Earmark CPE

Earn CPE Anytime, Anywhere

Oh My Fraud

When Bots Listen to Robots and Real Money Disappears

· ·

Picture this: a computer on stage playing songs to an audience of computers. No humans involved, just machines performing for machines in an endless digital loop. Yet somehow, millions of dollars change hands.

This isn’t science fiction. It’s happening right now on streaming platforms, and it’s just one of the mind-bending fraud schemes explored in this episode of Oh My Fraud. Host Caleb Newquist opens with a relatively new conspiracy theory called the Dead Internet, which suggests that most online activity, including posts, likes, followers, and streams, isn’t human anymore. It’s “bots talking to bots, talking to bots,” creating an information superhighway filled with self-driving cars that have destinations but no passengers.

But what happens when someone exploits this artificial ecosystem for real money? That’s exactly what we’re about to find out.

The $121 Million Email That Fooled Silicon Valley

Between 2013 and 2015, a Lithuanian man named Evaldas Rimašauskas pulled off something that shouldn’t have been possible. He convinced two of the world’s smartest companies, Google and Facebook, to wire him $121 million. His method wasn’t sophisticated hacking or complex algorithms. He simply pretended to be someone else.

Rimašauskas impersonated Quanta Computer, a real Taiwan-based hardware manufacturer that actually did business with both tech giants. He set up a company in Latvia under Quanta’s name and opened bank accounts in Latvia and Cyprus. Then his team got to work, calling Google and Facebook customer service lines to gather intelligence, including names of key employees, contact information, and other details that would make their lie believable.

Through phishing emails and what Caleb describes as “a maze of phony invoices, contracts, letters, and corporate stamps,” Rimašauskas created enough confusion to convince someone at Google to update the bank account they had on file for Quanta Computer. In 2013, Google sent $23 million to his account. Two years later, using the same playbook, Facebook wired him $98 million.

The money flowed through accounts across Latvia, Cyprus, Slovakia, Lithuania, Hungary, and Hong Kong. And here’s the kicker: these amounts were so insignificant to Google and Facebook that they “went virtually unnoticed.” As Caleb puts it, “$23 million and $98 million aren’t even rounding errors on the amount of revenue for Google and Facebook. It’s less than pocket change.”

Eventually, someone at Google caught on. Rimašauskas was arrested in March 2017, extradited to the U.S. that August, and pleaded guilty to wire fraud in March 2019. He got five years in prison, and both companies got their money back.

From IT Mogul to Music “Producer” to Alleged Fraudster

Our second story shifts from simple impersonation to something far stranger. Meet Michael Smith, a 52-year-old with a resume that reads like three different people’s lives smashed together.

According to the research, Smith made his first fortune in the 1990s with an IT business where he allegedly wrote “one of the main fixes for the Y2K millennium software bug.” He then ran chains of medical clinics, which landed him in trouble in 2020 when he and two associates paid $900,000 to settle Medicare and Medicaid fraud allegations.

But here’s where it gets weird. At age 39, Smith decided to become a music industry player. Despite having no apparent musical background, he somehow ended up judging a BET hip-hop competition called “One Shot” alongside DJ Khaled, T.I., and Twista. As Wired magazine described it, he was “a relatively unknown record producer with a checkbook” among actual stars.

When Caleb asked producer Zach Frank if he’d ever heard of anyone building a successful music career starting in middle age, Zach’s response was telling: “It’s extremely, extremely rare. Not without money, at least.”

The Streaming Revolution and Its Discontents

To understand Smith’s alleged fraud, you need to understand how dramatically the music industry has changed. Zach, who comes from a family of professional musicians, explained how streaming completely upended the business model.

In the old days, people bought physical albums for $12-15 at stores like Tower Records. Artists made real money from album sales. Then came Napster and peer-to-peer sharing, which Caleb admits using extensively in college. “People were listening to all this music completely in its entirety for free,” he recalls.

Today’s streaming platforms like Spotify and Apple Music operate on a subscription model. Users pay monthly fees for unlimited access, and artists get fractions of pennies per stream. Spotify made $17 billion in 2024 and claims 70% goes to the music industry, but individual artists see almost nothing.

The numbers are staggering. According to Spotify’s former chief economist, more music is released every single day in 2025 than in the entire year of 1989. And here’s what makes it worse: bigger artists negotiate better deals, while smaller artists, as Zach puts it, “get screwed.”

