PREDICTION: The Rise of Cybercrime in 2025: A Growing Threat

/in , /by

The cybercrime landscape is rapidly evolving, driven by technological advancements, increasing digital dependency, and the potential for substantial financial gain. As we move into 2025, several factors suggest that the cyber criminal job market will continue to expand, attracting both new recruits and experienced cybercriminals.

PREDICTION: The Rise of Cybercrime in 2025: A Growing Threat

Factors Driving the Growth of Cybercrime in 2025:

  • Increased Digital Reliance:
  • Advancements in Cybercrime Tools and Techniques:
  • Lucrative Financial Rewards:
  • Globalized Nature of Cybercrime:

The Evolving Role of the Cybercriminal:

As the cybercrime landscape evolves, so too does the role of the cybercriminal. Here are some key trends to watch:

  • Specialization: Cybercriminals are increasingly specializing in specific areas, such as hacking, phishing, or malware development. This specialization allows them to hone their skills and become more effective at their craft.
  • Outsourcing and Collaboration: Cybercriminal organizations are outsourcing specific tasks to freelancers or other criminal groups, creating a more efficient and scalable model.
  • Automation: The use of automation tools and AI is enabling cybercriminals to launch attacks at scale, increasing the frequency and impact of cyberattacks.
  • Recruitment and Training: Cybercriminal organizations are actively recruiting new members and providing them with training to enhance their skills. This pipeline of talent ensures a steady supply of cybercriminals.

To combat the growing threat of cybercrime, organizations must invest in robust cybersecurity measures, stay informed about the latest threats, and train their employees to recognize and respond to cyberattacks. Additionally, international cooperation is essential to disrupt cybercriminal networks and bring perpetrators to justice.

Robust Cybersecurity Measures: A Comprehensive Guide

As cyber threats continue to evolve, it’s imperative for organizations to implement robust cybersecurity measures to protect their sensitive data and systems. Here are some key strategies:

Essential Cybersecurity Measures:

  • Strong Password Policies:
  • Multi-Factor Authentication (MFA):
  • Network Security:
  • Endpoint Security:
  • Data Encryption:
  • Regular Security Audits and Penetration Testing:
  • Employee Training and Awareness:

Staying Informed About the Latest Threats:

  • Subscribe to Cybersecurity News Sources:
  • Join Cybersecurity Communities:
  • Attend Cybersecurity Conferences and Webinars:

Training Employees to Recognize and Respond to Cyberattacks:

  • Phishing Awareness Training:
  • Social Engineering Awareness:
  • Incident Response Training:

By implementing these robust cybersecurity measures, staying informed about the latest threats, and training employees to recognize and respond to cyberattacks, organizations can significantly reduce their risk of falling victim to cybercrime.

Robert Siciliano CSP, CSI, CITRMS is a security expert and private investigator with 30+ years experience, #1 Best Selling Amazon author of 5 books, and the architect of the CSI Protection certification; a Cyber Social Identity and Personal Protection security awareness training program. He is a frequent speaker and media commentator, and CEO of Safr.Me and Head Trainer at ProtectNowLLC.com.

Six Websites to Fortify Your Identity To Protect You From Fraud: A Comprehensive Guide

/in /by

If you’ve been considering a credit freeze, you should know that this process is designed to prevent creditors from accessing your credit report unless you explicitly authorize it. This effectively blocks potential creditors from viewing or pulling your file, making it significantly more difficult for identity thieves to apply for new credit in your name or using your information.

Act Now: Freeze Your Credit Before It’s Too Late!

A credit freeze is a powerful tool that locks down your credit report. This means lenders can’t access your credit score, rendering your Social Security number and credit rating useless. Essentially, it prevents identity thieves from using your information to open new lines of credit.

If your identity is compromised, a credit freeze can significantly hinder a thief’s ability to exploit your personal information. By freezing your credit, you’re making it much harder for them to access your credit file.

When you need to apply for new credit, simply unfreeze your credit file using a PIN provided by the credit bureau. This process is easy and free for everyone, including children.

Why You Should Freeze Your Credit

Freezing your credit is a proactive step to protect your identity. It’s a simple process that can significantly hinder identity thieves. By freezing your credit, you effectively lock down your credit report, making it inaccessible to potential fraudsters.

The Cost of Freezing Your Credit

The best part? It’s absolutely free! There’s no reason to delay this crucial security measure.

The Convenience of a Credit Freeze

While you’ll need to temporarily lift the freeze when applying for new credit, the process is quick and easy. It typically takes just a few minutes to freeze or unfreeze your credit. Think of it as a small inconvenience for a significant benefit.

The Impact on Your Credit Score

A credit freeze has no impact on your credit score. It simply prevents unauthorized access to your credit report. Existing creditors can still perform “soft” credit checks, which don’t affect your score.

The Limitations of a Fraud Alert

A fraud alert is a less effective option. It only lasts for a year and doesn’t prevent identity thieves from accessing your credit report. While it may alert lenders to potential fraud, it doesn’t guarantee protection. A credit freeze, on the other hand, provides a more robust safeguard against identity theft.

Where You Can Go to Freeze Your Credit:

To freeze your credit with Equifax, click here.

To freeze your credit with Experian, click here.

To freeze your credit with Trans Union, click here.

Innovis Credit Freeze

Innovis is the 4th credit bureau you need to freeze with. The process is similar to the big three and its free. Go here to freeze your Innovis Credit Freeze.

National Consumer Telecommunications and Utilities Exchange or NCTUE

One critical area to consider when protecting your identity is the National Consumer Telecommunications and Utilities Exchange (NCTUE). Many mobile phone companies utilize this organization for credit checks, meaning identity thieves could still open accounts in your name, even if your credit is frozen with the major credit bureaus.

While primarily used by mobile phone companies, other utilities like water, power, and cable may also access your information through NCTUE. To protect yourself, you can contact NCTUE directly to place a security freeze on your account. You’ll need to provide your Social Security number and verify additional information, but the process is usually automated and straightforward. Once verified, your NCTUE credit report will be frozen, adding an extra layer of security to your identity protection strategy. You can also get your NCTUE credit report and risk score by calling their 800-number 1-866-349-5355 or try to do it online here NCTUE Freeze but some say this links form doesn’t work well.

Protecting Yourself with ChexSystems

Another important step in safeguarding your identity is to place a security alert with ChexSystems. This consumer reporting agency is used by banks to assess the creditworthiness of individuals applying for checking and savings accounts. By freezing your ChexSystems report, you can prevent unauthorized access to your financial information and protect yourself from identity theft.

It’s important to note that a ChexSystems freeze only applies to your report with this specific agency. To fully protect your identity, you’ll need to take additional steps to freeze your credit with the major credit bureaus. For ChexSystems, you can do it here: ChexSystems Security Freeze.

Opt-Out Prescreen

You can additionally opt out of any pre-approved credit offers by calling 1-888-5-OPT-OUT or you can go online and visit the website Optoutprescreen.com.

myE-Verify Self-Lock via the Department of Homeland Security

Another crucial step in protecting your identity is to utilize the Self Lock service provided by the Department of Homeland Security. This tool helps prevent employment-related fraud by locking your Social Security number. By doing so, you can deter individuals from using your information to obtain employment.

When a locked Social Security number is entered into the system, it triggers a mismatch, indicating potential fraud. Locking your identity through Self Lock is a simple process, and the lock remains in place for a year. You can easily renew the lock annually to maintain ongoing protection. Self-Lock Freeze.

