Scams and the scammers behind them are tricky. This is news to no anti-fraud team leader at any institution anywhere in the world.
Scams — or authorized push payment (APP) fraud — has evolved into the most costly and prevalent fraud type in the world because of its ability to make a criminal transaction appear legitimate until at least (but also, often long after) it’s too late. This ability to skirt bank defenses makes scams absolutely devastating to the human victims who unwittingly fund them and absolutely vital for financial institutions to address.
As we reported in our global scams report, BioCatch customers serving 340 million accountholders on five different continents reported an average of 65% more scams between 2024 and 2025, underscoring both the scale and urgency of the problem.
To highlight just how slippery scams in the GenAI, real-time-payment era can be, we turn our attention to a BioCatch customer in Europe. This case study illustrates how fraudsters exploit vulnerabilities, manipulate relationships, and drain victims of both money and emotional strength. It’s a story about a mother undergoing cancer treatment, her daughter, and the way behavioral intelligence ultimately exposed the scam.
But let us show you instead of just telling you.
A mother's trust
Victim (mother)
An elderly, longtime accountholder, with a history of rarely logging into her online banking profile and never using mobile banking, noticed suspicious activity on her account and reported it to her bank.
The bank launched an investigation.
Investigators noticed a series of logins from a device belonging to the victim’s daughter.
The victim explained she was undergoing cancer treatment and had entrusted her daughter with her digital banking credentials.
A timeline of escalation
In June of 2025, the bank observed a surge in payments from the victim’s account to her daughter’s account at the same bank.
At this point, investigators had two possible theories:
1.) The daughter was stealing from her mother for her own financial gain.
2.) The daughter was actually the victim of a scam, and her scammer tricked her into dipping into funds from her mother’s account.
Investigators turned their attention to the daughter’s account.
A desperate pattern
Victim's daughter
A frequent digital (and mobile) banking user, the daughter made monthly, high-value payments toward the end of each month, suggesting rent.
Timeline of payment activity
The daughter’s increased account activity continued.
Investigators observed a first spike in payment activity in mid-May — the same day the daughter attempted to take out a pre-approved loan, which the bank blocked.
From May 16 to Aug. 31, the daughter made 83 payments, totaling €120,000.
When the bank compared the timing of transfers from the mother’s account to the daughter’s and from the daughter to an unknown beneficiary, it detected a pattern.
When the mother’s money arrived in the daughter’s account, the daughter transferred it away nearly immediately.
The daughter directed all payments to the same beneficiary, who first appeared on May 16. All payments originated from the same device.
When larger transactions were blocked, the daughter switched to a peer-to-peer service capped at €1,000.
Investigators saw the telltale signs of scam manipulation: a string of “test” transfers (€1, €20, then €500).
When her balance ran low, the daughter repeatedly requested higher credit limits.
This desperation — seeking every possible source of funds to keep sending money — is a common red flag in scam victims.
Behavioral evidence
A closer look at behavioral data provided critical clarity.
When the mother’s account was accessed, her username (a national ID number) was consistently pasted in rather than typed, indicating the user (the victim’s daughter) was unfamiliar with those login details.
Touchscreen patterns reinforced this finding.
Swipes, taps, and even subtle traces of finger pressure were nearly identical across both the mother’s and daughter’s accounts, showing the same hand was behind every interaction.
The daughter was making the payments from her mother’s account.
Network data added one final, heartbreaking detail: Some account logins originated from within a hospital. This suggests payments were being made while the daughter sat beside her mother during cancer treatment, using that time to access her mother’s device and retrieve the one-time SMS codes required for step-up authentication.
Mother’s scroll pattern
Daughter’s scroll pattern
A victim, not a villain
Fifteen payments totaling more than €69,000 flowed from the mother's account through the daughter's account over a one-month period.
Investigators traced the funds from the mother's account to the daughter's account at the same institution and then onto four external accounts: one belonging to the daughter, one to a confirmed scammer, and two tied to a second scammer.
The first scammer’s account was active for only four weeks, but in that short time it absorbed significant sums — almost all of it taken directly from the mother’s savings. Investigators believe this first account may have been shut down by the bank for obvious mule activity, forcing the fraudster to switch tactics.
Once those transfers to the first scammer's account stopped, money began flowing into two new accounts, registered under a different name. One of those accounts was a peer-to-peer (P2P) account. This P2P also received funds from two other accounts in addition to the daughter’s. By early 2025, this second scammer was directly tied to a romance scam after the bank shut down yet another mule account registered under his name.
Device analysis added one final clue: dating apps on the daughter’s phone. This potential marker suggests she herself may have been pulled into one of these romance schemes, manipulated into believing she was helping someone she cared for, while in reality funneling her mother’s life savings into criminal hands.
Lessons learned
In the end, the evidence pointed to a painful truth: The daughter was not exploiting her mother for personal gain. She was being exploited herself.
Like so many scam victims, she was manipulated into draining not only her own finances but also her mother’s, even during the most vulnerable period of her mother’s life.
When contacted by her bank, the daughter said all her transactions were legitimate. When questioned as to whether or not and how she knew the person to whom she made all those payments, she refused to answer further questions and said she had to go.
This case highlights the devastating reach of scams, which can fracture trust within families, exploit moments of crisis, and push victims into financial decisions they would never otherwise make. It also shows the power of behavioral data in revealing who is really behind an account, and why identifying these patterns is critical to protecting people from both financial and emotional harm.