How to Identify and Prevent Sophisticated Scams

It is becoming difficult to identify and prevent wire transfer fraud (WTF). Recently, a threat actor was able to steal $25M by using Deep Fake AI to impersonate a CEO and other management on a video call.  See https://lnkd.in/ermje-5j. In an even more challenging example, a small bank's ACTUAL long-time CEO was dupped, and caused his employees to make ten wire transfers equaling more than $47M. See https://lnkd.in/eh-Xqagv. If we can't trust a real looking/sounding fake CEO and we can't trust an ACTUAL CEO, how can we ever prevent WTF? Here are some tips:   1. INDEPENDENT RESEARCH: At least one employee involved in an "unusual" wire transfer (i.e., unusual considering size, payee, payment method, situation, need for speed, new wire information, etc.) should independently research the transaction to confirm its validity. This employee should fill out pre-prepared worksheets to document that all of the steps below were taken. Such investigation might include: •  Speaking directly with the person requesting the wire or the change in the wire to understand: (a) the purpose of the wire; (b) the origin of the request; and (c) how the request was made (e.g., by email). Always call that person directly using his or her known contact information. Also, consider speaking directly with the originator of the request, if that is someone different than the requestor.    •  Independently looking up the payee (perhaps on a personal device, in case the network is infected) to understand what the payee does, whether the payment makes sense, and whether there are any reputational issues with the payee (e.g., check the BBB website, State AGs, or other sites.)     • Independently finding the true phone number of the payee, and calling the payee to verify the wire transfer information is accurate.    • Speaking directly with someone more senior than the requestor to confirm the transaction is legitimate. If the requestor is the CEO, and the transaction is significant enough, speak with someone on the board or outside counsel.  In advance, create a contact list with the relevant approvers.        2. DUAL CONTROL: At least two employees should approve every significant transfer. Ideally, there are technical controls (e.g., two separate MFA approvals) to ensure both employees have approved.   3. WRITTEN PROCEDURE:  Your procedure should be documented and updated annually. Written validation logs should also be retained.   4. TRAINING: Everyone involved should be trained on the procedure upon onboarding and at least annually.   5. TABLETOP EXERCISES: This is another big one. Consider conducting "WTF tabletop exercises" at least annually. Test your procedure with challenging situations, such as a deep fake CEO or a real CEO who has been dupped.    6. ESCROW OPTIONS: For significant transactions, consider whether there are options to transfer the funds into an escrow or other safe account until you can fully validate the payee or the transaction.    

Being in the fraud prevention industry gives me an insider’s view of how fraud attacks work - including seeing new patterns emerge. Here are recent insights on how fraudsters are increasingly targeting people to take control of their bank accounts and initiate unauthorized wire transfers. 📞 The Phone Call Scam: Scammers exploit the vulnerability in PSTN to spoof caller IDs, making it seem like the call is coming from a trusted bank. A number of well-known VoIP providers make this possible. 🔓 Remote Access: Once they establish contact, scammers mention there is some suspicious activity or other important reason behind their call. They then persuade victims to install remote desktop applications like AnyDesk, or to turn on WhatsApp or Skype's screen sharing. This allows them to access banking apps and initiate transfers. This helps them to intercept login data and one-time passcodes. Banks also don't insure against such scams, leaving victims exposed. 🤖 AI in Voice Scams: Imagine combining voice recognition with GPT-based text-to-speech technology. Scammers scale their operations massively, this is a future risk we must prepare for now. So what proactive measures can banks and digital wallets take? 1. Customer Education: Many banks already do this; keeping their customers informed about official communication channels and the importance of calling back through their verified numbers. 2. One-Time Passcodes for Payments: OTPs aren’t just for logins but also useful for transactions, with detailed payment information included. 3. Being On a Call During Transactions: The top FinTechs are already looking into, or developing technology to detect if a customer is on a call (phone, WhatsApp, Skype) during banking activities. 4. Detect Remote Access: Implement detection mechanisms for any remote access protocol usage during banking sessions. 5. Behavior and Velocity-Based Rules: Sophisticated monitoring should be used to flag activities in real-time based on unusual behaviour and transaction speed. 6. Device, Browser, and Proxy Monitoring: This is a quick win, as there are many technologies available to flag unusual devices, browsers, and proxy usage that deviates from the customer's norm. 7. Multiple Users on Same Device/IP: Ability to identify and flag multiple customers who are using the same device or IP address in one way to detect bots. 8. Monitoring Bank Drops and Crypto Exchanges: Pay special attention to transactions involving neobanks, crypto exchanges, or other out-of-norm receiving parties, to identify potential fraud. Some of them might not ask for ID and even if they do, it can be easily faked with photoshopped templates. Hope you find that useful, and in the meantime, I’d love to hear what other emerging threats you’ve seen or heard of. Fostering these open conversations is what enables us all to unite together against combating fraud 👊 #FraudPrevention #CyberSecurity #DigitalBanking #ScamAwareness #AIinFraudDetection