Protecting Yourself from Social Security Fraud

To further safeguard your identity, consider creating an account with the Social Security Administration. This will help prevent fraudsters from accessing your benefits and sensitive information. By establishing an account, you can monitor your earnings record, estimate future benefits, and receive important updates.

If you receive suspicious calls, emails, or mail claiming to be from the Social Security Administration, you can verify their legitimacy by contacting the agency directly through your online account or by calling the official Social Security number. Remember, the Social Security Administration will never threaten you with arrest or demand immediate payment. You can do it online, Social Security Administration Set-up.

Freezing your credit is a powerful tool to protect your identity. By locking your credit report, you make it significantly more difficult for identity thieves to open new accounts in your name. This proactive step can save you time, money, and stress in the long run.

Robert Siciliano CSP, CSI, CITRMS is a security expert and private investigator with 30+ years experience, #1 Best Selling Amazon author of 5 books, and the architect of the CSI Protection certification; a Cyber Social Identity and Personal Protection security awareness training program. He is a frequent speaker and media commentator, and CEO of Safr.Me and Head Trainer at ProtectNowLLC.com.

The Ultimate Guide to Passwords, Password Managers, Two Factor and Passkeys

/in /by

In the age of digital interconnectedness, passwords have become the first line of defense against cyber threats. Unfortunately, many individuals still rely on weak, easily guessable passwords that leave their online accounts vulnerable to attacks. This article delves into the most commonly used and easily crackable passwords, and provides essential tips for creating and managing strong, secure passwords.

The Ultimate Guide to Passwords, Password Managers, Two Factor and Passkeys

See ProtectNow’s Cyber Security Awareness Check to determine if your personal or organizational security been breached. Get an instant answer. Check if your email has been breached or check if your password/s have been breached.

Commonly Used Weak Passwords

Cybersecurity experts have identified several password patterns that are frequently exploited by hackers:

  1. Personal Information: Using personal information like names, birthdays, or pet names as passwords is a significant security risk. Hackers can easily obtain this information through social media or data breaches.
  2. Simple Sequences: Passwords composed of simple sequences like “123456,” “password,” or “qwerty” are incredibly easy to crack.
  3. Repetitive Patterns: Using the same password for multiple accounts is a common mistake. If one account is compromised, hackers can gain access to all linked accounts.
  4. Predictable Variations: Modifying a weak password slightly, such as adding a number or symbol, doesn’t significantly improve security. Hackers can use automated tools to quickly crack these variations.

How Hackers Crack Passwords

Hackers employ various techniques to crack passwords, including:

  1. Brute-Force Attacks: This method involves systematically trying every possible combination of characters until the correct password is found.
  2. Dictionary Attacks: Hackers use lists of common words and phrases to guess passwords.
  3. Credential Stuffing: Hackers reuse stolen credentials from one data breach to attempt to log into other accounts.

Creating Strong, Secure Passwords

To protect your online accounts, it’s crucial to create strong, unique passwords for each account. Here are some tips:

  1. Password Length: Aim for passwords that are at least 12 characters long. Longer passwords are significantly harder to crack.
  2. Password Complexity: Incorporate a mix of uppercase and lowercase letters, numbers, and symbols. Avoid using easily guessable patterns.
  3. Password Uniqueness: Use a different password for each online account. This limits the damage if one account is compromised.
  4. Password Manager: Consider using a password manager to securely store and generate complex passwords.
  5. Two-Factor Authentication (2FA): Enable 2FA whenever possible. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone.

Password Management Best Practices

To effectively manage your passwords, follow these best practices:

  1. Avoid Sharing Passwords: Never share your passwords with anyone, even trusted friends or family members.
  2. Regularly Update Passwords: Change your passwords periodically to stay ahead of potential threats.
  3. Be Wary of Phishing Attacks: Be cautious of suspicious emails or messages that ask for your personal information or password.
  4. Use Secure Wi-Fi Networks: Avoid using public Wi-Fi networks for sensitive online activities, as they can be vulnerable to hacking.
  5. Stay Informed: Keep up-to-date with the latest cybersecurity news and best practices.

By following these guidelines, you can significantly reduce the risk of your online accounts being compromised. Remember, strong passwords are essential, but they are only one part of a comprehensive cybersecurity strategy.

What is a Passkey?

A passkey is a type of digital key that allows you to sign in to websites and apps without using traditional passwords. It’s a more secure and convenient way to authenticate yourself online.

How it works:

  1. Creation: You create a passkey on your device, typically using your fingerprint, face recognition, or PIN.
  2. Storage: The passkey is stored securely on your device.
  3. Authentication: When you want to sign in to a website or app, you use your device’s built-in authentication method (e.g., fingerprint, face recognition) to verify your identity.

Benefits of using passkeys:

  • Enhanced security: Passkeys are much more secure than traditional passwords, as they are unique to your device and cannot be easily phished or hacked.
  • Improved convenience: You can sign in to your accounts with a simple gesture, eliminating the need to remember complex passwords.
  • Stronger protection against phishing attacks: Passkeys are tied to your device, making it difficult for attackers to trick you into entering your credentials on fake websites.

Where can you use passkeys?

Many tech companies and websites are starting to support passkeys, including Google, Microsoft, and Apple. You can use passkeys to sign in to your Google Account, Microsoft account, and other supported services.

By adopting passkeys, you can significantly improve your online security and simplify your digital life.

What is a Password Manager?

A password manager is a digital tool designed to store and manage your passwords securely. It generates strong, unique passwords for each of your online accounts and encrypts them in a secure vault. This eliminates the need to remember complex passwords and reduces the risk of using weak, easily guessable ones.

Privacy and Security Issues with Password Managers

While password managers are designed to enhance security, there are potential privacy and security concerns to consider:

  1. Master Password Security:
  2. Data Breaches:
  3. Company Practices:
  4. Zero-Knowledge Encryption:
  5. Human Error:

How to Choose a Secure Password Manager:

When selecting a password manager, consider the following factors:

  • Strong Encryption: Ensure the password manager uses robust encryption algorithms to protect your data.
  • Zero-Knowledge Encryption: Opt for a password manager that offers zero-knowledge encryption for maximum security.
  • Regular Security Audits: Choose a company that conducts regular security audits to identify and address vulnerabilities.
  • User-Friendly Interface: A user-friendly interface can make password management easier and less prone to errors.
  • Multi-Factor Authentication (MFA): Enable MFA to add an extra layer of security to your password manager account.
  • Reliable Customer Support: Good customer support can be helpful if you encounter any issues or have questions.

By carefully selecting and using a reputable password manager, you can significantly enhance your online security and protect your sensitive information.

Robert Siciliano CSP, CSI, CITRMS is a security expert and private investigator with 30+ years experience, #1 Best Selling Amazon author of 5 books, and the architect of the CSI Protection certification; a Cyber Social Identity and Personal Protection security awareness training program. He is a frequent speaker and media commentator, and CEO of Safr.Me and Head Trainer at ProtectNowLLC.com.

The Ultimate Guide to Protecting Yourself From Disinformation i.e. Dezinformatsiya, Malinformation & Fake News

/in /by

Information is Power as they say. Information refers to data that has been processed, organized, or structured in a way that makes it meaningful and useful. It can be understood as knowledge communicated or received concerning a particular fact or circumstance. “Fact” being the operative word. Information has historically been treated as Fact. However “Disinformation” is even more powerful because its entire purpose is to skew facts and twist information to manipulate and influence.

