Cybercrime…. Are You Prepared or Will You Be The Next Victim?

Guest post By Scott Augenbaum (Retired FBI)

The Secret to Cybersecurity: A Simple Plan to Protect Your Family and Business from Cybercrime By Scott Augenbaum 

Before You Open Your Next E-mail……Read This!

During my 30-year career with the Federal Bureau of Investigation (FBI), I led investigations dealing with Cybercrime.  There was one thing that seemed to be a common element among all my assignments.  At the end of the day, many good, smart people became unwitting victims .  .  .  . and I took every incident personally.  

One mantra I have imparted over  the past decade is that a majority of all Cybercrime victimizations start with a phishing email. Unfortunately,  things have not changed. Even though I am no longer with the FBI, a recent news report about a phishing incident broke my heart.

This particular story begins when a Maryville, Tennessee woman (let’s call her “Lady X”) received an email purporting to be from her so-called “Anti-Virus” company. The email stated that she was being billed $299.99 to renew her yearly subscription. This wasn’t anything Lady X wanted or requested.  But since it came from a company that Lady X knew (and inherently trusted), she felt it prudent to respond. 

As a quick sidebar, even though the email asked Lady X to call a 1-800 number to resolve any concerns or issues with the renewal of her subscription, perpetrators of this scam are usually located outside the United States.  So, without hesitation, Lady X called the 1-800 number and spoke to a so-called “representative”. Lady X did not know that she was speaking to a Cybercriminal.  

The man who answered Lady X’s call explained that in keeping with her service plan, she had been billed $299.99 but he would gladly refund her the money.  However, he told Lady X that in order for the refund to process, she needed to download a program onto her computer to provide access to a refund form.  As soon as Lady X installed the program on her computer, the so-called “representative” informed her to enter $300.00 into the form. Immediately upon entering the requested $300.00, two extra zeros were automatically entered and  a new amount of $30,000.00  was displayed as the amount to be ‘refunded’ to Lady X.

Related Reading  Senior Cyber: An Interview With The Author (And A Chance To Win A Copy Of The Book)

This Cybercriminal proceeded to scold Lady X and said she purposely tried to trick the company to pay her a larger refund.  As a result, Lady X was told that the system initiated a transfer to her in the amount of $30,000.00. Of course, this was a lie.  No such transfer to Lady X had been initiated.  Lady X was then informed that these funds needed to be returned immediately to avoid penalties.   She claimed she did not want the money and without question, would gladly return it.   At this point, the Cybercriminal  informed the victim that the only option to remedy her error was to initiate a wire transfer from her bank.

The Cybercriminal now had control of Lady X’s computer and printer as she was completing the $30,000.00 wire transfer back to his company.  The Cybercriminal, through his remote access to Lady X’s computer and printer system, printed out the wire transfer request and had her take it to her bank to repay the company for her alleged mistake. Lady X was instructed not to tell anyone at the bank about the fact she erroneously received $30,000.00 from the company.  

The next morning, upon checking her bank account, Lady X was aghast and what she saw:  a negative $30,000.00 balance.  Immediately, Lady X placed a call to the Cybercriminal for an explanation, but he could not give her one. Next, she went to the bank to get an accurate balance.   The bank confirmed there  was only $532.00 in her account. $30,000.00 that was in her account from her late husband’s life insurance policy was gone.

As if this was not enough, the Cybercriminal called the flustered victim back and told her the wire transfer did not go through.  Lady X now needed to refund the money by purchasing $10,000.00 in gift cards.  Regrettably, she followed the Cybercriminals instructions. In addition, Lady X realized that the Cybercriminal also took control over her home alarm system and computer camera.

Related Reading  Bridging The Gap; Women In Cybersecurity

At this point, Lady X unplugged her camera and reported the incident to the police. She canceled her credit cards and discontinued contact with the Cybercriminal.

It saddens me to say but Lady X just lost everything she had worked so hard for.   Everything wiped out by a heartless Cybercriminal and by her blind faith and trust.   By the time the investigation is completed, it will be discovered that the money was sent to an overseas bank account controlled by this lowlife Cybercriminal.   

I have seen this happen thousands of times during my FBI career.   In my book, “The Secret to CyberSecurity”, this type of invisible crime is covered in two specific chapters: Elder Scams and Phishing. If you attend one of my Cybercrime Prevention lectures, you will hear me discuss the following Four Truths to CyberCrime: 

         Truth One:  Nobody expects to be a victim.   I guarantee you that Lady X never dreamed that she would become a victim.