This article highlights a St. Louis federal court indicted 14 North Korean nationals for allegedly using false identities to secure remote IT jobs at U.S. companies and nonprofits. Working through DPRK-controlled firms in China and Russia, the suspects are accused of violating U.S. sanctions and committing crimes such as wire fraud, money laundering, and identity theft. Their actions involved masking their true nationalities and locations to gain unauthorized access and financial benefits. To prevent similar schemes from affecting you businesses, we recommend a multi-layered approach to security, recruitment, and compliance practices. Below are key measures: 1. Enhanced Recruitment and Background Verification - Identity Verification: Implement strict verification procedures, including checking legal identification and performing background and reference checks. Geolocation Monitoring: Use tools to verify candidates’ actual geographic locations. Require in-person interviews for critical roles. - Portfolio Validation: Request verifiable references and cross-check submitted credentials or work samples with previous employers. - Deepfake Detection Tools: Analyze video interviews for signs of deepfake manipulation, such as unnatural facial movements, mismatched audio-visual syncing, or artifacts in the video. - Vendor Assessments: Conduct due diligence on contractors, especially in IT services, to ensure they comply with sanctions and security requirements. 2. Cybersecurity and Fraud Prevention - Access Control: Limit access to sensitive data and systems based on job roles and implement zero-trust security principles. - Network Monitoring: Monitor for suspicious activity, such as access from IPs associated with VPNs or high-risk countries. - Two-Factor Authentication (2FA): Enforce 2FA for all employee accounts to secure logins and prevent unauthorized access. - Device Management: Require company-issued devices with endpoint protection for remote work to prevent external control. - AI and Behavioral Analytics: Monitor employee behavior for anomalies such as unusual working hours, repeated access to restricted data, or large data downloads. 3. Employee Training and Incident Response - Cybersecurity Awareness: Regularly train employees on recognizing phishing, social engineering, and fraud attempts, using simulations to enhance awareness of emerging threats like deepfakes. - Incident Management and Reporting: Develop a clear plan to handle cybersecurity or fraud incidents, including internal investigations and containment protocols. - Cross-Functional Drills and Communication: Conduct company-wide simulations to test response plans and promote a culture of security through leadership-driven initiatives. #Cybersecurity #HumanResources #Deepfake #Recruiting #InsiderThreats

