Real Cases. Real Victims. Real Losses.

These Scams Are Not Hypothetical.
They Happened. To Real People.

Every case below is documented by federal investigators, government regulators, or major news outlets. Named victims. Convicted defendants. Verified sources.

If it happened to them, it can happen to anyone.

Email fraud is not a distant, abstract threat. It is happening every day, in every country, to people who are smart, careful, and financially sophisticated. An 85-year-old retiree handed $200,000 in gold coins to a stranger in a black Mustang. Google and Facebook wired $122 million to a man with a laptop and a spoofed domain name. An Austrian aerospace CEO was fired after his company lost $47 million to a single fake email. A first-time Chicago homebuyer lost her entire down payment in a wire transfer that took under an hour.

Every one of these stories started the same way: with an email.

It All Started With an Email.

Not a phone call. Not a letter. Not a knock at the door. An email. A former FBI target. Facebook's finance team. An Austrian aerospace CEO. A first-time homebuyer in Chicago. Different people, different countries, different dollar amounts — but the same entry point every time.

April 2026 Gainesville, Florida, USA Refund Scam

85-Year-Old Retiree Loses $200,000 in Fake PayPal Refund Scam

Total Loss
$200,000
How It Happened

Brian Oliver received an email claiming PayPal owed him $450. He called the phone number in the email. The scammer walked him through a fake "typo" that appeared to deposit $10,000 into his Bank of America account — except the bank website he was looking at was a mirrored fake. Over the next three days, Oliver fed $10,000 in cash into a crypto ATM and handed $198,560 in gold coins to a courier driving a black Mustang. The password at the door was "blue."

The Outcome

Gainesville Police set up a sting operation. One courier, Seth Wayne, received 18 years in federal prison. A second courier, Atharva Shailesh Sathawane, was convicted of conspiracy and money laundering tied to over 30 transactions and nearly $8 million stolen from elderly victims.

How EFA Could Have Helped

The initial email impersonated PayPal but came from a non-PayPal sender and contained a callback phone number in the body — exactly the pattern EFA flags as high-risk. Brand impersonation combined with a callback number is a textbook refund-lure, and EFA both warns users in the moment and trains them to recognize this exact setup for themselves.

Source Fox News, April 23, 2026
April 2026 Orange County, California, USA Wire Fraud / Homoglyph

One Letter Changed. A Home Down Payment Nearly Gone.

Initial Loss (Mostly Recovered)
~$400,000
How It Happened

Lynette and Scott had been corresponding with their mortgage broker for weeks. One email came through that looked identical to every one before it — except the sender's domain had two V's instead of a W. Instead of escrow.com, the email came from escrovv.com. They wired their down payment. Their broker never received it.

The Outcome

Orange County Sheriff investigators traced the funds. After several months, the couple recovered about 90% of their money. The remaining 10% had already been converted to Bitcoin and was unrecoverable. In most cases like this, victims recover nothing.

How EFA Could Have Helped

Homoglyph domain detection is EFA's core function. A domain substituting "vv" for "w" on a newly registered address is exactly the pattern EFA flags the moment it lands in your inbox. It is also the exact kind of swap users of EFA become trained to spot on their own — because once you've seen the warning a few times, your eyes start catching it before the software does.

Source ABC7 Los Angeles, April 12, 2026
January 2016 Ried im Innkreis, Austria CEO Fraud / BEC

An Austrian Aerospace Giant Lost $47 Million to a Single Fake Email. The CEO Was Fired.

Total Loss
$47,000,000
How It Happened

FACC — an Austrian aerospace manufacturer that makes parts for Boeing, Airbus, and Rolls-Royce — received a fraudulent email impersonating its CEO, Walter Stephan. The email instructed an employee in the finance department to wire roughly €50 million to fund a "confidential acquisition." The employee complied. By the time FACC realized what had happened, the money had moved through banks in Slovakia and Asia.

The Outcome

FACC recovered about €10.9 million but took a €41.9 million loss. The company posted a pretax loss of €23.4 million for the fiscal year. The supervisory board fired CEO Walter Stephan and CFO Minfen Gu for "severely violating their duties" in what FACC dubbed the "Fake President Incident." The finance employee who executed the transfer was also dismissed.

How EFA Could Have Helped

This is exactly the kind of email EFA is built to catch and teach users to recognize. A CEO impersonation email with an urgent wire request and a "confidential" framing is a textbook BEC pattern. EFA flags these emails in real time and, over time, trains users to spot them even before the warning appears.

Source SecurityWeek, May 26, 2016
2013 – 2019 Lithuania → USA Business Email Compromise

Facebook and Google Wired $122 Million to a Fake Vendor

Total Stolen
$122,000,000
How It Happened

Evaldas Rimasauskas registered a company in Latvia with a name nearly identical to Quanta Computer — a legitimate Taiwan-based hardware manufacturer that did real business with Facebook and Google. Over two years, he sent fraudulent invoices with spoofed email addresses, along with forged contracts and fake corporate seals. Employees at both tech giants wired payments to bank accounts he controlled in Latvia, Cyprus, Hungary, and Hong Kong.

