What Happens to Your Money when You Send It to a Scammer

Where Scam Victims’ Money Really Goes and Why Recovery Is So Rare

Following the Money: How Scammers Move and Hide Stolen Funds

Overview and Framing

When money leaves a victim’s account during a scam, it rarely stays in one place for long. Criminal networks have developed efficient and layered systems for moving stolen funds through both domestic and international channels. These channels are built for speed and finality, making reversal extremely difficult once a transfer has been executed. The very characteristics that make modern payment systems convenient for legitimate users are the same features that scammers exploit to escape detection and block recovery efforts.

The moment a payment is initiated, it begins a journey that often crosses multiple financial institutions, service providers, and national borders. Each hop in this chain further reduces the chances of stopping the transaction. In many cases, stolen funds are routed through accounts controlled by money mules before being converted into cash, cryptocurrency, or other assets that are even harder to trace. The pace of these movements is measured in hours, sometimes in minutes, leaving law enforcement and financial institutions little time to intervene.

The type of payment channel used in a scam often depends on the category of the victim. Individuals are frequently targeted with demands to send money through person-to-person transfer services, purchase and send the codes from gift cards, deposit funds into cryptocurrency accounts, or provide cash and prepaid card vouchers directly. Credit card payments are also used, particularly in schemes that disguise fraudulent charges as legitimate service or subscription fees. These methods are chosen for their accessibility to everyday consumers and for their ability to move funds quickly with minimal barriers.

Businesses and government entities face different but equally damaging methods of attack. They are often targeted through business email compromise schemes, where scammers impersonate senior executives, trusted vendors, or government officials to instruct employees to send wire transfers. These wires may be directed to accounts that appear legitimate but are controlled by criminals or their intermediaries. The sums involved in such cases are typically much larger than those stolen from individual victims, and the impact on operations can be severe.

The Federal Bureau of Investigation and the Internet Crime Complaint Center have long recognized the need for rapid intervention in cases where wire transfers are involved. To address this, the FBI developed the Financial Fraud Kill Chain (FFKC) process. This process is designed to interrupt and freeze fraudulent wire transfers, both domestic and international, before the funds move beyond the reach of cooperative financial institutions. The success of the FFKC depends almost entirely on the speed with which the fraud is reported. Once the funds are transferred beyond the initial receiving institution or converted into another form of value, the likelihood of recovery drops sharply.

In 2024, the Internet Crime Complaint Center reported that the FFKC achieved a 66 percent success rate for initiated cases, resulting in the freezing of approximately $561.6 million across both domestic and international actions. Of course, that was based on the fact that less than 5% of all victims report these crimes, and when they do, it can be weeks or months after the crime ended or the money was sent.  These numbers demonstrate that recovery is possible under the right circumstances, but they also underscore the reality that one-third of attempted freezes did not succeed. Even with immediate reporting, the complexity of international transfers, differing banking regulations, and the cooperation level of foreign financial institutions all influence the outcome.

For victims, understanding these dynamics is critical. The systems that process payments are not designed to prioritize reversals or cancellations once a transaction has been authorized. While consumer protections exist for certain types of fraud, particularly in the credit card system, many of the most common scam payment methods do not carry such safeguards. Authorized transfers through money transfer services, cryptocurrency transactions, and gift card redemptions are generally treated as final.

The problem is not only the technology but also the coordination required to stop these transfers. Law enforcement must act quickly, often coordinating with multiple banks and agencies, sometimes across several countries. In many jurisdictions, even the start of a freeze process requires formal legal requests or agreements, adding further delays. Criminals know this and take steps to accelerate the movement of funds, often converting them into forms that can be spent or resold in markets with little to no oversight.

In this environment, the window for recovery is narrow and closes rapidly. Whether the victim is an individual sending a few thousand dollars in gift card codes or a government department wiring millions for what they believe is a legitimate vendor payment, the underlying challenge remains the same. Once the money is gone, the odds of getting it back depend on immediate recognition of the scam, instant reporting to the appropriate channels, and the ability of financial institutions to act before the funds are beyond reach. Understanding this reality is the first step toward both prevention and effective response.

Cross-Cutting Money-Movement Mechanics

Regardless of the specific scam type, there are common mechanisms that criminals use to move stolen funds out of reach. These methods are designed to obscure the origin of the money, prevent detection, and make recovery efforts by law enforcement or financial institutions extremely difficult. The techniques work together in layers, often involving multiple actors and jurisdictions.

One of the most important elements in these operations is the use of money mules and intermediate accounts. In many scams, the victim’s payment is first directed to a U.S.-based bank account controlled by an individual or small business recruited by the scammers. These money mules may be willing participants or unwitting accomplices who have been convinced they are performing legitimate work, such as processing payments for an overseas employer. Once the funds arrive, they are quickly split and sent to other accounts, withdrawn in cash, converted into cryptocurrency, or wired to overseas banks. The Internet Crime Complaint Center has repeatedly warned that both business email compromise schemes and romance scams rely heavily on such mule networks to move and disguise stolen money. Law enforcement agencies often focus investigative resources on identifying these networks because intercepting funds at the mule stage offers one of the few viable chances to halt the laundering process.

After the funds leave the initial mule accounts, the next stage is often conversion and layering. Conversion refers to changing the form of the funds to reduce traceability, while layering involves moving money through multiple transactions to complicate tracking. Scammers employ a variety of tools for these purposes. Shell companies may be established to hold accounts and conduct transactions that appear legitimate. High-risk merchant processors can push funds through payment networks under the guise of normal business activity. Online casinos and gambling platforms offer another avenue, allowing illicit funds to be deposited, minimally wagered, and withdrawn as seemingly legitimate winnings. The Financial Action Task Force has documented these and other techniques in its typologies, highlighting how trade-based money laundering, invoice manipulation, and under- or over-valuation of goods are used to integrate criminal proceeds into real commerce.

