ReportWire

Tag: scams

  • Feds Seize Record-Breaking $15 Billion in Bitcoin From Alleged Scam Empire

    [ad_1]

    “Chen Zhi was directly involved in managing the scam compounds and maintained records associated with each one, including records tracking profits from the scams that explicitly referenced ‘sha zhu,’ or pig-butchering,” the indictment claims, alleging there were also “ledgers of bribes to public officials.” One document allegedly held by Chen listed that two scam centers were equipped with 1,250 mobile phones that “controlled” 76,000 social media accounts. The indictment also claims that Chen held images demonstrating “Prince Group’s violent methods” against people who had been trafficked to the scam centers. The document includes images showing people bloodied and beaten.

    The seizure of 127,271 bitcoins worth more than $15 billion at the time they were confiscated represents by far the biggest monetary seizure in the US Justice Department’s history—not just of cryptocurrency, but of money of any kind. That US law enforcement record was previously set in 2022 with the seizure of 95,000 bitcoins worth $3.6 billion from a Manhattan couple who later pleaded guilty to stealing them from the Bitfinex exchange, and prior to that with a billion-dollar seizure in 2020 of bitcoins allegedly stolen from the Silk Road dark web drug market by an unnamed hacker. Meanwhile, police in the UK seized 61,000 bitcoins worth $6.7 billion in June from a Chinese woman accused of an investment scam, an even bigger sum than those US records but less than half the sum taken from the Prince Group operation.

    “It’s important to note that this seizure is extraordinary not only for its scale but for what it represents,” Ari Redbord, global head of policy at crypto-tracing firm TRM Labs, adding that the seizure is still a “small fraction” of the money generated by scam centers. “These are not isolated scams; they are factory-scale operations powered by forced labor, supercharged by the speed and scale of crypto, and connected through sophisticated money-laundering infrastructure that spans Cambodia, Myanmar, Laos, China, and beyond,” Redbord says.

    Redbord says the widespread action “strikes at the operational and financial core” of the widespread scam center ecosystem. In recent years, researchers tracking the scam compounds in Southeast Asia have seen them rapidly grow and use their illicitly gained money to invest in increasingly high-tech scam operations. Over the last two years, scam compounds have also been spotted emerging outside of Southeast Asia, with sites emerging in the Middle East, Eastern Europe, Latin America, and West Africa.

    “By targeting the financial architecture—the shell companies, banks, exchanges, and real estate that move and hide these proceeds—the US and UK are dismantling the economic engine that sustains these crimes,” Redbord says. “This is what a 21st-century counter-threat finance campaign looks like—coordinated, data-driven, and global.”

    [ad_2]

    Matt Burgess, Andy Greenberg

    Source link

  • How to protect your social media accounts from fraud – MoneySense

    [ad_1]

    What is the game here? What are fraud artists trying to accomplish?

    “The premise of social media is that you’re creating and keeping in touch with a circle of trusted contacts,” says Julie Kuzmic, senior compliance officer, consumer advocacy at Equifax Canada. “Your network of contacts is valuable to criminals.”

    3 ways fraudsters use social media to steal your identity

    Social media fraud typically takes one of three forms:

    • The fraudster takes over your account, usually by successfully hacking or guessing your account user ID and password. They can then obtain your list of contacts and do a lot of damage in the time it takes for you to alert the platform and regain control over the account.
    • The fraudster creates a new account in your name, often using a photo of you obtained online, and makes contact with people in your network or even strangers.
    • The fraudster may play a longer game where they set up an account under a fake persona, then reach out to large numbers of other users in the hope of initiating and nurturing digital relationships, including romance scams.

    “I’ve seen situations where somebody starts a conversation as if the recipient already knows them. That person may say, ‘You’ve got the wrong person,’ to which the fraudster responds, ‘Oh, my apologies for making a silly mistake,’” Kuzmic says. That interaction can serve as a foot in the door with an account holder who may be lonely or perceive that they have something in common with the person who initiated the exchange.

    “That seemingly harmless interaction can build over time,” Kuzmic says. “It might be a multi-step process that the fraudster will nurture along to build trust.”

    The fraud artist may start by sharing legitimate information about a great deal on a product on sale. Only later, once a level of trust has built up, they might suggest going in on an investment together or otherwise creating a scenario where they can separate the target from their money.

    Precautions to take on social media

    When criminals take over an account or impersonate a social media user, they often try to recruit more victims. They may also reach out to the user’s contacts, who—because they trust their friends—may be more likely to respond. Contacts may also be reassured by the number of other acquaintances they have in common.

    “It turns into a kind of higher-percentage phishing scam,” Kuzmic says.

    Article Continues Below Advertisement


    The doors left unlocked to criminals using social media can include easy-to-guess passwords, open privacy settings, and corroborating personal information obtained from other sources.

    For social media users, the best defence against being defrauded includes:

    • Using strong passwords that are different from the ones you use on other platforms.
    • Getting to know each platform’s privacy settings. (They’re not all the same.) Try to limit the visibility of posts and images that contain clues to personal information (such as birthdays and groups you belong to) to just your friends and contacts.
    • Avoiding oversharing even among friends, for example by posting honeymoon photos or naming a pet.
    • Not accepting invitations from people you don’t know, even if you appear to have connections in common.
    • Maintaining a sense of skepticism at all times, including when you receive messages from known contacts.

    Kuzmic notes that simply accepting an invitation usually won’t, in itself, put you in danger. It’s what happens next—fraudsters may ask for help with a financial shortfall, for example.

    “Any time a sense of urgency is attached to the request, that’s a red flag,” she says. “Remember, you can always verify whether a request is genuine; for example, contact the person by phone, via email, or on another social network.”

    sponsored

    Equifax Complete Protection

    Go to site

    Equifax Complete Protection is a credit and cybersecurity protection service designed to help Canadians spot the signs of identity fraud faster.

    • Provides daily credit monitoring and alerts
    • Scans for your personal data on the dark web
    • Social media monitoring by industry leader ZeroFox

    Subscription price: $34.95 per month

    Go to site

    Further lines of defence: Fraud protection from Equifax

    If you think your account has been compromised, contact the social network and follow its recovery protocol. Also alert people on your contact list, preferably through other media, to warn them against approaches by people who claim to be you.

    For an extra level of protection, Canadians can subscribe to Equifax CompleteTM Protection. This credit monitoring and ID protection service is $34.95/month and includes a wide range of features, including social media monitoring that can potentially spot suspicious activity before you do. It uses AI to scan your social media accounts for account impersonation, scams, and malicious or inappropriate content.

    Learn more about Equifax Complete Protection.

    This article is sponsored.

    This is a paid post that is informative but also may feature a client’s product or service. These posts are written, edited and produced by MoneySense with assigned freelancers.

    Read more about fraud and scams:

    Get free MoneySense financial tips, news & advice in your inbox.



    About Michael McCullough


    About Michael McCullough

    Michael is a financial writer and editor in Duncan, B.C. He’s a former managing editor of Canadian Business and editorial director of Canada Wide Media. He also writes for The Globe and Mail and BCBusiness.

    [ad_2]

    Michael McCullough

    Source link

  • If You Can Read This, You’re About to Get Scammed

    [ad_1]

    Did you find this article by typing in the name of a website associated with Elon Musk? Did it sound like you could invest in SpaceX, Neuralink, or one of Musk’s AI ventures like Grok and xAI? It’s fake. It’s 100%, without a doubt, completely fake.

    I know you may not believe it, but please read on. Because this article could save you from losing a lot of money. Elon Musk is a very wealthy man. He’s worth $500 billion, according to Forbes, making him the wealthiest person on the planet. But Musk does not have a website dedicated to making other people rich.

    You may have seen an ad on Facebook or maybe a video on Instagram, TikTok, or YouTube. It may have even looked like Elon Musk was talking about some amazing investment opportunity. Maybe it looked like Elon was raising money for a sick child. You may have even been asked to send money through gift cards or a bitcoin ATM. But it was fake. You need to believe us. Because it’s true.

    Musk does not have a website selling cryptocurrencies. He doesn’t have a website for trading stocks. He doesn’t have a public website selling shares of his private companies like SpaceX, Neuralink, xAI, and X. The promotional video you saw is fake and probably used artificial intelligence tools to make it look like Elon Musk was saying something he never said.

    People are losing millions

    Did someone reach out to you on a social media site like Facebook or Instagram claiming to be Elon? Did they tell you to talk with them over Signal or Telegram or WhatsApp? That person is a scammer. Elon Musk does not reach out to people on websites and ask them for money. And if they haven’t already asked you to send money, that part is coming.