The Ultimate Guide to Protecting Yourself From Disinformation i.e. Dezinformatsiya, Malinformation & Fake News

Disinformation refers to false information that is deliberately spread with the intent to deceive and manipulate public perception. It is often used strategically to achieve political, military, or commercial objectives. Disinformation campaigns may employ a variety of tactics, including the dissemination of fake news, conspiracy theories, and manipulated media, all designed to obscure the truth and influence public opinion.

Historical Context of Disinformation i.e Russian Dezinformatsiya

The term “dezinformatsiya” (дезинформация in Russian) has an interesting origin rooted in Soviet history.

The term “disinformation” gained prominence during the Cold War, particularly associated with Soviet tactics aimed at undermining adversaries through strategic deception. Its usage has expanded in modern contexts, particularly with the rise of digital communication technologies that facilitate rapid dissemination of false narratives.

  1. Soviet Creation: The term “dezinformatsiya” was coined by Joseph Stalin in 1923. Stalin created this word as the name for a KGB black propaganda department.
  2. Intended French Sound: Stalin deliberately gave the department what he thought was a French-sounding name. His intention was to claim that the term had Western origins, rather than being a Soviet creation.
  3. Early Definition: In the Soviet context, “dezinformatsiya” was defined as the “dissemination (in the press, on the radio, etc.) of false reports intended to mislead public opinion”.
  4. English Adoption: The English word “disinformation” is considered a calque (loan translation) of the Russian “dezinformatsiya”. It began appearing in English dictionaries in the 1980s, specifically entering Webster’s New College Dictionary and the American Heritage Dictionary in 1985.
  5. Broader Usage: As the term became more widely known in the 1980s, English speakers broadened its definition to include any government communication containing intentionally false and misleading material, often combined with true information, aimed at misleading elites or mass audiences.
  6. Contemporary Understanding: Today, “disinformation” is generally understood as false information deliberately spread to deceive people, often for political, military, or commercial purposes.

It’s worth noting that while the term gained prominence through its Soviet usage, the concept of deliberately spreading false information for strategic purposes has a much longer history in various cultures and political systems.

Key Characteristics of Disinformation

Intentionality: Unlike misinformation, which can be spread unintentionally, disinformation is characterized by its deliberate nature. The primary goal is to mislead and create confusion among the audience.

Manipulative Techniques: Disinformation often involves the use of rhetorical strategies that blend falsehoods with truths or half-truths. This approach exploits cultural and social divides, amplifying existing tensions to achieve desired outcomes.

Medium of Spread: Disinformation frequently spreads through social media platforms, where it can reach vast audiences rapidly. This has raised significant concerns about its impact on public trust in reliable information sources.

Distinction from Related Terms

Disinformation is often confused with other terms such as misinformation and malinformation:

Misinformation: This refers to incorrect information shared without malicious intent. Individuals may unknowingly share false information believing it to be true.

Mal-information: This involves sharing accurate information with the intent to cause harm, often by taking it out of context.

Government Involvement in Spreading Disinformation

Disinformation poses significant challenges for democratic societies, as it can erode public trust in institutions and media. It can lead to polarization and apathy among citizens, making it difficult for them to engage meaningfully in civic life. Addressing disinformation requires a multifaceted approach that includes enhancing media literacy and fostering critical thinking among the public.

Governments can play a significant role in both spreading and combating disinformation. Some governments actively engage in spreading disinformation for various strategic purposes:

Foreign Influence Operations: Countries like Russia and China have been accused of conducting disinformation campaigns to influence public opinion and political processes in other nations.

Domestic Control: Authoritarian regimes often use disinformation to maintain power, discredit opposition, and shape public narratives.

Military Tactics: Disinformation has been used as part of military strategy, with the CIA historically planting false stories in foreign media during conflicts.

Government Efforts to Combat Disinformation

Many governments are also taking steps to address the spread of disinformation:

Legislation: Some countries have passed laws aimed at curbing fake news and disinformation, though these efforts can be controversial due to potential impacts on free speech.

Media Literacy Programs: Governments like Finland have engaged with civil society to support media literacy efforts.

Fact-Checking Partnerships: Some governments have formed relationships with independent fact-checkers to combat false information.

International Cooperation: There are calls for like-minded countries to work together to tackle cross-border disinformation challenges.

Challenges and Considerations

Balancing Act: Governments must carefully balance combating disinformation with protecting freedom of expression.

Potential for Abuse: Laws ostensibly aimed at disinformation can be misused to silence legitimate dissent or criticism.

Comprehensive Approach Needed: Experts recommend governments adopt multi-faceted strategies that include improving public communication, enhancing media literacy, and addressing structural drivers of disinformation.

Collaboration: Effective responses often require cooperation between governments, media organizations, tech companies, and civil society.

Ultimately, while governments can play a crucial role in addressing disinformation, their efforts must be carefully designed to avoid unintended consequences and protect democratic values.

The main difference between disinformation and fake news lies in their scope and intent, though there is some overlap between the two concepts:

Disinformation:

  • Is deliberately created and spread with the intent to deceive
  • Has a broader scope, encompassing various forms of false or misleading information
  • Is often part of strategic campaigns by actors like governments, corporations, or individuals
  • Aims to achieve political, military, or commercial objectives
  • Can employ sophisticated tactics and blend truths with falsehoods

Fake News:

  • Is a more specific term, referring to false stories that appear to be news
  • Often mimics the form of mainstream news articles
  • Is typically sensational and emotionally charged
  • Can be a subset of disinformation when created intentionally to mislead
  • May sometimes be created as satire or parody without intent to deceive

Key distinctions:

  1. Intent: Disinformation is always intentional, while fake news may sometimes be unintentional (e.g., satire misunderstood as real news).
  2. Scope: Disinformation is a broader category that can include fake news, but also encompasses other forms of misleading information.
  3. Format: Fake news specifically imitates legitimate news articles, while disinformation can take many forms.
  4. Strategy: Disinformation often involves coordinated campaigns and sophisticated tactics, whereas fake news may be more isolated in its creation and spread.

It’s worth noting that the term “fake news” has become politically charged and is sometimes used to discredit legitimate news sources. For this reason, many scholars and experts prefer to use more precise terms like disinformation or misinformation when discussing false or misleading information.

To protect yourself from disinformation, you can employ several strategies:

Develop Critical Thinking Skills

  1. Question sources: Always evaluate the credibility of the information source. Consider the author’s expertise, the publication’s reputation, and potential biases.
  2. Analyze content: Ask critical questions about the media you consume, such as who created it, what techniques are used to attract attention, and what the purpose of the message is.
  3. Use the SIFT Method: Stop, Investigate, Find, and Trace information when reviewing for mis- or disinformation.

Improve Media Literacy

  1. Diversify news sources: Avoid relying on a single type of media. Use a variety of reputable sources to get a more comprehensive view.
  2. Understand different content types: Learn to distinguish between fact-based reporting, opinion pieces, and analysis articles.
  3. Be wary of social media: Recognize that platforms like Facebook and Instagram are often unreliable sources for quality news.

Verify Information

  1. Cross-check information: Use lateral verification by comparing information across multiple reputable sources.
  2. Use fact-checking websites: Consult reliable fact-checking sites like factcheck.org, snopes.com, or PolitiFact when in doubt.
  3. Double-check URLs: Be cautious of websites mimicking reputable news sources with slightly altered web addresses.

