On Fraud and How to Mitigate the Risks
Trust No One
When my son was getting ready to graduate from college, he—like many other young people—was looking for a job. He was scared and desperate that he would not find anything, and we were talking a lot about what kind of job was best for him as a recent college graduate with a Bachelor Degree in finance.
One morning, he texted me, full of hope, about a possible interview.
Me: Nah, kiddo. It’s a scam.
Him: How do you know?
Me: There’s not a single, legitimate company that will email you from a Gmail account to set up an interview or interview you from Google chat.
He eventually got a great job that led to an incredible career in finance. But that conversation stuck with me, as someone who deals with financial crime on a daily basis.
No, there won’t be any job offers, or even interviews, from a Gmail account. But criminals recruit money mules that way. They take advantage of desperate college students or graduates, who are intensively looking for work, and they make them an offer that’s too good to be true.
Work from home!
All you have to do is open a bank account and transfer some money! Easy!
The job is really easy. It requires little effort, but you can make oodles of money!
Don’t fall for it. Just don’t.
At several financial crimes conferences I have attended, panelists discussed vulnerable individuals who were taken in by scammers who turned them into money mules, convincing them to move money for them for a cut of the proceeds. Some of these individuals were warned by their bank. They were warned by law enforcement. They were warned by caring family members, but yet they continued to move funds for their online paramour/friend, even after the financial institution closed the account for fraudulent activity! They simply opened a new one and refused to believe that the person with whom they have been communicating for several months is exploiting them.
But moving money for illicit actors is only one of a myriad of scams out there that have just gotten more common since the COVID-19 pandemic began.
COVID-19 relief programs are a massive target for criminals. These programs were implemented quickly in a panic to protect Americans from financial hardships during the pandemic, and the checks weren’t at all effective. False claims and theft of COVID-19 relief funds have resulted in millions stolen from the United States, and thanks to Kenya’s weak investigative and prosecutorial efforts, transnational criminal organizations use the country to launder many of the stolen COVID funds.
And then there’s the pig butchering. Haven’t heard of it? Oh, you will…
These scams originated in China, where they came to be known by the Chinese version of the phrase shāzhūpán because of an approach in which attackers essentially fatten victims up, or develop a friendly or romantic relationship with them, and then rob them blind (butcher the pig)—normally through cryptocurrency schemes.
Scammers cold-contact people on SMS texting or other social media, dating, and communication platforms. Often they’ll simply say “Hi” or something like “Hey Josh, it was fun catching up last week!” If the recipient responds to say that the attacker has the wrong number, the scammer seizes the opportunity to strike up a conversation and guide the victim toward feeling like they’ve hit it off with a new friend. After establishing a rapport, the attacker will introduce the idea that they have been making a lot of money in cryptocurrency investing and suggest the target consider getting involved while they can.
Next, the scammer gets the target set up with a malicious app or web platform that appears trustworthy and may even impersonate the platforms of legitimate financial institutions. Once inside the portal, victims can often see curated real-time market data meant to show the potential of the investment. And once the target funds their “investment account,” they can start watching their balance “grow.” Crafting the malicious financial platforms to look legitimate and refined is a hallmark of pig butchering scams, as are other touches that add verisimilitude, like letting victims do a video call with their new “friend” or allowing them to withdraw a little bit of money from the platform to reassure them.
Pig butchering is becoming more popular, and it does not have to involve cryptocurrencies. These scams can involve more traditional forms of financial fraud, such as Ponzi schemes or traditional romance scams, but they don’t have to be romantic in nature, and they can take months for the fraudster to fatten up—or develop a relationship—with their victims.
That way, when the victim is confronted with the fact that they have been robbed, they have a tougher time believing the claim. After all, they’ve “known” this person for months! They have been talking and sharing personal stories, and they have so much in common!
And the millions upon millions just keep getting stolen.
The Justice Department last month seized more than $112 million in funds linked to pig butchering schemes.
The victim of another pig butchering scheme has lost a total of almost $10 million to various frauds.
The FBI has been warning people who are located in or travel to Southeast Asia to beware, because scammers there lure unwitting victims into crypto compounds with fake job opportunities and essentially enslave them, forcing them to participate in pig butchering scams.
Criminal actors target victims, primarily in Asia, in employment fraud schemes by posting false job advertisements on social media and online employment sites. The schemes cover a wide range of opportunities, to include tech support, call center customer service, and beauty salon technicians. Job seekers are offered competitive salaries, lucrative benefits, paid travel expenses as well as room and board. Often throughout the process, the location for the position is shifted from the advertised location. Upon job seekers’ arrival in the foreign country, criminal actors use multiple means to coerce them to commit cryptocurrency investment schemes, such as confiscation of passports and travel documents, threat of violence, and use of violence.
Criminal actors assign debts to victims under the guise of travel fees and room and board, and use victims’ mounting debt and fear of local law enforcement as additional means to control victims. Trafficked victims are sometimes sold and transferred between compounds, further adding to their debt.
And don’t get me started on job listing fraud!