The Outcome

Facebook wired nearly $100 million. Google wired over $23 million. Rimasauskas was extradited from Lithuania, pleaded guilty to wire fraud, and was sentenced to five years in federal prison. He was ordered to forfeit $49.7 million and pay $26.5 million in restitution.

How EFA Could Have Helped

Fake vendor domains that closely resemble legitimate ones are EFA's home turf. A newly registered domain impersonating an established vendor — combined with an invoice or payment request — is a textbook pattern EFA catches in real time. It is also the exact pattern finance teams using EFA get trained to spot without the software, which is how organizations move from being targets to being hard targets.

Source FBI.gov, January 28, 2020
April 2026 United States BEC + Real Estate

$50 Million BEC Ring Targeted Real Estate Buyers. Its Leader Pleaded Guilty.

Total Losses Across Victims
$50,000,000+
How It Happened

Animashaun Adebo, known as "Kazeem," ran a multi-year scheme targeting individuals in real estate transactions and small businesses across the United States. Victims received emails that appeared to come from legitimate parties in their transactions — mortgage brokers, title companies, vendors. The fraudulent email addresses closely resembled the real ones, differing by a single character. Victims wired funds. Adebo laundered the proceeds through shell companies in the US and abroad.

The Outcome

Adebo pleaded guilty to wire fraud conspiracy in federal court in Brooklyn on April 20, 2026. A co-defendant, Idowu Ademoroti, was previously convicted. A third defendant, Nelson Ojeriakhi, was extradited from Paris and pleaded guilty in November 2025. A fourth remains at large. Total reported losses exceed $50 million.

How EFA Could Have Helped

This is the exact pattern EFA was built to stop. Spoofed email addresses that closely resemble legitimate parties in a real estate transaction — one character off, newly registered domain. EFA scans every inbound email for this signature and warns before a single dollar is wired. And every warning trains the user to spot the next one faster.

Source U.S. Secret Service, April 20, 2026
2021 Chicago, Illinois, USA Wire Fraud / First-Time Buyer

She Saved for Years. One Fake Email Took It All in the Blink of an Eye.

Total Loss
$42,000
How It Happened

Jenna Carlson had saved for years to buy her first home. She was putting 20% down — $42,000. She had exchanged 16 emails with her real estate attorney's paralegal, asking clarifying questions before the wire. One of those emails contained the wiring instructions. She went to the bank and sent the money. The next day, the real paralegal called asking about the down payment. Carlson said she'd already wired it. The paralegal replied: "What email? I didn't send any email." The sender's address was nearly identical to the paralegal's — just two extra letters added.

The Outcome

Chase Bank was able to stop $9,000 of the wire. The other $33,000 was gone. "It was fraud and I'd been scammed," Carlson said. "Everything I'd saved was gone in the blink of an eye. And I couldn't do anything about it." She went through months of therapy to cope with the loss. FBI Special Agent Siobhan Johnson, quoted in the ABC7 story, said real estate wire fraud is one of the fastest-growing cyber scams in the country.

How EFA Could Have Helped

The fraudulent email came from a domain that added two letters to the paralegal's real address — exactly the kind of lookalike pattern EFA flags in real time. And after using EFA for weeks or months, users become trained to notice these subtle variations on their own, even before a warning appears. The product is the filter; the education is the long-term protection.

Source ABC7 Chicago, March 22, 2022
What EFA Actually Does

EFA Flags the Email. Then It Teaches You.

Every email that looks like the ones above triggers a warning inside your inbox. That warning is the product's first job — stopping the wire before it leaves.

But the second job matters just as much. Every warning teaches you what fraud looks like in your real inbox. The subtle domain swaps. The urgency. The too-good-to-be-true refund. The "confidential" acquisition. Over weeks and months of using EFA, you start spotting these patterns on your own — faster than any filter can run.

The detection is the delivery mechanism. The awareness is the actual product. Every user gets smarter every day they use it.

Six Cases. One Pattern.

Every case on this page shares at least one of these signatures. EFA is built to catch all of them.

01
Lookalike Domains
One letter swapped. Two V's instead of a W. A new registration pretending to be a trusted vendor.
02
Brand Impersonation
An email claims to be from PayPal, Microsoft, or your bank — but the sender domain tells a different story.
03
Refund and Lottery Lures
"You've won." "We owe you money." "Click here to claim." Positive bait works better than fear.
04
Callback Numbers
A phone number in the email body routes to the scammer — not to the company they're impersonating.
05
Wire Redirects
A last-minute email changes payment instructions. The money goes to the scammer, not the intended party.
06
Vendor and Invoice Spoofing
A fake invoice from a fake vendor with a nearly identical domain name. Even Facebook and Google paid one.

Our Commitment to You

Every case on this page is drawn from a verified primary source — federal law enforcement, government regulators, or major news outlets. We do not invent victims. We do not embellish losses. We do not make claims we cannot substantiate.

These People Didn't Think It Would Happen to Them.
Neither Did Google. Neither Did the FBI Director.

Every case on this page started with an email.

Email Fraud Alert is built to stop them before the damage is done.

Get Protected — $1.99/month

Works with Gmail and Outlook. Install in minutes.