Building an Army of Fake Listeners

This is the landscape Smith allegedly decided to exploit. Starting in 2017, he orchestrated what the Department of Justice calls a scheme to steal millions in royalties by fraudulently inflating music streams.

The mechanics were brilliant in their simplicity. First, Smith created thousands of bot accounts using fake email addresses and names. He even told a coconspirator to “make up names and addresses” but to “make sure everyone is over 18.” He paid $1.3 million in subscription fees because, as Zach explains, paid subscribers generate higher royalty rates than free users.

By October 2017, Smith had 1,040 bot accounts spread across 52 cloud service accounts. Each bot could stream about 636 songs per day, generating approximately 661,440 total daily streams. At half a cent per stream, that meant $3,307 daily, $99,000 monthly, or $1.2 million annually.

But Smith had a problem: he needed content. Lots of it.

When AI Makes Music for Bots to Hear

Initially, Smith used music catalogs from coconspirators and even tried selling his streaming service to other musicians desperate for plays. But as he wrote in May 2019, “I can’t run the bots without content and I need enough content so I don’t overrun each song. If we get too many streams on one song, it comes down.”

His solution? Artificial intelligence. Smith partnered with Alex Mitchell, CEO of an AI music company called Boomy, who began providing thousands of AI-generated songs each week.

The song and artist names were gloriously terrible. Song titles included “Zygotic Washstands,” “Zygoptera,” and “Calvinistic Dust.” Band names ranged from “Calm Knuckles” to “Camel Edible.” As Caleb jokes, “I don’t know what camel edibles are. Perhaps they are THC gummies for camels.”

To demonstrate just how far AI music has come, Zach used Udio.com during the podcast to generate two complete songs about Oh My Fraud in just 10-15 seconds. The results were unnervingly good, professional-sounding tracks that could easily pass for human-created music. “There’s a lot of AI music on Spotify at the moment without people knowing it’s AI,” Zach notes.

Smith used VPNs to hide that all streams came from one location and spread activity across thousands of songs to avoid detection. When flagged for “streaming abuse” in 2018, he protested: “We have no intentions of committing streaming fraud.”

By February 2024, Smith’s scheme had generated 4 billion streams and $12 million in royalties.

Folk Hero or Fraudster?

The reaction to Smith’s indictment has been surprisingly divided. Some see him as a criminal who stole from real artists through the “stream share” system, where royalties are distributed based on each rightsholder’s proportion of total streams. Others view him as a folk hero exposing an exploitative system.

The case raises uncomfortable questions. When the band Vulfpeck released an album of complete silence and asked fans to stream it while sleeping—earning $20,000 before Spotify banned them—was that fraud or performance art? As Zach asks, “If someone’s playing blank music, who are they to say that’s not real?”

Smith has hired the prestigious law firm that defended Diddy and plans to fight the charges vigorously. This will be the first major streaming fraud case fully litigated, potentially setting precedents for how we define fraud in digital spaces.

What We Learned

As Caleb reflects at the episode’s end, these cases reveal something profound about our digital economy. Google and Facebook, companies worth trillions with founders worth hundreds of billions, got tricked by simple schemes. A middle-aged entrepreneur with a checkbook created a phantom musical empire that earned millions.

For accounting professionals, these are warnings about the future of fraud detection. When documentation can be perfectly faked, when bots are indistinguishable from humans, when AI creates content that only machines consume, traditional audit procedures become obsolete.

These cases force us to confront questions about power, technology, and authenticity in the digital age. When companies make billions while creators earn pennies, algorithms determine value instead of human appreciation, and the line between real and artificial completely disappears, that’s when people start rooting for the fraudsters. Not because they’re right, but because the system itself feels so wrong.

Listen to the full episode to hear Caleb and Zach grapple with these questions, including those AI-generated songs that sound disturbingly human. Because in an age where machines create for machines while extracting real value from real people, understanding these frauds helps preserve what makes us human in an increasingly artificial world.

Stock Options Weren’t Lucky Timing—They Were Backdated Fraud

· ·

In 2005, a Norwegian professor at the University of Iowa discovered something that would shake corporate America: CEOs weren’t getting lucky with their stock option timing; they were cheating. By looking backward and cherry-picking dates when their company’s stock hit rock bottom, executives at more than 130 major corporations were guaranteeing themselves millions in profits.