Practice Responsible Media Consumption

  1. Pause before sharing: Take a moment to verify information, especially if it provokes a strong emotional reaction.
  2. Be skeptical of “fake news” claims: Understand that this term is often misused and doesn’t simply refer to facts someone disagrees with.
  3. Look out for poor quality: Be wary of content with numerous spelling and grammatical errors, as it may indicate a lack of editorial standards.

Enhance Your Skills

  1. Learn about data literacy: Understand how statistics can be manipulated or misrepresented.
  2. Stay informed about current tactics: Keep up-to-date with evolving disinformation techniques, such as fabricated screenshots or deepfakes.
  3. Engage in media creation: Creating content yourself can provide valuable insights into how messages are crafted, fostering a more critical approach to media consumption.

By implementing these strategies, you can significantly improve your ability to identify and protect yourself from disinformation, ensuring that you’re better equipped to navigate today’s complex information landscape.

Robert Siciliano CSP, CSI, CITRMS is a security expert and private investigator with 30+ years experience, #1 Best Selling Amazon author of 5 books, and the architect of the CSI Protection certification; a Cyber Social Identity and Personal Protection security awareness training program. He is a frequent speaker and media commentator, and CEO of Safr.Me and Head Trainer at ProtectNowLLC.com.

AI Scammers Are Stealing Homes From Their Owners Without Them Realizing It

/in /by

Real-estate fraud experts warn that AI advancements and the abundance of publicly available information has made scammers more daring in their attempts at deed or title theft. These fraudsters are targeting a wide range of property owners from residents of big mansions to individuals with simpler homes or smaller vacant land parcels.

AI systems can swiftly scan databases to identify unoccupied properties or homes without existing mortgages, potentially flagging them as prime targets for fraudulent refinancing schemes. This process is often much faster than manual human searches.

Moreover, the vast amount of personal data accessible to scammers significantly simplifies the task of impersonating property owners. With detailed information at their fingertips, fraudsters can more convincingly assume the identities of legitimate homeowners, making their schemes increasingly difficult to detect and prevent.

Vacant Land Scams

In 2022, a parcel of land in Fairfield, Connecticut, changed hands after a scammer posed as the rightful owner. This type of deed fraud has become a growing concern for ordinary property owners. The recorder’s office functions similarly to a repository for real estate documents, but the responsibility for verifying the legitimacy of transactions often falls on title companies and notaries.

Title professionals are required to carry insurance precisely because they play a crucial role in ensuring the authenticity of property dealings. However, the system faces challenges, particularly with smaller transactions. Many closing agents, focused on processing a high volume of deals, may not always apply the same level of scrutiny to each case.

This situation highlights the vulnerabilities in the current property transaction system and underscores the need for enhanced safeguards to protect property owners from fraudulent activities. The incident in Fairfield serves as a reminder of how easily scammers can exploit weaknesses in the process, potentially causing significant distress and financial loss to legitimate property owners.

Deepfakes Fool Everyone

AI technology is making it increasingly simple for fraudsters to target anyone with their scams. These criminals are now leveraging artificial intelligence across various platforms, including phone calls, email phishing, and even property title transfers with local record keepers.

When title companies insist on verifying identities, some scammers are now offering video calls that turn out to be deepfakes or AI-generated videos, further complicating the verification process.

One of the key strengths of AI is its capacity to process and learn from vast amounts of data. In the context of property fraud, this becomes particularly concerning as property information is often publicly accessible. In certain states, a basic search can reveal a wealth of information including appraisal data, blueprints, transaction history, and even images of signed deeds.

With the aid of AI, fraudsters can now produce counterfeit documents more rapidly and with a higher degree of realism. This technological advancement significantly enhances their ability to create convincing forgeries, making it more challenging for authorities and property owners to detect and prevent such scams.

It’s Getting Worse

A recent study conducted in May 2024 by the American Land Title Association and NDP Analytics revealed that seller impersonation fraud is becoming increasingly prevalent in the real estate industry. This type of fraud, where individuals falsely assume the identities of property owners to sell their properties, affected a significant portion of title insurance companies.

The survey, which found that 28% of title insurance companies encountered at least one instance of seller impersonation fraud in 2023. A full 19% of these companies reported fraud attempts in April 2024 alone.

These findings underscore the growing challenge that seller impersonation fraud poses to the real estate industry and highlight the need for increased vigilance and protective measures.

If scammers are able to forge a deed, they could end up with a house—or even a mansion.

Graceland: The King of Rock and Roll is Scammed

In the early months of 2024 a firm calling itself Naussany Investments and Private Lending declared ownership of Graceland and revealed intentions to sell the property at auction. Elvis Presley’s granddaughter, Riley Keough, took legal action against the company, alleging the use of falsified documents to claim ownership, and emerged victorious in the lawsuit.

Subsequently, in August, federal authorities charged a Lisa Jeanine Findley, a Missouri resident, with fraud and identity theft for her alleged involvement in a scheme to unlawfully acquire the iconic estate.. Findley, is accused of orchestrating an elaborate plan to defraud the Presley family and gain control of Graceland through various fraudulent means. How in the heck she thought she could get away with that is further evidence that sociopaths think they are above the law.

Protect Yourself

Consumers, Real estate brokers and title companies can take several steps to protect themselves and their clients from property deed theft:

1. Monitor property records regularly:

Check your county recorder’s office or online property database periodically to ensure no unauthorized changes have been made to yours of your clients deed.

2. Sign up for alerts:

Many counties now offer free notification services that alert property owners of any changes or filings related to their property.

3. Be cautious with personal information:

Avoid sharing sensitive personal or property details with unknown individuals or through unsolicited communications.

4. Secure important documents:

Keep your property documents, including the deed, in a safe place such as a bank safety deposit box, fire retardant safe and a copy encrypted via online storage.

5. Be wary of unsolicited offers:

Be cautious of unexpected offers to buy your property or requests to sign documents related to your property.

6. Use title insurance:

Consider purchasing an owner’s title insurance policy, which can provide protection against fraudulent claims on your property.

7. Verify identities:

When engaging in any property transactions, always verify the identities of parties involved and the legitimacy of documents. Don’t just automatically trust either party is who they say they are.

8. Stay informed about local laws:

Familiarize yourself with your state’s property laws and any recent legislation aimed at combating deed theft, such as, for example, New York’s recent anti-deed theft bill.

9. Act quickly if you suspect fraud:

If you suspect your property deed has been stolen or tampered with, contact law enforcement, your title insurance and a real estate attorney immediately.

10. Consider professional assistance:

For complex property matters, consult with a reputable real estate attorney or title professional to ensure your property rights are protected.

By implementing these protective measures, property owners can significantly reduce their risk of falling victim to deed theft and safeguard their valuable assets.

Robert Siciliano CSP, CSI, CITRMS is a security expert and private investigator with 30+ years experience, #1 Best Selling Amazon author of 5 books, and the architect of the CSI Protection certification; a Cyber Social Identity and Personal Protection security awareness training program. He is a frequent speaker and media commentator, and CEO of Safr.Me and Head Trainer at ProtectNowLLC.com.

This NEW Sextortion Scam WILL Snare Victims and Make LOTS of $$

/in /by

I received a sextortion email, to my actual inbox, not in spam, addressed specifically to me, with my name, my address, my phone number, and the worst part, a picture of my home.

Here’s how it began:

Subject line: Robert Siciliano

“Robert Siciliano,

I know that calling 617329XXXX or visiting (my actual address) would be a effective way to contact you if you don’t take action. Don’t even try to hide from this. You’ve no idea what I’m capable of in (my town).