    Again, you might be skeptical. A lot of people want to believe that Elon Musk is offering ways for the average person to become rich. But he’s not. Among other reasons, he doesn’t have time.

    Here at Gizmodo, we’ve written about scammers impersonating Elon Musk for years.

    • There was the woman in Washington who lost $63,000 because she thought she was talking to Elon.
    • There was the man in North Carolina who drained his 401k of over half a million dollars.
    • There was the person who lost over $18,000 watching a video livestream they thought was for Tesla.
    • There was also the Florida principal who sent an Elon Musk scammer a check for $100,000.

    People have literally been losing millions of dollars to scammers over the years because they thought they were investing in something approved by Elon Musk. But it was all fake.

    Scam AI Videos

    It’s incredible what can be accomplished with AI these days. You can make people appear to say things they never said. For example, here’s an ad we spotted below. Elon never said any of that.

    Fake Elon Websites

    All of the websites below are scams. And while Gizmodo is often reluctant to advertise the web domains of scammers, because it risks inadvertently driving more people to scammy websites, using the names of the scams is the only way to help get the word out that these specific websites will steal your money.

    And this list only scratches the surface. These are some of the domains that have been reported to the FTC, but there are so many more out there.

    • ceomusk.org [SCAM]
    • elonbitcoin.fun [SCAM]
    • elonchristmas.com [SCAM]
    • fastmars.net [SCAM]
    • investmuskspace.icu [SCAM]
    • marshome.us [SCAM]
    • marsway.net [SCAM]
    • marsyox.com [SCAM]
    • marsvalue.net [SCAM]
    • myteslatoken.com [SCAM]
    • official2xMusk.com [SCAM]
    • shippingteslamail.com [SCAM]
    • tesla-clubs.com [SCAM]
    • tesla-prize-x.com [SCAM]
    • teslaminingprogram.com [SCAM]
    • teslaminingplatform.aphatrad.com [SCAM]
    • teslaoption.com [SCAM]
    • teslapresale.net [SCAM]
    • tesla.token-presale.org [SCAM]
    • teslatoken-presale.online [SCAM]
    • telsaxmarketing.com [SCAM]
    • tsla-marketspro.com [SCAM]
    • teslgets.com [SCAM]
    • tsl-xspace.pw [SCAM]
    • x-coin-platform.io [SCAM]

    Scam Names

    There are also scams that you may know by various names that aren’t dedicated websites, but are being spread through social media platforms. Some of the common ones we’ve seen are below.

    • Elon Musk Fan Page Membership Card
    • Elon Musk x Donald Trump Crypto Giveaway
    • Space Stock Mining
    • Tesla Bitcoin
    • Tesla Token
    • Tesla Mining
    • Neuralink Crypto Token
    • SpaceX Token

    Please believe us. It’s not real.

    Maybe someone sent you this article. Maybe you found it through Google. Please know that visiting these websites and “investing” in them will only lead you to heartache and pain.

    The people who’ve been scammed at these sites often feel foolish afterward. And we don’t want you to feel foolish. We want you to avoid just handing your money away for nothing.

    If you’re interested in investing, there are plenty of reputable places to do that. You can even invest in Musk’s company, Tesla, if you want to buy stock in that company through a reputable stockbroker. All investing involves risks, but the websites we’ve featured here aren’t just risks where you might make some money or you might lose some money.

    If you give any of these websites your money, you will only lose. We promise you.

    Have you been scammed and want to tell your story? You can email the author of this article at [email protected].

    [ad_2]

    Matt Novak

    Source link

  • North Korean Scammers Are Doing Architectural Design Now

    [ad_1]

    “The plans are being used and being built,” says Michael “Barni” Barnhart, a leading authority in North Korean hacking and cyber threats, who works for insider threat security firm DTEX. Along with other DPRK researchers, who call themselves a “Misfit” alliance, Barnhart has seen this cluster of workers conducting architectural work and says similar other efforts have been detected. “They will do the CAD renderings, they’ll do the drawings,” he says. “It’s not like a hypothetical—those physical things do exist out there.”

    Barnhart—who previously found North Korean animators appearing to work on Amazon and Max shows—says that he has also seen potential front companies set up to help run the operations and provide a veneer of legitimacy. The findings raise questions about the quality of the structural work and concerns about safety, if structures are created in the physical world. “In some of our investigations, these plans and these products that they’re making for these remodels and renderings, they’re not getting good reviews,” Barnhart says. “We do have indications that also they’re being hired to do critical infrastructure.”

    One 24-minute long screen recording seen by WIRED shows how the freelance operation could work. In the video, a person signs up to a freelance work website and sets up a new profile where they write that they are a “licensed structural engineer/architect in the USA.” They pick a profile image from a folder of potentially downloaded files, translate text between English and Korean, and access a Social Security number generator website during the sign-up process.

    When their account is created, the video shows them start to message online requests for work, with one message saying: “I can provide you [sic] permit drawing plan set for your residential home design within a few days.”

    Other screen recordings show the workers having conversations with potential clients, and in at least one instance there is a recording of an online call discussing possible work. The Kela researcher, who asked not be named for security reasons, says it appeared some prospective customers returned to the scammers after likely having work completed. The researchers say some kinds of work appeared to be priced from a few hundred dollars up to around $1,000 per job.

    “This is an opportunistic nation,” DTEX’s Barnhart says. While many companies have started to figure out that North Korea’s IT workers are often applying for remote tech jobs, using false identities, deepfakes on video calls, and local workers to run their operations, they are consistently changing their approaches. Barnhart says it appears that architectural work has been successful for the alleged DPRK workers and that evidence shows the IT workers program can be more subtle than trying to get hired at companies.

    “They’re moving to places where we’re not looking,” Barnhart says. “They’re also doing things like call centers. They’re doing HR and payroll and accounting. Things that are just remote roles and not necessarily remote hires.”

    [ad_2]

    Matt Burgess

    Source link

  • Apple and Google Pull ICE-Tracking Apps, Bowing to DOJ Pressure

    [ad_1]

    Plus: China sentences scam bosses to death, Europe is ramping up its plans to build a “drone wall” to protect against Russian airspace violations, and more.

    [ad_2]

    Matt Burgess, Andy Greenberg, Andrew Couts

    Source link

  • Beware of scams during government shutdown

    [ad_1]

    In addition to creating hardship for hundreds of thousands of people, the government shutdown is also creating opportunities for scammers looking to cash in on the crisis.

    As scams start appearing, security experts say if any part of government is suddenly reaching out to you on a phone or laptop, be suspicious.

    “Hackers are opportunists,” said Aaron Rose with Check Point Software Technologies. “What they’re going to do is they’re going to say, ‘OK, we see this government shutdown. There’s no legitimate government organization that might be reaching out. How about we do that? We’re going to capitalize on that fear.’”

    The following are some of the top scams, according to Silicon Valley security companies.

    • Threats to take away your government benefits unless you hand over data
    • Offers for money to those worried about government funds, like Social Security, during the shutdown
    • Fake job offers

    Local security executive Michelle Dennedy said if an offer seems too personal or unusual in any way, don’t trust it.

    “Would my congressman or senator take the time to email me? Probably not,” Dennedy said. “Slow down. Think about does the DMV come to your home? No. Do they text me? No.”

    [ad_2]

    Scott Budman

    Source link

  • I Fell for a $1.25 Million Scam — Now MrBeast Is Helping Me Hunt Down the Scammers | Entrepreneur

    [ad_1]

    Opinions expressed by Entrepreneur contributors are their own.

    This is hard to admit, but I got scammed out of $1.25 million.

    The money is gone, and I can’t get it back. But instead of hiding, I’ve decided to share my story. My recent post on X about the $1.25 million scam went viral with more than 4 million views and thousands of reposts and comments.

    MrBeast even chimed in that he would give a $100,000 reward to anyone who could help track down the scammers.

    Now that I’ve had even more time to process the situation, I think it’s time to share the lessons I’ve learned from my $1.25 million mistake.

    How it began

    A few years ago, I donated $1.2 million to MrBeast’s #TeamSeas campaign to help clean up the oceans. After the donation, I was invited to spend a few days with Jimmy (MrBeast) and his team.

    So, when they reached out to me again for a donation to MrBeast’s Team Water campaign, I naturally wanted to help. During the discussion, we even talked about planning another meet-up.

    A few weeks after I donated $1 million to the project, I was added to what looked like a private group text with other major donors; it didn’t feel out of place at all. In fact, it seemed like the natural next step.

    The group looked legitimate. The names were impressive: Mark Rober, Shopify’s Tobi Lütke, Stake’s Ed Craven, Adin Ross. There was banter, casual voice notes and even more talk about the donor trip. It all lined up with what I’d been expecting — and I felt like I was in the “cool crowd.”