That professor, Erik Lie, shared his story with Caleb Newquist in a recent episode of the Oh My Fraud podcast.

The Accidental Fraud Fighter

Erik never set out to expose corporate fraud. Growing up in Norway, spending time skiing in the mountains and playing by the water, he was just a kid who was good at math. His path to becoming one of TIME magazine’s 100 Most Influential People in 2007 started with simple curiosity.

Erik’s work at the University of Iowa’s Tippie College of Business didn’t involve trying to catch cheaters. He was studying how stock options affected executive behavior. But what he found in the data was too strange to ignore.

Stock options give executives the right to buy company stock at a fixed price in the future, usually set at the market price on the grant date. Thanks to a 1993 tax law, they’d become hugely popular as “performance-based” compensation that companies could still deduct from their taxes. By the early 2000s, tech companies were handing them out like candy.

When Lucky Timing Becomes Mathematically Impossible

Erik was looking at what happened to stock prices around option grant dates, following up on earlier work by NYU professor David Yermack. But where Yermack found a modest pattern in early 1990s data, Erik discovered something explosive in more recent numbers.

“You see the stock price during the month beforehand, on average, go down by about 4%. And then right on the grant date, it turns and it goes up 4% afterward,” Erik explained. “This is crazy to find something like this.”

The pattern wasn’t just in individual stocks; it showed up in the entire market. As Erik put it, “The whole market is moving in that same direction. And you ask yourself, how could these guys predict the market? And how come they’re not working for a hedge fund in that case, instead of for a company out there in the Midwest?”

Some companies hit stock price lows for their option grants five years in a row. The odds of this happening by chance were astronomical. While defense lawyers would later claim their clients just “got lucky,” the concentration of perfect timing across hundreds of companies told a different story.

Breaking Academic Boundaries

When Erik read a Wall Street Journal article about the SEC investigating companies for “spring loading”—granting options before releasing good news—he did something unusual for an academic: he reached out to regulators.

“I contacted SEC, and this is not normal for me either,” Erik recalled. “Usually I stay in my bubble. But something compelled me to contact SEC and say, ‘Hey, I think you’re on the wrong path here.'”

His theory was simple. Companies didn’t have to disclose option grants until months later in their proxy statements. This meant executives could look backward and pick the most favorable dates. “They can essentially stand in March of a year and say, ‘Hey, we’ve got some grants last year, didn’t we? Let’s just pick a date to make that official date. And look at that—June 7th had a very low price.'”

Unlike Harry Markopolos, who was desperately trying to get the SEC to investigate Bernie Madoff during the same period, Erik found a receptive audience. One SEC staff member called him, asked for data, and appeared to take his findings seriously.

The Story Goes Public

To strengthen his case, Erik teamed up with colleague Randall Heron to study what happened after Sarbanes-Oxley required option grants to be reported within two days. Their findings were damning: companies that complied with the new rule showed no suspicious timing patterns. The magical ability to pick perfect grant dates vanished the moment executives had to report in real-time.

But academic papers rarely make waves. “People will not read these academic journals for the most part,” Erik admitted. “No one cares about these things.”

Enter Mark Maremont, a senior Wall Street Journal reporter who immediately grasped the story’s explosive potential. His team spent months analyzing data and contacting companies. The resulting March 2006 article, “The Perfect Payday,” featured colorful graphics showing company after company somehow granting options at exact stock price bottoms.

“One executive fled the country very quickly,” Erik noted about the aftermath. “I think it’s pretty clear that something is going on.”

The Journal won a Pulitzer Prize for its coverage. More than 130 companies faced investigations. Seventy executives lost their jobs.

Why Proving Fraud Is Harder Than Finding It

Despite overwhelming statistical evidence, criminal prosecutions produced mixed results. The challenge was, while Erik’s data showed undeniable patterns across hundreds of companies, prosecutors had to prove criminal intent for specific individuals.

“With enough data, you can see these patterns, but if you narrow it down to one data point, you can’t see what’s happening in that context,” Erik explained.

Smart executives had even built in deniability. “Some of them would intentionally not pick the lowest because it would seem so obvious,” Erik revealed. By choosing the second or third-lowest price, they created enough ambiguity to defeat prosecution while still enriching themselves.

