Category: Fight Back

US Catches Scammers on Instagram

Olalekan Jacob Ponle, known as “mrwoodbery” to his Instagram followers, flaunted his wealth, including a new Lamborghini he had in Dubai.

He was arrested by Dubai Police for alleged money laundering and cyber fraud.

A number of African criminals were caught in the dramatic operation, including 37-year-old Ramon Olorunwa Abbas, “hushpuppi” or just “hush” as he was known by his 2.4 million Instagram followers.

Police in the emirate say they recovered $40m in cash, 13 luxury cars worth $6.8m, 21 computers, 47 smartphones and the addresses of nearly two million alleged victims.

Mr Abbas and Mr Ponle were both extradited to the US and charged in a Chicago court with conspiracy to commit wire fraud and laundering hundreds of millions of dollars obtained from cybercrimes.

It is a spectacular crash for the two Nigerian men who extensively documented their high-flying lifestyle on social media, raising questions about the sources of their wealth.

They unwittingly provided crucial information about their identities and activities for American detectives with their Instagram and Snapchat posts.

Business Email Compromise Scam

The criminals used various scams including the 419 Advance Fee scam but the most lucrative was Business Email Compormise.

They are accused of impersonating legitimate employees of various US and tricking the recipients into transferring millions of dollars into their own accounts.

In one case, a foreign financial institution allegedly lost $14.7m in a cyber-heist where the money ended up in hushpuppi’s bank accounts in multiple countries.

The FBI affidavit alleges that he was involved in a scheme to steal $124m from an unnamed English Premier League team.

“The scammer would gather contextual details, as they watched the legitimate email flow,” explains Crane Hassold, Agari’s senior director of threat research.

“The bad actor would redirect emails to the bad actor’s email account, craft emails to the customer that looked like they are coming from the vendor, indicate that the ‘vendor’ had a new bank account, provide ‘updated’ bank account information and the money would be gone, at that point.”

They try to convince a recipient to wire money to the other side of the world or they go “phishing”, stealing a user’s identity and personal information for fraud.

Over Confidence

On Instagram, hushpuppi said he was a real estate developer, but the “houses” he talked about were actually codewords for bank accounts used to receive proceeds of a fraudulent scheme.

In April, hushpuppi renewed his lease for another year at the exclusive Palazzo Versace apartments in Dubai under his real name and phone number.

The FBI obtained records from his Google, Apple iCloud, Instagram and Snapchat accounts which allegedly contained banking information, passports, communication with conspirators and records of wire transfers.

I expect their many victims would be pleased for the criminals to rot in jail for a very long time.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

Email Verifier Website

The website at (https://emailverified.org/) is very simple and has two services:-

  1. To verify an email address
  2. To check a phone number to see if it is an automated service (known as a robocaller)

There is no explanation on the website of how these checks are made – they are assumed to be checking the entered phone number or email address against industry blacklists, but that could be wrong.

You enter an email address and get either ‘Email is Valid’ or ‘Email is Invalid’ response with no explanation.

Or you enter a phone number and either get ‘Phone number is clear’ or ‘This phone number is a robocaller’ response.

The website also doesn’t state whether it does anything with the phone numbers and email addresses entered – maybe they are added to blacklists or maybe not.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Microsoft Digital Crimes Unit

Each month, Microsoft receives about 11,000 complaints from people across the globe who have been the victim of a technical support scam. This is where scammers pretend to be from reputable technology companies, such as Microsoft, Dell, Apple or an Internet Broadband supplier such as BT, Talk Talk or Virgin and try to get your confidential information or access to your computer or to get you to pay for an unnecessary piece of work on your computer.

This scam usually starts with a phone call but sometimes with a pop up message on screen telling you to call a specific helpline.

Microsoft blocks more than 25 million adverts on Bing search engine related to this scam.

Microsoft say they also fight back through advanced analytics and investigations of thousands of customer complaints received annually. The Digital Crimes Unit identifies key players perpetrating these scams. Collaborating with enforcement agencies globally, they take action to disrupt these fraudulent enterprises and hold them accountable under the law.

