Vulnerability #3: I recently built a new music studio in my house, and I really would love to have a piano, so there was a strong emotional hook

I reached out to the "alumna" immediately and she said I could have the piano, but I had to get it ASAP because she was clearing out her storage rental.

Vulnerability #4: ticking clock.

The alumna told me that the piano had been a gift to her late husband, who recently passed away

Vulnerability #5: her tragedy made me not bug her for details.

Vulnerability #6: Because the originating email was from my home institution I had greater trust for the sender (believed it was a colleague)

Anyway, I called my wife and said "Guess what, we're getting a free piano. Can you please reach out to the shipping company and take care of it, because I'm on the road"

Vulnerability #7: I represented this as a done deal from a trusted source to my wife, so she did less due diligence than she would have otherwise.

My wife reached out to the shippers and they told her we'd have to pay for transporting the piano, which seemed only fair.

The shipping company had a slick looking website. They had a phone number, and a guy named "Roger" was accessible by both phone and email. They offered us three different shipping options, from 2 weeks (lower cost) to 2 days (higher cost). We chose the one in the middle.

Vulnerability #8: Between professional website, responsive email, and human on phone, there were enough points of presence to seem like a real operation.

So I gave the green light to my wife, who paid for shipping. Unbeknownst to me (she says she told me, but like I say, I was AFK and distracted), she paid via Zelle, not credit card. The name on the Zelle account didn't match Roger or the shipping co name.

I would probably have flagged this if it was me paying, but she didn't.

Vulnerability #9: The amount of existing trust between me and my wife, and the fact that we were each handling part of the operation, caused her to over-trust my referral, and caused me to over-trust her methods of payment. Basically, we both thought the other person was doing more due diligence than we were. Because, generally speaking, we're pretty cautious about this stuff and we've never been successfully scammed before.

So immediately after we paid the "shipping company," they sent us an email with a tracking number. We entered it on their slick-looking website and it said that the package had been shipped. Which was verified independently by an email sent by Roger.

Vulnerability #10: Despite all my expertise on the subject, I still believed that an arbitrary shipping number yielding a legible result on a slick website meant that there was a business behind it.

(We were sooooo excited to get this piano)

Roger reached out to my wife the next day and said that the package had been held up. Apparently, something that large couldn't be shipped w/o insurance. We'd need to pay for that, though it would be fully refundable. He could set it up for us. The insurance would be $1500 (twice the cost of shipping).

This made zero sense. It immediately dawned on us that we were getting scammed.

Back at my laptop & no longer AFK, I did a whois lookup on the shipping site. The URL was registered THIS MONTH.

I notified the bank. My wife notified the police. I notified university IT about the phishing from the university email account. I notified the university attorneys about the scam.

Roger is still emailing and calling us. The "insurance company" he wants us to use has a very slick website. I did a whois lookup on the URL. It was also registered less than a month ago.

I feel thankful that we twigged to it as quickly as we did, and sorry for everyone else in "Roger's" orbit who didn't.

p.s. The guy at the bank said something very interesting to me while I was reporting the fraud.

He said something along the lines of "wow, the Russians are really gunning for us, huh." He sees a lot of this. The source, when identifiable, is usually the same.

Someone else I know had 3 fraudulent checks written from their checking account yesterday. Now they have to close the account and open a new one.

Wondering whether this is how Putin is bankrolling the next phase of the Ukraine genocide.