Trade-based laundering is particularly effective because it moves illicit value under the cover of genuine trade transactions. By altering invoices, misclassifying goods, or manipulating shipment volumes, criminals can shift value across borders while creating a paper trail that looks legitimate to most observers. These transactions may pass through jurisdictions with limited regulatory oversight, further reducing the chance of detection.

The speed at which these steps occur is a critical reason why recovery is so challenging. In many cases, stolen funds are transferred to a mule account and then moved again within hours. Cross-border transfers can happen in seconds with modern banking infrastructure, and once the money is in a jurisdiction with strict bank secrecy laws or weak cooperation with foreign authorities, the chances of reversal drop sharply. Even when law enforcement identifies the final account holding the funds, legal and procedural hurdles in the host country can delay action until the money has been moved again.

The conversion of stolen funds into assets that are inherently hard to reverse adds another layer of difficulty. Cryptocurrencies, once transferred to a private wallet outside of an exchange, are outside the reach of traditional banking controls. Gift cards, once redeemed or resold, leave virtually no recourse for victims. Cash withdrawals are irreversible and often untraceable beyond the point of withdrawal. Each of these conversion points represents a moment where the trail can effectively go cold.

These mechanics illustrate why prevention and rapid reporting are so important. Once stolen funds begin the journey through mules, layering, and conversion, the process is designed to stay ahead of investigative efforts. The combination of speed, cross-border complexity, and deliberate obfuscation makes the recovery of scam proceeds an uphill battle even for experienced investigators.

Money Types

Type 1. Money Sent by Wire and Money Transfer Services

Bank Wires (Domestic and International)

Wire transfers remain one of the most common methods for moving large sums in scams, particularly in cases involving business and government victims. The typical flow begins when the victim wires funds to an account controlled by a money mule. This account may be in the same country as the victim or in another jurisdiction. Once the funds arrive, they are often split into smaller amounts and sent to additional accounts. From there, they may be withdrawn in cash, converted into cryptocurrency, or sent to offshore accounts in countries with limited cooperation on financial crime investigations.

The Internet Crime Complaint Center has reported that the first 24 to 72 hours after a fraudulent wire transfer are critical for any chance of recovery. During this window, financial institutions and law enforcement may be able to freeze the funds before they move out of the initial receiving account. Once the money is layered through multiple accounts or converted into another form, the possibility of recovery declines sharply.

Business email compromise schemes are a major driver of fraudulent wire transfers. These scams target companies and public entities by impersonating senior executives, vendors, or partners. Victims receive instructions to wire funds to accounts that appear legitimate but are controlled by criminals. The Internet Crime Complaint Center’s statistics indicate that business email compromise continues to account for billions of dollars in reported losses each year, making it one of the most financially damaging internet-enabled crimes. Other common wire-based frauds include real estate closing diversions, where scammers intercept legitimate transactions and redirect settlement funds, and vendor invoice fraud, where altered invoices trick victims into wiring payments to fraudulent accounts.

The FBI’s Financial Fraud Kill Chain process is the primary tool for intercepting fraudulent wires. If a victim reports the crime quickly enough, and the receiving bank is willing to cooperate, funds can sometimes be frozen before they are moved. In 2024, the Internet Crime Complaint Center reported a 66 percent success rate for initiated Kill Chain cases, but this also means that in one-third of attempts, the funds could not be recovered. Once the money is moved into cash or cryptocurrency, the chances of recovery become minimal.

Money Transfer Services (Western Union, MoneyGram, Others)

Money transfer services are widely used in scams targeting individual victims. In these schemes, the victim is instructed to send funds through a service such as Western Union or MoneyGram. The transfer is typically set up as a cash-to-person transaction, which allows the recipient to collect the funds quickly, often within minutes. Pickups can occur domestically or overseas, and are frequently made by mules using fake or stolen identification.

Once the funds are paid out in cash, the transaction is effectively irreversible. The Department of Justice and the Federal Trade Commission have pursued enforcement actions against major money transfer companies for failures in anti-fraud controls, resulting in large settlement programs. Western Union agreed to a $586 million remission program, and MoneyGram to a $125 million program, both of which provided refunds to victims of certain qualifying scams. These cases, however, are exceptions rather than the norm.

The design of money transfer services prioritizes speed and global reach, making them attractive for legitimate remittances but also for criminal exploitation. While compliance programs have improved, including enhanced identity verification and monitoring for suspicious activity, once a payment is picked up, the trail effectively ends at the counter. Without the rare occurrence of a major settlement or restitution program, victims almost never receive refunds for completed transfers. This finality makes money transfer services a preferred choice for scammers who rely on cash as an untraceable and immediate payout method.

Type 2. Bank-to-Bank Faster Payments and Account-to-Account P2P Services (e.g., Zelle)

Instant peer-to-peer (P2P) payment systems have become an integral part of modern banking, offering consumers a fast and convenient way to send money directly from one bank account to another. Services such as Zelle operate within existing banking infrastructure and are integrated into the platforms of many major U.S. banks. This convenience, however, has also created opportunities for scammers to exploit the technology’s speed and minimal transaction friction.

In scams involving P2P services, victims are often persuaded to send money directly to an account controlled by the fraudster. This persuasion can take the form of impersonating a trusted contact, posing as a bank security representative warning of suspicious activity, or offering a product, service, or investment. Once the victim authorizes the transfer, the payment typically reaches the recipient’s account within minutes. According to industry and consumer protection reports, these transfers can be made with limited identity verification on the receiving end, particularly when the receiving account is already established with a participating bank. This limited verification, combined with the integration of P2P services into major banks, makes it easier for scammers to operate undetected.

