How Hacks Happen

The Barber Shop Scammers

Many Worlds Productions Season 5 Episode 12

Share episode

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 23:44

Ever get your hair cut and wonder, "Is my barber part of an international scammer ring?" In November 2025, the FBI arrested Victor Marion, the owner of Mecca Barber Shop in San Diego, and eighteen of his buddies for scamming elderly victims out of $40 million with the classic tech support and refund scams, and for laundering the funds through the shop. Come along and find out how the scams worked, and learn what's next for Marion and his friends.

Resources:


Send a text

Support the show

Join our Patreon to listen ad-free!

The Barber Shop Scammers

You know how sometimes you go and get your hair cut and then you end up becoming part of an international scamming and money laundering scheme? No? Oh man, you're missing out. On prison, that is.

This is Michele Bousquet, and in this episode of How Hacks Happen, we're going to explore the wild world of Victor Marion, full-time barber and alleged part-time organizer of a transnational crime ring. Or maybe it was the other way around, a part-time barber and full-time crime organizer? 

Anyway, we're gonna be talking about this crime ring that Marion allegedly ran out of a barber shop in San Diego, California, According to FBI records, and he is now awaiting trial for fraud in San Diego. The scheme involved both a tech support scam and a refund scam that targeted elderly individuals with Marion accused of laundering the funds through the barbershop, the evidence including photos of a big splashy party in Thailand where scammers showered the crowd with money. And in November, 2025, the FBI arrested over a dozen people in connection with the scheme.

So how does a crime ring like this get started? Well, let's go back to the beginning, before the party and the recruiting and the fraud. Back to a humble little place called Mecca Barber Shop.

In 2014, Victor Marion opened Mecca Barber Shop, a modest establishment that employed four barbers in addition to Marion. According to the Mecca Barbershop website, they now have 18 barbers, and it seems to be a little bit of a swanky place, you know? Six, eight chairs, lots of great reviews on Yelp and Reddit. Many people swear by it for military style haircuts like fades. By all accounts, a decent place to get a haircut.

Now, owning a barber shop can be a pretty good business. If you have good barbers and a steady clientele, you could pull in six figures pretty easily. But for whatever reason, this apparently wasn't enough for Marion, and at some point, according to the FBI documents, Marion hitched his wagon to some pretty shady characters and launched his little scam ring right there at Mecca Barbershop.

According to FBI records, Marion started off with money laundering. When scammers take money from United States citizens, they need a way to get it out of the country without arousing suspicion from banks and the IRS and the FBI.

The indictment says that Marion would get cash from people who had gotten scammed and would launder it. The indictment doesn't get into detail about how the funds were actually laundered, but in known cases of money laundering through a cash business, it was done by taking the cash back to the shop and pretending it was payments from customers. If you've ever watched the TV show Breaking Bad, this is exactly how Walter White laundered his drug money through a car wash that he owned.  

For example, if a money launderer picks up, say, $20,000 in cash from scam victims, they could cook the books at the business to make it look like that money came from customers paying cash. For a barber shop, you could make it look like there were 10 or 20 extra customers a day or something. So if anybody looked at the books, it would just seem like that extra $20,000 was totally legal.

The FBI indictment also says Marion set up a few shell companies to send the money to. The indictment actually lists more than 25 companies set up, with names like Alpha-Tech Group and Titanium Holdings. A shell company is a company that doesn't actually sell anything or provide a service. It just exists to accept and send money. And there's other things you can do with a shell company, but that's a pretty common use. It's like a quick pit stop for the money, designed to mask where it came from and where it's going.

Now, it's not illegal to set up a shell company, but if you're doing it to hide money or evade taxes or something, yeah, that part is illegal. 

Whatever excuse he was using to send money to these shell companies, Marion would allegedly send off the money and the shell company would then send it on to India or Thailand. Well, most of the money, anyway. For his trouble, Marion got to keep 10 to 20%. And there we go, a classic money laundering operation.

And in this example, 20% of $20,000 is $4,000, which doesn't sound like much. But if you do it over and over with larger sums of money, and you do it for several years, going back as far as 2021, as it says in the indictment, you can rake it in. The FBI estimates that over time the crime ring itself transmitted about $40 million in scammed funds.

This role in the scam was called the Transmitter. They didn't do the actual scamming, they just retrieved the money and transmitted it to the scam overlords. And that's how the FBI says Marion started out. But eventually, I guess that wasn't enough. According to the FBI report, Marion recruited other barbers to collect up the money and encouraged them to recruit even more others.