The harm was real. Shareholders were deceived about compensation costs. Companies illegally claimed tax deductions. And as Erik pointed out: “If this is all harmless, then why not just do it out in the open?”

Lessons for Today’s Fraud Fighters

Erik’s story demonstrates what Caleb calls the “privatization of enforcement,” where academics, journalists, and others help catch fraud that overwhelmed government agencies might miss. But unlike traditional whistleblowers who face retaliation, Erik experienced little pushback.

“I wasn’t scared at all. I just thought it was a whole lot of fun,” he said, attributing his lack of fear partly to Norwegian culture where “any celebrity can go around in the street or take the bus.”

His new book, “Catching Cheats: Everyday Forensics to Unmask Business Fraud,” shares these and other stories about using data to spot deception. For accounting professionals dealing with an era of sophisticated financial manipulation, his work offers an important lesson: patterns in aggregate data can reveal frauds invisible at the individual level.

The backdating scandal largely ended once transparency was required. When executives could no longer manipulate timing in secret, the practice stopped. As Caleb observes in the episode, “These are rich and powerful people, executives at public companies. And we should want those people to be accountable for their actions.”

Sometimes catching cheats doesn’t require being a traditional whistleblower risking everything. Sometimes it just takes curiosity, rigorous analysis, and the courage to tell regulators when they’re looking in the wrong direction. In a world drowning in data, the ability to spot patterns others miss might be our best tool for keeping the powerful honest.

Listen to the full episode to hear Erik’s complete story, from his Norwegian childhood to becoming one of TIME’s most influential people, and learn how academic curiosity exposed one of the most widespread corporate frauds of our time.

The Shadow Economy of Stolen Points That Nobody Talks About

· ·

While you carefully track every penny in your bank account, there’s $100 billion sitting unprotected in forgotten loyalty accounts worldwide. That eye-opening number comes from Kim Sutherland, global head of fraud and identity at LexisNexis Risk Solutions, who recently joined host Caleb Newquist on the Oh My Fraud podcast to discuss the growing threat of rewards and loyalty fraud.

This episode is a perfect companion to the show’s previous exploration of reward program fraud cases, with insights from someone whose team analyzes 120 billion transactions annually. Sutherland pulls back the curtain on how loyalty programs—those everyday rewards we collect at coffee shops and airlines—are a prime target for sophisticated fraud operations.

The $13 Billion Digital Currency You’re Ignoring

The global loyalty management market now exceeds $13 billion, and it’s everywhere you look. As Sutherland explains, “Almost every type of company you interact with has some type of a program to reward their existing customers.” From airlines and credit cards to restaurants, hair salons, auto mechanics, and even schools, businesses use these programs to strengthen customer relationships.

The average person belongs to anywhere from 16 to 20 loyalty programs, but they actively monitor only a fraction of them. This gap creates a perfect opportunity for fraudsters. “They understand the value of each of those rewards points, and they pay more attention to the ones you’re not paying attention to,” Sutherland warns.

These aren’t just marketing gimmicks anymore. “Loyalty points are a form of digital currency,” Sutherland says. People treat them like savings accounts, letting balances grow and planning vacations around accumulated miles. However, your bank account has federal protection and robust security. Your coffee shop points? Not so much.

When Newquist mentions his Starbucks app, calling it “a mini bank within that company,” he highlights a crucial point. These companies handle customer funds and issue digital currency but operate without the strict oversight required of traditional financial institutions.

The dark web has turned these points into a tradable commodity. Sutherland says stolen points have specific dollar values attached and are bought and sold alongside other illegal goods. It’s not just individual criminals either. Fraud has become a business with specialized roles, training programs, and sophisticated operations.

How Criminals Harvest Your Digital Rewards

Account takeover leads the fraud playbook, and it’s devastatingly simple. While you legitimately earn points through purchases, criminals break into your dormant accounts. They either transfer your points to accounts they control or drain them for purchases before you notice.

Because loyalty accounts lack the security of traditional financial accounts, “there is more opportunity for someone to do an account takeover,” Sutherland explains.

The numbers are alarming. Sutherland reports nearly 100% year-over-year growth in loyalty-based fraud across different industries and regions. On the dark web, these stolen points trade like currency. And fraudsters operate like niche service lines—some steal data, others monetize it, and still others provide technical infrastructure.