The structure of P2P systems like Zelle means that transactions are treated much like cash once they are sent. The bank’s role is to process the authorized instruction, not to verify the legitimacy of the underlying reason for the payment. While this protects speed and efficiency for legitimate users, it leaves victims vulnerable in cases of fraud. Market analyses and consumer advocacy groups have noted that Zelle’s ease of access and bank integration, along with relatively few barriers for recipients, has made it particularly attractive for scam activity.

The difficulty of recovery lies in both the speed and the nature of these transfers. Because P2P systems are designed for instant settlement, by the time a victim realizes the payment was fraudulent, the funds have usually been withdrawn or moved to another account beyond reach. Banks frequently classify these payments as authorized transactions, even when the authorization was obtained through deception. As a result, many victims are informed that their loss does not qualify for reimbursement under existing bank policies.

Case reports show that even small transfers can be impossible to reverse. Once the recipient withdraws or transfers the money onward, the bank no longer has control over the funds. This is true regardless of whether the transaction was for hundreds of dollars or just a small amount. In some cases, the recipient account is closed quickly after the funds arrive, making it even more difficult to track and recover the money.

The combination of rapid settlement, lack of built-in buyer protection, and classification of scam-induced transactions as authorized has drawn attention from regulators, state attorneys general, and consumer rights organizations. However, until systemic changes are implemented, such as enhanced fraud detection before transfers are completed or greater liability for participating institutions, the speed and finality of bank-to-bank P2P transfers will continue to make them one of the most difficult payment types from which to recover scam losses.

Type 3. Cash Money Picked Up by Scammers

In some scams, criminals bypass electronic transfers entirely and focus on convincing victims to hand over physical assets. A common approach involves impersonating law enforcement officers, bank security officials, or other authority figures. The victim is told that their accounts are compromised or that their money is unsafe. They are then instructed to withdraw large sums of cash from their bank, or in some cases to use those funds to purchase gold bars or other high-value items. Once the cash or valuables are in hand, the victim is directed to give them to a courier who is allegedly tasked with safeguarding the assets.

The Washington State Department of Financial Institutions and multiple U.S. police departments have issued warnings about these methods, noting that once the assets are collected, they are effectively untraceable. Gold and other precious metals carry the added challenge of being easily melted down or resold without leaving a clear record of ownership. Suffolk Police in the United Kingdom have also reported similar schemes, often referred to as courier fraud, where victims are convinced that surrendering their valuables is part of a legitimate investigation.

Reports indicate that these types of scams are on the rise. Law enforcement agencies in both the United States and the United Kingdom have made arrests connected to such operations, but the overall number of successful recoveries remains low. Media coverage, including reporting from the San Francisco Chronicle and ABC7 Chicago, has highlighted the emotional and financial damage to victims, many of whom are older adults targeted for their perceived trust in authority figures. Despite public awareness efforts, the personal nature of these scams makes them difficult to counter, as the criminals rely on creating a sense of urgency and fear that prompts immediate compliance.

Recovery of assets in these cases is extremely rare. Cash transactions leave no electronic record that can be reversed through chargeback or dispute processes, and once currency changes hands, it can be spent, deposited, or laundered almost instantly. Precious metals pose similar problems, as they can be quickly transferred to other handlers, sold to dealers, or smuggled across borders. The Department of Justice has noted that by the time such crimes are reported, the physical assets have often been moved several times, putting them well beyond the practical reach of investigators.

These scams are particularly damaging because they not only deprive victims of significant resources but also leave them with no realistic path to recovery. The combination of in-person collection, physical cash or bullion, and the use of couriers or intermediaries ensures that the proceeds vanish quickly. This reality underscores the importance of prevention and rapid intervention before any withdrawal or transfer of assets takes place.

Type 4. Gift Cards Sent to Scammers

Gift cards are a preferred tool for scammers because they combine speed, ease of transfer, and anonymity. In many schemes, criminals instruct victims to purchase specific store or network-branded gift cards, often from major retailers or widely used prepaid card networks. The victim is told to share the card numbers and PINs by phone, text message, or email. Once those details are provided, the scammer can access the funds immediately. According to the Federal Deposit Insurance Corporation, balances are frequently drained or transferred within minutes of receipt, leaving no time for the victim to intervene.

After obtaining the codes, scammers use several methods to extract value. One approach is to redeem the cards for goods with high resale value, such as electronics, luxury items, or small but expensive accessories, which can be sold through online marketplaces or informal networks. Another common tactic is to resell the card credentials themselves on illicit secondary markets, where buyers purchase them at a discount and then use them for personal shopping or further resale. Some scammers load the stolen balances into compromised merchant accounts, effectively laundering the value through seemingly legitimate transactions. Research from the Knoble has documented how quickly these balances are moved and how efficiently the underground resale networks operate.

A newer and growing threat is known as “gift card draining.” This occurs when cards are physically tampered with before purchase. Criminals record the card numbers and PINs, often replacing protective strips or packaging to conceal the interference. When an unsuspecting consumer buys and activates the card, the scammer receives an alert or checks the balance online, then steals the funds before the legitimate purchaser or recipient can use them. The AARP and U.S. Immigration and Customs Enforcement have issued warnings about this practice, noting its increasing prevalence in retail settings.

