Global law enforcement agency Interpol used an international conference on cyber crime earlier this month to launch an awareness-raising campaign about CEO Fraud. CEO fraud, referred to by some as business email compromise (BEC) fraud or “whaling”, is a form of phishing that involves criminals tricking company employees who are authorised to issue payments into transferring large sums of money to accounts controlled by fellow fraudsters. Oftentimes, first contact will be made in an email in which a scammer assumes the identity of a senior executive to ask that an urgent payment be made. The criminals behind CEO fraud scams typically do their homework on the companies they target, using their knowledge of the businesses they set out to dupe to convince the employees they contact that they are who they say they are.
CEO fraud scams are also carried out over the phone, with fraudsters calling employees while pretending to be a senior manager, and can often involve scammers forging invoices and other forms of paperwork in order to secure the payments they seek to extract from their victims. Whether the scam is carried out by phone or by email, fraudsters will exploit the seniority of the executive or manager they are impersonating to pressure and intimidate the employees they target to transfer funds into an account they control, typically claiming the payment they are requesting is of the utmost importance and should be treated in the strictest of confidence.
While CEO fraud is by no means a new phenomenon, companies large and small continue to lose huge sums of money to the criminals behind it, despite the launch of numerous awareness-raising campaigns such as the one announced by Interpol earlier this month. According to the FBI, losses from CEO fraud scams run into the billions of dollars every year.
Just weeks before Interpol launched its campaign, the US Better Business Bureau published its own report on CEO fraud, noting that instances of the crime are rising, and that such scams are estimated to have cost American businesses and other organisations more than $3 billion since 2016. Commendable as such interventions may be, they appear to have little effect, with previous efforts launched in countries including the UK and the US apparently having scant impact on CEO fraud scammers’ ability to con large sums of money out of companies that appear to be struggling to come up with ways in which to deal with the crime.
It would be easy to assume that fraudsters who carry out these types of scams would lean towards targeting smaller firms that might have less sophisticated fraud detection systems in place, but several recent cases show this is very far from the case. In a sophisticated variation of CEO fraud, a Lithuanian man was able to fleece an astonishing $100 million from Facebook and Google in a BEC scam. In March, Evaldas Rimasauskas pleaded guilty to sending the two technology giants huge bogus invoices while posing as an Asian computer hardware maker. Using convincing fake email accounts to submit his invoices, Rimasauskas and his associates “forged invoices, contracts, and letters that falsely appeared to have been executed and signed by executives and agents of the victim companies”.
In another example of a blue chip firm falling victim to this type of scam, the Toyota Boshoku Corporation admitted last month that it had been relieved of some four billion yen ($37 million) in a BEC fraud. The firm perhaps understandably chose to reveal few other details about its massive loss. If companies such as these can be duped by CEO fraudsters, what hope is there for smaller firms, particularly at a time when the information and technology available to fraudsters is growing and advancing at a breakneck speed?
Back in August 2017, the Times of London reported that organised crime gangs were staking out LinkedIn profiles in order to gather intelligence that could be used in BEC scams. Earlier this year, police in Ireland warned workers against posting too much information about themselves on all forms of social media to avoid it being used by CEO fraud scammers. In a new worrying twist on the scam, the Wall Street Journal reported in August that an unnamed executive in the UK had been tricked into sending €220,000 ($243,000) to a bank account controlled by fraudsters after they used artificial intelligence technology to mimic the voice of his boss on the phone and demand that a payment be made.
While proposed confirmation of payee systems that require banks to check the name on recipient accounts before making a transfer of funds might go some way towards reducing the success rates currently enjoyed by BEC scammers, the fact that fraudsters rely predominantly on human error makes it unlikely we will see an end to this form of fraud anytime soon. Quite the opposite in fact. No matter how many awareness-raising campaigns are launched by well-meaning organisations, the wealth of information and technology that is now available to the often organised criminals behind this type of fraud leaves them perfectly placed to exploit the human fallibility of CFOs and account department workers.