    Then came the pitch: a crypto investment tied to a major exchange. Everyone in the group “joined.” I didn’t want to be the outsider. So I wired the money. $1.25 million.

    Later, I checked in with the real Jimmy and felt my stomach drop. The group text was fake. My money was gone.

    Related: The 3 Biggest Mistakes That Made Me a Better Entrepreneur

    Lesson 1: Don’t make big decisions when you’re distracted

    When the scam was unfolding, I was away at a retreat that I’d been planning all year. This was terrible timing for me, but perfect for the scammers.

    I was relaxed and in the completely wrong headspace for any major decisions. My guard was down, and I was the perfect target.

    Having reviewed the texts afterward, I see several red flags that would have given me pause any other day. However, I was distracted and made a rash decision.

    Tip: Don’t make major decisions when you’re distracted, traveling or emotionally charged. Give yourself the space and energy to sit with the choices and only make a decision with a clear head.

    Lesson 2: Listen to reality, not the story you’re telling yourself

    When I was added to the text group, I honestly wanted it to be real. I’d talked with MrBeast’s team previously about planning a trip, and my brain connected the dots, telling me this was all part of the plan.

    This also had me overlooking red flags. I didn’t verify the phone numbers, and I didn’t double-check anything. I trusted what I wanted to be true instead of what the evidence showed. I was naive, and it cost me $1.25 million.

    Entrepreneurs make this same mistake all the time. We fall in love with our product, our marketing strategy or our “next” big idea. When our customers and data tell us otherwise, we often struggle to accept that reality and continue pushing what we want instead of what is right.

    Tip: Don’t fall in love with the story you tell yourself. Trust the data, trust what your customers are telling you, and be willing to adjust or pivot.

    Lesson 3: Don’t be afraid of mistakes — share them

    This was easily the most embarrassing mistake of my life. I’m a successful entrepreneur, and I made more than $50 million before 30 — being scammed was not supposed to happen to me.

    But, it did.

    The easiest way to deal with this mistake would be to hide it. But, I didn’t.

    Instead, I shared it. First with my family and close friends, then publicly online. The responses ranged from “idiot” to “martyr,” but overwhelmingly, people appreciated the honesty. Some even admitted they’d been scammed too, but had never told anyone.

    And then something unexpected happened: MrBeast himself spoke up. He offered a $100,000 reward for credible information leading to the scammers.

    Sharing reframed the story. From personal embarrassment to a community problem worth solving.

    Tip: Don’t hide from your mistakes. Own them, talk about them, and turn them into lessons others can learn from.

    Related: Beware of SEO Scammers — Here’s How to Spot and Avoid Mediocre SEO Agencies

    Final thoughts

    I’ll never see the $1.25 million I lost again. But I can use it as the most expensive learning experience of my life.

    If you take nothing else from my story, take these:

    1. Don’t make important decisions while distracted.
    2. If it’s too good to be true, it probably is.
    3. Don’t be afraid to talk about your mistakes.

    If you’re curious about how this scam actually played out, I’ve made everything public. On Great.com, we’ve posted the full chat logs, the wallet addresses and even the phone numbers tied to the scammers. You can see exactly what I saw — and if you spot something that could help track them down, you could earn the $100,000 reward from MrBeast.

    This is hard to admit, but I got scammed out of $1.25 million.

    The money is gone, and I can’t get it back. But instead of hiding, I’ve decided to share my story. My recent post on X about the $1.25 million scam went viral with more than 4 million views and thousands of reposts and comments.

    MrBeast even chimed in that he would give a $100,000 reward to anyone who could help track down the scammers.

    The rest of this article is locked.

    Join Entrepreneur+ today for access.

    [ad_2]

    Erik Bergman

    Source link

  • How to protect your kids from online harm – MoneySense

    [ad_1]

    They may reach out, develop trust, and ask seemingly innocent questions like, “Oh, you have a dog? What’s your dog’s name?” Using artificial intelligence tools, they then use permutations of this information in attempts to hack the online accounts of other family members.

    “A child could be an effective channel for a criminal to gain that information,” warns Julie Kuzmic, senior compliance officer, consumer advocacy with credit bureau Equifax Canada.

    A range of harms

    As parents know only too well, children’s exposure to the internet comes with a range of benefits, but also lurking dangers. “There are potential harms to children as young as babies and toddlers all the way up to older teenagers—like 18, 19 years old,” Kuzmic says. Over that span they may be exposed to:

    • Developmental harms. Exposure to screens and to seeing people and hearing voices online affects brain growth from infancy and can crowd out other activities crucial to cognitive development, like unstructured play and human interaction.
    • Harmful content. Age-inappropriate content, misinformation, disinformation, and modified images can all negatively affect the child’s growth, learning, and judgment.
    • Nefarious contact and exploitation. Of particular concern for parents is the potential for online predators to contact and develop relationships with their children for their own pernicious purposes.
    • Privacy breaches and data collection. As in the example described above, criminals might obtain personal information to defraud or assume the identity of adult members of their household or the children themselves.
    • Mental and emotional illness. Excessive social media use in particular has been linked to anxiety, depression, body image issues, sleep deprivation, low physical activity, and stunted social development.

    Don’t assume kids know what they’re doing

    Though they often appear technology-savvy, at times serving as IT support for their befuddled parents, “kids don’t have the life experience to know that not everybody is who they say they are,” Kuzmic says. At other times, they may “have a low awareness of the permanence of what they do online. Things they post and share may be available and visible for the rest of time, effectively, so there can be an impact well on later into their lives.”

    They can be particularly vulnerable in their early teens as they begin to question their parents’ authority, push boundaries, and engage in higher-risk behaviour online. This coincides with the age when they might have their first bank and social media accounts and mobile phone.

    “In an age-appropriate way, it’s important to have an ongoing conversation with your children about guidelines and expectations,” Kuzmic says. “At any age, think of protection as a layered and evolving situation. It’s not something that you talk about once and then it’s fine.”

    Measures to protect kids from online harms

    Safeguarding your offspring online requires a hands-on approach. “Allowing exposure to online activity maybe should come with training wheels, where parents are a little more involved at the start and are learning together with the kids,” Kuzmic says. Some steps she recommends include:

    • Setting rules around internet access and the age at which children are allowed to access social media. Some families write it down as a contract that everybody can see and agree to.
    • Imposing physical limitations, such as no devices after bedtime.
    • Setting up digital limitations such as blocking platforms that screen out potentially undesirable content or a secure virtual private network (VPN).
    • Prioritizing online safety. Explain why your kids should be wary of people who approach them online. Advise them to avoid random links, banner ads, or quizzes designed to lure them into unsafe spaces.
    • Discouraging oversharing of personal information on social media.

    Though bad actors target minors for a variety of malevolent reasons, they all zero in on children’s relative weaknesses, such as a desire to be accepted and befriended. Parents need to be there, Kuzmic says, to remind their kids that what might not appear to them to be a dangerous situation “might actually be a dangerous situation.”

    Article Continues Below Advertisement


    Digital security from Equifax Complete Protection

    The hard part for parents—especially as their kids become older and increasingly independent—is they can’t be there all the time. For an additional level of online safety, consider Equifax CompleteTM Protection, a monthly subscription service that includes parental controls from Bitdefender to restrict which websites and apps your kids can access.

    Other features of Equifax Complete Protection include: 

    • Daily credit monitoring and alerts to notify you of key changes to your Equifax credit report, such as a new credit card or loan application. 
    • WebScan, which monitors the dark web (hidden websites where criminals buy and sell data) to see if your personal information appears there. 
    • Social media monitoring provided by industry leader ZeroFox, to alert you to suspicious activity on your social media accounts.
    • Online data encryption by NordVPN and online password generation and storage by NordPass 
    • Device protection from Bitdefender to help stop phishing attempts and protect devices from viruses and malware.

    Equifax Complete Protection costs $34.95 per month. To learn more, visit the Equifax website.

    Get free MoneySense financial tips, news & advice in your inbox.



    About Michael McCullough


    About Michael McCullough

    Michael is a financial writer and editor in Duncan, B.C. He’s a former managing editor of Canadian Business and editorial director of Canada Wide Media. He also writes for The Globe and Mail and BCBusiness.

    [ad_2]

    Michael McCullough

    Source link

  • Nigerian man sentenced to six years in prison in crypto romance scheme with Colorado widow

    [ad_1]

    A Nigerian national living in Minnesota has been sentenced to nearly six years in prison — and ordered to pay nearly $1.7 million in restitution — for defrauding a widowed Colorado woman through an elaborate cryptocurrency romance scam, federal authorities announced Tuesday.

