Guest post By Scott Augenbaum (Retired FBI)
Before You Open Your Next E-mail……Read This!
During my 30-year career with the Federal Bureau of Investigation (FBI), I led investigations dealing with Cybercrime. There was one thing that seemed to be a common element among all my assignments. At the end of the day, many good, smart people became unwitting victims . . . . and I took every incident personally.
One mantra I have imparted over the past decade is that a majority of all Cybercrime victimizations start with a phishing email. Unfortunately, things have not changed. Even though I am no longer with the FBI, a recent news report about a phishing incident broke my heart.
This particular story begins when a Maryville, Tennessee woman (let’s call her “Lady X”) received an email purporting to be from her so-called “Anti-Virus” company. The email stated that she was being billed $299.99 to renew her yearly subscription. This wasn’t anything Lady X wanted or requested. But since it came from a company that Lady X knew (and inherently trusted), she felt it prudent to respond.
As a quick sidebar, even though the email asked Lady X to call a 1-800 number to resolve any concerns or issues with the renewal of her subscription, perpetrators of this scam are usually located outside the United States. So, without hesitation, Lady X called the 1-800 number and spoke to a so-called “representative”. Lady X did not know that she was speaking to a Cybercriminal.
The man who answered Lady X’s call explained that in keeping with her service plan, she had been billed $299.99 but he would gladly refund her the money. However, he told Lady X that in order for the refund to process, she needed to download a program onto her computer to provide access to a refund form. As soon as Lady X installed the program on her computer, the so-called “representative” informed her to enter $300.00 into the form. Immediately upon entering the requested $300.00, two extra zeros were automatically entered and a new amount of $30,000.00 was displayed as the amount to be ‘refunded’ to Lady X.
This Cybercriminal proceeded to scold Lady X and said she purposely tried to trick the company to pay her a larger refund. As a result, Lady X was told that the system initiated a transfer to her in the amount of $30,000.00. Of course, this was a lie. No such transfer to Lady X had been initiated. Lady X was then informed that these funds needed to be returned immediately to avoid penalties. She claimed she did not want the money and without question, would gladly return it. At this point, the Cybercriminal informed the victim that the only option to remedy her error was to initiate a wire transfer from her bank.
The Cybercriminal now had control of Lady X’s computer and printer as she was completing the $30,000.00 wire transfer back to his company. The Cybercriminal, through his remote access to Lady X’s computer and printer system, printed out the wire transfer request and had her take it to her bank to repay the company for her alleged mistake. Lady X was instructed not to tell anyone at the bank about the fact she erroneously received $30,000.00 from the company.
The next morning, upon checking her bank account, Lady X was aghast and what she saw: a negative $30,000.00 balance. Immediately, Lady X placed a call to the Cybercriminal for an explanation, but he could not give her one. Next, she went to the bank to get an accurate balance. The bank confirmed there was only $532.00 in her account. $30,000.00 that was in her account from her late husband’s life insurance policy was gone.
As if this was not enough, the Cybercriminal called the flustered victim back and told her the wire transfer did not go through. Lady X now needed to refund the money by purchasing $10,000.00 in gift cards. Regrettably, she followed the Cybercriminals instructions. In addition, Lady X realized that the Cybercriminal also took control over her home alarm system and computer camera.
At this point, Lady X unplugged her camera and reported the incident to the police. She canceled her credit cards and discontinued contact with the Cybercriminal.
It saddens me to say but Lady X just lost everything she had worked so hard for. Everything wiped out by a heartless Cybercriminal and by her blind faith and trust. By the time the investigation is completed, it will be discovered that the money was sent to an overseas bank account controlled by this lowlife Cybercriminal.
I have seen this happen thousands of times during my FBI career. In my book, “The Secret to CyberSecurity”, this type of invisible crime is covered in two specific chapters: Elder Scams and Phishing. If you attend one of my Cybercrime Prevention lectures, you will hear me discuss the following Four Truths to CyberCrime:
Truth One: Nobody expects to be a victim. I guarantee you that Lady X never dreamed that she would become a victim.
Truth Two: Once the Cybercriminals steal your money, the chances of a full recovery are slim to none. Since the money is already out of Lady X’s bank account and the Cybercriminals already used the gift cards, neither the bank nor the credit card company are responsible for helping get her money back.
Truth Three: The chances of law enforcement bringing Cybercriminals to justice is challenging at best. In this case, the Cybercriminal is most likely located in either West Africa, Eastern Europe or India. The digital clues consist of email accounts and a 1-800 number, both of which are difficult to trace back to the actual Cybercriminal. Following the money will lead to foreign bank accounts. It can take months or years to obtain the records, by which time the money and the Cybercriminal will be long gone.
Truth Four: A majority of Cybercrime incidents could have been prevented without spending money on products and services or even having a technical background. This is the most frustrating thing for me when I see another Cybercrime victim who could have avoided being a target by simply being empowered with a couple of key pieces of information and no-cost preventive action plans.
Cybercrime is real. It is happening to real people every day. The problem is growing exponentially. . Maybe you would never have fallen for this scam? What about your parents? Or your grandparents, loved ones, children or even co-workers?
Please take these tips and share them with everyone because no one needs to be the next Cybercrime victim:
- Email is the main attack vector. Cybercriminals will send you an email that seems to come from someone you know and trust.
- Think before you click and act.
- Never call a telephone number in an email. Always find another way to reach the company. And always be in doubt about the validity of an email.
- Never let anyone have remote access to your computer for any reason.
- If you are tricked into purchasing gift cards on your credit card, it’s the same thing as giving the Cybercriminal cash. You cannot get it back.
- Implement two-factor authentication on all your email, social media and finance platforms.
- Report all suspicious emails to the FBI at WWW.IC3.GOV
© 2021 Scott Augenbaum
1,833 total views, 24 views today