I suggest you read this message carefully. Take a moment to chill, breathe, and analyze it thoroughly.

‘Cause we’re about to discuss a deal between you and me, and I ain’t playing games. You don’t know anything about me whereas I know EVERYTHING about you and right now, you are thinking how, correct?

Well, you’ve been a bit careless lately, scrolling through those videos and venturing into the darker corners of cyberspace. I installed a Malware on a porn website and you visited it to watch(if you know what I mean). And while you were busy watching our videos, your device began operating as a RDP (Remote Protocol) which provided me with complete control over your device. I can look at everything on your screen, flick on your cam and mic, and you wouldn’t even notice. Oh, and I’ve got access to all your emails, contacts, and social media accounts too.”

As the demand letter in PDF goes on, it gets more aggressive, more explicit. And ultimately provides a bitcoin account to pay into. At the bottom of the letter was an actual photograph of my house, not a photo that I’ve seen in Google maps. I’m not exactly sure where it came from.

This scam will work, and those who are sending it out are going to get paid and make a mint. It will succeed because it’s abrupt, it’s as if they know exactly who the victim is, and it’s targeted. I am sure there is some artificial intelligence at use, but there is definitely a human touching this. At some level this is being sent out by a bot, but again there is a human interacting with this message for clarity.

These sextortion email scams have been coming out for at least 6-8 years in various flavors. The ones that end up in your spam folder that don’t address the individual, often reference a stolen password from another data breach.

I’ve actually had a handful of colleagues and friends, who have received these Sextortion emails contact me in a bit of a panic wondering what they should do and whether or not they should pay the extortion. If you’re reading between the lines, it likely means they were actually “doing something” that’s referenced in the scam email. In other words, they think they got caught.

To their relief, but to their embarrassment, I would usually just talk them down and explain it’s a blanket email scam that everybody gets. As a result, I haven’t generally heard from those same people since, because of their embarrassment.

Sextortion is a form of blackmail that combines the words “sex” and “extortion”. It refers to a crime where someone threatens to distribute private and sensitive material of a sexual nature about a victim unless they comply with certain demands.

Key aspects of sextortion:

Definition: extortion involves threatening to expose sexually explicit images or information about a person to extort money, sexual favors, or other demands.

Methods:

– Often occurs online, using social media, messaging apps, or webcams

– Perpetrators may trick victims into sharing compromising images/videos

– They then threaten to share this content with the victim’s contacts unless demands are met.

Targets: While it can affect anyone, young people and males are frequently targeted.

Demands Typically include:

– Money

– Additional sexual content

– Sexual acts or favors

Psychological impact: Victims often feel ashamed, scared, and isolated, which can lead to severe emotional distress

Prevention and response:

If targeted by sextortion:

1. Stop all communication with the perpetrator immediately

2. Do not comply with demands or send money

3. Preserve evidence by taking screenshots

4. Report to law enforcement and relevant online platforms

5. Seek support from trusted individuals or counseling services

Sextortion is a serious crime with potentially devastating consequences. Awareness and education is crucial in preventing victimization and encouraging reporting of these incidents.

Now, it’s one thing when targeting adults, it’s another thing when targeting children or teenagers. In the past year, a good friend, a single mom, with an underage teen, contacted me shortly after her son paid the sextortion. He was duped into taking a full frontal in all his glory. Shortly after, the demand came in and he ended up paying $400 in bitcoin.

When I spoke to his mom, I explained to her that the $400 lesson learned is the least of her problems. That her job at this point was to make sure that the mental health of her boy was in order. We’ve seen far too many teenage boys kill themselves as a result of this form of sexual assault.

Sextortion has become an increasingly common and serious threat targeting teenagers, especially in recent years:

Prevalence and trends

– Reports of sextortion have risen dramatically, with over 800 reports received weekly by the National Center for Missing & Exploited Children.

– From October 2021 to March 2023, the FBI and Homeland Security Investigations received over 13,000 reports of online financial sextortion of minors.

Demographics of victims

– In reports containing gender and age data, 90% of financial sextortion victims were boys between 14-17 years old.

Platforms used

– Instagram appears to be the most commonly used platform for sextortion in the U.S., mentioned in 45.1% of reports indicating where first contact was made.

– Snapchat was the second most common platform for initial contact, mentioned in 31.6% of such reports.

Impact

– The FBI has observed at least a 20% increase in reporting of financially motivated sextortion incidents involving minor victims over a recent six-month period compared to the previous year.

– Of reports describing specific impacts, more than 1 in 6 mentioned self-harm or suicide.

– Sextortion has been linked to at least 20 suicides nationwide.

These statistics highlight the alarming prevalence and serious consequences of sextortion among teenagers, emphasizing the urgent need for awareness, prevention, and support measures.

Let’s get something straight, obviously, I’m a full-blown adult male, and I’m not engaging in activities on my computer or Webcam, that’s going to put me or my family at risk. Regardless, receiving an email like that, felt uncomfortable due to the spearphish nature of it. I knew in the first 30 seconds; it was a scam. I can promise you, hundreds of thousands of people will not recognize the scam nature of it. And teenagers, teenage boys, will likely be the next larger target.

Parents can take several important steps to help prevent sextortion and protect their teenagers:

Open Communication

– Create an environment of trust where teens feel comfortable discussing online experiences and concerns.

– Have regular, judgment-free conversations about digital safety and potential online risks.

– Assure teens they can come to you for help without fear of punishment if they encounter issues.

Education and Awareness

– Teach teens about the risks of sharing personal information or explicit content online.

– Explain how nothing sent or posted online is truly private.

– Discuss the tactics used by online predators and sextortion scammers.

– Emphasize the importance of privacy settings and being cautious about online interactions.

Set Guidelines

– Establish a family media plan with clear rules for device and internet use.

– Advise teens to never send compromising images to anyone, regardless of who they claim to be.

– Encourage teens to be skeptical of friend requests from strangers.

– Teach proper password security and the importance of not sharing passwords.

Monitor and Protect

– Use parental controls and privacy settings on teens’ devices.

– Consider using monitoring tools to stay informed about online activities.

– Advise teens to turn off devices and cover webcams when not in use.

Recognize Warning Signs

– Be alert to behavioral changes, increased anxiety, or withdrawal.

– Watch for unusual secrecy around digital devices or sudden changes in online habits.

By implementing these strategies, parents can significantly reduce the risk of their teens falling victim to sextortion schemes. The key is to maintain open lines of communication and create an environment where teens feel safe seeking help if they encounter problems online.

Robert Siciliano CSP, CSI, CITRMS is a security expert and private investigator with 30+ years experience, #1 Best Selling Amazon author of 5 books, and the architect of the CSI Protection certification; a Cyber Social Identity and Personal Protection security awareness training program. He is a frequent speaker and media commentator, and CEO of Safr.Me and Head Trainer at ProtectNowLLC.com.

Unhealthy Social Media/Doomscrolling: Do You/Your Child Have a Problem?

/in , , /by

Are you doom scrolling? Do you find yourself obsessively checking your feeds? Does the election have you pinned to an anxiety rating of 10? Are you logging into your social media accounts and wanting to go to battle with every idiot who posts a dumb meme counter to your beliefs? Are you only reading half of an article and then scrolling to the comments to see all the stupidity?  Well, if you are like most people, then you’re a mess, and it’s understandable.

Unhealthy Social Media/Doomscrolling: Do You/Your Child Have a Problem?

