• Senior Scam Alerts
  • Posts
  • 🚨500 Seniors Scammed Out of $40M in Massive Tech-Support Scam

🚨500 Seniors Scammed Out of $40M in Massive Tech-Support Scam

22 Charged and 19 Arrested in Major Scam Takedown

Author

Seth Combs
November 10, 2025

SENIOR SCAM NEWS
🚨500 Seniors Scammed Out of $40M in Massive Tech-Support Scam

Before we jump into this week’s newsletter, I want to give you an update on Senior Scam Alerts. The reason we haven’t been sending newsletters these past few weeks is because we’ve received a lot of interest from people wanting to donate their time, talents, and money. To prepare for more subscribers, we will be switching our newsletter platform in the coming weeks. The site and newsletter will look different but we’re still the same volunteers.

This week brings one of the most significant multi-agency takedown led by the FBI San Diego Elder Justice Task Force. Federal prosecutors charged 22 people and arrested 19 in Southern California for allegedly helping a transnational criminal organization drain the savings of hundreds of U.S. seniors through a blended tech-support + refund scam. Authorities say losses are well over $40 million (some reports cite $400 million+); investigators have identified 500+ suspected or confirmed victims.

At the center of the U.S. side, prosecutors name Victor Lee Marion (41, San Diego)—alleged head of a domestic money-laundering cell that acted as the financial bridge between overseas fraud operators and American victims. According to court documents, Marion used a local business (Mecca Barbershop) to recruit launderers, consolidate victim funds, and move the money overseas to leaders in India and Dubai. The broader organization’s call-center components allegedly operated from India, Thailand, and the UAE.

San Diego resident, Victor Lee Marion, second from left, allegedly orchestrated U.S.-based co-conspirators in Southern California to receive millions of dollars stolen from victims and transfer the majority of the money overseas. Credit: NBC San Diego

Below, we walk you through the two-phase “refund” scam, how the money moves, why it defeats bank defenses, and the counter-moves that shut it down in seconds.

The enterprise, at a glance

  • 22 charged, 19 arrested in Southern California; initial court appearances underway.

  • 500+ U.S. victims identified so far, most age 60+.

  • Losses: more than $40 million (with some reporting over $400 million).

  • Overseas: scripted call-center operators (India/Thailand/UAE) ran the con and “groomed” victims.

  • U.S. cell: a San Diego-anchored laundering network allegedly coordinated by Victor Marion, moving funds from victims to the organization’s foreign leadership.

The two-phase psychological attack: from “helper” to “collector”

This organization didn’t “hack your bank.” It hacked your trust—in two moves.

Phase 1: The Tech-Support Hook

Goal: Build credibility and gain remote access.

  • Victims receive pop-ups, emails, or calls warning of a computer infection, account breach, or subscription “auto-renewal.”

  • The message urges you to call a number. On the line: scammers posing as legitimate tech support (think “Microsoft,” “Apple,” or a known antivirus brand).

  • They ask you to install remote-access software so they can “fix it.”

  • With remote control, they watch you open your accounts, learn where your money is, and plant the story: “We’ll make this right; expect a call from your bank’s fraud team.”

Why it works:

  • Remote cursor movement feels legitimate.

  • The tone is helpful, not hostile.

  • You see “activity” on screen (theater), which primes you to trust the next voice.

Phase 2: The “Refund” Switch

Goal: Make you initiate the transfer, bypassing bank fraud filters.

  • You hear from a new impersonator: the “refund department”. They claim a $199 refund was accidentally processed as $19,900 (or similar).

  • You’re told you must return the “excess” immediately or someone will “lose their job,” or you could face trouble for “keeping funds.”

  • They steer you to wire money, buy gift cards, overnight cash, or open a new account and move funds.

  • Some scripts shift to government impostors (“FBI,” “Federal Reserve,” “DOJ”) to order you to move assets for “safekeeping.”

Why it works:

  • It turns you into a willing participant in the transfer (a “push” payment), which evades many bank-side fraud controls.

  • The moral pressure (“we’ll get fired,” “you’re keeping stolen funds”) weaponizes your honesty.

  • Authority stacking (tech → bank → government) makes the lie feel official.

How the money moves (and disappears)

The indictment describes a U.S. money-laundering and logistics cell that handled collection, consolidation, and exfiltration:

  • Collection methods:

    • Bank wires for large sums (fast, final).

    • Gift cards/payment apps for smaller, anonymized pulls.

    • Mailed cash via overnight couriers to fake names/addresses (this removes funds from the electronic trail and can trigger mail-fraud jurisdiction).

