A few days ago I published a piece on scams targeting Chinese international students in the US. A reader commented, questioning the virtual kidnapping entry — saying a scenario where someone "kidnaps themselves, photographs themselves, and sends those photos out" sounded implausible.

I understand the doubt. Scams today are engineered to a level of sophistication that makes them easy to dismiss as impossible. Smart, professionally trained, cautious people fall for them. Including me.

This piece is written for students and parents who were deceived and can't bring themselves to say so. Like I once was.

Part OneThe Two Tuition Payments I Lost

One day last year, I received a tuition notification from a school. It came from someone at the school I knew well — a manager who introduced me by email to the school's accountant, CC'ing the accountant and putting all three of us on the same email thread.

It was a properly formatted email. The subsequent emails all came from the school's accounting department address, with official invoices attached. The amounts were correct. The stated purpose was correct. I did everything I knew to do to verify: I confirmed the accountant's email address, CC'd another school administrator, and kept two people on the thread.

I transferred the payment. The accountant's email replied: "Received." I sent my transfer screenshot back.

A month later, the second tuition payment was due. I repeated the same process — same accountant email, same confirmation pattern, same CC'd administrator. The second transfer went through. "Received" came back.

Lunar New Year's Eve.

I was at home sending red envelopes to family and friends, exchanging new year messages, cooking — the house was warm and full of noise — when my phone rang. It was the school. "Your tuition hasn't been paid."

The phrase "struck by lightning five times" is not an exaggeration for what I felt in that moment.

Looking back afterward, I noticed: the CC'd school administrator had replied to the first few emails, then went quiet. At the time, I'd thought — she's probably busy, I didn't want to push her.

In other words: I noticed an anomaly — and I explained it away with "she's probably busy."
That realization has stayed with me since.

I went to the police. They told me: "Internet fraud isn't something we can handle — submit a report online." I submitted it. Got a confirmation email. Over a year has passed. There has been no follow-up. The officer also told me: for this category of internet fraud, the probability of recovering the money is effectively zero.

For a long time after, I had a deep sense of insecurity about the world. What troubled me wasn't only the financial loss — it was that the judgment I'd always trusted in myself could be so easily bypassed. Someone with clinical psychology training, years of experience reading people, and a professional habit of "seeing through to the interior" — who couldn't see through one hijacked email.

Part TwoI Almost Got Taken Again — Today

Today I nearly fell for it again.

I received an email that appeared to be from Citizens Bank, saying their system had been upgraded and asking me to log in and check my credit card account. I clicked through, registered and logged in — all the information was accurate. Then I noticed the credit card payment amount looked wrong, clicked into the detail view, and the page kept returning an error.

Then — roughly one minute after I finished registering — my phone rang. A voice said: "This is the Citizens Bank fraud prevention department. We've just detected unusual activity on your account. Did you open a new credit card? There are several charges showing up in Shanghai."

I hung up immediately.

Afterward I kept thinking about it, and then I realized something that made my blood run cold:

How did the scammer know I had just finished registering, that the page had just errored, and to call at precisely that moment? I still don't fully understand it. The most likely explanations: my phone number had already been exposed in a past data breach, the scammer had a list of Citizens Bank customers and was dialing thousands automatically each day; or a more precise version, some third-party tracker sold my real-time browsing behavior to the scammer; or something on my device had been compromised.

I don't know which it was. But this incident taught me something more important than any prior fraud lesson:

Even when the email is real and the website is real,
the call that follows immediately after can still be fake.

What I managed to catch:

• Banks never call you unsolicited to ask about your transaction details. Any call that opens that way — hang up.
• Any caller claiming to be your bank's "fraud prevention department" — hang up, then call back using the official number on the back of your card. That's the only reliable verification method.
• Suspiciously precise timing is itself a red flag. Scammers are expert at calling exactly when you've just completed a real action, so your brain automatically links the real thing and the fake call into a single event.
• Immediate confrontation + urgency + a push to provide personal information right now — this is textbook emotional flooding, the signature of prefrontal shutdown.
• Even when all the surrounding context is real, the next step can still be fake. Scammers don't have to fabricate the entire chain — they only need to insert one false link at the moment you've already let your guard down.

The cost of last year's tuition paid for the reflex that made me hang up today.