I’m not gonna get all sciency or judgy here, it’s pretty obvious, we weren’t really meant to have this much stimulation or information or constant contact. We weren’t meant to be this connected and we weren’t meant to be instantly “activated” from somebody 1000 miles away 24/7/365.

And if you’re having a problem, think about how distracted your kids are right now.

Schools across the United States are increasingly implementing bans on mobile phones to address concerns about student distraction and academic performance. As of 2022, over 75% of K-12 public schools prohibit non-academic cell phone use. This trend is gaining momentum, with several states recently passing laws to restrict or ban cell phones in classrooms altogether.

When you get a group of parents into a room, the topic of how often their children are on their phones often comes up. And while you are having that topic of discussion with those parents, half of them are on their phones not listening to you. It is inevitable, but the real question is: does your child have a problem with social media? Do you have a problem? Understandably, parents are concerned over how much screen time their children receive daily, and you need to know when you should be stepping in.

Below are a few indications that you or your child might have a social media problem and how you can take care of it sooner, rather than later:

They are Glued to Their Devices

Common Sense Media came out with a report that said teens spend an average of 7 hours and 22 minutes on their phones daily. Can you believe that? They spend as much time on their phones as they do at school every day! Pre-teens are no better because it has been reported that they spend an average of four hours and forty-four minutes daily on their devices.

On average, adults spend approximately 4 hours and 37 minutes on their smartphones each day. This usage translates to over one full day per week dedicated to phone activities.

The statistics vary slightly depending on the source, with some reports indicating that Americans may spend up to 5 hours and 24 minutes daily on their phones. Notably, younger generations, particularly Gen Z, report even higher usage, averaging around 6 hours and 5 minutes per day.

These numbers are intense, so parents notice that their children are attached to their devices. This is not good for children because it is too much time staring at a screen. However, social media did help many teens feel connected with other people throughout the pandemic. And while we may be beyond that, the habits all stuck.

Revise How Much Time They are On Their Screens

Even though research continues to come out about social media and its effects on teens and children, it is still known that too much of anything can be bad. Children with too much screen time can contribute to sleep deprivation, poor academics, and an unhealthy lifestyle. Additionally, their mental health can be severely impacted by being on social media because of bullying, sexual content, hate speech, and comparing themselves to others.

However, parents can see that this needs to change because children should not be glued to their phones for every waking minute of the day. This will cause a lot of anxiety and stress in a child but setting the right boundaries can help minimize the number of problems with social media addiction.

Make New Habits

1. Easy Steps First

When any new habit needs to be formed, it is best if the task is broken down into small steps. If we want the change to stick with the child, it needs to be small and fun because this will be enjoyable for them. Parents wishing to limit their child’s time on their phones should consider setting time limits to connect with their children through a fun activity.

An activity like art or baking can be a great way for you to connect with them on a personal level.

2. Device Curfews

A lot of supporting research shows how the blue light from devices can cause sleep issues for everyone. This will then have a larger effect on someone’s mental and physical health. Experts say that people should turn off their devices at least 15-30 minutes before bed to help them prevent any adverse effects of technology.

Parents should look into downloading software on everyone’s devices to turn off their screen time at a specific time in the evening. This will also make it feel less like a punishment for the child.

3. Mindful Media Usage

No parent should sweep in and make accusations about how their child is engaging with their social media. This is because we don’t know. Instead, speak with your child and ask them to think about what they are looking at consciously. Is it creative and engaging? Can they learn anything from this? Do they need to post something, or is it a thoughtful piece?

Having your children think critically about their social media is the best way to encourage them to be more mindful of their usage.

4. Educate Your Children

You can’t expect your children to understand why you want to limit their screen time if they do not know why it needs to be limited. Speak with your children and explain to them the balance they need with their social media and how it will benefit them in the long run. Teaching them that pairing it with physical activity, self-reflection, creating genuine life relationships, and more is how they will learn to keep these habits up for a long time.

5. Be a role Model

Delete all your social media apps. Seriously, you don’t need social media apps on your mobile phone. Wean yourself off social starting with your mobile phone. Keep in mind, you’ll still be able to access it via your laptop or desktop. But if the apps aren’t installed on your phone, then you at least have a fighting chance of breaking the addiction and showing your kids that it can be done.

Beyond that, delete any news feeds, or any other data aggregation tools that keep you plugged into current events. At least try it for a day and then for a couple days and then for a week and see how you’re doing. I think you will find your attention shifting towards things that matter a bit more like your family, activities, maybe even household projects you enjoy doing.

Conclusion

Helping children to manage their social media habits begins with you helping yourself. It is not impossible. Parents must remember to be open and honest with their children through communication and critical thinking, so their children will learn how to keep up with these habits for the rest of their lives.

Robert Siciliano CSP, CSI, CITRMS is a security expert and private investigator with 30+ years experience, #1 Best Selling Amazon author of 5 books, and the architect of the CSI Protection certification; a Cyber Social Identity and Personal Protection security awareness training program. He is a frequent speaker and media commentator, and CEO of Safr.Me and Head Trainer at ProtectNowLLC.com.

Your Social Security number IS in the Hands of Criminals

/in /by

Over the years criminals occasionally contact me to tell me about their exploits and often ask how they can get into the “security awareness” business. Everyone wants to be a Frank Abagnale (Catch Me If You Can movie). These crimes are often sociopaths and incapable of functioning normally without eventually resorting to the easy money crimes. I’ve seen it first hand many many times. Anyway, one time an identity thief emailed me my own SSN, basically flexing his muscles and showing me how cool he is.

Honestly, I’m not worried that my SSN is out there. I do things to make it useless to the thief. Read on.

A hacking group called USDoD claimed to have acquired 2.9 billion personal records from National Public Data, a background check company, in April 2024. The stolen data reportedly included names, Social Security numbers, and addresses of individuals from the US, UK, and Canada, potentially encompassing a vast majority of these populations.

Initially, the hackers attempted to sell this sensitive information on the dark web for $3.5 million. However, on August 6, a hacker associated with another group leaked 2.7 billion records, which were partially verified by Bleeping Computer. The hacker also claimed to possess an even larger dataset.

The Social Security number (SSN) has a rich history dating back to 1936. Here are the key points about its historical background:

Origins and Initial Purpose

The SSN was first introduced in November 1936 as part of President Franklin D. Roosevelt’s New Deal Social Security program. Its original purpose was to track individuals’ earnings history for Social Security entitlement and benefit computation.

Early Implementation

Within three months of its introduction, 25 million SSNs were issued.

  • On November 24, 1936, 1,074 post offices were designated as “typing centers” to process Social Security cards.
  • The first SSN was officially announced to be assigned to John David Sweeney, Jr. of New Rochelle, New York, though this was not actually the lowest number issued.

Expansion of Usage aka “Functionality Creep”

Over time, the use of SSNs expanded significantly beyond its original purpose:

  • In 1943, Executive Order 9397 required federal agencies to use SSNs in new record systems to identify individuals.
  • In 1961, the Civil Service Commission adopted the SSN as the identifier for federal employees.
  • In 1962, the IRS began using SSNs as official taxpayer identification numbers.

Widespread Adoption

The 1960s saw a dramatic increase in SSN usage due to the computer revolution:

  • Government agencies and private organizations began using SSNs extensively for record-keeping and business applications.
  • Usage spread to state and local governments, banks, credit bureaus, hospitals, and educational institutions.

Legislative Changes

Several legislative changes further expanded SSN use:

  • In the 1970s, laws were passed requiring SSNs for federal benefit programs and authorizing states to use SSNs for various purposes.
  • The 1980s saw requirements for SSNs in areas such as military draft registration, commercial driver’s licenses, and food stamp program administration.