Synthetic identity fraud takes things to another level. Criminals combine pieces of real information, such as your name, someone else’s address, another person’s phone number, to create fake identities. These synthetic identities can operate for years, building credit and accumulating points across dozens of programs.

“The real problem with synthetic identity fraud is, even if your name had been used, you may never know you were part of the creation,” Sutherland warns. There’s no real victim to report the crime, making detection extremely difficult. These fake identities might start with a jewelry store loyalty program, build credibility, then work up to valuable airline or credit card rewards.

Insider threats add another layer of risk. Travel agents booking trips might divert clients’ points to personal accounts. Employees with system access could redistribute points. Third-party agents in real estate or auto sales can siphon off points customers never knew existed.

The technical sophistication is striking. Fraudsters use device farms—racks of phones running automated scripts—to manage thousands of fake accounts. They employ burner phones, throwaway email addresses, and test security responses by making small account changes before executing major thefts.

The Impossible Balance Between Security and Convenience

“The best form of authentication is one a consumer uses,” Sutherland observes, highlighting the core challenge facing businesses. Companies must balance three competing priorities: privacy, security, and convenience. For consumers, convenience almost always wins.

Unlike employees who follow whatever security protocols their employers require, consumers simply abandon programs that make redemption difficult. As a result, even if businesses implement bank-level security, doing so could destroy the convenience that makes these programs attractive.

The solution Sutherland recommends is passive security measures that work in the background. Companies embed sophisticated tools in mobile apps that analyze device behavior without disrupting user experience. Is the device jailbroken? Has it been associated with previous fraud? Is it moving naturally, or is it part of a static device farm?

Despite technological advances including biometric authentication, AI fraud models, and emerging digital credentials, Sutherland says, “The biggest challenge is still identity verification.” After 20 years of trying, verifying that someone is who they claim to be remains unsolved.

Fighting Back Through Collaboration

Forward-thinking companies now treat loyalty fraud as a brand reputation issue rather than a compliance checkbox. “It is truly trying to ensure that consumers can trust what they’re doing,” Sutherland explains, noting that customers immediately take to social media when something goes wrong.

The response has become increasingly collaborative. Organizations create “fusion centers” where fraud, cybersecurity, and anti-money laundering teams work together. Through LexisNexis’s proprietary network, businesses share fraud intelligence across industries and borders. For example, banks in Singapore share patterns with UK retailers and major financial institutions collaborate on emerging threats.

This cooperation is essential because, as Sutherland notes, “Fraud does not stay within any country. We see the same fraudsters transacting in the US and in France and in South Africa.”

Companies focus on key vulnerability points, particularly when customers change account details. Something as simple as updating an email address or phone number can trigger an account takeover if proper verification isn’t in place. Yet each additional security step risks losing customers to competitors.

What This Means for Accounting Professionals

With $100 billion in unused points, nearly 100% annual growth in loyalty fraud, and criminals operating sophisticated international networks, this is an emerging category of financial crime that could impact your clients.

For businesses, a major loyalty breach can lead to financial loss and potential brand devastation in an era of instant social media backlash. For individuals, compromised loyalty accounts often serve as gateways to broader identity theft, especially through synthetic identity techniques.

Most concerning is that companies can’t simply apply traditional banking security models to loyalty programs. The convenience consumers demand conflicts with the security these digital assets require. As programs expand into every corner of commerce and younger generations treat points as legitimate currency, the attacks will continue.

Accounting professionals should recognize loyalty programs for what they’ve become: an unregulated digital currency that criminals actively exploit. While we’ve been protecting traditional accounts, fraudsters have built infrastructure to harvest value from the rewards programs we ignore.

Listen to the full Oh My Fraud episode with Kim Sutherland to learn specific red flags for loyalty fraud, discover emerging authentication technologies that could protect clients, and understand why those forgotten rewards programs might be your clients’ biggest vulnerability. Because in a world where your morning coffee purchase contributes to a $13 billion shadow economy, treating digital rewards with the same seriousness as traditional currency is just professional prudence.

Your Airline Miles Are Worth $74 Billion and Hackers Know It

· ·

Ever check your airline miles balance and think, “I should probably use those someday”? Well, fraudsters aren’t waiting. While you casually ignore those reward points, criminals are actively hunting for these digital treasures that have somehow become worth more than the companies that create them.