Recovery of stolen gift card funds is notoriously difficult. Gift cards function much like cash, and once the code is redeemed, the value is gone. Many issuers do not provide strong reimbursement rights for victims, especially when the card has been purchased and the credentials voluntarily shared, even under deception. The speed with which the balances are accessed means that by the time a victim realizes what has happened and contacts the issuer, the funds are almost always already spent. This lack of recourse, combined with the high liquidity of gift card value, ensures that they remain a reliable tool for scammers looking to move stolen money quickly and with minimal traceability.

Type 5. Bitcoin and Cryptocurrency

Cryptocurrency has become one of the most favored channels for scammers to collect, move, and store illicit proceeds. The appeal lies in the speed of transactions, the ease of cross-border transfers, and the ability to control funds without relying on a traditional bank. Once a victim sends funds into a cryptocurrency system, the combination of decentralized control and complex laundering techniques can make recovery extremely challenging.

The typical flow of scam-related cryptocurrency transactions begins with a conversion from fiat currency into digital assets. Victims may be instructed to use a centralized exchange, an over-the-counter (OTC) broker, or a physical crypto kiosk to purchase coins or tokens. Once acquired, the cryptocurrency is transferred into wallets controlled by the scammers. From there, the funds are moved across multiple addresses to create a layered transaction history. These movements often involve asset swaps, cross-chain bridges, and the use of mixing services designed to obscure the trail of ownership.

An increasingly common trend is the use of stablecoins, particularly Tether (USDT) issued on the Tron blockchain. Stablecoins offer the speed and low transaction costs that scammers prefer, while avoiding the price volatility of traditional cryptocurrencies like Bitcoin or Ethereum. According to blockchain analysis by Chainalysis, USDT on Tron has become a favored vehicle for large-scale scam networks, enabling fast transfers at minimal cost and allowing for rapid liquidation into fiat or other cryptocurrencies.

The scale of cryptocurrency-related scams has continued to grow. Chainalysis reporting shows that scam revenue rose in 2024, reversing declines seen in previous years. Much of this growth is tied to “pig-butchering” schemes, which combine romance-style grooming with fraudulent investment platforms. By 2025, these schemes had expanded into more organized networks, often run from overseas, using fake trading websites to collect deposits in cryptocurrency. Victims are shown fabricated account balances to encourage larger investments, only to find that withdrawals are impossible once the scammers decide to end the interaction.

Once cryptocurrency enters the control of a scam network, it often passes through an established laundering infrastructure. Mixers, also known as tumblers, pool together funds from many sources and redistribute them in ways that make it difficult to link the output coins to the original deposits. Cross-chain bridges allow scammers to convert assets from one blockchain to another, further complicating tracking by breaking continuity in transaction records. The Department of Justice has taken enforcement action against major illicit services, such as the takedown of ChipMixer, and the U.S. Treasury has sanctioned mixers like Sinbad for laundering proceeds tied to cybercrime and scams.

Even with these actions, the laundering ecosystem continues to evolve. Some networks integrate peer-to-peer OTC brokers who specialize in exchanging cryptocurrency for cash, often operating in jurisdictions with weak anti-money laundering enforcement. These brokers may also use high-risk exchanges that have limited compliance programs, making it easier to cash out without attracting attention from regulators.

In certain cases, coordinated efforts between blockchain analytics firms, law enforcement agencies, and compliant cryptocurrency services have led to asset freezes or seizures. TRM Labs and Tether, for example, have worked with authorities to identify and freeze USDT tied to scam networks when those funds pass through cooperative platforms. However, such interventions are only possible when the assets are still within the control of a regulated entity. Once funds are withdrawn to a self-custody wallet, they are beyond the reach of any central authority.

The decentralized nature of cryptocurrency custody is a major obstacle to recovery. Self-custody wallets give the holder complete control over their private keys, meaning that no bank, exchange, or third party can reverse or block transactions. Scammers exploit this by moving funds quickly into wallets they control exclusively. From there, they can execute rapid transfers across multiple blockchains using swapping protocols and bridging services, making it extremely difficult for investigators to follow the money in real time.

The speed of movement is another critical factor. Blockchain transactions can be confirmed within minutes, and cross-chain swaps can be completed in under an hour. This velocity leaves almost no window for intervention once a victim has sent cryptocurrency to a scam-controlled address. By the time a fraud report reaches law enforcement or an exchange, the funds have often been split into dozens of smaller transactions and routed through multiple laundering services.

Cash-out channels also play a central role in making scam proceeds unrecoverable. OTC brokers operating in permissive jurisdictions can exchange large amounts of cryptocurrency for cash without the scrutiny that would apply in more regulated markets. This allows scam networks to turn digital assets into spendable currency while avoiding the formal banking system entirely. Some also convert funds into high-value goods such as luxury watches or gold, which can be transported or sold discreetly.

Even when cryptocurrency movements are visible on public blockchains, the ability to connect an address to a real-world identity is limited unless the scammer interacts with a regulated exchange that performs customer verification. Professional laundering networks know this and take steps to ensure that their transactions never pass through such points of vulnerability.

The combination of speed, global accessibility, and privacy features makes cryptocurrency an ideal tool for scammers to move and store stolen value. While blockchain technology provides transparency in transaction records, the deliberate use of mixers, cross-chain swaps, and unregulated cash-out services ensures that following the trail often leads to dead ends. For victims, this means that once cryptocurrency has been sent to a scam address, the likelihood of full recovery is extremely low unless immediate action is taken and the funds happen to pass through a cooperative, regulated service before being moved into self-custody. This reality underscores the importance of prevention, rapid detection, and instant reporting when cryptocurrency is involved in a scam.

