In a state of near panic, Chapman, 80, of West Roxbury, called the number and talked with a man who identified himself as a Microsoft employee and who brought into the conversation a woman who said she was with Chase.
Their knowledgeable, professional manner heartened Chapman, enough so that he meticulously followed the instructions they gave him, believing it a way to avert financial disaster.
Within minutes of hanging up, Chapman was driving to Macy’s in Braintree, with instructions to buy nine $500 gift cards. By the time he was done carrying out their directives, Chapman had racked up $8,500 in charges on his Chase credit card for 17 gift cards, including seven at Lowe’s in Weymouth and one at a CVS in Quincy.
After each purchase, Chapman had returned to his car, scratched the backs of the cards, and read the serial numbers over the phone to the “Microsoft guy,” just as he had been instructed.
It was, of course, a ruthless scam, perpetrated on a trusting soul. A team of criminals had hacked into Chapman’s computer to shock and frighten him with a false warning, and then exploited his extreme distress to manipulate him into doing things that look, in retrospect, quite foolish.
Chapman at first didn’t discuss with his family what he was doing. The next day, when a family member learned of the instructions Chapman had received, he instantly recognized it as a scam and tried to stop Chapman.
But it was too late.
Chapman’s monthly credit card bill, swollen almost tenfold with the $8,500 he spent on gift cards, is due on March 15. He contacted me in the hope I could help persuade Chase to waive the charges due to his being a victim of fraud.
He said he also wanted to publicly tell his story to warn others, as part of his decades-long “ministry of helping people.”
“Let this be a lesson,” he said. “Don’t let it happen to you.”
The ruse used on Chapman was particularly sinister and seemingly sophisticated and may have included the interception of an e-mailed and text message alert from Chase to Chapman warning of suspicious activity on his account relating to the gift cards. It was probably the handiwork of practiced “actors” who follow a script and who spend all day looking for folks to fleece. Here’s what Chapman told me happened on Jan. 18:
When he first reached the “Microsoft guy” after his computer went berserk, Chapman was asked to describe the problem. The man replied that he knew how to fix it, the first step of which was to contact Chase.
Chapman told the man he would call Chase using the phone number printed on the back of his credit card, but the man said no.
“Your phone might be compromised along with your computer,” he said.
The man told Chapman to stay on the phone while he dialed Chase on another line. A woman’s voice came on. “Chase,” she said. The man made a quick introduction and then the woman asked Chapman to describe what had happened.
When Chapman had finished, the woman said she was concerned that the man Chapman was dealing with — the “Microsoft guy” — might be engaged in a scam. “Do you have his employee ID number?” she asked.
“No,” Chapman said, at which point the “Microsoft guy” jumped back into the conversation and cited a multi-digit number.
“Hold on while I check it,” the woman said. When she came back a minute later, she said she had verified his credentials.
That’s when the man explained that Chapman could “counteract” unauthorized uses of his credit card by purchasing gift cards and reading him the serial numbers.
Obviously this makes no sense. Family members described Chapman to me as “a very trusting person” and “someone who always sees the good in people.”
That may have served him well during almost 30 years as rector of St. Paul’s in Brookline, but not so much when he became the target of cunning criminals.
“Maybe it was naivete on my part,” he said when we met. “But the people were so helpful. I didn’t think there was anything threatening or suspicious about them.”
“I was desperate for a way to fix it,” he continued. “I was trusting and they hooked me.”
Chapman was out running errands the next day when he decided to go to the Chase branch in Framingham nearby.
He said the bank manager listened to his story and responded that she was “99 percent sure” it was a scam.
When I reached the manager by phone, she said she filed a dispute on Chapman’s behalf with Chase’s fraud division.
“I feel terrible for him,” she said. “He’s a nice gentleman.”
Later, after I got involved, Chase ruled against him.
If the scam artists who bamboozled Chapman into buying gift cards had instead tricked him into revealing his credit card information and then used it for unauthorized purchases, Chase would have covered those charges under its “zero liability protection” program.
“You won’t be held responsible for unauthorized charges made with your card or account information,” it says on its website.
But Chapman isn’t a victim of identity theft of that sort. Yes, he’s the victim of a despicable fraud. But the purchases made with his credit card were not unauthorized. He authorized them.
That’s how Chase sees it.
“I wish we could do more for him,” a Chase representative told me.
Well, of course it can do more. Chase, which is so big that it counts its assets in trillions, could recognize that it’s in a far better position than Chapman to absorb a loss. And it could search for some technological means to protect the likes of George Chapman, maybe in consultation with the Consumer Financial Protection Bureau and the Federal Trade Commission.
One good question is whether the quick purchase of a pile of gift cards should trigger some kind of an alert. Chase told me it sent fraud alerts to Chapman at the time he was buying gift cards, and got a response in return, one that indicated no problem. Chapman said he doesn’t remember getting any such alerts and could find no record of it in his e-mail inbox.
Chase said it’s possible that the scammers had control of Chapman’s e-mail and text accounts. They may have intercepted fraud alerts and replied as part of the scam.
Most credit companies allow customers the option of receiving alerts of suspicious activity.
Let me emphasize: If you are contacted by phone, e-mail, or text message and asked to buy gift cards and provide the numbers on the back, no matter the reason, DON’T DO IT.
Michael O’Brien and his daughter, Kasia, who were featured in a recent column, got word late last week that FedEx has reversed its earlier denial and will now compensate them for a $1,200 iPhone that went missing while being shipped by FedEx.
The phone was packed by Michael O’Brien with a few other items and dropped off at the FedEx facility in Framingham. It was hand-delivered to Kasia in New York, but when she opened it, there was no phone.
FedEx initially denied the O’Brien’s claim, saying it hadn’t been given the chance to examine the delivered package, but the O’Briens said they were never asked to provide it.
After the column appeared and prompted lots of reader support for the O’Briens, FedEx relented.
Got a problem? Send your consumer issue to firstname.lastname@example.org. Follow him on Twitter @spmurphyboston.