Category: Fight Back

Goldman Sachs Fined in Fraud

Goldman Sachs, one of Wall Street’s oldest and most prestigious banks was charged with conspiracy to violate the anti-bribery provisions of the Foreign Corrupt Practices Act, which forbids companies or individuals from paying foreign governments to retain business. The bank will have to pay $2.9 billion in fines over its involvement in a Malaysian bribery scheme.

$1.3 billion will go to the Justice Department; $606 million to Malaysia; $400 million to the U.S. Securities and Exchange Commission; and $154 million to the Federal Reserve. The rest will be split among foreign financial regulators in the United Kingdom, Hong Kong and Singapore.

The Justice Department alleged that Goldman Sachs ignored signs of fraud among some of its senior bankers in a scheme that ultimately led to a Malaysian government-backed economic development corporation being defrauded out of $2.7 billion. About $1.6 billion was used to pay officials in Malaysia and the United Arab Emirates to secure work issuing and selling bonds in international markets.

Goldman earned $600 million in fees for helping that corporation, 1Malaysia Development Berhad, raise $6.5 billion to support energy development in Malaysia, but much of the money was looted, with some used to buy luxury real estate and yachts.

The Malaysian branch of Goldman reached a $3.9 billion settlement with Malaysian prosecutors in July and pleaded guilty to violating federal anti-bribery law in a Brooklyn federal court. Former Malaysian prime minister Najib Razak was sentenced to 12 years in prison by a Kuala Lumpur court for money-laundering connected with the scandal.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

Spamnesty

The website is spa.mnesty.com and it’s about wasting the time of the scammers and spammers.

This is how they describe their ‘time-wasting’ service.

Spamnesty is a way to waste spammers’ time. If you get a spam email, simply forward it to sp@mnesty.com, and Spamnesty will strip your email address, pretend it’s a real person and reply to the email. Just remember to strip out any personal information from the body of the email, as it will be used so the reply looks more legitimate.

That way, the spammer will start talking to a bot, and hopefully waste some time there instead of spending it on a real victim. Meanwhile, Spamnesty will send you an email with a link to the conversation, so you can watch it unfold live!

It interacts with the spammer by sending fairly open anodyne responses to each message until the spammer gets bored and gives up. The replies are generic e.g. I’ve talked with my colleagues and we are definitely interested. Can you tell me more’.

Or ‘ That’s impressive. I’m excited to hear more’ Can you provide references?’

And so on.

It doesn’t stop spammers but does occupy them fruitlessly.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

723 Serious Cyber Attacks Stopped

The job of the National Cyber Security Centre (NCSC) is to protect the UK against cyber threats, whether that’s from hostile nations and groups or simply criminals.

Since it became operational in 2016, GCHQ’s cyber crime defence centre has defended the UK against 1,167 serious such threats.

The majority of the attacks were carried out by hackers “directed, sponsored or tolerated” by foreign governments, according to NCSC chief executive Ciaran Martin.

“These groups constitute the most acute and direct cyber threat to our national security,” he said.

In these days of coronavirus, NSCSC has also had to help protect scientists working on a vaccine, NHS hospitals, essential infrastructure and more.

The Wannacry ransomware in 2017 did huge damage to the NHS hospitals caught out.

NCSC also work to stamp out phishing and similar scams and what they call ‘high commodity attacks’ including the removal of 138,398 phishing sites between September 2017 and August 2018.

Cyber attacks are increasing in volume, scale and range of targets every year so business and all organisations need to take this seriously and protect themselves accordingly.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

Macs Scambaiting Tips

Mac loves to bait those evil scammers – playing them at their own game. You can read about Mac’s exploits at http://macsbaitstore.com/tips.html

Here are his tips:-

  • Make a fake persona for yourself before you start scam baiting (name, address, phone, etc.) – this will prevent you from making mistakes that will give you away later to the scammer.
  • Use a free email account for your scambaiting – Yahoo, Gmail, Hotmail, Live.com, etc.
  • Don’t give scammer any real information – for obvious reasons…
  • Consider using a Virtual private Network to disguise your IP address. If you have a floating IP address from your broadband supplier then this is not an issue as floating IP addresses only resolve back to your supplier – not to you
  • Do not give them your home phone number – try a service such as k7.net for messages or a mobile – I use a number that always rings, then make some excuse why I never answer (at work, store, etc.).
  • You can set-up a “catcher” account to receive scam emails, and a “baiter” account to carry on the bait. This is sound advice, but not always necessary – you can actually copy a scam email you find on the web or bulletin board and paste it to a new email to “reply” to a scammer. They send out so many emails, they will never know that they never actually sent an email to you.
  • Scambait with your eyes wide open – remember, these are criminals you are dealing with and everything that comes from their mouth is most likely a lie. In the course of the scambait, you will be sworn out, insulted and even threatened.