In this episode of Oh My Fraud, host Caleb Newquist explores the surprisingly vulnerable world of loyalty and rewards programs, revealing how the points flooding your inbox have become prime targets for fraud schemes that affect everyone from frequent fliers to wholesale club members.

The Accidental Billion-Dollar Asset Class

When United Airlines started tracking customers in the 1950s, it gave out plaques and promotional materials—basically corporate swag. Fast-forward to today, and rewards programs look entirely different. American Airlines generated $6.5 billion from its AAdvantage program in 2023 alone—not from selling tickets, but from selling miles.

The economics are almost absurd. As Newquist points out in the episode, airlines create miles for about half a cent each. They’re database entries. Then they turn around and sell these digital tokens to credit card partners for two to three cents per mile. That’s a 400% to 600% markup on something that costs virtually nothing.

“The hilarious thing is that these aren’t tangible,” Newquist observes. “They’re just made up. They’re just digital assets created out of thin air.”

The combined loyalty programs of United, American, and Delta are worth $73.8 billion. Think about that: these made-up points are sometimes worth more than the airlines themselves. And McKinsey estimates 30 trillion unredeemed miles sit in passenger accounts globally. That’s enough for every airline passenger on Earth to take a free one-way flight.

But here’s where things get dicey. Despite sitting on this massive pile of value, major airlines, including Southwest, American, Frontier, and Alaska, don’t offer two-factor authentication for account access. These companies spend millions on aircraft safety but can’t implement basic security that’s been standard in banking for over a decade.

When Your Miles Take an Unexpected Trip

The human cost of this security gap becomes painfully clear through recent victims’ stories. In July 2024, multiple Alaska Airlines customers woke up to drained accounts. One victim lost 150,000 miles, worth about $1,900. Another reported on Reddit that hackers stole over 200,000 miles. The points were being used to book luxury hotels in Abu Dhabi.

Gabrielle Bernardini, a writer for The Points Guy, discovered her Southwest account had been hacked when she received an email confirming a Hampton Inn reservation in Kalamazoo, Michigan—a booking she never made. The fraudster burned through 17,100 points, worth about $240.

Through persistence, Bernardini got her points back. But Southwest made it clear they were only doing it as a “gesture of goodwill” and a “one-time exception.” Their actual policy? “Southwest is not responsible for unauthorized access to a member’s account and will not replace stolen points.” Newquist confirmed that’s still the policy today.

Clint Henderson’s American Airlines nightmare went even further. Fraudsters drained hundreds of thousands of his AAdvantage miles for car rentals. Recovery meant jumping through incredible hoops. American required a new email address for his new account and demanded a PDF or screenshot of his police report. When Henderson went to file the police report, the NYPD’s online system was down. He had to visit a precinct physically, then was told that he couldn’t have a copy of his report until a detective intervened the next day.

Even with proof of fraud, the car rental company that accepted the stolen points simply refused to refund them. Henderson eventually got his miles back from American, but the whole ordeal revealed just how messy these situations can become.

From Sam’s Club to the Gas Pump

The problem isn’t limited to airlines. In May 2024, Sacramento County authorities arrested 38-year-old Inam Rasool after discovering he’d been systematically draining other customers’ Sam’s Club accounts. What started as an attempt to leave with $1,000 in unpaid merchandise turned into something bigger.

Store personnel began monitoring his return visits and uncovered a sophisticated operation. Rasool used stolen Sam’s Cash rewards to buy merchandise, resell it online. When police searched his home, they found over $25,000 worth of electronics, medications, pet food, hygiene products, supplements, and snacks. They also found shipping supplies, a computer, and a label printer for his online sales operation.

Meanwhile, in Peters Township, Pennsylvania, 18-year-old Paul Kostanich was hitting Giant Eagle fuel perks accounts. Video showed him visiting gas stations almost daily, holding his phone to barcode scanners to activate stolen points from different accounts. He admitted to hacking about 20 accounts and faced 58 charges, including identity theft.

One victim’s reaction captured the general disbelief, “I could never imagine someone hacking a Giant Eagle Perks card. I mean, really?”

Why This Keeps Happening

The problem is, rewards programs were never designed as financial assets—they’re marketing tools that accidentally became valuable. As Newquist explains, “They’re just a marketing gimmick developed by corporations that they hope will get us to spend more money with them. And it just so happens that they’re very, very good at doing that.”