There’s more to the $25 million deepfake story than what you see in the headlines. I pulled the original story to get the full scoop. Here are the steps the scammer took: 1. The scammers sent a phishing email to up to three finance employees in mid-January, saying a “secret transaction” had to be done. 2. One of the finance employees fell for the phishing email. This led to the scammers inviting the finance employee to a video conference. The video conference included what appeared to be the company CFO, other staff, and some unknown outsiders. This was the deep fake technology at work, mimicking employees' faces and voices. 3. On the group video conference, the scammers asked the finance employee to do a self-introduction but never interacted with them. This limited the likelihood of getting caught. Instead, the scammers just gave orders from a script and moved on to the next phase of the attack. 4. The scammers followed up with the victim via instant messaging, emails, and one-on-one video calls using deep fakes. 5. The finance employee then made 15 transfers totaling $25.6 million USD. As you can see, deep fakes were a key tool for the attacker, but persistence was critical here too. The scammers did not let up and did all that they could to apply pressure on the individual to transfer the funds. So, what do businesses do about mitigating this type of attack in the age of deep fakes? - Always report suspicious phishing emails to your security team. In this context, the other phished employees could have been an early warning that something weird was happening. - Trust your gut. The finance employee reported a “moment of doubt” but ultimately went forward with the transfer after the video call and persistence. If something doesn’t feel right, slow down and verify. - Lean into out-of-band authentication for verification. Use a known good method of contact with the individual to verify the legitimacy of a transaction. - Explore technology driven identify verification platforms for high dollar wire transfers. This can help reduce the chance of human error. And one of the best pieces of advice I saw was from Nate Lee yesterday, who called out building a culture where your employees are empowered to verify transaction requests. Nate said the following “The CEO/CFO and everyone with power to transfer money needs to be aligned on and communicate the above. You want to ensure the person doing the transfer doesn't feel that by asking for additional validation that they're pushing back against or acting in a way that signals they don't trust the leader.” Stay safe (and real) out there. ------------------------------ 📝 Interested in leveling up your security knowledge? Sign up for my weekly newsletter using the blog link at the top of this post.

🚨 Wake-Up Call: The Alarming Rise of Sophisticated Cryptocurrency Scams 🚨 I just got off the phone with another victim who fell for a classic #pigbutchering scam. This one hurt—a six-figure loss that left the victim devastated. But what really got my attention? The level of sophistication these cybercriminals are now operating with. Here’s how they did it: 🪜 The Setup: They roped the victim in with a seemingly legitimate training class, building trust and setting the stage for the scam. 💬 Transition to Private Messaging: Next, they moved the conversation to WhatsApp and Telegram—away from prying eyes and into their carefully controlled environment. 📱 The Fake Trading App: The victim was then instructed to download a fake trading app. This app made it look like the victim was making money hand over fist, all while the scammers had full control. 💰 The Money Transfer: Here’s the kicker. When the victim went to the bank to wire the money, they were told not to mention that it was for a cryptocurrency investment. The scammers spun a tale about how it would negatively impact the bank’s deposits and tax implications. This is where the bad guys are really stepping up their game. Take a look at the photo I attached—they’re getting better at this. 💔 The Loss: After the wire transfer, the victim was left with nothing but a fake app and a huge financial loss. The money was gone, and the scammers had vanished. This isn’t just a story—it’s a wake-up call. These criminals are getting smarter, but so can we. Here are 5 Tips to Avoid Falling Victim: 🔒 1. Beware of Unsolicited Investment Offers: If someone promises you guaranteed returns out of the blue, run the other way. Scams like these prey on hope and desperation. 🔒 2. Verify Before Trusting: Always do your homework. Research the platform, check reviews, and if something feels off, trust your gut. A quick check can save you from a world of pain. 🔒 3. Be Transparent with Your Bank: If you’re being told to keep secrets from your bank, that’s a giant red flag. Transparency with your financial institution is your best defense. 🔒 4. Resist High-Pressure Tactics: Scammers love to rush you. They’ll create a false sense of urgency to get you to act without thinking. Slow down, take your time, and make informed decisions. 🔒 5. Stay Informed and Educated: The more you know, the harder you are to scam. Keep yourself updated on the latest fraud tactics and share that knowledge with others. #Cybercriminals are evolving, but by adopting a @CyberSecure Mindset, you can stay one step ahead. Protect your hard-earned money and your peace of mind. For more on how to develop a #CyberSecure Mindset, visit www.cybersecuremindset.com. #CyberSecurity #CryptocurrencyScams #CyberSecureMindset #OnlineSafety #ScamAwareness #StayVigilant #DigitalDefense