    The 37-year-old man, Adetomiwa Seun Akindele, will be deported to Nigeria once he serves his sentence, according to the United States Attorney’s Office for the District of Colorado.

    Akindele pleaded guilty to one count of wire fraud and one count of money laundering in a scam in which authorities said he posed as a wealthy Italian-American businessman named Frank Labato on a dating website in 2018. Akindele and the woman began exchanging emails and phone calls during which Akindele “provided the victim with additional false details about his personal and work background, images, and photos, to substantiate his fictitious persona of ‘Frank.’”

    [ad_2]

    John Aguilar

    Source link

  • 6 customers still awaiting refunds after South Holland travel agent cancels their expensive trips

    [ad_1]

    SOUTH HOLLAND, Ill. (WLS) — They paid several thousands of dollars, only to see their vacations disappear and their money vanish, too.

    Six people say they were cheated out of their dream vacations after trusting a South Holland travel agent who stopped responding. So, the ABC7 I-Team went searching for answers and for that travel agent.

    ABC7 Chicago is now streaming 24/7. Click here to watch

    Many said they met the travel agent, Vikki McNuckle of ACL Travel Group LLC, through church or through other south suburban residents. Some had even been on trips with her before. They say the cost of their trips covered airfare and hotels.

    “So no, I’m not postponing it any longer. I say if the trip’s not a go, then send me my refund,” said Christopher Suber.

    Suber and his wife, Harriet, say they lost $35,000 after paying for two trips in 2024 to Dubai and Greece. They say those trips were rescheduled multiple times and then abruptly canceled by McNuckle. She acknowledged the money owed in a letter.

    “And that’s a financial burden on us, you know, hurting us from doing other things that we may want to have tried to do, you know, when we still sitting here waiting to get $35,000 back out of our retirement fund that we took out,” Suber said.

    Others in this group have similar stories.

    “Postponed twice. And the second time, twice now, is totally canceled,” said Arnold Watkins.

    Watkins says he paid $14,000 for a canceled Dubai trip and has been waiting for a refund since January. But he says he recently won a credit card dispute for $4,000.

    SEE ALSO | Vacationers lose thousands, say Chicago travel agent left them stranded: ‘Where’s my money?’

    “Makes me feel disheartened and very disheartened because the simple fact of it is this was supposed to be my honeymoon trip,” Watkins said.

    Eunice Lockett and her sister, Dorothy Eichelbergar, booked separately for a trip to Greece in October 2024 that never happened.

    “Just tell me, you spent the money, OK? I rather for you to be honest with me, then just, you know, ignore me. It makes me angry, very angry,” Eichelbergar said.

    Lockett says she did get the airfare refunded, but she filed a small claims court lawsuit, asking for the rest of her money.

    Inez Thomas says she paid $10,000 for that same Greece trip but recently received a $3,000 refund, only for the airfare.

    “Don’t steal from me. And that’s what I feel like. She has stolen our money,” Thomas said.

    Consumers say McNuckle blamed the 2024 wildfires for the Greece cancellations but did not follow through on rescheduling, and refunds have not been issued. ABC7 also found another frustrated customer.

    READ MORE | FBI investigating Chicago travel agent accused of defrauding customers, stranding vacationers

    “And this is going on a year. No vacation,” said Tracy Thomas.

    Thomas says she and her roommate are owed $10,000 for the same Greece trip for her 16th birthday.

    “I’m living paycheck to paycheck, so I should be able to use that to pay off whatever I need to pay off one if I choose to select another trip, that would be fine,” Thomas said.

    Thomas says she was told a refund was on the way.

    “She said that the refund would take 90 business days. That was the first time. Then when we started inquiring, she said, ‘It takes 120 days.’ Next thing I know, we haven’t heard anything and we’re calling,” Thomas said.

    The I-Team found seven Illinois attorney general reports filed against the company. Many are from the consumers in our story, and some of these customers filed police reports. The South Holland Police Department told ABC7’s Jason Knowles that it is “actively investigating this case.”

    Knowles sent several emails to McNuckle, called her and stopped by her home. We never heard back from that travel agent who these consumers say cashed in and broke promises.

    “She cannot be trusted. Do not book any trips with her,” Watkins said.

    You should always use a credit card when booking with a travel agent.

    However, some of the consumers say they could not dispute charges on their credit cards because by the time the trips were officially canceled, it was beyond the window to dispute.

    You can also research travel insurance. However, some consumers who had it say it did not cover losses since the vendor made the cancellation.

    SEE ALSO | Travel website scams tricking vacationers with nonexistent plane tickets, hotel rooms, car rentals

    Copyright © 2025 WLS-TV. All Rights Reserved.

    [ad_2]

    Jason Knowles

    Source link

  • Philadelphia revenue department warns of text message phishing scam

    [ad_1]

    Philadelphia residents who receive a suspicious text message claiming to be from the city’s Department of Revenue should not click on any links or provide sensitive information to the sender, city officials said Tuesday.

    The phishing scam — sent out Monday and Tuesday — tells recipients that the revenue department has processed a “refund request” that can be redeemed by following a link to provide payment information. The message claims that failure to submit banking information will disqualify residents from accessing refunds.

    MOREEx-Mayor Michael Nutter helps revive Philadelphia Cycling Classic, saying race will be ‘force for unity’ in 2026

    In a statement Tuesday afternoon, the revenue department confirmed the text messages are fraudulent and said the texts contain malicious links. The department said it would never request bank or refund-sensitive information via text message.

    Officials said there is no evidence that city databases have been breached or that any taxpayer data has been compromised.

    Residents who have shared personal or financial information are advised to report it to the FBI’s 24/7 regional tip line at 215-418-4000. Tips also can be submitted online to the FBI or the federal Internet Crimes Complaint Center.

    City officials said people should always be skeptical about unsolicited requests for sensitive information and report suspicious activity. Only websites with the phila.gov domain should be trusted. The Pennsylvania Office of Attorney General has additional tips on how people can identify and protect themselves from phishing scams.

    [ad_2]

    Michael Tanenbaum

    Source link

  • How to protect your identity – MoneySense

    [ad_1]

    It happens every day. People who would never dream of giving out their credit card number after receiving a random call, text, or email give away personal information on social media for free—including birthdates, home addresses, and details often used to answer website security questions. 

    The consequences can be dire. If fraudsters open a credit card, line of credit, or mortgage in your name, for example, you may be held financially liable. Your credit score may be affected, making it very hard for you to get credit—such as a mortgage or car loan—when you need it. 

    “Identity theft is not new, but we are seeing more and more of it,” says Octavia Howell, vice-president and chief information security officer at credit bureau Equifax Canada. “We are seeing more and more scams perpetrated that enable identity theft to happen.”

    In some cases, identity theft is out of your control. Fraudsters may steal personal information through a cyber-attack on a company or government database, for example, or buy it on the dark web (hidden websites where criminals traffic in stolen data). 

    What can Canadians do to protect themselves from identity theft—and, if it happens, minimize the damage?

    6 safety tips to reduce your risk of identity theft

    “You can’t really prevent it,” Howell says, but you can make identity theft more difficult for criminals, causing them to move on to easier targets. Here are some preventative measures:

    • Get to know your digital profile. Google yourself to get a sense of what information about you is readily available on the internet. Then focus on protecting what is not public, such as usernames, passwords, account numbers, and your social insurance number (SIN). If a company or government department you deal with gets hacked, be especially wary. Change your passwords on sensitive accounts.
    • Be vigilant about your financial standing. Check credit card statements and credit reports often for unfamiliar charges. One common tactic is the “salami attack,” where criminals test out a credit card or other account number with a small purchase or transfer, perhaps just for $2. If it works, they’ll take a thicker slice next time. “If you don’t catch it, if you don’t shut it down, it’s just going to continue and in larger amounts,” Howell says.
    • Don’t connect to public wifi, especially when accessing your bank account or inputting credit card information.
    • Be wary when someone asks for personal information. Don’t respond to requests from unfamiliar people, companies or institutions. If the request appears to come from, say, your bank, a friend, or the Canada Revenue Agency (CRA), contact them using a different line to check the legitimacy of the request. (Also read: How to protect your CRA account from scams.)
    • Shut down inactive and underused accounts. For example, close a car loan that has been paid off. Untended accounts provide openings for fraudsters.
    • Enable two-factor or multi-factor authentication to access your accounts wherever you can. That way, even if criminals have some personal information on you, they get stopped at this second level of security. “That is the thing that can sometimes protect you,” Howell says.