Modern Usage

Today, the SSN has become a de facto national identification number used for taxation and various other purposes, far beyond its original scope. However, concerns about privacy and identity theft have led to some efforts to limit its use in recent years.

Protecting Your Information

Given the extensive nature of this breach, it’s crucial to take proactive steps to safeguard your personal information:

  1. Monitor Your Credit Reports: Regularly check your credit reports for any signs of fraudulent activity or suspicious transactions.
  2. Credit Freeze: Immediately contact the credit bureaus and request a freeze on your accounts.
  3. Update Security Measures: This incident serves as a reminder to strengthen your online security. Consider updating your passwords and implementing two-factor authentication for your accounts.
  4. Stay Vigilant: Assume that your personal information may be compromised and remain alert for any signs of identity theft or fraud.

By taking these precautions, you can better protect yourself against potential misuse of your personal information in the wake of this massive data breach.

Robert Siciliano CSP, CSI, CITRMS is a security expert and private investigator with 30+ years experience, #1 Best Selling Amazon author of 5 books, and the architect of the CSI Protection certification; a Cyber Social Identity and Personal Protection security awareness training program. He is a frequent speaker and media commentator, and CEO of Safr.Me and Head Trainer at ProtectNowLLC.com.

Most Security Awareness Training is Insufficient and Should Lead to Consequences

/in , /by

Maybe company executives who don’t engage in real world security awareness training should suffer the consequences for their insufficiency. 

An excellent Help Net Security article is titled “What CISOs need to keep CEOs (and themselves) out of jail” discusses many of the fundamentals of cyber security, what security leaders should be doing, but aren’t doing, and so on. The article makes no mention of “security awareness training” but it does explicitly state “The overwhelming majority of major breaches and attacks involved human error.” Which, of course, could often be averted with security awareness training that enhances digital literacy.

This author and his team have reached out to thousands of CIO/CISO’s for city and town municipalities whose sole responsibility is to maintain the cities IT infrastructure and security. And often, when approached to assist in their security awareness training to enhance a change in behavior, the response is generally “We use a third-party company that provides phishing simulation training, we’re all set.” Frankly, that response sucks. What it says is that the CIO/CISO is providing the absolute bare minimum of training that facilitates whatever legal-compliance is required.

Interestingly, many of these municipalities use Proofpoint, who do fine job, but it’s not enough. Speaking of, a The Hacker News article titled “Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails” further states “The cybersecurity company has given the campaign the name Echo Spoofing. The activity is believed to have commenced in January 2024, with the threat actor exploiting the loophole (at Proofpoint) to send as many as three million emails per day on average, a number that hit a peak of 14 million in early June as Proofpoint began to enact countermeasures.” OUCH.

Anyway, back to “but it’s not enough”. Phishing simulation training does one job, it is designed to change behavior in regards to preventing phishing. And while that may lead to compliance, it doesn’t actually solve various real-world security problems, nor does it significantly enhance digital literacy or fundamentally change people’s behavior regarding what security is and more importantly, what security isn’t. Most people have a false notion of what security is, where they think it revolves around paranoia, fear, worry, etc. and it doesn’t.

If compliance is all you, the CEO/CIO/CISO are going to do, maybe you SHOULD go to jail. Recent headlines “Boeing accepts a plea deal to avoid a criminal trial over 737 Max crashes, Justice Department says” point to everything Boeing DIDN’T DO to ensure safety. Really, what’s the difference between what Boeing didn’t do regarding compliance or providing the bare minimum of network security or compliance type security awareness training?

Data breaches, ransomware, network vulnerabilities, are becoming life and death scenarios. What happens when a hospital is hacked? What happens if traffic systems are hacked? What happens if GPS for airlines is hacked? What happens if the grid goes down for a significant period of time? The Justice Department/Boeing deal requires Boeing to invest at least $455 million in its compliance and safety programs. The Justice Department is saying your basic compliance isn’t enough, and it cost people’s lives.

Hell, Ars Technica reports a North Korean hacker got hired by US security vendor KnowBe4, which provides security awareness training in the form of phishing simulation training, the hacker immediately loaded malware into the company’s network. Employees seemed to be fooled by a stolen ID. The hypocrisy is endless. KnowBe4 is one of the best in the world at what they do. But still, “The overwhelming majority of major breaches and attacks involved human error,” even inside top security awareness training firms. Humans are hackable because we trust by default. And none of these companies are providing the necessary real-world security awareness training that fundamentally changes people’s behavior.

Here’s the deal, and I’ve wrote about this before, and this is what I present in all of my trainings, and none of this is presented by any of the security awareness training firms; Security goes against our core beliefs. Security is not natural, it’s not normal, it means that we don’t trust others. However, we trust by default. Not trusting others is actually a learned behavior. Security means that you are aware that there are others out there that may choose you as their target. That’s not normal. It’s not natural. No-one wants to think they are a target.

What’s normal is that we live happily ever after, we live together as one species in harmony. We trust each other, we are good to each other, we treat others as we want to be treated. We don’t hit, hurt, harm or take from one another. We are civilized creatures.

However, there is a small percentage of predators, uncivilized beings, we call them sociopaths, psychopaths, and hard-core narcissists. They are the criminal hackers, the serial killers, the rapists. They are a minority, and we choose to think they don’t exist. Or at least we deny they would choose us. We resist security practices, because it goes against what it means to be a civilized being.

The complexity of cybersecurity topics can overwhelm employees and consumers, making them feel incapable of understanding or implementing the necessary precautions. I blame pretty much every cyber security awareness training company out there. It’s not all about phishing simulation training. None of these companies have a clue when it comes to teaching individuals about risk. It’s not “do this, don’t do that” they have forgot what it means to be human.

1. Denial. Some people may deny the importance of cybersecurity or believe that they won’t be targeted by cyber threats, leading them to dismiss training efforts. Denial is more natural and more normal than recognizing risk. Denial is comfortable, it’s soothing, and it allows us to avoid the anxiety of “it really can happen to me”

2. Fear of technology. Individuals who are not confident in their technological abilities may feel intimidated by cybersecurity training, leading them to avoid it altogether. This, of course makes total sense. How many times have you gone in a vicious circle, a constant loop of not being able to log into an account because of two factor authentication not working or something else out of whack? Technology can be frustrating. If security is not easy, people aren’t going to do it.

3. Lack of awareness. Some consumers may simply not be aware of the risks posed by cyber threats, leading them to underestimate the importance of cybersecurity training. This is a real problem. This lack of attention to what your options are regarding anything security is common. Part of that lack of awareness stems from disbelief these things can happen to us, denial we can be targeted, and a relative “pacifist” attitude.

Addressing these barriers requires organizations to tailor their cybersecurity awareness training programs to be engaging, relevant, and accessible to all employees and consumers. This can involve using clear language, providing real-life examples, and offering support for individuals who may struggle with technology or cybersecurity concepts. It also means getting “real”. And cyber security awareness training companies aren’t going to do that, nor are their 2-dimensional employees, and most of them don’t have the ability to get down and dirty and speak “holistically” about life and security in the same sentence.

And if the CIO, CEO, CISO or in my case, the Mayor or town administrator, who oversees the budget of their CIO, CISO doesn’t think this kind of security awareness training is necessary, maybe they should go to jail too.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, and the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

AI Spoofed Sites Lead to $50 Million Investment Scams

/in /by

A long-running and large-scale internet-based fraud scheme netted around $50 million from dozens of investors over an eight-year period.