For example, Microsoft provided critical information for the May 2017 sweeping enforcement action “Operation Tech Trap” in which the U.S. Federal Trade Commission and law enforcement partners took 16 new actions against technical support fraudsters.

The UK National Fraud Investigative Bureau reported the number of instances of consumers reporting technical support scams using the Microsoft brand has dropped from 76 percent to 17 percent after a string of successful joint Microsoft and law enforcement operations.

Well done Microsoft Digital Crimes Unit.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Online Dating Association

In summer 2013 a group of dating site providers in the UK created a body that would allow the sector to work together on standards and speak as one voice with regulators, law enforcement agencies and others.

These services wanted to take some shared responsibility for the wellbeing of the sector and its users – and not just rely solely on the law.

A Code of Practice and advice for the public on the best and safe use of services was published in December 2013. The Code was focused on:-

  • The clarity and honesty of the services offered
  • The protection of user’s personal information
  • The proper operation of services
  • The advice and help given to users to make dating as enjoyable and safe as possible.

The Online Dating Association intends for its materials to be used by any company for whom they are relevant, anywhere in the world in order to raise standards.

The Online Dating Association’s policy recommendations and complaint arbitration are designed to help  members build trust with consumers, so singles can join dating platforms with confidence and security.

The ODA screens members before and after they join to discourage misleading marketing ploys and unsavoury sales tactics in the dating industry.

Members that commit to the official Code of Practice endorse policies that support a healthy, secure, and friendly online atmosphere for singles. Since 2013, the Online Dating Association has promoted high moral standards for dating websites old and new, big and small, in the UK and abroad.

Fightback Ninja Signature

Pinterest Blocks Scam Sites

Spammers will sometimes create content (called Pins) on the Pinterest social media network with misleading links or links to bad content.

If you see a spam Pin – report it to Pinterest for assessment.

https://help.pinterest.com/article/report-something-on-pinterest

There are separate links on their help pages, to report specific types of problem pins:-

  • graphic violence
  • harassment
  • nudity
  • hate speech
  • impersonation
  • self harm
  • anything else

Pinterest can block links that redirect to other pages, contain misleading, inappropriate or spammy content, or otherwise violate the Terms of Service and Community Guidelines.

If you click a link in Pinterest that appears to be broken, inoperable, inappropriate or otherwise potentially unsafe, it may suggest an alternative link if an alternative is available. If there are no available alternatives, Pinterest may encourage you not to visit the link.

Pinterest say they network is not a place for antagonistic, explicit, false or misleading, harmful, hateful or violent content or behaviour and they may remove or limit the distribution of such content and the accounts that save it.

This is a very good feature but it is largely automated and if your website is reported as bad in some way, but that is mistaken, there is a process to get Pinterest to manually review the site and if appropriate remove their block on your site.

To make sure your Pins don’t get blocked:

– Any links must be direct to the target website, not through a URL shortener (such as bit.ly) or redirector

– Pin with the official Pin It button http://about.pinterest.com/goodies/

If you think Pinterest have blocked something they shouldn’t have – let them know, providing a link to the  website or blog and a link to a pin that’s showing you the block error.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

DMCA Badge

www.dmca.com

The Digital Millennium Copyright Act (DMCA) is a 1998 United States copyright law that implements two 1996 treaties of the World Intellectual Property Organization.

It criminalizes production and dissemination of technology, devices, or services intended to circumvent measures that control access to copyrighted works (commonly known as digital rights management or DRM).

DMCA are the guardians online of copyright material and are best known for being able to take-down websites where people have copied other’s content and not removed it when ordered to.

They claim to be protecting more than one million websites with their badge.

The DMCA Badge

A DMCA Badge is a seal of protection placed on a website that deters thieves from stealing the content.

With a registered badge, you have access to the tools, resources and support to swiftly takedown any website that steals your content.

Thieves don’t like that!

DMCA say that if your content is stolen while protected with their badge, they will do a takedown for no charge

A DMCA Takedown is when content is removed from a website at the request of the owner of the content or the owner of the copyright of the content. It is a well established, accepted, internet standard followed by website owners and internet service providers.

If you have any experiences with copyright theft and/or DMCA do let me know, by email.

Fightback Ninja Signature