    Video Social media scams

    A convincing new scam to watch out for

    One kind of scam that’s become common over the past year is the “bank investigator” scam, Howell says. Victims receive a call or a text message from a 1-800 number where the caller poses as an investigator from a financial institution or credit bureau, or even the police. They claim to have detected fraud on your account and ask for authentication codes to access your devices, or even to collect your cards in person at your home. Sometimes there’s a second call from someone pretending to be a lawyer, and they seem to have corroborating information.

    Once they have enough personal details, the fraudsters might use them to take out a car loan or open a cell phone plan, for example, and then never pay for it—and the victim is stuck with the bill. 

    Article Continues Below Advertisement


    What to do if someone has obtained credit in your name

    If you discover someone has used your identity to commit fraud, contact your credit card issuer and both of Canada’s credit bureaus to scrub fraudulent charges from your credit history as soon as possible, Howell emphasizes. Try to determine exactly what information has been compromised. Put fraud monitoring and fraud alerts on the account. Notify the Canadian Anti-Fraud Centre (CAFC) and local police, especially if there’s a possibility of a visit to your home.

    If the fraud persists, it can ruin your credit rating. “That can be devastating,” Howell says. It can take months or even years to fully restore control over your identity.

    But the easiest course is prevention. The risk of identity theft is never zero, but you can reduce the odds it will happen to you.

    “You just don’t want to be an easy target,” Howell says. “You want to make it a little bit difficult for fraudsters, because there are easier targets out there.”

    Detect fraud earlier with Equifax’s credit monitoring 

    Equifax CompleteTM Protection is a subscription service that keeps a close on your credit report and can alert you if your identity has been compromised. Features of this service include:

    • Daily credit monitoring and alerts of key changes to your Equifax credit report, such as a new loan or credit card application
    • Social media monitoring by ZeroFox, to alert you to suspicious activity on your social media accounts
    • WebScan, which monitors the dark web for personal information you provide
    • Online data encryption by NordVPN and password management by NordPass
    • Parental controls from Bitdefender to restrict kids’ access to websites and apps
    • Device protection from Bitdefender to help stop phishing attempts and block viruses and malware
    • Support from an Equifax identity restoration specialist, if your identity is stolen
    • Identity theft insurance up to $1 million for out-of-pocket expenses (not available in Quebec)

    Equifax Complete Protection costs $34.95 per month. To learn more, visit the Equifax website.

    sponsored

    Equifax Complete Protection

    Go to site

    Equifax Complete Protection is a credit and cybersecurity protection service designed to help Canadians spot the signs of identity fraud faster.

    • Provides daily credit monitoring and alerts
    • Scans for your personal data on the dark web
    • Social media monitoring by industry leader ZeroFox

    Subscription price: $34.95 per month

    Go to site

    This article is sponsored.

    This is a paid post that is informative but also may feature a client’s product or service. These posts are written, edited and produced by MoneySense with assigned freelancers.

    Read more about fraud and scams:



    About Michael McCullough


    About Michael McCullough

    Michael is a financial writer and editor in Duncan, B.C. He’s a former managing editor of Canadian Business and editorial director of Canada Wide Media. He also writes for The Globe and Mail and BCBusiness.

    [ad_2]

    Michael McCullough

    Source link

  • How to protect your passwords from fraud and identity theft – MoneySense

    [ad_1]

    At least until we are a completely passwordless society, however, usernames and passwords and an additional authentication factor are the best defense we have against the spread of digital fraud and identity theft. It’s worth putting in the effort to come up with and keep track of different passwords for each of our accounts.

    “Enabling strong authentication methods is one thing that I fight with even my own family members about,” says Octavia Howell, vice-president and chief information security officer for credit bureau Equifax Canada.

    Think of usernames, passwords, and multi-factor authentication as more lines of defense for your identity online, she advises. Multi-factor authentication adds an extra layer of protection by combining different authentication factors, such as something you know, something you have, or something you are. If one of the organizations you deal with suffers a data breach, enabling this extra layer of protection for your online identity can help contain the damage and prevent it from spreading to the other sites and accounts you use. They may help keep you from becoming a victim of identity theft.

    “It’s not a matter of if, it’s a matter of when your information will be compromised. Most of your information is likely already compromised,” Howell says.

    Good authentication practices make it harder for fraudsters to obtain more information about you and assume your identity for the purposes of fraud. Here are Howell’s tips and dos and don’ts.

    Password practices to avoid

    Too many users simply reuse the same username and password across multiple accounts, Howell says. Say criminals gain access to your streaming service account. If you use the same password for an email account, it’s as good as compromised. That may expose more information on you, your friends and your associates.

    Another mistake is to use passwords that are easy to guess, such as your children’s name plus “123” and an exclamation point for a special character. Don’t include a pet’s name or a street address, either. Remember, hackers now get help from artificial intelligence (AI) to try thousands of combinations of these clues to gain access to your accounts. (Learn more about AI and identity theft.)

    Best password practices

    Howell recommends using multiple usernames and different passwords for all your online accounts. Here are some more tips to improve your password hygiene:

    Article Continues Below Advertisement


    • Google yourself to get a sense of what information about you is readily available online—and don’t use any of it in your passwords.
    • Use phrases that are meaningful to you but no one else—for example, places, dates, or special numbers and activities that stick in your mind. Rearrange the words and numbers in ways that don’t repeat key phrases found online.
    • Consider using strong passwords provided by the platform, but only if you always access the site from the same device or if you use a password safe, also known as a password manager.
    • Use the strongest passwords for the sites containing the most sensitive information. An optometrist’s portal that just contains your eyeglass prescription need not be as complicated, but your online banking is a different matter. “You want to put the right level of security based on the information on each site,” Howell says.
    • If multi-factor authentication is available, take the time to enable it. This provides the extra layer of protection and can even serve as an early warning sign that your credentials have been compromised. 

    sponsored

    Equifax Complete Protection

    Go to site

    Equifax Complete Protection is a credit and cybersecurity protection service designed to help Canadians spot the signs of identity fraud faster.

    • Provides daily credit monitoring and alerts
    • Scans for your personal data on the dark web
    • Social media monitoring by industry leader ZeroFox

    Subscription price: $34.95 per month

    Go to site

    For extra password protection

    For added protection, consider subscribing to a broader suite of fraud prevention tools that includes a password manager. Equifax Complete Protection is a comprehensive identity protection service that includes credit monitoring, social media monitoring, device protection, and a password manager, among other features.

    Equifax Complete Protection’s password manager keeps track of your usernames and passwords in a safe place not tied to your email or browser. Each time you register a new account or change your password, simply load the keys into the password manager for future reference.

    A subscription to Equifax Complete Protection costs $34.95 per month.

    This article is sponsored.

    This is a paid post that is informative but also may feature a client’s product or service. These posts are written, edited and produced by MoneySense with assigned freelancers.

    Read more about fraud and scams:



    About Michael McCullough


    About Michael McCullough

    Michael is a financial writer and editor in Duncan, B.C. He’s a former managing editor of Canadian Business and editorial director of Canada Wide Media. He also writes for The Globe and Mail and BCBusiness.

    [ad_2]

    Michael McCullough

    Source link

  • How to protect your small business from fraud – MoneySense

    [ad_1]

    Last year, Jeff Brown, head of commercial solutions at Equifax Canada, saw a surge in digitally enabled scams in the construction industry. Criminals claiming to be a legitimate contractor would order supplies that could not be easily identified, such as lumber or plumbing parts, for delivery to a supposed job site — only there was no job site, and the orders were a scam. By the time the real contractor knew what was happening, the materials had been sold on the black market and the fraudsters had cleared out.

    “Business-to-business relationships tend to operate on net payment terms. What that means is you can have products delivered to a non-standard location and those products don’t have to be paid to the supplier for 30 days,” says Brown. “That buffer can operate as a getaway window for scammers.”

    Having worked a few times, the scam spreads. “When scammers see something they’re able to take advantage of, they double down and it becomes a trend that eventually can become a systemic issue,” says Brown.

    Why small companies are attractive targets for fraud

    Small businesses like contractors have particular attributes that can make them appealing targets for fraudsters, including:

    • They deal in bigger numbers than most consumers do. “The average working capital loan for a small business is around $40,000,” says Brown.
    • Small business owners are often unaware of their credit standing and may not be keeping track of their company’s credit reporting.
    • Business credit information is more readily available than personal credit information because it is less subject to privacy laws and businesses often want to demonstrate greater transparency to encourage others to work with them. “Businesses have to be spending money to make money. There needs to be an open network for businesses to be able to function,” Brown says. By looking at a company’s credit reports, fraudsters can find a company’s typical bank balance and who their largest suppliers are, for example.
    • Businesses usually have more points of egress than consumer accounts for criminals to attack. They can go through or impersonate not just the owner(s) but employees, too. “Businesses have a larger net of potential liabilities,” Brown says.

