A friend of a friend (doctor as well) got taken for ~20.000 eur while being kept on the phone for over 6 hours using the "security breach at your bank" story. She said they got her so into the story that she really saw no issues going to the Crypto ATM at the local mall and doing 15 (FIFTEEN!) purchases there because a "police inspector" told her that's the only safe place for her money. They had a fake website where she could "see" her deposits but she was with the guy on the phone and was telling him "I made another deposit" ...

I think they are doing bank transfers directly to the scammers, who give them a FAKE website that shows a crypto balance + great investment returns. I'm not sure crypto is involved at all; it's just the old Spanish prisoner / Nigerian prince scam with a new coat of paint.

>How do you get the typical person to fall for a scam to open a crypto account, buy it, go through kyc, etc

With spam like the below (note that the original contains mostly UTF8 characters to avoid spam filters). I get these every so often on the NOC and postmaster addresses of domains I manage.

It's not even phishing. Just spam blasts to find anyone uninformed enough to believe it, and insecure enough to be afraid of the (empty) "threat":

   Ţaƙе a second tо ѕtор, іոhɑlе ԁeерly, aոd соոсеntrate оn this мeѕsaԍе. It'ѕ 
   сruсiɑl to gіѵe it yоur ϲомplete focus.
   
   Wе'rе about tо ԁisϲusѕ а ѕіgnіficɑnt mɑttеr bеtweеո uѕ, аոԁ І'м аbsоlutely 
   ոоt kidԁіոɡ.

   Үоu miɡht nоt recоgոіᴢe me, but І'м fаmіlіar with yоu and at thіѕ mомеnt, 
   yоu'rе lіkеlẏ ẇоnderіոɡ hоԝ, rіght?

   Үоur brоwѕіոɡ hаbіtѕ hɑѵe beeո riѕky - ѕϲrоllіnɡ thrоuɡh vіԁеоs, clickіոɡ 
   lіnκs, аnԁ vіѕіtiոɡ some unѕɑfe ẇеbѕitеѕ.
 
   I dерlоуеd мalwɑrе oո ɑո ɑdult sіtе, aոd уou ѕtuмblеd ɑcross it.
   
   Whіlе уоu ẇerе streɑміng, ẏour ѕуѕtем wаѕ eẋрosеd thrоugh rdp, аllowing ме 
   full аcсeѕѕ to your deѵiϲe.

   Noᴡ I cаn mоnitоr everẏthіnɡ oո your ѕϲrееn, rемоtеly ɑсtіvаte your ϲɑmеra 
   and мiсrорhoոе, aոd yоu wоulԁո't eѵen notice.

   I alѕо hɑνе соmpletе ɑccеsѕ to ẏour eмaіls, ϲontаcts and other acϲountѕ.

   I'νе beеո obserѵіnԍ your аctivitіеs fоr quite somе tіme now. Іt's ѕiмрlẏ 
   unfоrtunate for yоu thаt I ϲɑmе ɑcrosѕ whɑt уоu’νe beeո up to.

   I speոt morе tiме thаn neсеsѕarẏ dіԍԍinԍ іnto уоur pеrѕoոɑl datɑ. І'vе 
   соllected a significɑոt aмount оf ѕeոsitіνе іnformɑtion frом ẏour devicе аnd 
   reѵiеwеd it thоroughlу. І еѵen hɑve reсordiոgs of yоu еոԍagіոɡ іn ѕoме rather 
   ԛuеѕtiоnаble behɑviоr аt hoме. I've сoмріlеd viԁеоѕ anԁ sոɑрshots (incluԁiոԍ 
   іmagеѕ оf ẏour liviոԍ spaсе) ẇhеrе оnе siԁe ԁisрlays the соոtеոt ẏou wеre 
   viewing, ɑnԁ thе other siԁе shoᴡs you... ԝеll, let'ѕ just saу уоu κոоԝ what I 
   меаո.

   With a singlе ϲlіcƙ, I could ѕharе thiѕ with еѵery оnе оf ẏоur ϲoոtactѕ.

   І uոderstanԁ уоur uncertaіոty, but don't eхpect anу leոieոcẏ from mе.

   Тhat ѕaid, I'м рrерarеd tо let thiѕ ԍо aոd аllоẇ yоu tо ϲarry on аѕ іf 
   nothing еνer оϲсurred.

   Неre'ѕ thе deɑl - I'm offеrinɡ ẏоu twо chоiсеs:

   - Igոore this меѕsаɡe ɑnԁ fіոd оut ԝhɑt hаpреոs next. If ẏоu taƙе thіѕ рath, 
     I'll ѕhаre thе ѵiԁeo with аll уour coոtaсts.

     It's ԛuіtе а reѵеɑlіng ϲlip, aոd I can oոlẏ іmаginе the huміlіаtіоn уоu'ԁ 
     facе whеn your сollеaɡueѕ, friends, and fаmіly ѵіeẇ іt.

   But, ɑѕ they ѕay, аctіоnѕ have соnѕequеnceѕ. Dоn't роsitiоո yourѕelf aѕ thе 
   νіctiм here.

   - Раy me tо kеeр thіѕ мɑttеr privatе. Let's rеfer tо іt aѕ a prіvɑcy fеe.

     Hеrе'ѕ thе ԁeal іf you ԍo thіs route: уour sесrеt reмɑiոs sаfe, ոo one еlsе 
     ᴡіll eνer knоẇ.

     Օոcе I reсеіve thе pаẏмеոt, І'll dеlеtе еverẏthіոɡ. Thе paуmеոt iѕ to bе 
     mаdе eхϲluѕivеly iո сrẏptо.

     І'м ɑімing for a rеsolutioո that ẇоrκs for bоth оf uѕ, but mу termѕ are 
     fiոal anԁ noո neԍоtіɑble.

     1100 USD tо мy bitcoiո ɑԁԁrеѕs beloᴡ (remove whitespaces if any):

     bc1qt30ya4ssczyhzpe03t6jt8524hgfswe7pdxq9u

     Onϲe the paymеnt іѕ мɑԁе, yоu ϲаn rеst еɑsy κnoᴡiոԍ І ƙeер му word.

   Үou hаνе 50 hоurs tо сoмplеte the trɑnsaсtion, аnd btс іѕ the onlу fоrм оf 
   pɑymeոt І'll ɑccept.

   Thе syѕtем I'vе sеt uр ԝіll ɑutомаticɑllу ԁеtect thе payment anԁ imмedіɑtely 
   dеlete eѵеrуthіnɡ I hаνe on you.

   Don't wаste tіme rеѕpоndіnԍ or atteмрtіոg tо ոeԍotіatе - it wоո't work.

   Іf І notiсe yоu'vе sроƙeո to аnyоոе about thіѕ оr ѕоuԍht aԁνicе, thе vіԁеo 
   will be sеnt to уоur соntaсtѕ withоut hesitatіоn.

   Aոd ԁoո't thіոk аbоut turniոg off ẏоur рhonе оr attеmрtiոԍ a fаctоrẏ rеѕеt - 
   it won't мaκe a diffеrеոϲe.

   І ԁon't makе errors, aոd I'm ѕimplẏ ԝаіtіnԍ for the pɑyмent.

I'd expect that each spam recipient is given a unique BTC address, so that they can be identified for further "blackmail"[0] should they actually comply.

And to clarify, the above message was received by a "postmaster@domain" account on 23 May 2025. And since I've been seeing them for at least a few years I can only assume they are at least occasionally successful.

There are other scams that target folks with bitcoin demands too. Likely with similar claims.

[0] https://malwaretips.com/blogs/ive-recorded-many-videos-of-yo...