- FrankonFraud
- Posts
- 💸 $528,000 Scam Refund Is Going To Be Crazy Town For First Party Fraud
💸 $528,000 Scam Refund Is Going To Be Crazy Town For First Party Fraud
Frank McKenna
June 11, 2024
Hello from FrankonFraud,
I’m back in San Diego after a very busy week on the road 🧳. It’s great to be back in the office and catching up.
If you have trouble with any links in this email, try clicking here for the web version.
Let’s get to the top stories of the week!
Snowballing—Snowflake continues to struggle with a tsunami of breaches - over 165 companies have had data stolen, according to Mandiant, which will likely make this event the biggest breach in history. Snowflake has yet to force MFA or reset passwords despite hundreds of login credentials being found on sites like Telegram. And new reports show that Snowflake waited seven days to alert clients after they learned of the attack. If you want a great overview of what happened - check out the Mandiant Report here.
A Work Number Monopoly? —Equifax’s The Work Number is being sued in a class action lawsuit by mortgage lenders who claim they are using their position to create a monopoly for the service, which can run as high as $65 a pull. The company is raising the ire of many companies that have learned to rely on the service to prevent fraud but are finding it increasingly expensive.
SMS Blaster - Cybercriminals are accused of piecing together an illegitimate cell tower called an "SMS blaster" device to bypass mobile carriers' systems for filtering out fraud and spam messages.
Crypto Boom 2.0 - History repeats itself. Voidzilla says crypto scams are booming again after renewed investor optimism. Even Caitlyn Jenner and other celebrities are releasing coins, and he thinks we’re in for another crash.
Sneaky CHIP Fraud—The New York Times reports on a unique fraud case in which Wells Fargo initially denied a customer's claim but later gave them a refund. The fraud happened at a gas station using a CHIP-read transaction, and the merchant involved was very sneaky.
FBI OJ Files - Want to peruse 500 pages of FBI investigations into OJ Simpson? The FBI released a trove of investigative data, which you can read here.
Double Tipping Scam: In Miami, waiters scam customers by adding 15% or 20% tips after customers give them their credit cards but do not return the itemized receipts, so customers don’t realize they have already tipped. Apparently, this is the new scam!
Vicious Geese - In Brazil, unusually spiteful and intimidating geese are used as prison guard dogs, alerting officials to drugs, cell phones, and escape attempts.
Hacker Delight—Cybersecurity researchers say Windows’ new Recall feature, which takes a screenshot every five seconds, is prone to hacking exploits; in fact, they created one themselves that allows a hacker to collect all data collected by Windows.
Big Dealer Down—The same ransom group that attacked MGM has brought down Findlay Auto Group, a large dealership group. Apparently, all systems are down at the dealerships.
Pro Fraud Refunders Falling Like Dominos -Facing 20 Years Each
10 fraud ring members who ran Noirs Luxury Refunds face 20 years in prison each for their involvement in one of Telegram's most notorious refunding groups.
Three members of the group, Samuel Tinsley, Jennifer Mireya, and Brian Buchanan, have accepted plea deals, and the government provided more details about how the group operated as part of those deals.
It's fascinating to see how each group member had a specialty. Tinsley, for example, was the money guy and apparently had over $1 million in his Navy Fed personal account when he was arrested.
Coming To A Head - UK Banks Reject Crazy Reimbursement Rule 🤑
UK banks and payment providers are strongly opposing the government’s plan to require victims to be reimbursed up to £415,000 by October of this year. They are calling for a 12-month postponement to reduce the reimbursement maximum to just £30,000 per incident.
I have to admit, I don’t blame them. Setting a limit of over $500,000 reimbursement for a scam could result in massive losses - forcing smaller banks out of business, pushing larger banks to outright block payments, and inviting a wave of friendly fraud we’ve never seen before.
This seems like a reimbursement experiment doomed to fail or at least be a fraud bonanza for scammers.
They're Alive! Autonomous AI Hack Bots Are Incredibly Good At Hacking
Researchers have created AI Hacking Bots that could locate vulnerabilities on 8 of 15 websites tested. Those bots found all the vulnerabilities without being trained to find them. That’s over a 50% success rate.
Most interestingly, the AI bots spawned other AI Agents to help them scale up the scanning to pick apart websites. This spells bad news, as hackers worldwide could scale up massive hacking operations that enlist the help of smart bots.
Inny Fraud At BancFirst - Gave Loans To Friends With Bad Credit
An SVP at BancFirst created a scam where he would set up his friends with loans under his signing authority. Many of them were not creditworthy. He used the loan funds to finance his real estate ventures and to support his gambling habit.
This OTP Bot Demo Created Quite a Stir
David Maimon posted a video of an OTP Bot in action, showing the scammer's and victim's phones side by side to demonstrate how simply and effectively these OTP bots work.
I first noticed these OTP bots being sold in 2021. For a primer on how they work, check out my blog post.
Eat, Scam, Sleep, and Do It All Over Again
In the desert just outside Dubai, there is a secret scam factory capable of swindling tens of thousands of people at a time. But one scammer who has to pretend to be a woman and scamming people all day has a secret plan — and if he succeeds, it could shut the whole syndicate down.
CyberKidnapping Scams Growing - Missing Girl Found
A Chinese woman, Lu Xinlei, was extorted for over 17 million Yuan by impersonation scammers who told her she had violated money laundering laws and would be sent to prison unless she paid the fine.
After making the payment, she was instructed to take a plane to Thailand, remove the SIM card from her phone, change hotels frequently, and not call her parents.
Once she was out of the country, the scammers proceeded to claim she was kidnapped, demanding another $5 million Yuan from her parents.
AI Is Going To Make CAPTCHA Useless
I saw a recent post circulating on Linkedin that blew me away. Well, it was this image of a user that had ChatGPT solve a difficult Captcha that opened my eyes 👇️
If you look closely, there was a small mistake. The last letter wasn't a capital "P," it was a lowercase "p." But it was still very close. I tried it myself, and it solved different Captchas easily, including ones with pairs with absolutely no errors.
As it turns out, AI is better at solving CAPTCHA’s than humans. We’re going to need to come up with something better!
ElevenLabs Releases More Tools That Scammers Will Love
Remember ElevenLabs.io, the AI company a Magician used to create this Biden deepfake? 👇️
By the way, that magician was fined $6 million by the FTC!
They just released something else I think scammers will love - Sound Effects. With a simple prompt, you can instruct the AI software to create any sound you can think of - including someone screaming with police sirens in the background or even the sound of someone being kidnapped.
Forget Saving for Retirement; Focus On Keeping Your Dough From Scammers
Gone are the days of optimizing your retirement fund or ensuring a well-balanced portfolio. The new name of the game is keeping your savings out of the hands of scammers! 🔐
You have to question if it is safe to have a bank account with all the scammers out there targeting elderly people’s life savings. Like this poor couple.
Thanks for catching up with me on the latest fraud trends this week. Are you having any trouble clicking on any links in this email? A few of you have reported that Beehiiv, my platform, doesn’t work at some organizations.
Please let me know if that is the case with you so I can fix it.
Have a great week!