I was talking to an Assistant US Attorney (AUSA) last week and he told me that romance scams (where a scam artist cons usually older people out of their life’s savings pretending to be romantically interested in the victim) is the second largest cyber attack reported to the Feds. Given the announcement below, I guess he knew this was coming but couldn’t say anything.
Last Friday the Feds unsealed a 252 count indictment against 80 Nigerian nationals who, they say, conspired to bilk victims out of $46 million.
The indictment was handed down by a Grand Jury last year but only announced after 14 of the culprits were in stainless steel bracelets courtesy of a coordinated roundup of the bad guys.
While the other 63 are still at large (if you are counting, 3 were arrested previously, adding up to 80), it is not a hopeless cause.
In my conversation with the AUSA last week, he pointed out that the indictment of people outside our reach is not completely pointless. Many of these people like to travel. At least some of those places are friendly to the US and yes, the US puts the names of those indicted on Europol’s and Interpol’s arrest for extradition list, so should one of those nice crooks appear at a customs location in one of those friendly countries, they will be immediately arrested and held. What is amazing is that we capture at least a couple of these guys a year that way.
In the short term, capturing these 17 people does send a message to folks that there are risks to operating romance scams and business email compromise scams.
What is also interesting is that the FBI tells me that they are adding more and more agents for attacking cyber crime because that is the fasting growth area. Crooks figure that they can get away with almost anything and the crooks think the Feds are to stupid to catch them. That might have been the case a few years ago, but the Feds are definitely becoming a lot smarter every year.
Another Federal Law Enforcement agency here in Denver that I work with says that they are about to get their cyber lab redone and they will have more than FIVE TIMES the space in the new lab than they do in the current lab. With a bunch of new equipment too.
So while cyber criminals do have the edge today and will continue to have the edge in the short run, in the long term, the prospects for being a cyber crook are a lot more dicey.
In this particular indictment, the Feds say that the victims include many elderly people (the romance scam) and businesses of all sizes, with the Feds specifically calling out law firms for some reason-maybe we will here why soon (business email compromise scams).
For business users and general consumers alike, this is yet another heads up. The Feds say that these scams are a multi-billion dollar a year “business”.
What you can do is educate your people – your employees and family members – about these major cyber attack methods.
Training probably provides the best cost benefit trade-off to reduce the likelihood of falling for one of these scams. We can provide a fantastic online training program, including unlimited anti-phishing training, for an organization of 25 or less for around $500 a year. Whether you buy our program or another solution, I urge you to put one of these solutions in place.
In addition to training, of course, you need to take other protective measures. Basic measures will reduce the risk factor significantly. Will it stop a determined nation-state actor? No. But most of the attacks that we see don’t fit into that category.
Source: SC Magazine.