From a corporate perspective, the math works out. If rewards fraud costs the industry $1 to $3 billion annually, but these programs generate over $70 billion for just the top airlines, that’s less than 5% lost to fraud. For many companies, it’s just a cost of doing business, especially when they can push losses onto consumers through terms of service that disclaim responsibility.

This creates what Newquist calls a perfect storm for fraudsters. You’ve got valuable assets with minimal protection, companies that won’t pursue prosecution, and victims left holding an empty bag while corporations point to fine print.

Protecting Your Points (Since No One Else Will)

So what can you do? Newquist offers practical advice with characteristic honesty.

First, change your passwords for rewards accounts. “I know you’d have to be a cerebral freak to generate a different password for virtually every account.” But at least make them different from your banking passwords.

Second, use two-factor authentication wherever it’s available. “Is it tedious? Yes. Does it save your bacon 99.9% of the time? Also, yes.”

Third, consider a password manager. Yes, the big ones have been hacked, but the benefits of managing unique passwords outweigh the risks.

Finally, actually check your accounts occasionally. Don’t be obsessive, but treat them with the same attention you’d give a bank balance.

The Bottom Line

Those rewards points you’ve accumulated aren’t just marketing fluff; they’re real value with real vulnerabilities. Companies have created a $74 billion economy from thin air, then washed their hands of responsibility when that value gets stolen.

For accounting professionals, this is a masterclass in risk transfer. For everyone else, it’s a wake-up call. In a world where teenagers systematically drain fuel perks and hackers book Abu Dhabi hotels with your miles, ignorance is an invitation.
Listen to the full episode above for Newquist’s complete investigation, including more cases and why he thinks these programs are essentially “legal money laundering” schemes. And maybe check your rewards balances while you’re at it. Just in case someone in Abu Dhabi isn’t already enjoying them.

Faith, Fraud, and False Promises: The “Doc” Gallagher Story

· ·

“Why are you asking this? Gallagher’s a good man. Gallagher’s a man of God.”

Texas Department of Insurance investigator Steve Richardson had heard a lot in his career, but never this — victims defending the man who had stolen their life savings. Some even warned Gallagher he was under investigation. 

These weren’t just clients. They were believers — in Christianity, yes, but also in the gospel of steady returns and risk-free investing. Gallagher preached with the conviction of a Sunday sermon and the polish of a seasoned salesman.

It worked. Over decades, this self-anointed “Money Doctor” convinced hundreds of Christian seniors to hand over more than $20 million. They weren’t chasing Bitcoin jackpots or penny-stock moonshots — just a steady 5–8% a year, “guaranteed,” wrapped in scripture and trust.

In this episode of the Oh My Fraud podcast, Caleb Newquist unpacks how Gallagher used faith, modest promises, and a carefully crafted persona to pull off one of the largest religious affinity frauds in recent memory.

Building the “Money Doctor” Persona

William Neil Gallagher’s life story read like a trust-building checklist. Born in 1941, he graduated from Rhode Island College, served in the Peace Corps, and taught English in Thailand. That’s where he found his faith — a conversion story he would retell endlessly to clients.

Back in the States, he studied to become a preacher, earned master’s degrees in religion and philosophy, and capped it off with a PhD in philosophy from Brown University. The title of his dissertation? The Concept of Blame. (Insert your own punchline here.)

After academia didn’t pan out, Gallagher pivoted to finance, working for Dean Witter Reynolds and A.G. Edwards before striking out on his own in 1993 with Gallagher Financial Group. He positioned himself as a reformed Wall Street insider now serving “regular people.”

His marketing machine ran on Christian radio. As “The Money Doctor,” Gallagher dispensed a mix of vanilla financial advice, market doom warnings, and heavy religious language. He wrote books like Jesus Christ, Money Master and posed for photos with Nolan Ryan, Joel Osteen, and former Texas Governor Rick Perry — props in his carefully curated image.

The Perfect Ponzi: Modest Promises, Maximum Trust

Gallagher’s pitch wasn’t flashy — and that was the genius. His Diversified Growth and Income Strategy Account promised 5–8% annual returns “without risk to principal.” Modest enough to sound realistic, safe enough to lull suspicion.

He told clients their money was in U.S. Treasuries, mutual funds, annuities, and other familiar investments. His sales copy reassured: “When the markets get smashed, our clients lost nothing.”

