On May 15, the DOJ indicted a dozen people in a racketeering (RICO) investigation into a cybercrime conspiracy that used social engineering to steal more than $263 million from victims.
-
On May 15, the DOJ indicted a dozen people in a racketeering (RICO) investigation into a cybercrime conspiracy that used social engineering to steal more than $263 million from victims.
Today, I confirmed that "Victim #2" in the govt's case is "Tony," a victim I wrote about in January who was scammed out of nearly $5 million. Tony was scammed after being targeted in a social engineering attack over the phone that spoofed Google by calling him from the default number for Google Assistant and sending account security warnings via a Google.com email address.
I'm super psyched because this time last year Tony was seriously contemplating suicide after being robbed of his life's savings and his kids' college money. Now, it seems likely he might see some of those funds remunerated thanks to the government's seizure of crypto assets controlled by the defendants.
As for the defendants, I wrote about several of them last year in a scoop about how a $230M cyberheist prompted a botched kidnapping and carjacking of the accused thief's parents, who were out house-hunting in their brand new Lamborghini.
-
S stux⚡ shared this topic on
-
On May 15, the DOJ indicted a dozen people in a racketeering (RICO) investigation into a cybercrime conspiracy that used social engineering to steal more than $263 million from victims.
Today, I confirmed that "Victim #2" in the govt's case is "Tony," a victim I wrote about in January who was scammed out of nearly $5 million. Tony was scammed after being targeted in a social engineering attack over the phone that spoofed Google by calling him from the default number for Google Assistant and sending account security warnings via a Google.com email address.
I'm super psyched because this time last year Tony was seriously contemplating suicide after being robbed of his life's savings and his kids' college money. Now, it seems likely he might see some of those funds remunerated thanks to the government's seizure of crypto assets controlled by the defendants.
As for the defendants, I wrote about several of them last year in a scoop about how a $230M cyberheist prompted a botched kidnapping and carjacking of the accused thief's parents, who were out house-hunting in their brand new Lamborghini.
@briankrebs wow.. I hope for Tony he can get some closure at least from this
-
@briankrebs wow.. I hope for Tony he can get some closure at least from this
@briankrebs We quickly like to think "how can someone be scammed for 5M" but the truth is.. we are all susceptible for scams. Some more then others but we all are
-
@briankrebs We quickly like to think "how can someone be scammed for 5M" but the truth is.. we are all susceptible for scams. Some more then others but we all are
@stux It's so true. Half the victims I've interviewed over the last year who've lost >$1M said they had advanced degrees, some were even IT people.
-
@briankrebs We quickly like to think "how can someone be scammed for 5M" but the truth is.. we are all susceptible for scams. Some more then others but we all are
shared with some family, but they are scrubs; not even 6f.
-
@stux It's so true. Half the victims I've interviewed over the last year who've lost >$1M said they had advanced degrees, some were even IT people.
@briankrebs That hurts a lot..
The guilt afterwards can be so huge, esp if it's in your area of expertise. My mind is still scarred from being scammed out of 100 bucks, I cannot even imagine losing so much or everything..
Thank god we have people like you who fight for those
-
@briankrebs That hurts a lot..
The guilt afterwards can be so huge, esp if it's in your area of expertise. My mind is still scarred from being scammed out of 100 bucks, I cannot even imagine losing so much or everything..
Thank god we have people like you who fight for those
This is a well executed and coordinated scam. Anyone can fall victim. The spoofing trick and their practiced script is dangerous.
The only thing that would make me feel ashamed as IT is falling for a knowb4 email that has X-PHISHTEST in the headers.
-
This is a well executed and coordinated scam. Anyone can fall victim. The spoofing trick and their practiced script is dangerous.
The only thing that would make me feel ashamed as IT is falling for a knowb4 email that has X-PHISHTEST in the headers.
@crichardson @stux You are 100% correct. Having listened to hours of phonecalls made by these scammers against many victims, they are extremely smooth, calm, confident and convincing.
-
@crichardson @stux You are 100% correct. Having listened to hours of phonecalls made by these scammers against many victims, they are extremely smooth, calm, confident and convincing.
@briankrebs @crichardson And that's just it i guess, when dealing with humans you'll never can be 100% sure if the person says who they are via remote communication
You can only perform so many checks and if there is pressure..
Working in remote tech support made this very clear. If the person has all the right info, there is not super much i can do to refuse for example
-
@briankrebs @crichardson And that's just it i guess, when dealing with humans you'll never can be 100% sure if the person says who they are via remote communication
You can only perform so many checks and if there is pressure..
Working in remote tech support made this very clear. If the person has all the right info, there is not super much i can do to refuse for example
@stux @crichardson True. Not unless you initiate the call, and you happen to be calling the actual number that you wanted.
-
@stux @crichardson True. Not unless you initiate the call, and you happen to be calling the actual number that you wanted.
@briankrebs @crichardson How do you mean exactly?
For the telecom company I worked for, when a call came in from a customer we right away got all their (private) info in front of us, without them even saying a word
From there on it was checking things like DOB and lastname etc
-
@briankrebs @crichardson How do you mean exactly?
For the telecom company I worked for, when a call came in from a customer we right away got all their (private) info in front of us, without them even saying a word
From there on it was checking things like DOB and lastname etc
@stux @crichardson I'm talking about people meaning to call a certain company by calling the first number that shows up in Google search results.
-
@briankrebs @crichardson How do you mean exactly?
For the telecom company I worked for, when a call came in from a customer we right away got all their (private) info in front of us, without them even saying a word
From there on it was checking things like DOB and lastname etc
@stux @briankrebs @crichardson You call them, using a number you know belongs to the party they claim to be and ignoring anything they tell you. That's the only way to be certain.
-
@stux @crichardson I'm talking about people meaning to call a certain company by calling the first number that shows up in Google search results.
@briankrebs @crichardson Oh! yes.. those numbers only exist for 2 reasons, easy earning on tunneling your call or just plain scamming