Type 6. Credit Card Payments

Credit card transactions are another channel exploited by scammers, particularly in schemes that present themselves as legitimate services or investments. Common examples include bogus tech support operations, where victims are convinced to pay for unnecessary or entirely fictitious computer repairs, and sham investment services that promise high returns through fake trading platforms. In these scams, the victim’s card is charged through a merchant account, often operated by a straw merchant or shell company. The payments may be processed through high-risk acquirers willing to accept clients in industries with elevated fraud exposure. Once processed, the funds are moved through a series of accounts or withdrawn by the scammers before the transactions can be challenged.

The Federal Trade Commission and the Federal Financial Institutions Examination Council’s BSA/AML guidance have documented how payment processors and merchant acquirers can become conduits for illicit activity, either knowingly or through inadequate due diligence. High-risk processors may allow fraudulent merchants to operate for extended periods, taking a percentage of each transaction while ignoring warning signs such as unusually high chargeback rates or complaints from cardholders. Straw merchants may be recruited or set up by scammers to disguise the true nature of the transactions, making it harder for banks and card networks to identify the fraud.

Cardholders do have dispute rights under federal law and card network rules, but these protections have limitations. Victims can file disputes for billing errors or unauthorized charges, and in some cases, they may succeed in obtaining a chargeback. However, when the victim has willingly provided their card information and authorized the payment, even if under deception, the outcome is less certain. Dispute processes require documentation, and there are strict time limits for filing. In many scams, victims do not realize they have been defrauded until weeks or months later, by which time the dispute window may have closed.

Consumer protection agencies advise that cardholders act quickly if they suspect a scam-related charge. Providing detailed information about the transaction, the merchant, and the circumstances of the payment improves the chances of a favorable outcome. However, scammers are aware of these procedures and often work to ensure that funds are withdrawn or transferred out of reach before a dispute can be resolved.

Regulatory enforcement has targeted payment processors that enable such scams. The Federal Trade Commission has brought cases against processors that knowingly facilitated fraudulent operations by ignoring clear signs of deception. In some actions, regulators have secured monetary judgments or banned companies from processing payments for certain types of merchants. Law firm analyses, such as those from Venable, have described how funds in these situations flow through merchant accounts, sometimes passing through multiple layers before reaching the scammers. Clawing back these funds can require regulatory action or court orders, as processors and intermediaries may resist returning money once it has been settled.

Credit card fraud in the context of scams is particularly damaging because it blends into legitimate payment activity, making detection more difficult for banks and card networks. While chargeback rights can provide some relief for victims, the success of these efforts depends heavily on speed, evidence, and the cooperation of the entities involved in processing the payment. For many victims, the combination of authorized transactions and delayed discovery of the fraud results in little or no recovery.

Type 7. Prepaid Debit Cards and Cash Reload Vouchers

Prepaid debit cards and cash reload vouchers are another common tool used by scammers to collect and move stolen funds. These instruments are widely available at retail stores, convenience outlets, and online, making them easily accessible to victims. In many scams, the perpetrator instructs the victim to purchase a specific prepaid card or a cash reload voucher, such as those offered by major payment networks. The victim is then told to provide the card number or voucher code, often along with the PIN if applicable.

These products function in much the same way as cash. Once the value is loaded, it can be spent directly, withdrawn at ATMs, or transferred to other accounts with minimal oversight. Because prepaid cards can be used without linking them to a personal bank account, they offer a degree of anonymity that appeals to criminals. Cash reload vouchers work similarly, allowing the scammer to apply the funds to a prepaid account of their choice without revealing their true identity. This anonymity and portability make them attractive for laundering illicit payments through multiple accounts or for transferring funds to other parties within the scam network.

Recovery of funds sent through prepaid cards and reload vouchers is extremely difficult. Once the value is loaded or redeemed, there is no straightforward mechanism to track or reverse the transaction. Many issuers do not provide strong consumer protection policies for cases where the victim voluntarily supplied the details, even if it was under deception. In situations where the issuer does offer assistance, reimbursement is often dependent on the victim’s ability to provide receipts, activation records, and other supporting documentation.

Even with documentation, success is inconsistent. Issuers may claim that their responsibility ends once the card or voucher is activated and the credentials are used. Criminals exploit this by redeeming or transferring the balance immediately, ensuring there is no time to intervene. This finality, combined with the ease of purchase and use, has made prepaid debit cards and reload vouchers a persistent method for scammers to obtain funds while minimizing the risk of detection and asset recovery.

Type 8. Precious Metals and Luxury-Goods Purchases Delivered by Couriers

In certain scams, criminals bypass traditional payment channels entirely and focus on obtaining high-value physical assets from victims. A common version of this tactic is the courier scam. In such cases, the victim is contacted by someone posing as a law enforcement officer, a bank security official, or another trusted authority. The scammer claims that the victim’s financial accounts are compromised and instructs them to convert their savings into gold bars, coins, or other valuable items such as luxury watches or jewelry. The victim is told that these assets will be kept safe from theft or fraud if they are handed over for “protection.”

Once the victim purchases the items, a courier is sent to collect them. These couriers are often hired through layers of intermediaries to conceal the identity of the scam organizers. The goods are picked up in person and immediately removed from the victim’s possession, after which they typically vanish from traceable channels. Reports from consumer advocacy organizations and law enforcement agencies indicate that this method is increasingly used against older adults, who may be more trusting of authority figures and more likely to follow urgent instructions without independent verification.

Recovery in such cases is extremely difficult. Precious metals and other physical goods are not part of any financial transaction network, meaning that once they are transferred, there is no mechanism to reverse the exchange. The anonymity and mobility of couriers add another layer of protection for the scammers. Couriers can quickly pass the items to others or transport them across borders, making it nearly impossible for investigators to trace the chain of custody.