    Red flags for Canadian businesses to watch out for

    It’s hard to predict what form the next wave of small-business scams will take. Fraud constantly evolves and the tools that fraudsters use change often. Artificial intelligence (AI) has made the rapid collection and analysis of company information more accessible, while spoofing (creating fake) company images and videos can make it harder to spot what is real versus what is fake. Still, there are red flags for company owners and employees to watch out for:

    • Emails from organizations you don’t normally do business with, or emails that use unfamiliar or misspelled domain names.
    • Communications demanding quick approvals.
    • Callers saying they spoke to a named boss or colleague who approved a transaction that needs to be finalized. “A fraudster can easily obtain company managers’ names and titles online,” Brown notes.
    • Any offer that sounds too good to be true, and those with suspicious attachments, should be approached with caution.

    Larger businesses include anti-fraud protocols in their onboarding and ongoing training, something that small businesses can’t always offer. But it helps if employees are trusted and empowered to use their own common sense around potential threats.

    sponsored

    Equifax Complete Protection

    Go to site

    Equifax Complete Protection is a credit and cybersecurity protection service designed to help Canadians spot the signs of identity fraud faster.

    • Provides daily credit monitoring and alerts
    • Scans for your personal data on the dark web
    • Social media monitoring by industry leader ZeroFox

    Subscription price: $34.95 per month

    Go to site

    Keep an eye on your credit reports

    One line of defence is to frequently check your company’s credit profile. It’s not as simple as a consumer credit report; it isn’t boiled down to a single score. Instead, it includes a business failure risk score that tells suppliers and financial institutions whether or not a company is a viable partner. It also has a delinquency score that relates to the company’s history of paying bills on time, in full, or not at all.

    Business credit reports will also enumerate a company’s financial obligations. “If you see a transaction you do not recognize on your company’s credit report, you can investigate and potentially dispute it. Conversely, if there are any long-time business relationships not indicated on the report, it may be in your interest to add them,” says Brown. “If you’ve had a relationship with a business for 10 years, having that history of good payments is going to help get you the best rates possible and the best products,” Brown says.

    Article Continues Below Advertisement


    What if your business has been defrauded?

    From the fraudster’s perspective, the beauty of the construction scam is that it’s not readily apparent who is liable: the company whose name was used, the supplier, or the financial institution conducting the transaction. While the parties sort that out, the criminals get away.

    That’s why it’s important to take steps as soon as possible if you think your business may have been defrauded, including:

    • Checking your company’s credit report to see if an unauthorized transaction has taken place
    • Contacting the other parties to the transaction as soon as you notice anything strange
    • Reporting it to your local police and the Canadian Anti-Fraud Centre.

    This article is sponsored.

    This is a paid post that is informative but also may feature a client’s product or service. These posts are written, edited and produced by MoneySense with assigned freelancers.

    Get free MoneySense financial tips, news & advice in your inbox.

    Read more about fraud and scams:



    About Michael McCullough


    About Michael McCullough

    Michael is a financial writer and editor in Duncan, B.C. He’s a former managing editor of Canadian Business and editorial director of Canada Wide Media. He also writes for The Globe and Mail and BCBusiness.

    [ad_2]

    Michael McCullough

    Source link

  • Automated Sextortion Spyware Takes Webcam Pics of Victims Watching Porn

    [ad_1]

    Sextortion-based hacking, which hijacks a victim’s webcam or blackmails them with nudes they’re tricked or coerced into sharing, has long represented one of the most disturbing forms of cybercrime. Now one specimen of widely available spyware has turned that relatively manual crime into an automated feature, detecting when the user is browsing pornography on their PC, screenshotting it, and taking a candid photo of the victim through their webcam.

    On Wednesday, researchers at security firm Proofpoint published their analysis of an open-source variant of “infostealer” malware known as Stealerium that the company has seen used in multiple cybercriminal campaigns since May of this year. The malware, like all infostealers, is designed to infect a target’s computer and automatically send a hacker a wide variety of stolen sensitive data, including banking information, usernames and passwords, and keys to victims’ crypto wallets. Stealerium, however, adds another, more humiliating form of espionage: It also monitors the victim’s browser for web addresses that include certain NSFW keywords, screenshots browser tabs that include those words, photographs the victim via their webcam while they’re watching those porn pages, and sends all the images to a hacker—who can then blackmail the victim with the threat of releasing them.

    “When it comes to infostealers, they typically are looking for whatever they can grab,” says Selena Larson, one of the Proofpoint researchers who worked on the company’s analysis. “This adds another layer of privacy invasion and sensitive information that you definitely wouldn’t want in the hands of a particular hacker.”

    “It’s gross,” Larson adds. “I hate it.”

    Proofpoint dug into the features of Stealerium after finding the malware in tens of thousands of emails sent by two different hacker groups it tracks (both relatively small-scale cybercriminal operations), as well as a number of other email-based hacking campaigns. Stealerium, strangely, is distributed as a free, open source tool available on Github. The malware’s developer, who goes by the named witchfindertr and describes themselves as a “malware analyst” based in London, notes on the page that the program is for “educational purposes only.”

    “How you use this program is your responsibility,” the page reads. “I will not be held accountable for any illegal activities. Nor do i give a shit how u use it.”

    In the hacking campaigns Proofpoint analyzed, cybercriminals attempted to trick users into downloading and installing Stealerium as an attachment or a web link, luring victims with typical bait like a fake payment or invoice. The emails targeted victims inside companies in the hospitality industry, as well as in education and finance, though Proofpoint notes that users outside of companies were also likely targeted but wouldn’t be seen by its monitoring tools.

    Once it’s installed, Stealerium is designed to steal a wide variety of data and send it to the hacker via services like Telegram, Discord, or the SMTP protocol in some variants of the spyware, all of which is relatively standard in infostealers. The researchers were more surprised to see the automated sextortion feature, which monitors browser URLs a list of pornography-related terms such as “sex” and “porn,” which can be customized by the hacker and trigger simultaneous image captures from the user’s webcam and browser. Proofpoint notes that it hasn’t identified any specific victims of that sextortion function, but the existence of the feature suggests it was likely used.

    [ad_2]

    Andy Greenberg

    Source link

  • How to Protect Your Company From Deepfake Fraud | Entrepreneur

    [ad_1]

    Opinions expressed by Entrepreneur contributors are their own.

    In 2024, a scammer used deepfake audio and video to impersonate Ferrari CEO Benedetto Vigna and attempted to authorize a wire transfer, reportedly tied to an acquisition. Ferrari never confirmed the amount, which rumors placed in the millions of euros.

    The scheme failed when an executive assistant stopped it by asking a security question only the real CEO could answer.

    This isn’t sci-fi. Deepfakes have jumped from political misinformation to corporate fraud. Ferrari foiled this one — but other companies haven’t been so lucky.

    Executive deepfake attacks are no longer rare outliers. They’re strategic, scalable and surging. If your company hasn’t faced one yet, odds are it’s only a matter of time.

    Related: Hackers Targeted a $12 Billion Cybersecurity Company With a Deepfake of Its CEO. Here’s Why Small Details Made It Unsuccessful.

    How AI empowers imposters

    You need less than three minutes of a CEO’s public video — and under $15 worth of software — to make a convincing deepfake.

    With just a short YouTube clip, AI software can recreate a person’s face and voice in real time. No studio. No Hollywood budget. Just a laptop and someone ready to use it.

    In Q1  2025, deepfake fraud cost an estimated $200 million globally, according to Resemble AI’s Q1 2025 Deepfake Incident Report. These are not pranks — they’re targeted heists hitting C‑suite wallets.

    The biggest liability isn’t technical infrastructure; it’s trust.

    Why the C‑suite is a prime target

    Executives make easy targets because:

    • They share earnings calls, webinars and LinkedIn videos that feed training data

    • Their words carry weight — teams obey with little pushback

    • They approve big payments fast, often without red flags

    In a Deloitte poll from May 2024, 26% of execs said someone had tried a deepfake scam on their financial data in the past year.

    Behind the scenes, these attacks often begin with stolen credentials harvested from malware infections. One criminal group develops the malware, another scours leaks for promising targets — company names, exec titles and email patterns.

    Multivector engagement follows: text, email, social media chats — building familiarity and trust before a live video or voice deepfake seals the deal. The final stage? A faked order from the top and a wire transfer to nowhere.

    Common attack tactics

    Voice cloning:

    In 2024, the U.S. saw over 845,000 imposter scams, according to data from the Federal Trade Commission. This shows that seconds of audio can make a convincing clone.

    Attackers hide by using encrypted chats — WhatsApp or personal phones — to skirt IT controls.