         Truth Two:  Once the Cybercriminals steal your money, the chances of a full recovery are slim to none.   Since the money is already out of Lady X’s bank account and the Cybercriminals already used the gift cards,  neither the bank nor the credit card company are responsible for helping get her money back.

          Truth Three:  The chances of law enforcement bringing Cybercriminals to justice is challenging at best.  In this case, the Cybercriminal is most likely located in either West Africa, Eastern Europe or India.  The digital clues consist of email accounts and a 1-800 number, both of which are difficult to trace back to the actual Cybercriminal.   Following the money will lead to foreign bank accounts.  It can take months or years to obtain the records, by which time the money and the Cybercriminal will be long gone.

Related Reading  FBI Warns of PYSA Ransomware Attacks on Education

         Truth Four:   A majority of Cybercrime incidents could have been prevented without spending money on products and services or even having a technical background.   This is the most frustrating thing for me when I see another Cybercrime victim who could have avoided being a target by simply being empowered with a couple of key pieces of information and no-cost preventive action plans.

Cybercrime is real.  It is happening to real people every day.  The problem is growing exponentially. .   Maybe you would never have fallen for this scam? What about your parents? Or your grandparents, loved ones, children or even co-workers?   

Please take these tips and share them with everyone because no one needs to be the next Cybercrime victim: 

  • Email is the main attack vector.  Cybercriminals will send you an email that seems to come from someone you know and trust.  
  • Think before you click and act. 
  • Never call a telephone number in an email.  Always find another way to reach the company.  And always be in doubt about the validity of an email. 
  • Never let anyone have remote access to your computer for any reason. 
  • If you are tricked into purchasing gift cards on your credit card, it’s the same thing as giving the Cybercriminal cash.  You cannot get it back. 
  • Implement two-factor authentication on all your email, social media and finance platforms. 
  • Report all suspicious emails to the FBI at WWW.IC3.GOV

© 2021 Scott Augenbaum

 1,833 total views,  24 views today

(Visited 1 times, 9 visits today)

5 thoughts on “Cybercrime…. Are You Prepared or Will You Be The Next Victim?

  1. When I had PC MATIC on my machine, someone kept turning it off. I tried to tell PC MATIC,
    but got no response. If I did, it was not helpful. Now I don’t know what to do. Thanks.

  2. The same thing happened to me. I was told to go to the nearest Target store and buy $2,000 in gift cards, all the while still on the phone with the scammer. Fortunately, a sales person at Target questioned the purchase of 4 $500 gift cards and said it was a scam. She told me to go home and shut down my computer, breaking the connection. The scammer was furious, but then relented and told me I was smart before hanging up.

  3. More than accurate hombre. I think I am pretty tech save. I worked as the Senior Computer Engineer for my last company for twenty years. I have a couple of Virus Checkers and Firewalls in three languages.

    So. Before we had Faecesbook, twitter, etc, we had Forums. (Fora) On a PNG Forum where we corresponded in Tokpisin, Motu, and English, I gradually made the acquaintance of a lady who showed an interest in PNG. (No romance implied or intended) She identified herself as an USA citizen, a black lady, and an accountant.

    She made a suggestion that we should set up a fund for the education of PNG children. (education is neither free nor compulsory in PNG, even at primary level) I readily assented to this. During this process, I suggested that we should try to make the fund official, to avoid any tax implications. She wanted to gloss over the details. Strange behaviour for an accountant, who normally like to cross every i, and dot every t. Usually much to my frustration as an engineer, who prefers to “DO” things. This aroused my suspicions. So I made some checks.

    She turned out to be a black lady alright, Hazina Samuel Doe, in fact, several horny looking black ladies. Probably the ortho-egos of some Nigerian or Ghanian, scammer. She had homed in on details that had appeared on the forum about me.
    1. I was a sponsor of the PNG celebrations here in Brissie.
    2. I probably had enough money to be worth scamming.
    She also established a rapport with me over our shared love of cold Mangoes, on a hot summer’s day, and the mess we made of ourselves eating them. (rapport is always a good tactic)

    Lessons learnt: Do not disclose too many details about yourself online. Do not be too trusting. Even on a relatively private forum you can still get scammers. I, personally, would never use a public domain site like faecesbook.
    Regards….Marum Katze.

  4. I have been through this sam thing twice now and my ammount worked up to $40,000.00 but I and an Albertson young man who worked there discussed it and since I was still on the phone with the scammer he talked to the scammer and after a heated call he hung up my phone and told me never to talk to that man again. Now after the scammer trying five times to get me to answer my phone I get emails continuing the threat.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.