The perpetrators created 150 fake sites that targeted investors. These sites would tell the investors that they had multiple investment opportunities that they should take.

According to the court documents, these websites would have higher than normal rates of return on various investments. This attracted investors to these investment opportunities. They made the websites look like legit investment websites that are well-known.

Hackers can leverage artificial intelligence (AI) to create fake websites through several methods, making them more convincing and harder to detect. Here are some ways they might do this:

1. AI-Generated Content: Hackers use AI tools like GPT-4 to generate realistic text content for fake websites. This includes creating authentic-sounding product descriptions, customer reviews, blog posts, and other textual elements.

2. Deepfake Technology: AI can produce deepfake images or videos that appear to show real people endorsing or using a product or service. These can be used to create fake testimonials or promotional material.

3. Phishing Kits with AI: AI-driven phishing kits can dynamically generate phishing pages that mimic legitimate websites. These kits can adapt in real-time to appear more authentic, increasing the likelihood of tricking users.

4. Image Generation: AI tools can create high-quality images, logos, and graphics that enhance the visual appeal of fake websites. Tools like GANs (Generative Adversarial Networks) can generate realistic images that make the site appear more legitimate.

5. Natural Language Processing (NLP): NLP can be used to analyze and replicate the language style of legitimate websites. This helps in creating communication that appears genuine, such as emails, chat responses, and support messages.

6. Behavioral Analysis: AI can analyze user behavior to create personalized fake websites. For instance, by tracking browsing habits, a fake website can be tailored to look similar to frequently visited sites, increasing the chances of deception.

7. SEO Manipulation: AI tools can optimize fake websites for search engines, making them appear higher in search results. This increases the likelihood of users visiting these sites, thinking they are legitimate.

8. Chatbots: AI-powered chatbots can be integrated into fake websites to interact with visitors. These chatbots can provide convincing responses to queries, further establishing the site’s legitimacy.

These techniques make it easier for hackers to create sophisticated and convincing fake websites, which can be used for various malicious purposes such as phishing, spreading malware, or stealing personal information.

There Were 70 Victims and 150 Sites

The fraudsters pretended to be brokers who legit financial institutions employed. Victims would reach out to these brokers, thinking they were real. However, these scammers used many fraud schemes to hide their identities like using prepaid gift cards to purchase the web domain, using virtual private networks, encrypting their apps and phones, and creating fake invoices that would explain the large sums of money being transferred.

Scammers, Be Warned

The FBI continually warns investors about potential scammers and fraudsters on the internet claiming to be brokers or investment advisers. They issue statements explaining that many of these scammers falsely claim that they have all of the proper licenses and registrations with the Securities and Exchange Commission, state security regulators, and the Financial Industry Regulatory Authority (FINRA).

Investors should take the time to complete their research on the Investor.gov website. This way, investors can confirm whether the website is legit and whether the brokers are real. Also, there are three things that every investor should look out for before they fall prey to an investment scam:

1.    High Investment Returns: If a website promises that the investor will make high investment returns, this is most likely a fraud. There is always a risk when it comes to investing, which means that if there is going to be a high return, there will be an increased risk.

2.    Unsolicited Offers: When investors get unsolicited offers about earning an investment that seems to be ‘too good to be true,’ it is probably a scam.

3.    Investment Payment Methods: If someone sees that the website accepts digital asset wallets, credit cards, checks, and wire transfers, then this is probably a scam.

However, continue reading below to learn more about scams you should avoid on the internet.

The Most Common Types of Investment Scams on the Internet

Cryptocurrency Scams

Cryptocurrency is huge because the gains are huge. Which is also why so many people are being scammed out of their money when it comes to it.

It might be difficult to figure out which cryptocurrency website is legit and which one is not, unless you just use Coinbase. Many scammers have been taking advantage of the growing excitement around cryptocurrency and that it is less regulated than other forms of investment.

These scams are supported by paid advertising and posting on social media, making people think that they are honest brokers here to help you. When a person clicks on the post, they will be taken to either the broker or the fake website. These scammers will help the investor make their first investment or give them one to begin with.

Moreover, they use apps like Telegram and Discord to gain more victims. They also use online dating sites and engage in the “Pig butchering” crypto scam. They will encourage people to buy crypto through an exchange or a request. The person will need to send the money to them on their behalf so that they can complete the trade for them. Also, they will tell the victim that they will teach them how to trade and show them their ‘winnings’ on a fake platform.

People will look at this platform and think that they are winning but losing more money because they are continuously investing in it. However, when the person is ready to withdraw their money, there will be a delay or the site will be closed.

Unsolicited Contacts About Investing

Many scammers will pretend to be a broker or a portfolio manager when they email, call, or contact anyone on social media and offer them financial advice. Also, they may claim to be from a legit firm or company that is popular on the internet, but many are not. They do this, so they can appear to be more legit.

When they speak with the person, they will say they are offering them a low-risk investment, giving them high and quick returns. Also, they encourage people to invest in companies that are overseas. This offer will sound legit and look professional, making it harder for investors to pick up on.

Additionally, they are persistent, so they will keep contacting the person. Some will go as far as to say that they do not need a particular government license because they are a part of a genuine company. However, this is all false. The scammers who do this tend to complete cold calls for mortgages, shares, and real estate returns.

Endorsement Scams

With celebrity images and videos, many scammers can entice victims to invest. This has become very popular amongst the cryptocurrency schemes that see people losing thousands of dollars. There are two ways that they typically use celebrity images to scam people:

1.    An advertisement will be made with the celebrity’s image on social media or YouTube. They will claim that the celebrity invested a certain amount of money and made a good profit from it.

2.    Fake news stories are being made about celebrities and their investments. They will make it look like these stories are from a legit site like News.com or ABC News.

Ponzi Schemes

A Ponzi scheme is when the money those new investors put in is used to pay existing investors. There is no real investment, and these schemes usually disappear. Scammers will try to speak with people on social media. They will then ask them to download an app and begin investing.

Every scammer will tell the victim that they will see high returns quickly, which they end up seeing. However, this happens because other people have invested money into the scheme, and the victim is paid with someone else’s money. Then, the scammer will persuade them to make another investment because they’ve just seen a return.

Sometimes, they will encourage the victim to become a part of this scam without realizing it is a fake investment opportunity. Then, when the money dries up, or there are not enough investors, the scammer will disappear.

Share Hot Tips and Promotions

Scammers can encourage people to buy shares in a company that they think will increase in value. The victim may be contacted through social media or email, and the message may also be posted to a forum. They will make the message look like this is an inside tip and that the victim is one of the first people to be ahead of everyone on this ‘trend.’

However, the scammer is trying to boost the stock sales with more people investing in it. Then, they will sell their shares, the value will drop, and the victim will be stuck. The victim will also be left with worthless shares and no money.

Investment Seminars

Investment seminars can be promoted by scammers who claim to be motivational speakers and investment experts. Also, many ‘self-made millionaires’ will claim to know how to help victims make their investments. However, this depends on whether the person will follow a high-risk investment strategy.

This strategy means the victim will borrow large sums of money or buy property or investments. They will then lend this money out with no security, which is risky. The promoters can also charge the victim an attendance fee, sell them overpriced paperwork, and sell them property without getting any advice.

Conclusion

Before investing any money into an opportunity, make sure that they complete their research on the website, the broker, and the company. This will help keep people safe when it comes to investments.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, and the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.