Domain spoofing: Why Ṇ isn't N (and why it matters). Some thoughts on protecting your brand from sophisticated phishing attacks 🐟 Quick test: Which is the real domain? netflix. com ṇetflix. com Spot the difference? The second uses a special character (Ṇ). Your users won't notice. But fraudsters love this trick. The problem: - Unicode allows 149,186 characters - Many look identical to English letters - Registration costs < $10 - Automated registration makes this scale Real numbers we see at Sardine: - 76% of phishing domains use character substitution and the peak fraud occurs in first 4 hours. Traditional detection often takes 48+ hours. Being able to identify these weak signals in real-time is critical. There are two skills every fraud leader needs. 1. Automated detection 2. Quick takedowns Automated Detection Must-have patterns to monitor: - Unicode substitutions, Levenshtein distance, Latin script mixing, Domain age, SSL cert patterns These existing as rules in your sessions can be a hugely helpful set of signals. Especially when combined with the users device & behavior history. Their behavior baseline, vs anything new and interfering with the session should flag an anomaly. Then if you do spot a spike, quick take downs work like this: Contact hosting providers directly, their average response: < 24 hours and your success rate is likely at least 70%. It costs nothing, and over time you’ll build relationships with the abuse teams. For enterprise: Domain monitoring services like ZeroFox, DomainTools and MarkMonitor can give you early warnings. Cost range: $2k-10k/month ROI: Usually pays for itself in prevented fraud If you’re tracking your KPIs you can make this loop happen faster, so less users lose out. Track things like: - Time to detection/takedown. - False positive rates, coverage of variations and customer report rates. Remember: Speed kills phishing campaigns. The first 4 hours sees 80% of victims, so automated detection is critical and pre-built takedown workflows save hours (at Sardine, our new workflow tool is proving itself for these advanced patterns). One counterintuitive finding: Cheaper domains ≠ more fraud We see more sophisticated attacks using premium domains ($100+) because they pass more trust filters. If you want to try our workflows drop me a message 👇

The FBI has issued a public service announcement warning that criminals are increasingly exploiting generative artificial intelligence (AI) to enhance the effectiveness of their scams. By leveraging AI-generated text, images, audio, and video, criminals can create more convincing content, deceiving a larger number of victims. Key Threats Identified: AI-Generated Text: Used to craft persuasive messages for social engineering, spear phishing, and financial frauds like romance and investment scams. Generative AI enables rapid production of content with fewer detectable errors, making scams harder to spot. AI-Generated Images: Used to create realistic social media profiles, fake identification documents, and promotional materials for identity fraud, impersonation, and counterfeit product schemes. AI-Generated Audio (Vocal Cloning): Mimics voices of public figures or personal contacts to execute scams demanding immediate financial assistance or ransom payments. AI-Generated Videos: Impersonates authority figures or creates misleading promotional content, lending credibility to fraudulent schemes. Recommendations for Employee Training: Verification Protocols: Implement secure identity verification processes, like secret words or secure channels, to confirm the identity of individuals requesting sensitive information or transactions. Critical Evaluation Skills: Train employees to identify subtle imperfections in AI-generated content, such as inconsistencies in images, unnatural speech, or unrealistic video movements. Social Media Awareness: Educate staff on the risks of sharing personal images and voice recordings online, and encourage the use of privacy settings to limit exposure. Even with robust training, recognizing AI-driven fraud will become increasingly difficult as these tools grow more sophisticated. However, untrained employees are far more likely to fall victim, exposing the organization to greater risks. Share with clients, employees, friends and family to raise awareness! https://lnkd.in/eEBxQZcU