Part ThreeWhen I Started Talking About It, I Saw the Real Scale

After being scammed last year, I did something different from most people — I told everyone. I told my students. I told my family. I told every person who might have been listening in my social circle.

I wasn't afraid of people thinking I was foolish. I wanted to prevent one more person from falling for it.

Once I started talking, I discovered how many people around me had experienced something similar — and had been too embarrassed to say so. A family member later told me he'd received an almost identical fake invoice email, but had been sharp enough to call and verify the bank account number before transferring — the scam fell apart on the spot.

My previous article covered 10 common scam types. Here are 10 more — ones that specifically target international students and weren't covered there.

These 10 types, combined with the 10 from the previous article, cover roughly 80% of the real cases I've seen, heard, experienced personally, and had students report to me over the years.

Part FourClinical Psychology: Why Smart People Still Fall for It

My clinical psychology training helped me understand: getting scammed isn't a matter of intelligence. Scammers exploit several fixed bugs in how the human brain operates.

When all five of these bugs are exploited simultaneously and precisely — nobody is truly immune.

Part FiveThe Concrete Protocols I've Built Since Then

The tuition money was never recovered. But it led me to build several protocols I use every day:

• Any unsolicited email (one I didn't go looking for): three-day no-action rule. Never click links in the email — if I need to log into an account, I close the email and type the official URL directly into my browser.
• Before any transfer: verify by phone or in person. Not by replying to the email — by calling a number I've looked up from an independent source.
• In any multi-person CC'd email thread: I don't feel settled until everyone has replied. If someone goes quiet mid-thread, I follow up. I no longer explain away anomalies with "she's probably busy."
• Any incoming call asking me to provide information or transfer money: I hang up and call back — using a number from the official website, not the incoming call's display number.
• Any significant financial decision: I discuss it with a family member first. Isolated decision-making is the state scammers prefer. Even if the family member says "sounds fine" — the act of that conversation alone pulls the brain from emotional state back to rational state.
• I don't discuss money with strangers online. Any "investment opportunity," "insider information," "high returns," or "urgent need for money" — regardless of how it's packaged — I decline.

Part SixFor Students Who Were Scammed and Can't Say So

Part SevenFor Parents Who Might Say "How Could You Be So Stupid"

Closing

I hesitated several times while writing this.

Publicly admitting "I lost two tuition payments to a scam" comes with a cost for someone whose professional identity is built on sound judgment. Readers might think: "She couldn't see through her own situation — how can she help me see through mine?"

But I made this decision anyway.

Because I lived through that period of carrying "I can't believe I fell for this" — and I know exactly what that feels like. If someone with clinical training needed several months to work through it, how are children and parents without that background supposed to find their way out?

If one child reads this article and finds the courage to tell their parents what happened to them — this article was worth writing.

The real harm in a scam isn't the money that was lost.
It's the scar it leaves in you — the one that says "I can't believe I was that foolish."
The cure for that scar is forgiving yourself.

May every child be held with gentleness — and protected with care.

Data Sources & References

All data in this article comes from official agencies and authoritative reports, as of May 2026.

• FBI IC3 2024 Annual Report (internet crime losses $16.6B; employment scam losses from $90M in 2020 to $501M in 2024): ic3.gov
• FBI IC3 2025 Annual Report (internet crime losses near $20.9B; over 1 million complaints): ic3.gov
• FBI Special Report: Cryptocurrency and AI Scams Bilk Americans of Billions (includes 1,600% Q1 2025 AI voice scam growth): fbi.gov
• FBI Operation Level-Up (cryptocurrency investment fraud intervention data): fbi.gov
• FTC 2025 Rental Scam Report ($65M reported losses; 18–29 age group = 46% of victims): ftc.gov
• Hong Kong Police Commercial Crime Bureau 2024 Deepfake Video Conference Fraud (company defrauded ~HK$200M, ~USD$25.6M).
• Journal of International Students and Frontiers in Psychology: academic literature on international student loneliness and early adjustment in the US.

How to Report & Get Help

• FBI Internet Crime Complaint Center (available in English and Chinese): ic3.gov
• FTC Consumer Fraud Report: reportfraud.ftc.gov
• Chinese Embassy Consular Protection (Washington DC): +1-202-495-2216
• China MFA Global 24-Hour Consular Hotline: +86-10-12308
• For students: contact your school's International Student Office as soon as possible