Yah, all of those things are true. Thats why most scammers have you send cash or buy bitcoin, or gift cards. You should watch this video https://www.youtube.com/watch?v=VrKW58MS12g

Scammers often use complex networks and fake identities to cover their tracks, making it tough to trace them. Banks usually notify you of suspicious activity, but prevention is key, consider using apps and services that add extra layers of security to your transactions.

One common strategy is to transfer the money through a transaction method that doesn’t keep an adequate record of its customers/users. That’s why some scammers ask you to purchase gift cards. You wilfully buy a gift card, give the scammer the code, then they can sell that code to someone else. The net sum of the equation is they still get your money, just through a bit of reshuffling that makes it difficult for authorities to trace.

Scammers, like hackers are always looking for vulnerabilities and clever ways to bypass rules that would prevent them from stealing. To give an example, a few years ago several high-profile Twitter accounts simultaneously asked for their followers to send them Bitcoin, for which they will receive double the Bitcoin in return. (Use your brains, people!)

HOW did they compromise a dozen Twitter accounts with millions of followers and post the scam tweets?

Twitter employees have “super user” access, and they can open up a user’s profile and read messages, delete messages, and do all sorts of actions despite it not being their account. When a twitter employee would leave the company, they may still have access (or hackers would compromise their employee account) and they then “rent” these admin powers out to thieves for several thousands of dollars per hour.

Success at crime is a moving target and criminals are always innovating new and clever ways to compromise accounts, transfer money, and turn it into an asset that’s not traceable. So to an outsider like you and I, the methods are not going to be clear, or may not be understood by anyone except the thieves themselves.

>and if you say the scammers take the cash out somewhere, how can this be done without having a physical card put in the machine with pin or showed at the bank counter with connected id?

Banks do require that and the scammers provide the necessary verification.

Usually the withdrawal mule accounts. Mule accounts belong to a group of people exploited by the scammers just for the act of withdrawal. The usual modus operandi is to approach an underprivileged population that has a banking account, then ask them to “rent” their account because “you want to avoid taxes”.

The gullible mule rents their account and ATM card, and the scammers withdraw using that account. The police would be able to reach the mule and in some countries prosecute the mule, but the withdrawal amount is lost forever. The scammers won’t provide any personal identification when renting a mule account, some mule didn’t even meet the scammers in person. In my country the scammers used to “buy” accounts from foreign labour who are returning to their country.

It’s wild how scammers seem to have such an easy time getting away with stuff. Banks and payment systems could definitely do more to spot and block suspicious transactions before they go through. A lot of it comes down to old tech and the challenges of international money transfers.

Lots of banks have made transferring money to places like Nigeria and India more difficult due to scams, so they just straight up have you send merchandise to them.

Regarding putting in more security checks, obviously these do exist but I always understood that it was more profitable for banks etc to refund scammed money than put in more security checks which would reduce people using their services – hence contactless

Less security steps mean more transactions because it is easy to use, mean more profit, and this offsets the cost of refunding money lost to scams

There will be a separate scam to get the money out. A common one involves hiring a random person for a “job” where they need to receive transfers in their personal account, and then send it somewhere else through an un-reversible method (maybe crypto or some kind of international wire transfer).

Before long that person will have their account shut down and they may themselves be on the hook for the stolen funds. They won’t have anything to identify their “employer” other than an abandoned email address.

Have you ever tried to wire someone money via Western Union, Moneygram, or through your bank?

They give you a huge form to fill out and then absolutely interrogate you! “Have you ever seen this person in real life? Are you absolutely sure you want to send money to them? Do you know for certain that this is not a scam?” etc. etc. It’s a 5 or 10 minute interview just to send money. They really don’t want to allow you to do it.

Even when you’re just trying to help out an old friend whose car broke down a few states away, you have to go through the whole interrogation that makes it feel like you’re the one doing something suspicious.

And as for credit and debit cards, they have weirdly prescient fraud detection, which is generally very good when someone in Dubai tries to buy something with your credit card, or you get mystery charges of $1, $100, $200, $500 in quick succession, or whatever.

Sometimes it’s annoying when you fly back home for a funeral and your card doesn’t work, or you buy something online at the same time your wife is checking out at the grocery store with the same card number so they flag that.

So there’s tons of protection in place. The rest is kind of up to you. If you’re posting pictures of your credit card on social media or something, meh, that’s on you. If you’re sending money or gift cards to random strangers despite all the warnings, that’s on you.

It’s just very hard to prevent people from getting scammed when they’re actively trying to get scammed, and say yes to everything despite the warnings.