And for every one of these money pickups, Marion got his cut. The person doing the pickup, got a cut. Everybody got a cut!

In case you think this Transmitter job sounds like easy work, well, sometimes it was tricky.

The FBI report talks about this one situation where the Transmitter, another one of the defendants named Seth Sheldon, picked up a scam victim, like picked him up in a car. He was an elderly San Diego man, and Sheldon drove this man around town to different banks so he could transfer money from his personal account to one of the shell companies.

The first bank refused to let the victim transfer money and told him it was a scam. So Sheldon drove the victim to another bank and then another and another, so he could get past the bank staff saying, this is a scam.

So much hard work for the Transmitter, but apparently a lot more lucrative than cutting hair.

But these money laundering folks were just one part of the scheme. Who was doing the actual scamming? The Transmitter part was actually the third phase of a multi-part scamming operation.

According to the FBI, here's how it worked. There were three distinct phases in this broad scheme, each handled by a different set of people.

The three roles involved were the Opener, the Closer, and the Transmitter. We just talked about the Transmitter. So let's back up and talk about the first phase, the Opener. 

In the Opener phase, an unsuspecting person is working on their computer and a pop-up ad appears on the screen saying there's a serious problem with the computer. And to solve the problem, the victim needs to contact tech support, and there's a phone number for tech support right there on the screen. Now you might recognize the scam already. This tech support scam has been around for decades, but people still fall for it. And this group targeted elderly people who are often not as computer savvy as younger folks. 

So this popup message, it says Microsoft Tech support, or maybe it says some other company like Dell or Logitech or something. There's a support number there for them to call, and when the victim calls it, they get the Opener. And the Opener says, sure, I can help fix the problem for a small fee, something like a couple hundred dollars.

Then the Opener connects remotely to the victim's computer with their permission and does something to make it look like they've fixed the problem, which they actually haven't 'cause there was no problem to begin with. But then they collect the money, the couple hundred dollars via credit or debit card, and the customer is satisfied.

Now if it ended there, that would be bad enough, scamming old people out of a couple hundred dollars for no reason, but that was just the beginning. While the Opener is supposedly fixing this problem, they are collecting a ton of information about the victim, like their name, address, phone number, credit card number, maybe even their bank account number.

So now it's time for phase two of the scam. After the Opener finishes up with the victim, he sends the victim's information to a Closer. 

Then the Closer gets to work on the next phase, the refund scam.

The Closer calls the victim pretending to be from the same tech support company and says, “Hey, when you paid for that tech support, I'm sorry, but we accidentally overcharged you, and now you're entitled to a refund.” Isn't that nice? It establishes some trust there. Like, when was the last time somebody called you up out of the blue and told you they were going to send you some money?

So the Closer tells the victim they're going to refund the money directly to the victim's bank account. And to facilitate this, the victim has to log into their bank account right there in their computer and pull up a screen that shows the current balance. Now, in the meantime, the Closer is getting remote access to the victim's computer, supposedly just so he can help him out. 

Now at this point with direct access to the victim's bank account, you might think the Closer would do something like just transfer some money to their own bank account, but that's too easy to get flagged and it's too easy to trace, and the scam really only works if the victim willingly gives money to the scammer. 

Okay, let's get back to the victim's computer. The Closer opens up some kind of window on the victim's screen, like it might just be a Notepad app, and he tells the victim to type in the refund amount.

Now, obviously this is all BS. Like who gives a refund by telling somebody to type a number into Notepad? But remember, these are elderly victims who find everything mystifying about the computer so they don't notice. 

Anyway, while the victim is trying to type in the amount, like say a hundred dollars, the Closer is actively typing on top of them, changing the amount right there in the screen. So the victim types $100, and the Closer adds more zeros to change it to 10,000 or a hundred thousand. And right around the same time, the Closer manipulates the Closer's bank account info to make it look like the victim has actually received this larger amount of money. 

To be clear, the victim didn't receive anything at all. The Closer just makes it look like he did. 

This manipulation can be done in one of two ways. Remember when I said that the victim had pulled up his bank balance on the screen? Because the Closer has remote access to the victim's computer, he can use a simple HTML tool to change what's displayed on the screen. It doesn't change the actual bank balance, like the amount of money that's in the account. It just changes the display on the screen. 