It’s a way to enslave victims. It’s a way to steal their identities. It’s a way to steal proprietary information from companies.
In the first three months of 2023, Better Business Bureau (BBB) Scam Tracker received reported job scam losses of nearly $840,000 USD, up 250 per cent compared to the same time last year. As more people search for remote opportunities, scammers are looking to cash in.
And these job scams are becoming more and more sophisticated thanks to AI being thrown in the mix! The number of job scams reported to the Federal Trade Commission nearly tripled between 2020 and 2021. Criminals will hack company accounts. They will pose as recruiters. They will demand up-front payment for “company training.” And they exploit legitimate sites such as LinkedIn and Indeed to post fake job opportunities and target job seekers.
Deep fakes are becoming more realistic. You may think you’re talking to a real HR recruiter online, but discerning fakes from the real thing is becoming more and more difficult.
We used to laugh at the bad grammar, sketchy syntax, terrible spelling, and other telltale signs of scammers trying to draw us into their latest swindle, but the advent of programs such as ChatGPT has given illicit actors a tool for improving their writing and making it more realistic.
If a scammer uses ChatGPT, it makes the job easier, and could increase the volume of phishing attacks, which may convince you to click a malicious link or hand over personal information. Plus, ChatGPT summaries may now be very well-written with perfect grammar.
That means you want to be on guard now for texts and emails that look too well-written. That goes against the traditional warnings of looking out for poorly written texts and emails.
Worse yet, AI is now being used to spoof the voices of loved ones, claiming they’re victims of kidnapping or worse, trying to get their relatives to wire money for their release. The FTC says that last year Americans lost $2.6 billion in impostor scams.
At my previous job, we used to call it “playing Whack-a-mole.” As soon as you detect one criminal methodology, the illicit actors are already on to bigger and better techniques, and they get more and more sophisticated with each iteration.
So how to avoid becoming a victim?
Job seekers, do your homework. Look for forged company URLs that don’t look right. Do your research into said companies, be it adverse media or on job seeker sites, such as Indeed and Glassdoor. Do not give random strangers on the Internet any information about yourself and do not give them money, access to your bank accounts, or anything of the sort.
Is your new Internet friend guaranteeing certain returns on investments? That’s a red flag. Are they being overly pushy—whether to pressure you into investing in a “sure thing” in which time is limited or accept a job offer that will expire within hours? Kick them to the curb.
Do not give money to receive any kind of prize or inheritance. If you don’t know that lost, recently deceased family member in Spain, chances are they don’t exist.
No, the IRS/FBI/local sheriffs will never ask for payments in gift cards. EVER. They will also never ask for payment information over the phone. They will never ask you to wire money either. Hang up immediately.
Always use long, complex, and unique passwords or phrases to avoid having your access credentials easily guessed. I hate this one because it’s just too frustrating to come up with unique, complex passwords, but it needs to be done.
Do not ever transfer funds for someone else in exchange for a cut. If they don’t have access to the financial system and want you to gain it for them, chances are they are an illicit actor trying to use you as a money mule.
Are you selling something on the Internet? Be aware if a buyer immediately offers more than your selling price and tells you that his “agent” will come pick up the item because they’re “out of town.”
My son was selling an entertainment center online, and a supposed female contacted him to purchase it. But before committing to buying that entertainment center, “she” demanded that he verify that he was a real person. She told him she would send him a text message with a Google Voice verification code and ask him for that code to confirm that code.
My son, being his mother’s child, laughed at her, told her exactly what the scam was, and told her to find transport to a bad, bad place. She feigned surprise. “Why? I just want to make sure you’re a real person, that’s all!”
Right.
If you give them the verification code, they’ll try to use it to create a Google Voice number linked to your phone number. They will then use your number to steal from others and conceal their identity. Don’t do it.
There are too many strategies to list here, and this article is already getting long.
The bottom line is: trust no one. Do your research. Do not give out personal information online or on the phone. Ever.
I wrote about the prevalence of fraud a few months ago, but the situation has only gotten worse.
The Post Office is now installing electronic safeguards on mailboxes to help prevent the theft of personal information.
AI scams are getting more and more sophisticated.
Phishing is more sophisticated and more difficult to detect.
Trust no one. Do your research. Stay safe out there.
In Kansas, during the height of the pandemic we were No. 1 for unemployment fraud. The Kelly Administration blamed it on an outdated computer system. However, the real cause was laziness and incompetence on the part of Laura Kelly and her administration, who simply didn't take the problem seriously, even after multiple warnings by the feds, that organized crime would be getting involved.
This, even AFTER Laura Kelly HERSELF had her identity stolen.
I wrote a whole series of stories on this.. below is the most recent.
https://sentinelksmo.org/months-after-initial-report-straight-answers-missing-on-cybersecurity-at-kdol/
I wonder how many vulnerable elderly have lost their entire savings to these scammers. I know they've tried to get me a couple of times with scams, but I try my damndest to stay up to date on the latest phishing attempts. I will also use the Voigt Kampff questions to see if I can prompt a nonsensical response.