    One notable case: In 2021, a UAE bank manager got a call mimicking the regional director’s voice. He wired $35 million to a fraudster.

    Live video deepfakes:

    AI now enables real-time video impersonation, as nearly happened in the Ferrari case. The attacker created a synthetic video call of CEO Benedetto Vigna that nearly fooled staff.

    Staged, multi-channel social engineering:

    Attackers often build pretexts over time — fake recruiter emails, LinkedIn chats, calendar invites — before a call.

    These tactics echo other scams like counterfeit ads: Criminals duplicate legitimate brand campaigns, then trick users onto fake landing pages to steal data or sell knockoffs. Users blame the real brand, compounding reputational damage.

    Multivector trust-building works the same way in executive impersonation: Familiarity opens the door, and AI walks right through it.

    Related: The Deepfake Threat is Real. Here Are 3 Ways to Protect Your Business

    What if someone deepfakes the C‑suite

    Ferrari came close to wiring funds after a live deepfake of their CEO. Only an assistant’s quick challenge about a personal security question stopped it. While no money was lost in this case, the incident raised concerns about how AI-enabled fraud might exploit executive workflows.

    Other companies weren’t so lucky. In the UAE case above, a deepfaked phone call and forged documents led to a $35 million loss. Only $400,000 was later traced to U.S. accounts — the rest vanished. Law enforcement never identified the perpetrators.

    A 2023 case involved a Beazley-insured company, where a finance director received a deepfaked WhatsApp video of the CEO. Over two weeks, they transferred $6 million to a bogus account in Hong Kong. While insurance helped recover the financial loss, the incident still disrupted operations and exposed critical vulnerabilities.

    The shift from passive misinformation to active manipulation changes the game entirely. Deepfake attacks aren’t just threats to reputation or financial survival anymore — they directly undermine trust and operational integrity.

    How to protect the C‑suite

    • Audit public executive content.

    • Limit unnecessary executive exposure in video/audio formats.

    • Ask: Does the CFO need to be in every public webinar?

    • Enforce multi-factor verification.

    • Always verify high-risk requests through secondary channels — not just email or video. Avoid putting full trust in any one medium.

    • Adopt AI-powered detection tools.

    • Use tools that fight fire with fire by leveraging AI features for AI-generated fake content detection:

      • Photo analysis: Detects AI-generated images by spotting facial irregularities, lighting issues or visual inconsistencies

      • Video analysis: Flags deepfakes by examining unnatural movements, frame glitches and facial syncing errors

      • Voice analysis: Identifies synthetic speech by analyzing tone, cadence and voice pattern mismatches

      • Ad monitoring: Detects deepfake ads featuring AI-generated executive likenesses, fake endorsements or manipulated video/audio clips

      • Impersonation detection: Spots deepfakes by identifying mismatched voice, face or behavior patterns used to mimic real people

      • Fake support line detection: Identifies fraudulent customer service channels — including cloned phone numbers, spoofed websites or AI-run chatbots designed to impersonate real brands

    But beware: Criminals use AI too and often move faster. At the moment, criminals are using more advanced AI in their attacks than we are using in our defense systems.

    Strategies that are all about preventative technology are likely to fail — attackers will always find ways in. Thorough personnel training is just as crucial as technology is to catch deepfakes and social engineering and to thwart attacks.

    Train with realistic simulations:

    Use simulated phishing and deepfake drills to test your team. For example, some security platforms now simulate deepfake-based attacks to train employees and flag vulnerabilities to AI-generated content.

    Just as we train AI using the best data, the same applies to humans: Gather realistic samples, simulate real deepfake attacks and measure responses.

    Develop an incident response playbook:

    Create an incident response plan with clear roles and escalation steps. Test it regularly — don’t wait until you need it. Data leaks and AI-powered attacks can’t be fully prevented. But with the right tools and training, you can stop impersonation before it becomes infiltration.

    Related: Jack Dorsey Says It Will Soon Be ‘Impossible to Tell’ if Deepfakes Are Real: ‘Like You’re in a Simulation’

    Trust is the new attack vector

    Deepfake fraud isn’t just clever code; it hits where it hurts — your trust.

    When an attacker mimics the CEO’s face or voice, they don’t just wear a mask. They seize the very authority that keeps your company running. In an age where voice and video can be forged in seconds, trust must be earned — and verified — every time.

    Don’t just upgrade your firewalls and test your systems. Train your people. Review your public-facing content. A trusted voice can still be a threat — pause and confirm.

    [ad_2]

    Ivan Shkvarun

    Source link

  • South Korean man arrested in Thailand in $50 million crypto scam

    [ad_1]

    A South Korean man was arrested in Bangkok, Thailand on Saturday, accused of laundering over $50 million worth of cryptocurrency into physical gold bars in the span of just three months.

    The man, identified by Thai authorities only as “Han,” was allegedly a key figure in a call-center fraud network that lured victims in with promises of 30-50% returns on investment. Authorities say the victims were paid off initially in small amounts to build trust before they started facing withdrawal limits later on.

    Meanwhile, Han allegedly amassed 47.3 million in Tether, a stablecoin tied to the value of the U.S. dollar. He allegedly used the digital funds to purchase gold bars, each weighing more than 10 kilograms or 22 pounds, with each transaction worth more than $1 million.

    Police said the gold bars were used to convert the illicit crypto funds into a tangible commodity that the scammers could move across borders without being detected.

    After victims started filing complaints, the Thai Criminal Court issued an arrest warrant for Han and his operatives in February. Eleven people, including Han, have been arrested so far with involvement in the scam, according to Thai media.

    Thai police apprehend Han at Bangkok’s Suvarnabhumi Airport, and are charging him with fraud, impersonation, computer crimes, money laundering, and participation in a criminal syndicate.

    Victims around the world lost a whopping $10.7 billion to crypto scams in 2024, according to blockchain intelligence firm TRM Labs data. The report found that global crypto scams overall were up 456% over the past year. Experts advise people to use caution in their approach to cryptocurrency or even to avoid it altogether.

    Crypto has particularly turbocharged cross-border scams: the borderless, instantaneous, and anonymous nature of crypto transactions facilitates these criminal operations, while the deals evade the usual regulatory oversight of other cross-border financial transactions.

    Thailand is betting big on crypto

    The news also comes as the Thai government makes a huge bet on crypto in hopes to revamp its tourism industry.

    Earlier this week, Thailand announced an 18-month pilot program that would allow tourists to convert crypto into the local currency, the Thai baht, via Thai-based crypto exchange platforms to make payments to local businesses.

    The Thai Finance Ministry said that they will be capping the conversions at 550,000 baht, roughly equal to almost $17 thousand to prevent money laundering, Reuters reported.

    Han’s home country of South Korea is also no stranger to multi-million dollar cryptocurrency investment scams. Just less than a year ago, South Korean police arrested more than 200 people for stealing more than $228 million in a crypto scam that has since been deemed the largest in the country’s history.

    [ad_2]

    Ece Yildirim

    Source link

  • ’Scary how they have pics of your car though???’: NYC woman gets a traffic ticket in the mail. Then she realizes she may have been paying someone else

    [ad_1]

    A woman thought she was scammed in New York after getting some convincing postage by way of a traffic ticket in the mail.

    In a video with more than 820,000 views, Cassandra (@xocassiee1) said she received a violation from a website called ViolationInfo.com. It immediately raised red flags. For one, it wasn’t connected to the city of New York. She also couldn’t find any of her other parking tickets on the site. When she entered her notice number to look up the ticket, she got an error message.

    She went to New York City’s official parking citation page and was able to find other tickets she had previously received. But the violation from ViolationInfo.com was missing, leading her to examine the notice one more time. Where was it from? Who enforced it?

    Some commenters tried to sleuth out violationinfo.com, but they got mixed results. One user wrote, “I did a deep dive. Red light cameras are often operated by a third party. So technically, the ticket is not from the [government], but it might still have legal consequences depending on the state.” 

    It’s true that red light cameras are often operated by third parties like violationinfo.com, which is a private vendor that enforces tickets remotely by reviewing red-light cameras and speeding monitors. Tickets from the site can be legitimate, but Cassandra’s likely wasn’t. New York City officials only have information regarding CityPay for its parking payment system. It includes zero information about third parties that process tickets. All payments should go through the Department of Finance.

    The website also warns against any text messages that come through, which is another common scam. 

    Fraudulent red-light cameras

    There are also red-light camera scams that use real footage of cars passing through intersections to convince people to pay. In 2022, the law firm The Ticket Clinic warned about a surge in fraudulent violations being mailed to drivers. “In recent months, our legal assistants and lawyers have seen an uptick in fraudulent red-light camera violations being sent to our clients in the mail,” the firm said at the time. That year, a wave of people were scammed in South Florida.

