cybercrime - CyberEye

Dan Gavin 15, Nov, 2024

Blog

Butch Cassidy, the Sundance Kid, and the Money Mules

On a dry and pitch-dark night in early June of 1899, the tired old engineer of the Union Pacific Railroad train thought he saw a flicker up ahead. Since he was just outside of Wilcox, Wyoming, he assumed those two lanterns meant that the bridge ahead was washed out. He rolled the engine to a stop to find two masked men held the lanterns. With the “Hole-in-the-Wall” gang led by the famous duo of Butch Cassidy and the Sundance Kid running loose in these parts, he knew this was trouble. Soon four more bandits joined the first where they found the safe. When the security guard refused to open the safe, they laid dynamite and blew it open. The team of bandits made off with $50K in cash plus jewelry, gold, and diamonds.

Executing the heist was one thing, but getting away with it was another. Sundance handled the heist, and Butch handled the get-away. While Sundance’s team was busy cold-cocking engineers and blowing up safes, Butch was setting up a chain of horses to get the gang out of danger. They ran the horses until exhausted and picked up fresh horses, so they were far out of reach of any possible pursuing posse.

Cybercrime today is a lot like the Wild West. The hackers are experts at executing the modern-day bank heist via the cyber realm. They skillfully slip into critical computers, crack passwords, and open up the victim’s bank account. Now how do they get the money out without being tracked? I’m glad that you asked. They use money mules.

A money mule is someone who transfers the money from the victim’s account and wires the money into the hacker’s account. They are the middlemen of the operation. The money mules have no idea that they are actively participating in a criminal activity. They think they have a part-time job that pays well. Sometimes they call themselves transfer agents. Money mule recruiters tend to target people looking for part-time, remote employment, and the jobs usually involve little work other than receiving and forwarding bank transfers. They advertise just like any other recruiter. Initially the mules are given busy-work, menial tasks for the first week where the criminals weed out the bad workers. If they are late to work or lazy, they are fired. A money mule must be reliable. It could cost the organization a large amount of money.

On a given day the mule would watch the “company’s” message board for instructions. It would say something like: “Good morning. Our client, Acme Corp, is sending you some money today. Please visit your bank, withdraw this payment in cash, and then wire the funds in equal payments, minus your commission, to these three individuals in Eastern Europe.”

Evil Corp, a Russian hacker group, used money mules in their operations and is in the news again. There have been multiple arrests in the United Kingdom, France, and Spain. Some of the arrests were the unwitting money mules. The United States Department of Justice worked with European authorities as many of the Evil Corp victims were located in the United States.

Evil Corp’s leader, Maksim Yakubets, is still on the loose. Just like the Wild West, there is a bounty on his head, $5M. His father-in-law, Eduard Benderskiy was named and sanctioned by Western authorities recently describing him as a protector of the Evil Corp crime organization.

If you see a post on social media or an unexpected direct message with a promise of easy money by being a money transfer agent, you may want to reconsider that opportunity. It could land you in jail. If you are like Butch and Sundance, you could end up surrounded by the Bolivian army in South America. Don’t take the bait.

Dan Gavin 30, Sep, 2024

Blog

Sale of the Eiffel Tower and Election Phishing

In 1925, the Eiffel Tower was in a serious state of disrepair and there were rumors that it would be dismantled. Not to let a good rumor go to waste, con artist, Victor Lustig, posed as a government official and invited several scrap metal dealers to a confidential meeting, claiming that the government wanted to sell the Eiffel Tower for scrap. Five dealers responded to his request for a meeting and one dealer, Andre Poisson, made the highest bid for the 15,000-beam structure. Two days later the deal was closed for an undisclosed amount. By the time Poisson discovered he was scammed, Lustig was in Austria.

Con men and scammers have been around for ages. In this digital age, scammers are using technology to add credibility to their scams. Through email and text messaging they can cast a broad net. It is a good day for them even if they only reel in two victims out of one hundred emails or texts. Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. Phishing is the number one entry point for ransomware.

Hackers use whatever topics are current or in the news to entice someone to let their guard down so the victim clicks the link or gives up critical information. As the election is less than two months away, election campaign phishing is on the rise. As I was reviewing dark web reports, I noticed an advertisement selling a phishing platform. They had templated the faux campaign donation emails and would provide the mass email platform. The dark web customer could choose to target either the Harris or Trump voters, or both. Nowadays, criminals don’t have to be technically proficient, they can outsource their evil.

These days I am receiving several text messages a day asking me to donate to or vote for a particular candidate with a link at the end of the message. From the text, it is hard to determine if the message is legitimate. If you are interested, research on the internet for the candidate’s site and learn more. If you are not interested, delete the message and mark it as junk. Whether it’s email or text, don’t click on any links.

Scammers use the same techniques whether it is a text, email, or a phone call. If you receive a phone call, be very careful if you choose to engage the caller. If there is a campaign or a charity that you are interested in supporting, thank the caller for their time and go to a known-good website for that organization. Do not give the caller any financial information like credit card or bank account numbers.

Before donating to any Political Action Committee (PAC), it is a great idea to verify that the organization is legitimate. All PACs must register and report to the Federal Election Committee (FEC). Check out this website from the FEC to verify the organization. www.fec.gov/data/reports/pac-party

What does the sale of the Eiffel Tower and an election have in common? They both have con men and scammers looking for ways to take advantage of unsuspecting victims. Just as Victor Lustig duped the scrap metal magnate, scammers are phishing to see who will take their bait.