The U.S. Commodity Futures Trading Commission has noted that precious metals, once in criminal hands, can be easily melted down or resold through legitimate-looking channels, erasing identifying marks or packaging. Industry experts in bullion handling have also observed that such items can be integrated into the global precious metals market within hours, particularly in jurisdictions with limited regulation. The same is true for high-end luxury goods, which can be quickly sold to secondhand dealers, pawn shops, or private buyers, often at prices that still yield significant profit for the scammers.

The combination of physical asset conversion, in-person collection, and the rapid liquidation of goods ensures that once a courier scam is completed, the victim’s chances of recovery are virtually nonexistent. This makes early recognition of the warning signs and immediate intervention the only effective defenses against such schemes.

Type 9. Trade-Based Money Laundering (TBML)

Trade-Based Money Laundering is a method used by scammers and organized crime networks to disguise the origin of illicit funds by moving them through international trade transactions. Instead of keeping stolen money in bank accounts where it can be traced, scammers convert the funds into goods or commodities. They then manipulate the invoices, shipping details, and declared values to obscure the real transaction. This may involve inflating or under-invoicing the cost of goods, mislabeling shipments, or routing products through shell companies that hide the true ownership of the assets.

A documented example is the purchase of vehicles using scam proceeds. In some romance or business email compromise cases linked to Nigerian criminal networks, victims’ funds have been used to buy cars in the United States or Europe. The vehicles are then shipped to West Africa where they can be resold for local currency or exchanged for other assets. This process not only launders the funds but also makes them nearly impossible to connect back to the original scam.

The international trade environment creates the perfect cover for TBML. Legitimate global commerce involves millions of shipments daily, moving through thousands of ports and trade routes. Payments for goods in this system appear lawful on paper, particularly when supported by professional-looking invoices and official customs documentation. The use of multiple jurisdictions with differing trade oversight and record-keeping requirements makes it difficult for any single agency to track the full journey of goods from origin to final sale.

Recovery in TBML cases is extremely rare. Customs authorities and financial institutions often lack the capacity to verify whether the declared value of a shipment reflects its true market price. Scammers exploit this gap by pairing legitimate-appearing transactions with fabricated shipping details or false commodity descriptions. By the time authorities suspect wrongdoing, the goods have typically been resold or broken down into components, and the money from those sales has been further layered through other laundering channels.

Because TBML exploits the sheer scale and complexity of global trade, successful intervention requires cooperation between financial regulators, customs agencies, and law enforcement in multiple countries. Even then, the investigation process can take years, and by that time, the original scam proceeds have often been fully integrated into legitimate-looking commercial flows. This makes prevention and early detection far more effective than attempting to recover assets once they have entered the TBML system.

Type 10. Walking Money Across Borders

Walking money across borders refers to the physical transport of cash or other portable valuables by individuals traveling between countries. Scammers or their associates may personally carry the proceeds of scams to avoid the scrutiny of electronic payment systems. This can be done in small amounts over multiple trips to stay under mandatory declaration thresholds, or in larger amounts hidden in luggage, vehicles, or on the person. Criminal networks sometimes hire couriers specifically for this task, offering a fee or a cut of the funds to those willing to take the risk.

In many cases, walking money across borders is used as the final stage in a laundering process. Funds collected through scams might first be withdrawn as cash from mule accounts or converted into portable assets such as high-value jewelry, precious metals, or gemstones. These items are then physically transported to jurisdictions with looser financial regulations or where the criminals have established resale networks.

This method bypasses formal banking channels entirely, making detection more challenging. While many countries require travelers to declare cash or equivalent instruments over a certain value, enforcement depends on inspections and intelligence targeting. Smugglers often carry amounts just below the reporting threshold to avoid attracting attention, or they split the money between multiple couriers traveling on different routes.

Recovery of funds moved in this way is rare. If the money is discovered at a border checkpoint, it can be seized, but by then it may only represent a small portion of the total proceeds moved through this method. More often, the money arrives undetected and is integrated into the local economy through cash-based businesses, informal value transfer systems, or direct spending on goods that can be resold.

Because walking money across borders relies on human couriers rather than financial institutions, traditional anti-money laundering tools such as transaction monitoring are ineffective. Detecting and intercepting these movements requires coordinated intelligence sharing between customs, border agencies, and law enforcement across multiple jurisdictions. Even with such cooperation, the portable nature of cash and valuables ensures that once the funds leave the victim’s country, the likelihood of recovery drops significantly.

Distinctions by Victim Type

Individuals

Individual victims are most often targeted through payment methods that are fast, simple to execute, and difficult to reverse. Money transfer services, retail gift cards, cryptocurrency kiosks, peer-to-peer applications, credit card charges, and courier schemes involving cash or gold are the most common channels. In many of these cases, once the funds or assets leave the victim’s possession, the trail ends almost immediately. Gift cards and cash function like currency without the protections of bank accounts, and cryptocurrency in self-custody wallets cannot be frozen without access to the private keys. Even when individuals report the scam within hours, recovery is often impossible unless the funds remain within a cooperative financial institution.

Businesses

Businesses are most frequently targeted through payment rails tied to business email compromise. These attacks divert wire transfers intended for vendors or suppliers, redirect payroll deposits, or alter payment instructions for large invoices. Because these payments typically involve higher sums, banks and law enforcement may be able to intervene if the fraud is detected quickly. The FBI’s Financial Fraud Kill Chain program has had success in freezing wire transfers under the right conditions. However, once the funds have been moved out of the initial receiving account or converted into other forms of value, the chance of recovery drops sharply. Losses often involve cross-border transactions, adding legal and jurisdictional complexity.

