thousands of dollars over the phone, converting bail funds into restitution. But by and large, there is little hope of redress. Legal regulation is uncertain in many cases—third-party money-transfer apps such as Zelle, which is owned by banks, have lately been rife with fraud, but federal law requires only that these companies cover “unauthorized” electronic transfers performed by someone other than the account holder. New guidance from the Consumer Financial Protection Bureau limits customers’ liability for transfers made with stolen credentials, but companies still blame victims when they initiate transfers themselves.

Knowing how unlikely redress is through official channels, some turn to other sources for help. Cottage industries, volunteer-run support groups, and word-of-mouth advice circulate. Some resort to vigilante scambaiting, posing as potential marks to lure scammers to authorities or into public shame. If ordinary commerce brings us together with those unknown to us—what the media scholar Lana Swartz calls “transactional communities”—then there is also a community of the scammed, where legal tips and solace might be found on Facebook and Reddit.

Deborah, however, kept trying through official channels. After consulting her family, the bank, and the police, her only remaining recourse was the government. Scam prevention initiatives are run by the FTC, FCC, FDIC, and several other federal agencies, a byzantine network for individuals to navigate. This decentralized alphabet soup leaves people like Deborah scrambling to find the appropriate contact, or to call a hotline with a backlog of thousands of cases. Websites that purport to help individuals with claims offer tips on how to “protect yourself next time,” suggesting that one must trust authority while mistrusting those who impersonate it. These resources brought her to the same dead ends.

The bank shed its personhood to pin the blame on Deborah, even after its authentication rituals molded her into an exploitable victim; the government, in turn, wished her better luck next time. Deborah’s mistake, if we have to call it that, was trusting protocols of protection and trusting them repeatedly—and trusting their very repetition as a sign of legitimacy. If capitalism breeds the con, then its institutions shape the conditions of the gullibility it feeds on: belief in systems of safety and protection that do not, in fact, exist. Deborah’s belief in that fiction may have been woefully misdirected. But the rest of us, even the skeptics, are ensnared in the same structures. Only until we are cornered ourselves can we claim to be the better judges.

We are supposed to unlearn credulity as we pass from unproductive children to productive adults. To be gullible is to be anachronistically innocent in the digital age, out of step, or guilty of a kind of willful ignorance. But if we must misread the world in order to survive it, then categorizing people by their slips only strengthens social fictions—including those proffered by banks, which ask for our trust but expect us to protect ourselves. It is difficult to have the right amount of belief under these circumstances. Any decision can be isolating. Too skeptical, and we become conspiracy theorists; too credulous, and we have no one to blame but ourselves.

Much like gullibility itself, scams serve as a neat foil for capital. They are framed by financial institutions and governments as ugly, extraordinary moments of economic activity, speciously cordoned off as a bug rather than a feature. All other transactions, as a result, can be deemed authentic, productive, and clean. Old attributes like personal responsibility, financial literacy, and shrewdness persist. Many of us, however, anticipate moments of abandonment—there are threats we can foresee and even plan for: the daily robocall, perhaps, but also the interest on a loan, the rising price of a prescription medication, or a hike in rent. For the majority of Americans, keen judgment and learned skepticism cannot shelter us from these hazards. It may no longer be novel to consider the scammer an avatar for capitalism’s big con, but it is more unnerving, and more intimate, to accept that the gullible figure is representative, too.

Most people still believe in some form of protection, whether via the social contract, community, or an elusive greater good, even as the pandemic exposed their fragility. The gullible live more deeply in this illusive world, where we might take things at face value, and where we might share responsibility for our well-being. Each scam raps on the door of this reverie. Healing would require not only financial recovery, but new conditions in which trust is not inherently risky.

In the weeks after her loss, Deborah called me and other people she knew, trying to manage a range of emotions—rage, at first, and then its shadow, despair. She considered setting up a GoFundMe, and had a friend help her write the copy for the website to attract donations—but she never launched it, worried that it would be too burdensome to maintain. Now, months after the calls from Miss Barbara, she is determined to keep her business afloat. She drives to farmers markets, drops off packages for clients, and braces for lulls after holidays. Sometimes she worries about being scammed again. She daydreams too, about meeting others who have lost their money, whose claims Chase has also denied. Might they, together, be more powerful? So far, she hasn’t thought past the question.

Without restitution, Deborah continues to experience her story on a loop. She has told it to lawyers, to Chase, to the police, even to strangers. These repetitions are laced with a subdued fear: that in narrativizing her loss, she bores her listener, and that their compassion wanes with each step in the story. That is how the bank responded, after all—the bank where she is still a client, and which, when she makes a transfer, swipes her card, or deposits funds into her emptied account, asks her for authentication.

 is the author of The Distance Cure, which was published last year by MIT Press.

More from

“An unexpectedly excellent magazine that stands out amid a homogenized media landscape.” —the New York Times
Subscribe now