And he sold himself as more than a money manager — he was their captain. “It’s your ship, but don’t touch anything. My job is to get you safely through the storms.”

Gallagher made house calls, prayed with clients, and sent flowers or fruit baskets when they asked too many questions. One recalled him offering a trip to the Holy Land instead of an account statement.

🚩 Red Flags of Ponzi Schemes

  • Outdated or missing licenses
  • Regulatory reprimands on record
  • Overly personal behavior with clients
  • Messy office, messy finances
  • Self-appointed titles (“The Money Doctor”) – often used to create false authority when credentials are lacking

The Red Flags Nobody Wanted to See

Gallagher hadn’t been licensed as a broker since 2001 or as an investment advisor since 2009. Regulators had already reprimanded him in 1999 for falsifying records and misrepresenting his status.

Some clients noticed troubling behavior. One didn’t like how he touched her shoulders. Another saw his Cadillac crammed with loose papers and thought, “That’s not how someone should handle other people’s money.”

When investigators eventually walked into his office, they found unopened mail dating back a decade — and no accounting system.

The Slow-Motion Takedown

The first break came in 2015 when Allianz Life flagged suspicious withdrawals. Texas Department of Insurance investigator Steve Richardson followed the money and found the classic Ponzi pattern: new deposits funding old payouts.

But the case stalled. Victims defended Gallagher, sometimes even warning him about the investigation.

In 2018, James and Carol Herman grew suspicious after Gallagher balked at their $100,000 withdrawal request. Instead of cash, they got gifts — and a push to take out a reverse mortgage. That was the crack investigators needed.

📜 What is Religious Affinity Fraud?
 A scam that exploits shared religious beliefs to build trust and credibility. Bernie Madoff used golf clubs; Gallagher used church pews. Fraudsters often pose as devout community members, using scripture, prayer, and church networks to recruit victims. The Gallagher case is one of the largest recent examples in the U.S.

The Affair, the Safe, and the Coins

As the investigation deepened, authorities uncovered Gallagher’s secret office and a 2,400-pound safe — empty except for a list of gold and silver items. They also uncovered a long-running affair between Gallagher and Debra Mae Carter.

Carter had received at least $1.5 million from Gallagher, laundered through her daughter’s accounts, and spent it on rural properties. When police arrested her, she led them to a stash of gold and silver worth $300,000 — including South African Krugerrands and “President Trump coins.”

Prison Sentences and Lingering Losses

In 2020, Gallagher pleaded guilty to securities fraud and money laundering, earning 25 years and $10.3 million in restitution. In 2021, he pleaded guilty to more charges and got three life sentences. Carter was convicted in 2024 and also got life.

Gallagher tried to rationalize his crimes, claiming he was “borrowing” for good causes or investing in miracle businesses. One of them, Hover Link, supposedly went from hovercrafts to cancer cures to body armor. In reality, it was another Carter-fronted shell.

Recovery has been slow. As of early 2025, victims have gotten back only 20% of what was stolen. And new scams target them still — fake FBI agents asking for bank details.

💡 Fraud Prevention Quick Check

  1. Verify licenses on FINRA BrokerCheck and SEC IAPD.
  2. Be wary of any “guaranteed” returns.
  3. Don’t ignore small inconsistencies — they often hide big lies.

Timeline: The Rise and Fall of “Doc” Gallagher

YearEvent
1941Born in New York City.
1960sPeace Corps service in Thailand; religious conversion.
1993Launches Gallagher Financial Group in Texas.
1999Reprimanded by Texas regulators for fraudulent practices.
2001–2009Drops all active broker/advisor registrations.
2015Allianz Life flags suspicious withdrawals; investigation begins.
2018James & Carol Herman push for $100k withdrawal; case gains momentum.
2020Pleads guilty; sentenced to 25 years + $10.2018
James & Carol Herman push for $100k withdrawal; case gains momentum.
2021Pleads guilty to more charges; gets three life sentences.
2024Debra Mae Carter convicted, sentenced to life.
2025Victims have recovered ~20% of stolen funds.

One Last Word

The Gallagher saga proves it: trust should be earned by verification, not granted by shared faith.

🎧 Listen to the full Oh My Fraud episode for every twist and absurd detail, told with the wit only Caleb can bring.