Category: Fight Back

A Redeemed Scammer

As with many criminals, people who scam others for a living tend to carry on doing so until something dramatic makes them think again – such as a significant prison sentence, losing someone important in their life, violence etc.

“Fred” was a scammer for many years, working for various scam outfits until the day the Federal agents turned up at his office and he ended up spending several years in prison. Now he works to prevent fraud and warn people of how it is done.

Fred says:-

If I were still in the scam business, I would focus on reverse mortgages and precious metals. Home-equity and reverse mortgage scams are attractive now because a lot of seniors have paid off their house, and that’s like an untapped bank account. If your home is worth $300,000 and you paid off your mortgage a couple of years ago, you have $300,000 sitting in the bank, waiting for me to steal it. A lot of TV and direct mail advertising tells you how to get money out of your house while you are still living in it. Some of these ads are legitimate; many are not.

 My ma asked me once how her friends could avoid these scams. I told her two things. If someone is pitching a deal, ask yourself, “What’s in it for him?” A common ploy is to get you to take out a loan on your house, then invest the proceeds in a long-term annuity or some other investment in which they make a huge commission. It may not be a fraud, but it may be a lot better deal for the salesman than for you. I also told Ma that when it comes to your house, never sign any paperwork until your lawyer — someone you choose, not someone the salesman refers you to — reads the fine print.

 As for gold and silver scams, I worked in several coin rooms in the 2000s. We would sell gold coins at a 300 to 500 percent mark up. So the victims would pay $25,000 for a bunch of coins, which they would receive, but years later, they would take them to a coin shop and learn they were worth only a few thousand dollars. This is a great scam, because the coin industry is largely unregulated. Plus, because the victims receive the coins, they don’t realize until years later that they’ve been taken.

 One of my victims was a successful engineer from California named Tim. He first talked to one of our salesmen, who gave him the generic pitch. Then he turned him over to me to close. The first thing I said to Tim was: “Hi, Tim, this is Jim. How are you doing? Go get a pen and paper right now — I want you to write my name down.” Tim immediately said, “Oh, OK, I’ll be right back.”

 With those six words I knew that Tim was going to fall and fall hard. It wasn’t just that he immediately complied with my request; it was how he complied.

 Out of the Game, for Good

All of those years I ripped people off, I knew it was wrong. But I was making so much money, I didn’t care. It wasn’t until those agents busted into my office in Miami that it finally hit me: What I was doing was really bad. I pleaded guilty to one count of conspiracy to commit mail fraud and went to prison for more than three years. I had a lot of time to think about my crimes. When I got out, I promised my mother I would never go back to my old ways. It wasn’t easy. The first year I was out of prison I was asked almost daily to work as a closer for the latest scam. Finally, I changed my phone number so I wouldn’t be tempted.

 Now, I am 44 years old, and I live in my parents’ house. I owe the federal government almost a million dollars in restitution that I don’t have a prayer of paying back. Thanks to years of smoking and drug abuse, I have acute emphysema and I carry around an oxygen tank. I’m on the waiting list for a double lung transplant, but the clock is running out. Can you spell karma?

 Do you have an opinion on this matter? Please comment in the box below.

Fightback Ninja Signature

DMARC Email Authentication

We all get far too many emails claiming to be from a well known company but actually sent by scammers and spammers. Internet Service Providers trap a large percentage of these fake messages and delete them before they they can get to their intended target, but a lot still get through to us.

What can be done?

There is a standard called DMARC used by many large organisations including Google, Facebook, Apple, Craigslist, Virgin Media, British Airways, Dropbox, Amazon and many more.

Implementing DMARC ensures that genuine emails can only be sent using specified company servers and hence any Internet Services Provider can filter out the messages claiming to be from these companies, but are fake.

Sending Out Emails

The sender sets up two pieces of machine readable information in advance

  1. A document that describes how the emails will be sent (e.g. which servers will be used for the outgoing mail). This is called SPF (Sender Policy Framework).
  2. A proof of identity document called DKIM (Domain Keys Identified Mail)

Receiving Emails

The email service provider in receipt of the message, checks the SPF and DKIM entries for the legitimate sender and compares the meta data for the messages against that. If it passes then the message is accepted but it there is a mismatch then the messages are marked as fake. That can mean they are deleted or can mean they are delivered to the users spam folder.

It does take effort to implement DMARC as a sender but the more large companies start using DMARC the better and the more email service providers start to check incoming mail for DMARC then the less rubbish will get through.

If you know anything more about this then let me know, by email.

Fightback Ninja Signature

Hacking Group Sentenced

Five men have been found guilty of hacking into an e-mail account and attempting to steal more than £3 million from a London businessman.

All five suspects were convicted at Southwark Crown Court on Wednesday, 22 May at the end of a five-month trial following a complex investigation carried out by the Metropolitan Police Service’s Cyber Crime Unit over four years.

Anthony Oshodi,, Foyjul Islam, Mohammed Siddique, Mohammed Rafeek and Meharoof Muttiyan were found guilty of various counts including money laundering, false identification documents and possession of articles for use in fraud.

Oshodi fled three weeks into the trial but was convicted in absence.

The suspects carried out their scam by altering the email account of a single victim, enabling them to send emails without his knowledge and preventing him from viewing messages from his accountant and bank.