You can try this yourself too. Just pull up any website and press the F12 key. There you'll see the HTML code used to display the website. Find some text that's displayed on the screen and just change it in that HTML window and it will change on screen. Now, it doesn't change the information from the source website, it just changes the display on your screen.

So that's one way the Closer can make it look like the victim just got a huge refund, just by manipulating the screen and making it look like $10,000 just appeared in their account. Another way they do it is the Closer uses the remote access to actually transfer money from one of the victim's bank accounts to another, like from the victim's savings account to his checking account.

So if the victim is looking at his checking account, it looks like a whole bunch of money just showed up out of nowhere. But it's the victim's own money, just transferred from one account to another. 

And with that, the stage is set. The Closer must now put on an Oscar-worthy performance to convince the victim that things are now very, very bad for the Closer, and the victim has to help him fix it.

"Oh my God, I accidentally refunded you a hundred thousand dollars. My boss is going to kill me. I have to make up the difference myself, and it's going to come right out of my salary. My children won't eat again. They're going to fire me. I won't be able to get a job. Can you please send it back, please?"

In the case of a hundred thousand, instead of a hundred, we're talking about the victim sending a difference of $99,900. Yeah. 

To get the money back, the Closer might ask the victim to go to a store and buy gift cards and read the numbers off the back of them. And then the scammer can sell the gift cards on the dark web for 80 cents on the dollar. But that really only works for smaller amounts, like a few thousand dollars. For larger amounts, they might ask the victim to go to a Bitcoin ATM and deposit the cash to the scammer's Bitcoin wallet, where it will disappear forever.

Or they might get the victim to get cash and bring it home in a box, and one of the company's agents will come and pick it up.

And this brings us to the money laundering portion of the scam, run by the Transmitter. The FBI indictment alleges that Marion and his crew started out as Transmitters doing just that, picking up cash and laundering it at the barbershop.

The FBI documents don't say how Marion met the scam boss from Thailand and got started as Transmitters, but do say that after Marion and his barber buddies were Transmitters for a while, they got invited to become Closers.

And Marion and other Americans were actually in great demand as Closers because they sound like Americans, which would make it even easier for them to scam Americans. So, allegedly, off Marion and a bunch of his friends went to Thailand, to that lavish party that celebrated them moving up to those fast-paced, high-paying positions as Closers. They trained for weeks, it says, learning how to respond to a variety of objections from victims while manipulating screens and bank accounts, and typing over people in Notepad.

After the training, they were told, they could go and live anywhere in the world and run their phone calls from there. Marion, though, for whatever reason, decided to return to the United States to his little barbershop where it was business as usual, cutting hair, getting great reviews, but I guess that decision turned out to be a bad one for him. Several of his scammy colleagues had already left the country and were never coming back, and the FBI can't get them. But in November 2025, Marion was arrested.

And this connection to Thailand and the fact that lots of his buddies already left the country is one of the reasons that the prosecution is asking that Marion be held without bail, because if he got out, he could hop on a plane anytime and just head out to Thailand to be with his friends.

If convicted, Marion is facing up to 40 years in prison for his part in this fraud scheme. I tried to reach the Mecca Barber Shop to see how the remaining staff is doing over there, but no one answered the phone when I called, and the website's online appointment booking seems to be down, too. Oh, man. It seemed like a pretty good thing while it was going.

And now you know how these scams work so you can be that much safer from this particular one.

This is Michele Bousquet from How Hacks Happen, hoping this has opened your eyes a little bit as to how these scams work, and hopefully you can tell your friends and family so they won't fall for it. You can also show your friends and family just how easy it is to manipulate a computer screen by just pressing F12 and changing some letters.

Special thanks to Dave the Barber for supplying information about barber supplies and helping with the re-enactment. 

Now for the official disclaimery stuff. All allegations described in this episode come from publicly filed court records, and all defendants are presumed innocent unless and until proven guilty in a court of law. And I’d like to remind you that anyone employed by or associated with Mecca Barber Shop who was not named in the indictments, is not accused of any crime, and was probably just there to give good haircuts. So if you run into any of these folks, be nice to them. This whole situation can’t have been easy for them to deal with. So show a little grace. You know, holidays and all, and just being a good human being. Plus, a good barber can be hard to find!

That's it for today. This is How Hacks Happen and Michele Bousquet, wishing you a very safe holiday season. Bye-bye.