Howdy Folks 👋,

Here are some interesting stats for you. According to Jason Mikula, over 10,000 data breaches affected 42 billion records in the first half of 2024. That means we are on pace for an 80% increase in breaches this year.

All that PII will be used to drain bank accounts, supercharge scams, and create a massive headache for years to come.

And that’s not all; a new 10 billion record password leak last week has already unleashed a flood of highly successful credential stuffing attacks at banks and retailers. Some bot attacks have the right password in 50% of the attempts - the typical rate of these attacks is generally 5% or less according to experts.

Let’s get to the top news this week! 👇️ 

• Dorm Room Fraudsters - Two more professional refund fraudsters were indicated. They stole logins to FedEx/UPS tracking systems and helped people get fraudulent refunds.

• Fraud Tsunami - The FBI said Americans are being hit with a Tsunami of fraud, and experts say that the US is light years behind the UK, Australia and other countries in dealing with it.

• Fake Police - The BBC showcased an explosive trend of fake Chinese police involved in scamming tens and thousands of Chinese Immigrants into sending millions to international scammers.

• Record-Breaking Leak—Holy Cow, a staggering 9,948,575,739 clear text passwords were leaked in what is being called the largest leak in history. Hackers posted the file RockYou2024.txt on a hacking forum last week.

• Fan-Topia Elicit Deepfakes - A website for nonconsensual sexually explicit deepfakes of celebrities, advertises the ability for subscribers to pay with Visa and Mastercard credit cards, which is clearly against the association’s regulations.

• $300 - That’s the going rate for traffickers selling women to Cambodian to scam compounds. That is quite a bit, considering the annual earnings of a Cambodian is about $1,500.

• Hot Take - Naftali Harris, co-founder of Sentilink, warns that the Evolve Data Breach is far different and more sinister than other recent breaches, predicting that the data could be used to drain bank accounts.

• Slow Death of The Check- Target has announced that they will stop accepting checks as payment which has fraud fighters everywhere cheering. As check fraud soars will other businesses soon follow?

New Hyper Realistic Mask Can ByPass Identity Checks

A new generation of hyper-realistic deepfake masks is emerging for sale in China. The masks are different from predecessors because buyers can send in a photo of the image they want to deepfake, and artists will create a doppelganger mask of the photo.

The masks take 6-8 weeks to deliver, but they appear highly successful in various criminal activities like identity theft, bank robberies, and car thefts.

Click Here Or Image Below To Read

How Fraudsters Are Using AI To SuperCharge Insurance Scams

Insurance fraud has taken an alarming turn with the advent of AI-manipulated images. It took off after the release of Adobe Photoshop’s Generative AI fill tool last year, which provides the seemingly instant and magical capability to manipulate images with a mouse click.

One insurer, Allianz, reported a 300% increase in AI-related insurance fraud last year, driven by accessible generative AI tools. They call it the “next big scam” in insurance claims.

It’s a ticking time bomb that will stretch insurance underwriters to the brink.

Click Here Or Image Below To Read

Don’t Look Now - Yahoo Boys Are Perfecting Deepfakes Even More

David Maimon of Sentilink has uncovered further proof that deepfakes are growing in sophistication and capability.

In a video he uncovered, Yahoo Boys appear to use deepfake video and audio simultaneously to create highly personalized and believable video messages to fool their victims.

If you have any doubt that deepfakes are a real threat. Check this post out.

Click Here Or Image Below To Read

A Website For Car Hackers And Jackers

Car theft is up 30% in the US as new technologies emerge online to help thieves steal cars in seconds.

One interesting site - Hacking Tools Car - is promoted as a “security site” for protecting your assets, but digging deeper; you quickly realize they are selling tools like GPS jammers to hide cars, keyless repeaters to break into cars, and code grabbers that can be used to create counterfeit FOBS.

The site even has a Telegram channel, where it posts videos of car thieves presumably using its tech to steal a car at night.

Commercial Property Fraud Is Snowballing As Defaults Rise

Prosecutors are cracking down on commercial property fraud, sending shudders down the industry.

Now, to compound matters, the drop in property values and high vacancy rates expose fraud that has existed on commercial properties for years. As the loans default, the fraud is rising to the surface.

It was bound to happen, as we predicted earlier this year. All these Zombie offices are being exposed as massive fraud schemes.

Click Here Or Image Below To Read

Fraud Experts - Credential Stuffing Exploits Are Getting Scary Effective

Multiple fraud experts are sounding the alarm this week on credential stuffing attacks. In the wake of the RockYou2024 leak there are reports credential stuffing attacks against retailers, banks and subscription services are soaring and the success rates are climbing.

Nate Kharrl of Spec, says that his firm is seeing credential stuffing attacks where up to 50% of user and password combinations are valid logins which is 10 to 50 times the normal level. What does that mean? It means the hackers are not guessing anymore, they are using breached data to perpetrate their bot attacks.

Other experts from Prove, Arksose Labs and Fraudology are pointing to other signals we are in for trouble. 🚩

Catch Karisse Hendrick’s Fraudology Podcast this week to prepare yourself for the wave of attacks hitting the industry.

New Honey Trapping Scams Are Victimizing Trafficked Women Taken To Cambodia

Indian women are being trafficked to Cambodia to carry out new honey-trapping scams against men. The women are recruited and promised jobs in Australia but are later diverted to scam compounds in Cambodia, where they are enslaved, tortured, and forced to create fake social media profiles.

As part of their scamming, they are forced to make “nude calls” to men back home to be used in extortion against the men later. An Indian man, Munshi Prakash, who was also a slave at the compound, recently revealed the scheme when he escaped.

Over 3,000 Indian slaves remain trapped in Cambodia.

Click Here Or Image Below to Read

Friendly Fraud Soaring As Influencers Promote It Online

CBS zeroes in on soaring friendly fraud promoted by online influencers, saying it’s a quick fix to just about any issue you have with a merchant.

Don Corleone Of CyberCrime Hacked Chase, Then Ran A Scam On FBI

A notorious hacker dubbed the “Don Corleone of cybercrime” — busted nearly a decade ago following an infamous breach of JPMorgan Chase and other Wall Street firms — allegedly ran a new scam while cooperating with the feds, according to a report by Bloomberg.

During the scam, he stole 200 million Euros from people across Europe as part of a sophisticated investment scam.

Click Here Or Image Below To Read

That’s all I have for you this week. Special thanks to Mary Ann Miller, Karisse Hendrik, David Maimon, Ken Palla, Nate Kharrl, and Troy Gochenour who provided tips for this weeks newsletter.

Happy fraud hunting 🔎 , and see you again next Tuesday!

FrankonFraud