  • Consolidation:

    • U.S. launderers gather cash, deposit into mule accounts, or split wires across accounts to avoid flags.

    • According to court docs, Marion allegedly recruited launderers, paid them a percentage of victim funds moved, and promoted top performers—even facilitating their relocation abroad to work directly from call-center hubs.

  • Exfiltration:

    • Funds are layered (moved across multiple accounts, shell entities, and instruments) and then sent overseas to leadership in India/Dubai.

    • The objective: speed + fragmentation to beat recovery efforts.

Why banks (and families) sometimes can’t stop it

  • Push vs. pull: When you authorize a wire/transfer, banks have less leverage to reverse it.

  • Secrecy script: Victims are told to hide the situation from family and bank staff “to avoid tipping off hackers.”

  • Consistency theater: Multiple “departments” call you in a tight sequence; spoofed caller ID often shows your bank’s real name.

  • Mailed cash: Keeps stolen money off ledger until launderers re-introduce it on their terms.

The red flags—burn these into memory

  1. Any pop-up/email/call telling you to call a number or install remote access.

  2. A second caller claiming to be your bank’s fraud team—especially if they knew details from the first call.

  3. “Refund mistake” stories that create urgency and guilt.

  4. Demands to keep it secret from your bank or family.

  5. Instructions to wire money, overnight cash, buy gift cards, send crypto, or move funds to the “Federal Reserve” or a “government” account.

  6. Any talk of sending a courier or ride-share driver to “secure” cash or valuables.

One sentence that ends the scam: “I don’t move money based on a phone call. I’ll call back using the number on my bank card.”

Then hang up. Do not debate. The longer you stay on, the deeper the hook.

If you’ve already clicked, installed, or sent money—act now

  1. Disconnect the device from the internet; power it down.

  2. From a second (clean) device, change your email and bank passwords and turn on two-factor authentication (2FA)—email first (it’s the reset key), then banking/investments.

  3. Call your bank’s fraud line (number on your card/statement). Ask for holds/recalls, review recent transactions, and flag the account.

  4. If you mailed cash or bought gift cards, contact the carrier/issuer immediately to request an intercept/freeze.

  5. Save everything: pop-ups, emails, caller IDs, voicemails, screenshots, receipts, tracking numbers, envelopes/labels, any “official” letters.

  6. Report it: file at IC3.gov (the FBI’s Internet Crime Complaint Center) and contact local law enforcement.

  7. Have a trusted local technician remove any remote-access tools/malware.

Why this takedown matters

The San Diego Elder Justice Task Force shows what happens when federal, state, and local partners operate as one unit: faster intelligence sharing, coordinated arrests, and financial disruption of laundering pipelines. According to the FBI, Marion and his alleged co-conspirators were not low-level mules—they were a domestic engine that trained, paid, and graduated launderers up the hierarchy, keeping the cross-border machine humming. Removing that engine matters.

But the front line is still you. Your first “no,” your decision to hang up, your call to the number on your bank card—those are the moves that stop this scam before it starts.

Share this with someone who needs it—today

  • Make a family rule: No big money moves without two people on the decision.

  • Add account alerts for wires/withdrawals; ask your bank about a trusted contact.

  • Lock down your email with a strong, unique password + 2FA.

  • Post less personal detail publicly; scammers use your interests and life events to sharpen scripts.

Your Voice Could Be the Turning Point

If something feels wrong—it probably is.

Scammers count on silence. They rely on embarrassment to keep you quiet. But reporting a scam doesn’t make you a victim—it makes you part of the solution.

Whether you caught the scam in time or handed over money, your story can help catch criminals, protect others, and recover losses.

📢 What To Do If You’ve Been Targeted

If you're over 60 or helping a loved one navigate fraud, take action right away:

  • đź“ž Call the National Elder Fraud Hotline:
    1-833-FRAUD-11 (1-833-372-8311)
    Trained professionals will guide you through the next steps—confidentially and with compassion.

  • đź’» Report it online at the FBI’s Internet Crime Complaint Center:
    IC3.gov

  • đźš” Contact your local police department, even if the scam “didn’t work.” Every report builds a case.

What to Include in Your Report:

✅ Names, numbers, emails, pop-ups, and any “letterhead” or badge details
âś… Bank/transaction data (dates, amounts, destinations)
âś… Receipts for wires, gift cards, cash mailings, or crypto
âś… Screenshots, device logs, shipping labels, and courier info

Stay safe. Share this. And remember: no bank, tech company, or U.S. agency will ever ask you to move your money “for safekeeping.”