    In an exchange with The Mary Sue, Cassandra said, “I think that ViolationInfo may be a legit website, but it could be solely to view the violation. It didn’t give me an option to pay there nor direct me to the official website, but others said it did. I ended up paying all four [tickets] through the city pay website, which is the official website.”

    She also confirmed, “It is my car in the photos. It did open further discussion about how many people have gotten phished, and how confusing it can be that there are two separate websites.”

    How can you tell if the traffic ticket is real?

    An easy way to confirm whether a ViolationInfo.com ticket is real is by checking if your city uses the vendor. Some municipalities publish advisories warning residents about red-light camera scams, which makes them easier to identify.

    Otherwise, there are a few telltale signs to follow. Fraudulent mail often contains small mistakes that can tip people off. The Ticket Clinic reported spotting notices without pin numbers or with incorrect dollar amounts.

    @xocassiee1 Is this a scam or what? If so, just be careful pleaseee #nyc #dmv #tickets #violation #scam #phishing ♬ original sound – Cassandra ?✨

    Have a tip we should know? [email protected]

    Image of Rachel Joy Thomas

    [ad_2]

    Rachel Joy Thomas

    Source link

  • ‘That’s insane to assume people can afford that’: Woman takes 4-minute pedicab after Morgan Wallen concert in Cleveland. Then she sees the total

    [ad_1]

    Pedicabs might look like a fun way to get around the city, especially after a big event when parking garages feel miles away. But one Cleveland concertgoer says her short ride turned into a shocking expense.

    TikTok user Haylee (@haylee.aller) shared her experience after leaving a Morgan Wallen show in Cleveland.

    In her clip, she’s all smiles, seated in the back of a glowing pedicab as it cruises through downtown.

    Things quickly changed.

    “Little did I know I was about to get told that the 4 minute pedicab back to the parking garage after Morgan Wallen was gonna be $500,” she wrote in the video’s text overlay.

    In her caption, she added, “Time to buy a pedicab.”

    For those unfamiliar, pedicabs are small, pedal-powered vehicles that can carry a few passengers at a time. The drivers—sometimes called chauffeurs—set the pace and steer the cart through crowded streets.

    Why the prices of pedicabs can get out of hand

    Unlike taxis or rideshares, pedicabs don’t always have fixed fares. Because they’re human-powered and drivers usually own their own vehicles, they often set their own rates.

    In some places, this has led to extreme overcharging.

    In New York City, for example, tourists have reported being quoted $200, $300, and even $600 for rides that lasted only a few minutes. To prevent scams, the city requires pedicabs to clearly display prices before passengers get in.

    Cleveland’s system is different. Local pedicab operators must submit their rates to the city council for approval. If those rates change, they’re required to file an update within three days.

    Riders who get scammed, however, can report the incident to the Cuyahoga County Scam Squad or the Federal Trade Commission.

    In Haylee’s comments section, people said the story didn’t surprise them. Some claimed they’ve seen similar tactics before.

    One person asked, “Didn’t you ask the price before you got in?? They told us $20 per person per minute!!!”

    Another said, “They tried to pull that on me. I paid with Apple Card and told them that they scammed me and got it all back!”

    Others recalled more dramatic outcomes. “Watched one of these get arrested and have his lil pedicab towed in Indy after the Eras tour,” a commenter wrote.

    And one person summed up the disbelief: “Ok but tf they gonna if you don’t have $500?? Cause that’s insane to assume ppl can afford that on their part too.”

    @haylee.aller time to buy a pedicab??#cleveland #morganwallen #imtheproblem #concert ♬ Cowgirls – Morgan Wallen

    The Mary Sue has reached out to Haylee via TikTok direct messaging for comment.

    Have a tip we should know? [email protected]

    Image of Ljeonida Mulabazi

    Ljeonida Mulabazi

    Ljeonida is a reporter and writer with a degree in journalism and communications from the University of Tirana in her native Albania. She has a particular interest in all things digital marketing; she considers herself a copywriter, content producer, SEO specialist, and passionate marketer. Ljeonida is based in Tbilisi, Georgia, and her work can also be found at the Daily Dot.

    [ad_2]

    Ljeonida Mulabazi

    Source link

  • FTC warns of identity theft scams targeting taxpayers during filing season

    [ad_1]

    As tax season gets underway, the Federal Trade Commission is issuing a new warning about evolving identity theft scams, urging taxpayers to stay alert.

    It’s part of an education campaign for Identity Theft Awareness Week.

    Last year, the FTC filed more than a million victim reports, who lost more than $10 billion combined.

    Kelle Slaughter, Senior Investigator with the FTC office in Dallas, says scammers are shifting their tactics, moving beyond traditional phone call scams and turning to text messages and emails to steal personal information.

    “These text messages include statements like, ‘How to get your tax refund’ or ‘Here’s information about a tax rebate,’” Slaughter explained. “They lead to fake IRS websites where scammers capture your login details, or worse, install malware on your devices.”

    A member of our own NBC 5 team received a text from a number claiming to be with the Internal Revenue Service and offering bonus money. It asks to go to a web link in the text, which Slaughter said is a fake site that will steal information.

    “The unfortunate part of it is that sometimes when you click the link in these text messages, they lead you to a fake website that looks exactly like the IRS website. And when you log in with your username and password for that website, the scammer is capturing that information,” she said. “There may be questions that the scammer will ask on this fake website that may actually be answers to your security passwords on other platforms.”

    The FTC advises taxpayers to avoid clicking on links in unsolicited text messages or emails. Instead, visit IRS.gov directly to verify any information about tax refunds or rebates.

    Imposters are also pretending to be the FTC.

    “The FTC will never threaten you, say you must transfer your money to “protect it,” or tell you to withdraw cash or buy gold and give it to someone. That’s a scam. Report it,” says a statement on the official FTC Consumer Advice site, which has several helpful articles about what to look out for.

    HOW TO PROTECT YOURSELF

    Slaughter says there are several steps people can take to safeguard their personal and financial information:

    Freeze Your Credit: A credit freeze, which is free through Experian, Equifax, and TransUnion, prevents scammers from opening new accounts in your name. You can easily unfreeze it when you need to.

    Use Strong Passwords & Multi-Factor Authentication: This extra security measure can help prevent thieves from accessing financial and social media accounts, even if they have your login information.

    Beware of Unsolicited Calls, Texts, and Emails: If someone contacts you claiming to be from the IRS or another government agency, don’t engage. Instead, call the agency directly using a verified phone number. The IRS will never ask for your social security number and other sensitive information over the phone.  The IRS usually contacts taxpayers via physical mail through the U.S. Postal Service.

    File Taxes Early: The IRS has long advised that filing early can reduce your risk of tax-related identity theft. Beat the scammers to the punch so that they can’t use stolen information to file

    Use an IRS PIN: The IRS offers an identity protection PIN, which is a six-digit number, to protect taxpayers from someone else filing for them. This number helps the IRS verify your identity when you’re filing.

    Every year, the FTC collects and analyzes consumer complaints, and identity theft remains a top concern. In its latest Data Book for 2023, the FTC reported that impersonation scams and identity theft were the top two categories of complaints from consumers nationwide.

    Scammers are also targeting children, whose Social Security numbers can be compromised in data breaches and misused for years before the fraud is detected. Slaughter urges parents to consider freezing their child’s credit to prevent future financial harm.

    “By the time a child turns 18, they could already have terrible credit due to fraud,” she warned. “Unfortunately, we’re living in a day and age where we’ve experienced data breaches in schools. And a child’s Social Security number may be exposed and sold to other scammers.”

    WHAT TO DO IF YOU’RE A VICTIM

    If you believe you’ve been targeted by a tax-related scam, the FTC recommends reporting it immediately.  Click here to file a report.

    You can visit IdentityTheft.gov for step-by-step guidance on recovering from identity theft.

    “It is extremely important that people should report identity theft. Don’t be embarrassed about it. It is a universal problem that we all have no matter where you are,” Slaughter said. “When people report identity theft to the FTC, we share those reports with other law enforcement agencies that have the authority to investigate and take action. Law enforcement is also analyzing those reports to determine how to shut down the scammers. It helps us to develop our casework.”

    For more information on protecting yourself from scams this tax season, visit FTC.gov or IRS.gov.

    On Friday, Jan. 31, The FTC and AARP are hosting a Facebook Live to chat about identity theft at 12 PM CT. Learn about how to recognize the signs of identity theft to protect yourself and know what to do if it happens. Click here to join.

    [ad_2]

    Alanna Quillen

    Source link