Treat the Scammers the Mac Way

  • Make their lives difficult! Remember, they will have certain documents already prepared, so ask for other documents as proof. They will send you a “Certificate of Deposit” for a bank account – ask for a current Account Statement instead. Explain that a Certificate of Deposit only shows what was deposited in the account years ago, but not what is in the account now. They will waste valuable computer time making a fake document…
  • If they send you a Passport ID, ask for a Driver’s License and vice versa. Notice that the picture on both is usually the same…
  • Ask many stupid questions and make sure they answer every question you have. They will try to stick to their script – get them off it.
  • Poke holes in all of their ideas, theories, and routines. The typical scammer knows nothing about business or banking, so correct them, question them, suggest other methods, etc.
  • Question every spelling error – even if you do understand what they meant. This will also waste their valuable time.
  • Point out all of their mistakes in documents – scammers don’t bother about details so pick them out and demand explanations.
  • Scammers are constantly getting their free email accounts shut down. Don’t let them get away with this without a fight! I like to tell them ‘that I contacted Yahoo when the mail came back undelivered, and Yahoo said the account was shut down for fraudulent activities’ – make them explain that one!
  • When a bait starts to peter out or if you haven’t heard from the scammer in a while – send them a message ‘that you sent the money via MoneyGram, did you get it yet’. Nothing revives a dead bait like the promise of money!
  • Never, ever let them get in the last word! Remember, one of the main goals is to keep them busy – if they keep replying to your insults, they are not scamming someone else!

For more information, have a look at http://macsbaitstore.com/tips.html

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

British Airways Fined for Data Breach

The Information Commissioner’s Office (ICO) has fined British Airways (BA) £20m for failing to protect the personal and financial details of more than 400,000 of its customers.

An ICO investigation found the airline was processing a significant amount of personal data without adequate security measures in place. This failure broke data protection law and, subsequently, BA was the subject of a cyber-attack during 2018, which it did not detect for more than two months.

The Data Breach

The attacker is believed to have potentially accessed the personal data of approximately 429,612 customers and staff. This included names, addresses, payment card numbers and CVV numbers of 244,000 BA customers.

Also, the usernames and passwords of BA employee and administrator accounts as well as usernames and PINs of up to 612 BA Executive Club accounts were potentially accessed, but this is uncertain. It is often impossible to be certain which data the hackers copied.

The ICO concluded that there were numerous measures BA could have used to mitigate the risk of an attacker being able to access the BA network. These include:

  • limiting access to applications, data and tools to only that which are required to fulfil a user’s role
  • undertaking rigorous testing, in the form of simulating a cyber-attack, on the business’ systems;
  • protecting employee and third party accounts with multi-factor authentication.

Since the attack, BA has made considerable improvements to its IT security.

BA did not detect the attack in June 2018 themselves but were alerted by a third party more than two months afterwards in September 2018. Once they became aware BA acted promptly and notified the ICO.

“When organisations take poor decisions around people’s personal data, that can have a real impact on people’s lives. The law now gives us the tools to encourage businesses to make better decisions about data, including investing in up-to-date security,” said Information Commissioner Elizabeth Denman.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

An Introduction to Scambaiting

We have all received unsolicited emails offering us a ’get rich quick’ opportunity. These are soften called 419 scams or Advance Fee scams. The scammer makes you believe there is a fortune for you to collect but you end up paying a small fee then another fee then another until eventually you realise it’s a con and give up.

You can just delete these messages or you can choose to play the scammers at their own game. They lie so why shouldn’t you. Make up your own persona and story.

The are various communities of scambaiters and the most famous is 419eater which you can find at 419eater.com with lots of examples of what they do.

Why Scambait?

It is very difficult to stop these people, but by wasting their time you are preventing their attention on scamming someone else. Plus an effective scambait may well give you personal information about the scammer – that can be passed on to the Authorities. Reporting the scambait online also warns others of how the scams work and what they can to tie up the scammers. If you can get their name, address and more then you can publish it on a scambaiter website.

Scambaiting Strategies

Create yourself a fake persona with name, address, email addresses, back story etc. and you’re ready to go when a 419 scam lands in your email inbox.

The most common strategies used by scambaiters are:-

  • just go with whatever comes up in the emails
  • try to get the scammer to join your Church. Promise the payments he wants once he has joined you imaginary Church.
  • get the scammer to pay the freight charge of delivering something entirely useless to him. Gives you an address to publish.
  • get the scammer to travel to meet you (you wont be there of course) e.g. your false address
  • make up characters to bring into the story e.g. Messrs Screw Hup and Ivor Itch solicitors or a fake Church Deacon or your neighbour Mac Donald

Keep those scammers busy and have some fun at their expense.

Fightback Ninja Signature