Why you should worry about more than your device’s search history when viewing porn online
Many adult website users assume they can cover their tracks by turning to their web browser’s incognito mode whenever they want to view explicit pictures or videos online. While it is true that using this type of technology will keep visits to sites that host such material out of a user’s internet search history, pornography enthusiasts should be aware that their adult viewing activity will still be very far from secret.
The majority of porn fans will be smart enough to realise that their online viewing habits will be visible to their internet service provider even when a web browser’s incognito mode is being used, but it will be likely that few spend too much time worrying about this. Others might feel quite comfortable signing up for premium services from their adult entertainment purveyor of choice, and have no qualms about providing their email address and credit card details while doing so.
However, several recent and historic data breach incidents suggest that pornography fans would be well advised to put as much time and effort into worrying about how much information is recorded about their adult entertainment consumption in data centres across the globe as they do into threating about the personal search history on their devices.
Just last week, it was reported that researchers at cyber security firm TurgenSec had discovered that a database left unsecured by UK telecoms and entertainment giant Virgin Media contained information linking some of its customers to porn sites. Responding to Virgin’s initial claim that the database only contained “limited contact information”, TurgenSec issued a statement on its website explaining that the exposed information in fact linked customers to “[r]equests to block or unblock various pornographic, gore related and gambling websites, corresponding to full names and addresses”. Virgin said the information on the database had been accessed on at least one occasion by an unknown user, raising the prospect that the details on it could be used by hackers to target Virgin customers in sextortion scams.
Although such breaches are rare among major internet service providers and telecom firms, partly on account of how tightly regulated they are, information held by adult websites themselves can be much more vulnerable. Perhaps the most notorious breach of an adult website’s database came in 2015 when a hacking group obtained information relating to the users of Ashley Madison, an online dating site that facilitates affairs between married people and those in long-tern relationships.
While not a pornography website per se, people whose personal information was linked to the service found that the impact on their lives was devastating. Having threatened to do so for weeks, the cyber criminals behind the breach leaked the names of 32 million users of the site in August 2015, resulting in people losing their jobs, their relationships, and in some cases even taking their own lives. Soon after the exposure of the Ashley Madison database, sextortion fraudsters launched campaigns to exploit the fears of those who might have appeared on it.
Over the intervening years, numerous porn sites across the world have leaked their users’ details, potentially putting them at of these types of scams. In July 2019, researchers at Cornell University published a paper that revealed 93% of the adult websites they studied were leaking data to third-party entities, such as online advertisers or web analytics providers. “Everyone is at risk when such data is accessible without users’ consent, and thus can potentially be leveraged against them by malicious agents acting on moralistic claims of normative gender or sexuality,” the researchers wrote.
In January of this year, online security firm vpnMentor revealed that porn cam network PussyCash had exposed the details of thousands of “models”, leaking over 875,000 files that included photographs of amateur porn performers in which their faces could be seen alongside personal information including names, dates of birth and passport information. Back in 2016, the names of nearly 800,000 registered users of pornography website Brazzers were exposed in a data breach, with information relating to visitors’ sexual preferences and favourite adult performers posted by hackers online.
As well as exposing porn site users to embarrassment and potential blackmail, these types of data breaches have scuppered efforts to make the internet safer for children in some countries. UK proposals to force porn viewers to sign up to an age verification system before accessing their preferred adult content were dropped last year partly on account of privacy and security concerns. The upshot of all this is that anybody who is partial to watching pornography online should probably worry just as much about how much information about their viewing habits is being stored on databases around the world as they do about the information in their internet browser.
Scammers the world over are exploiting public fears over the coronavirus outbreak
Scammers across the globe are looking to profit from public fears over the coronavirus outbreak, with reports the world over highlighting how fraudsters are seeking to exploit the panic created by the spread of the disease.
On Wednesday, Kyodo News reported that authorities in China have seized more than 31 million counterfeit or substandard face masks as members of the public clamour for such products amid a countrywide shortage.
China’s Ministry of Public Safety said police in the country have dealt with 688 cases involving the manufacture and sale of fake and substandard protective materials, arresting over 1,560 people while doing so.