The group sent several emails from the victim’s account to his bank requesting payment be made to a number of people. Payment was requested through fraudulent invoices containing account numbers belonging to the suspects.

In one week, approximately £1.3 million was transferred into three accounts. The money was then transferred again to cover their tracks.

Detectives managed to identify each suspect through the examination of banking, phone and computer records. They pieced together key evidence of the money trail, patterns of communication and the ownership of individual devices linked to the offences.

Oshodi’s computer also contained copies of 1000 third party passports and bank cards which were used to create false identities.

Muttiyan acted as a primary money mule, transferring cash through the bank accounts of a petrol station, an insurance claims company, and a computer business owned by the group. Siddique organised the distribution of £600,000.

Rot in jail.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

Website: The Daily Scam

The Daily Scam website is a resource to help people counter online fraud – it is funded by donations and has been attacked a number of time by hackers trying to stop them.

www.thedailyscam.com

“The Daily Scam was developed by Doug Fodeman and David Deutsch in response to the overwhelming number of Internet scams and online fraud targeting them, their friends and colleagues”.

Mission Statement

“Our goal is simple: To help people better understand internet-based threats, scams and fraudulent practices, and how to avoid them”.

Solution

“The problem is getting larger every year. Despite people’s best intentions to stay safe online there are extremely talented scam artists and criminal gangs who successfully manipulate us into infecting our computers with malware, or trick people into revealing personal information that puts us at risk. During the last few years these threats have been increasing and we’re as sick and tired of them as you!”

These guys are big believers in education as the solution to these scammers.

They have created resources on their website to educate business and the public to keep your computers and your information safe. There is a free weekly newsletter “The Daily Scam” which aims to expose the latest scams and offer tips for reducing your risks online.

They offer webinars and workshops to help to educate people.

The website includes:-

  • Lots of useful articles
  • Warnings
  • Videos
  • Newsletters
  • T-shirts and mugs with anti scam slogans

 Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Nuisance Call Bosses Fined Up to £500,000

Estimates by telecoms regulator Ofcom show British consumers were bombarded with 3.9 billion nuisance phone calls and texts in 2018.

Company directors whose firms make unsolicited nuisance calls are now directly liable and could face fines of up to £500,000 under recent legislation from the Information Commissioner (ICO).

In the past some company directors had avoided company penalties for nuisance calls by going bankrupt and then starting a new firm under a different name. Once a company has been dissolved any penalties cannot be collectable.

Previously, it was only the businesses themselves that were liable for fines of up to £500,000 rather than individuals.

Andy Curry, of the nuisance call enforcement team at the ICO, said “It will mean we can recover the fine more easily and also make it much harder for unscrupulous operators to set up in business again.”

Last year, the ICO issued 26 penalties totalling £3.28 million for breaches of electronic marketing laws relating to nuisance calls and spam text messages, along with 10 enforcement notices.

Minister for digital and creative industries Margot James said: “We are determined to stamp this menace out and this new law is the latest in a series of measures to rid society of the plague of nuisance calls.”

If you have any experiences with nuisance callers – do let me know, by email.

Fightback Ninja Signature

Zain Qaiser Jailed

A Londoner named Zain Qaiser has been jailed for blackmailing porn users worldwide.

His jail sentence of six years and five months is a major success for the National Crime Agency and the court heard he is the most prolific cyber criminal to be sentenced in the UK.

Investigators have discovered about £700,000 of his profits – but his network may have made more than £4m.

Working from his bedroom at his family home in Barking, Qaiser began to make money through “ransomware” attacks when he was only 17 years old.

This is a form of attack in which a computer is hijacked (and often the files are encrypted) and frozen by  downloaded  software until the user pays a fee for its release.

Qaiser contacted the Russian controller of one of the most potent attack tools and agreed a split of his profits.

Over 18 months, the teenager posed as a legitimate supplier of online promotions and booked advertising space on some of the world’s most popular legal pornography websites. But each of the adverts that was promoted on the websites contained a malicious tool called the “Angler”.

Any visitor to the adult site who clicked on one of Qaiser’s fake adverts would trigger the download to their own computer of the attack kit.

The software would search for vulnerabilities and If the home computer was not protected with up-to-date anti-virus software, would deliver the ransomware that seized control of the device.

The ransomware then splashes a full screen message to the user, claiming to be from the FBI or Metropolitan Police or other law enforcement agency, accusing the user of breaking the law – warning them they faced up to three years unless they paid a fine of hundreds of dollars immediately in Bitcoin.

It was calculated that one of the fake adverts appeared on 21 million web browsers every month.

Quaiser spent almost £5,000 on a Rolex watch and £2,000 on a stay in a Chelsea hotel. He regularly spent money on prostitutes, drugs and gambling, including almost £70,000 in a casino.

When a Canadian company selling advertising space asked Qaiser to stop, he launched a massive cyber attack against it, causing hundreds of thousands of pounds worth of damage to the business.

Qaiser initially denied the crimes and claimed he had been hacked, before pleading guilty to 11 charges – including blackmail, fraud, computer offences and possessing criminal property.

If you have any experiences with scammers, spammers or time-waster do let me know, by email.

Fightback Ninja Signature