Government and Public Entities

Government agencies, municipalities, and school districts have been victims of vendor and invoice fraud that closely resembles business email compromise schemes. Criminals exploit procurement and payment processes by impersonating contractors or service providers and altering payment instructions. Documented cases show losses reaching into the millions of dollars, with some partial recoveries achieved when the fraud was discovered and reported immediately. In these cases, speed is critical, as government and public entity payments often involve large transfers that can be moved through multiple accounts in a matter of hours. Once the funds leave the formal banking system or cross into uncooperative jurisdictions, recovery becomes unlikely.

Why Recovery Is Hard, If Not Impossible

Recovering stolen funds after a scam is difficult because modern payment systems are designed for speed and finality. Once money has been sent, the system moves it quickly through banks, processors, or asset exchanges to the recipient. In many cases, the funds reach the scammer or their intermediaries within minutes or hours. Once pickup or conversion to another asset occurs, the possibility of reversal becomes remote. Even when victims contact their bank or law enforcement immediately, the technical and procedural design of most payment rails makes clawing back the funds a rare outcome.

A major factor that complicates recovery is the widespread use of money mules. These are individuals who receive funds from victims and then move them to other accounts, withdraw them as cash, purchase cryptocurrency, or forward them to overseas destinations. Mules may operate knowingly as part of the scam network or unknowingly as dupes recruited through fake job offers. By routing funds through multiple mule accounts, scammers add distance between themselves and the original victim, obscuring the money trail and confusing ownership records. This makes it harder for banks or investigators to trace the transaction path and freeze the funds in time.

Shell companies are another tool that creates obstacles. These entities exist on paper to hold bank accounts, receive payments, and appear legitimate to both victims and financial institutions. By the time law enforcement can prove the company is a front for criminal activity, the funds have usually moved elsewhere.

Cross-border transactions add further complexity. Many scams involve money moving through multiple countries, each with its own banking regulations, privacy laws, and legal processes. Mutual legal assistance treaties and international cooperation frameworks exist, but they are often slow. Criminals exploit this delay by moving funds through several jurisdictions in rapid succession, knowing that by the time requests for freezes or seizures are processed, the assets will have been converted or withdrawn.

The rapid conversion of stolen money into other assets is another key reason recovery is rare. Cryptocurrency is especially problematic because self-custody wallets are outside the control of any central authority, and transfers are final. Scammers also convert money into gift cards, which can be redeemed or resold almost instantly, or into physical goods such as gold, luxury items, or electronics that can be quickly resold for cash. Each conversion removes the funds further from regulated financial systems, reducing the avenues for tracing or freezing them.

Consumer protection frameworks provide only limited coverage for scam-related losses, particularly when the transaction was authorized by the victim under deception. In such cases, banks and payment providers often treat the transfer as legitimate and deny reimbursement. Gift cards, prepaid debit cards, and cryptocurrency transactions generally lack the dispute and chargeback protections available in credit card systems. Even where protections exist, they often require the victim to act within strict time limits and to provide specific documentation, both of which can be challenging in the aftermath of a scam.

The Internet Crime Complaint Center has repeatedly emphasized that speed of reporting is the most important factor in potential recovery. Even then, success rates vary widely depending on the payment method, the cooperation of financial institutions, and whether the funds have already been moved or converted. The FDIC and other regulatory bodies advise consumers to treat any unusual payment request as a red flag and to verify the legitimacy of the transaction before sending money, since recovering funds afterward is unlikely. The reality is that in most cases, once the money is gone, it stays gone.

Practical Guidance for Incident Response

When a scam has occurred, time is the most valuable resource. The sooner action is taken, the greater the possibility of freezing or recovering funds before they disappear. The following steps break down the immediate actions victims should take to respond effectively and reduce the chances of further loss.

Step 1: Contact the Payment Provider Immediately

Reach out to the bank, money transfer service, payment app, or cryptocurrency exchange as soon as the scam is discovered.

• • For bank wires, call the bank’s fraud department and request a recall or the initiation of the FBI’s Financial Fraud Kill Chain process.
  • For money transfer services such as Western Union or MoneyGram, call their fraud hotline to request that the transfer be blocked before pickup.
  • For peer-to-peer apps like Zelle, Venmo, or Cash App, notify both the bank and the service provider.
  • For cryptocurrency transfers from regulated exchanges, contact the exchange to request a freeze on the transaction if it has not been completed.

Step 2: File Official Reports Immediately

Submit a complaint to the Internet Crime Complaint Center (IC3) with complete details, including payment information, communication records, and identifying data about the scammer. See reporting.AgainstScams.org for all of your options.

• • File a police report with local law enforcement to create an official record.
  • Some banks, payment providers, or insurers may require a police report before considering a reversal or reimbursement.

Step 3: Preserve All Evidence

Gather and securely store every piece of information related to the scam.

• • Save chat logs, emails, and text messages. Take screenshots in case the communications are deleted.
  • Keep payment records such as wallet addresses, transaction IDs, account numbers, and card receipts.
  • If a courier was involved, record their name, physical description, vehicle details, and the delivery or pickup location.

Step 4: Notify Other Relevant Institutions

Inform any organizations that could be affected by the scam.

• • For businesses, alert accounting departments, vendors, and internal fraud reporting channels to prevent further fraudulent transfers.
  • For government or municipal entities, contact procurement officers and internal compliance staff.
  • For individuals, consider placing a fraud alert with credit bureaus to reduce the risk of identity theft.

Step 5: Avoid Secondary Scams

Be alert for offers from “recovery agents” claiming they can retrieve lost funds for a fee.