China’s state-backed Xinhua news agency quotes the ministry as saying that as of Monday, law enforcement officers across the country had dealt with some 22,000 criminal cases related to the coronavirus outbreak.
Addressing a press conference in Beijing this week, Vice Minister Du Hangwei revealed that a total of 4,260 suspects have been detained in relation to these alleged offences.
On Sunday, the UK’s People newspaper revealed that phishing scammers are sending elderly and vulnerable British citizens emails that purport to be from the country’s National Health Service in which they demand a payment of £169.99 ($216) for access to “rapid and effective treatment” for the disease.
Elsewhere, Business Insider reports that Facebook has announced that it will take down bogus adverts that guarantee a cure, create a sense of urgency or otherwise attempt to profit from the virus.
In a statement, the company said: “In the weeks after the World Health Organisation (WHO) declared a public health emergency, Facebook is working to support their work in multiple ways, including taking steps to stop ads for products that refer to the coronavirus and create a sense of urgency, like implying a limited supply, or guaranteeing a cure or prevention.
“For example, ads with claims like face masks are 100% guaranteed to prevent the spread of the virus will not be allowed.”
In a similar move, USA Today reports that online retail giant Amazon has warned third-party face mask sellers about marking up prices to take advantage of fears over the coronavirus outbreak.
While vendors on Amazon are generally allowed to change the price of their products within reason, the company’s policy states: “If we see pricing practices on a marketplace offer that harms customer trust, Amazon can remove… the offer, suspend the ship option, or, in serious or repeated cases, suspending or terminating selling privileges.”
In January, NutraIngredients-USA revealed that the US Natural Products Association (NPA) had asked federal authorities to monitor dietary supplement companies that claim their products can be used to treat the coronavirus.
NPA President and CEO Daniel Fabricant commented: “We have been in touch with some of the ecommerce organisations.
“We are urging them to take a look at how marketers that sell on their sites are tagging products.”
Earlier in February, the US Federal Tarde Commission warned that fraudsters are seeking to take advantage of fears surrounding the disease by setting up websites to sell bogus products targeting potential scam victims through misleading social media posts and phishing emails.
The commission warmed that such social media posts or phishing messages often appear to promote awareness of the disease and may include prevention tips.
They might also ask readers to donate to victims of the virus, or offer advice on unproven treatments, and will often include malware in the form of attachments or links to websites controlled by hackers designed to harvest victims’ personal and financial information.
Offering similar advice this month, UK anti-fraud organisation Cifas cautioned the British public to be on the lookout for scams designed to prey on fear and anxiety over the spreading of the virus.
In a statement, Cifas CEO Mike Haley said: “Fraudsters are always looking for new ways to prey on people’s fear and anxieties, and so it’s very likely that these scams will only increase as coronavirus spreads.
“My advice is to not let fraudsters scare or pressure you into making any hasty decisions. Take your time and do your research, and remember to never hand over personal or financial details – don’t let criminals benefit from this serious situation.”
Separately, the WHO, which is leading global efforts to control the outbreak, has warned that cyber criminals are using its name in a bid to steal money and personal information from victims online.
The UN agency said it would never ask people to log in to any website to view safety information related to the coronavirus, and would never email unsolicited attachments.
The WHO also noted it would never prompt people to visit a website other than its own, and would never charge money to apply for a job, register for a conference, or reserve a hotel.
“WHO is aware of suspicious email messages attempting to take advantage of the 2019 novel coronavirus emergency,” the organisation said.
“Using this method, criminals can install malware or steal sensitive information.”
How America’s methamphetamine crackdown enriched Mexican drug cartels and made the country’s problem with the drug worse
Up until 2006, the overwhelming majority of methamphetamine consumed in the US was manufactured in domestic labs scattered across the country. Then, at what came to be considered the peak of the country’s meth use epidemic, new legislation was introduced that made it much more difficult for producers of the drug to get hold of the ingredients required to make it. The 2005 Combat Methamphetamine Epidemic Act included much stricter controls on the sale of ephedrine, pseudoephedrine and phenylpropanolamine, and resulted in a sharp fall in the amount of meth produced in the US.