• • Legitimate law enforcement or regulated entities will never demand upfront payment for recovery.
  • Any request for gift cards, wire transfers, or personal banking access should be treated as a scam attempt.

Step 6: Report to Consumer Protection Agencies

Submit complaints to consumer protection agencies to contribute to larger investigations.

• • In the United States, this includes the Federal Trade Commission and state attorneys general. See reporting.AgainstScams.org for all of your options.
  • These reports can help build broader cases and may lead to restitution programs, as seen in past Western Union and MoneyGram settlements.

Step 7: Secure Accounts and Personal Information

Close off any remaining vulnerabilities to prevent further losses.

• • Change passwords for email, banking, and payment app accounts.
  • Enable two-factor authentication where available.
  • Monitor financial accounts for unauthorized transactions and consider a credit freeze if identity theft is suspected.

Quick, structured action is the only way to keep recovery options open. By following these steps in sequence, victims can improve their chances of freezing funds, assist law enforcement in tracing money, and prevent additional harm.

Conclusion: Understanding the Final Destination of Stolen Funds

Once funds leave a victim’s account or possession, they enter a system designed for speed, efficiency, and in many cases, irreversibility. Whether moved through domestic or international wires, instant payment apps, money transfer services, or cryptocurrency networks, these transactions are built to settle quickly and with minimal friction. This speed benefits legitimate commerce, but it also gives criminals a decisive advantage. The first hours after a fraudulent transfer are the only realistic window for recovery in most cases, and even then, results are not guaranteed.

The infrastructure that scammers rely on is not limited to financial institutions. It includes networks of money mules, shell companies, complicit merchants, and high-volume laundering operations that specialize in making funds appear legitimate. Once funds are split and layered through multiple channels, they can be converted into untraceable cash, crypto assets, luxury goods, or commodities. These assets are then moved, resold, or repurposed in jurisdictions where cooperation with foreign law enforcement is limited or nonexistent.

Different victim groups tend to experience distinct patterns of loss, yet all face the same fundamental barriers to recovery. Individuals often lose money through gift cards, P2P apps, crypto kiosks, or courier schemes involving cash or gold. Businesses and government entities are more likely to suffer from business email compromise or vendor fraud, with losses routed through wire transfers. While there may be a slightly higher chance of halting a corporate or municipal wire transfer if it is reported immediately, delays of even a single day can allow funds to leave the jurisdiction entirely.

These realities highlight why prevention is the only truly reliable defense. Awareness of scam tactics, verification of payment requests, and adherence to strict financial controls can reduce the likelihood of loss. In the event a scam does occur, immediate action is critical. Victims should report the fraud to their bank or payment provider, file a complaint with the FBI’s Internet Crime Complaint Center, and provide as much transaction detail as possible. Acting within hours, rather than days, can mean the difference between partial recovery and total loss.

The difficulty in retrieving stolen funds is not the result of a lack of concern by banks or law enforcement. It is the predictable outcome of a payment environment where speed and convenience often outrun safeguards. Recognizing this reality allows victims, businesses, and public institutions to make informed decisions, establish protective measures, and respond decisively in the rare instances when recovery is still possible. Prevention, rapid reporting, and cautious financial practices remain the most effective strategies for protecting money from disappearing into channels where it will never be seen again.

Reference

• https://www.fbi.gov/how-we-can-help-you/scams-and-safety/common-frauds-and-scams/business-email-compromise
• https://www.ic3.gov/AnnualReport/Reports/2024_IC3Report.pdf
• https://www.ic3.gov/PSA/2024/PSA240911
• https://www.fatf-gafi.org/en/publications/Methodsandtrends/Trade-based-money-laundering-trends-and-developments.html
• https://www.chainalysis.com/blog/2024-pig-butchering-scam-revenue-grows-yoy/
• https://www.justice.gov/archives/opa/pr/western-union-admits-anti-money-laundering-and-consumer-fraud-violations-forfeits-586-million
• https://www.ftc.gov/enforcement/refunds/western-union-refunds
• https://www.ftc.gov/business-guidance/blog/2017/01/586-million-western-union-settlement-be-careful-about-company-your-company-keeps
• https://dfi.wa.gov/consumer/alerts/no-government-agency-bank-credit-union-or-other-licensed-financial-services-company
• https://www.suffolk.police.uk/news/suffolk/news/news/2025/july/suffolk-constabulary-launches-new-video-to-warn-of-the-dangers-courier-fraud/
• https://www.justice.gov/opa/pr/justice-department-highlights-enforcement-efforts-protecting-older-americans-transnational
• https://www.fdic.gov/consumers/consumer/news/december2019.html
• https://theknoble.com/breaking-the-silence-how-gift-card-anonymity-fuels-crime/
• https://www.ice.gov/about-ice/hsi/news/hsi-insider/tackling-gift-card-fraud
• https://www.justice.gov/archives/opa/pr/justice-department-investigation-leads-takedown-darknet-cryptocurrency-mixer-processed-over-3
• https://www.ftc.gov/business-guidance/small-businesses/cybersecurity/tech-support-scams
• https://www.venable.com/-/media/files/events/2022/05/payment-processors-in-the-regulatory-crosshairs.pdf
• https://consumer.ftc.gov/articles/using-credit-cards-and-disputing-charges
• https://home.treasury.gov/system/files/136/2022-National-Money-Laundering-Risk-Assessment.pdf
• https://en.wikipedia.org/wiki/Reloading_scam
• https://www.cftc.gov/LearnAndProtect/AdvisoriesAndArticles/fraudadv_preciousmetals.html
• https://www.gao.gov/products/gao-20-314r