Thanks to the introduction of laws such as these and numerous crackdowns on US methamphetamine manufacturers launched by the Drug Enforcement Administration (DEA), domestic production of the substance was almost eradicated during the latter part of the mid-2000s, save for small time producers using the highly dangerous so-called “shake-and-bake”. But rather than ending the country’s problem with the drug, these developments opened a huge opportunity for Mexican trafficking cartels, which have over the intervening years more than plugged the gap left in the market.
While the Combat Methamphetamine Epidemic Act did result in a fall in the number of meth users and hospital admissions related to use of the drug in the immediate aftermath of its introduction, the emergence of Mexican labs turning out huge quantities of what has come to be referred to as “super meth” soon began to reverse any gains. Having fallen to a low of 314,000 in 2008, the number of American’s using methamphetamine in 2018, the most recent year for which data is available, rose to 1.9 million, according to the 2018 National Survey on Drug Use and Health. This was equivalent to a rise from 0.1% of the US population to 0.7%. Experts agree that the drug’s extraordinary comeback is being driven almost exclusively by Mexican cartels skilful exploitation of US efforts to end domestic production of methamphetamine.
Unlike what was being produced in domestic labs, the meth coining into the US from Mexico is typically close to 100% pure and can cost as little as $5 a hit. The price of the drug has plummeted over recent years thanks to the sheer volumes the cartels are bringing into America, making it even more attractive to addicts looking to get as a long a high as possible for their money. In July of last year, federal drug data seen by NPR revealed that seizures of meth by US law enforcement agencies rose 142% between 2017 and 2018.
In November of last year, acting US Customs & Border Protection Commissioner Mark Morgan warned that super labs in Mexico were flooding America with ever cheaper and purer forms of meth. During a White House press briefing, Morgan said: “The illicit narcotics the transnational criminal organisations are flooding the US with are making their way to every town, city, and state in this country. It isn’t just a border issue. Make no mistake: If your city, town, or state has a meth problem, it came from the southwest border.”
Away from National Survey on Drug Use and Health data, other indicators suggest super meth is beginning to take its toll on users. At the end of January, the US Centres for Disease Control and Prevention revealed that between 2012 and 2018, the rate of drug overdose deaths involving psychostimulants such as methamphetamine increased nearly five-fold. Separately, a study published by Millennium Health in the JAMA Network journal this January revealed that use of methamphetamine is rocketing across the US, with the number of urine samples testing positive for the drug rising from about 1.4% in 2013 to around 8.4% last year. The findings of the study suggested that “methamphetamine-related overdose deaths [especially] may continue to increase”.
As part of its efforts to stem the flow of methamphetamine flooding into the country, the DEA last week launched Operation Crystal Shield, which will see the agency target major methamphetamine trafficking hubs in locations such as Atlanta, Dallas, El Paso, Houston, Los Angeles, New Orleans, Phoenix and the St Louis Division. The DEA said in a statement that these locations accounted for 75% of all methamphetamine seizures made in the US last year.
But with the Mexican cartels coming up with evermore ingenious methods of sneaking their products into the country, including bringing methamphetamine into the US in liquid form, the DEA will have its work cut out. While well intentioned, the mid-2000s crackdown on America’s methamphetamine crisis not only appears to have opened up an extremely lucrative new line of business for Mexican trafficking gangs, but may very well also have made the country’s already disastrous relationship with the drug much worse.
- Crooked vendors exploiting flaw in eBay’s feedback system to con buyers into purchasing bogus and dangerous items
- Major ‘lover boy’ prostitution gang broken up by coalition of European law enforcement agencies
- Taking cocaine will not cure people struck down with the coronavirus, French government warns public
- US politicians call for state action against Pornhub over allegations it hosted rape and child abuse videos
- Californian border officers catch Mexican man with enough fentanyl to kill 1.2 million people