The ‘Zelle Fraud’ Scam: What it Is and How to Avoid it

Zelle is one of the most famous platforms to quickly send money to loved ones, friends, and family. However, now cybercriminals are taking advantage of it to get people’s account information.

Zelle Fraud scamUsing clever tactics to fool clients, fraudsters are now taking advantage of the existence of Zelle to get customers to give them their account information. Once the person does, they quickly proceed to transfer the funds through this person-to-person platform.

Stories of people being scammed and losing money have alarmed some Zelle users, which is why clients must be careful with any suspicious message they get. This is especially the case if they’re supposed to respond with sensitive information like their account username or a one-time passcode. Here’s all about the ‘Zelle Fraud’ scam and how people can avoid it:

How it Works

Users first receive a text message that says someone else tried to transfer money to them using Zelle. People are supposed to answer ‘yes’ or ‘no,’ but regardless of what they answer, if they reply, they will soon receive a call from the scammer.

Overall, scammers want to talk to the person until they get the information they want. Therefore, they will use intelligent strategies to ask the client for their data, and once they get it, they will perform quick transactions in a matter of seconds. This can be a financial catastrophe for the person.

The number of the caller is spoofed, so people might think it’s the bank calling them. Once they pick up the phone, the fraudster will ask numerous questions to ‘verify the identity’ of the person, and this is how they get their banking information.

Fraudsters usually ask questions such as the following:

  • “I need to make sure I’m speaking to the right person. Can you tell me your username?”
  • “I need to ask a few questions to verify your identity. Can I have your username?”
  • “Please, tell me your username, so I can verify your identity.”

Once the client gives the fraudster their username, the scammer will try to get the password by using the ‘forgot my password’ feature or even get you to cough it up. After that, they will typically tell them something along the lines of ‘I’ll send you the passcode and I want you to read it back to me.’

To complete the password reset process, the fraudster uses the code. After changing the client’s banking password, they use Zelle to transfer the funds to other accounts.

An essential part of understanding how the Zelle Fraud works is realizing that fraudsters don’t need the person’s bank account password at first. If they have their username and get the person to read them the one-time code they got via email, the scammers are able to quickly change their password and transfer money to different accounts using Zelle.

Furthermore, in many cases, victims of these fraudulent actions didn’t know what Zelle was and had no idea that it was a platform to move money.

Numerous banks and credit unions offer Zelle as a default part of their online banking services. Clients don’t necessarily need to request it – it’s just there, and people unknowingly fall for these scams without understanding what’s going on.

Fraud losses can escalate quickly in a matter of days, due to the number of clients that can become victims in very little time.

What Zelle Is Doing

To combat these issues, Zelle has introduced a way to authenticate transactions using their details. The person must send a text containing the payee and dollar amount of the Zelle transfer, and the member must reply to the text to authorize the transfer.

Nonetheless, fraudsters have found a way around these security measures as well. Otsuka said that scammers might stay on the phone with the person until they get both their username and a two-step authentication passcode to be able to log into their accounts.

After that, the fraudster tells the clients that they’ll receive a Zelle transfer details through text and that they must reply to authorize the transaction. If the client asks about the purpose of this, they will tell them that it will reverse the fraudulent movement of their funds.

Clients will call customer support, explain what happened, and try to get credit-card protection. However, they often face disappointment, and in the worst cases, financial ruin. In many cases, banks representatives have stated that the banks are not required to reimburse the customer for these phishing schemes.

Bank clients must be aware of the fact that they’re entitled to Regulation E protection, and banks must refund the stolen money.

How to Handle This

Bank clients must know that they have Regulation E protection. Therefore, even if they were manipulated into giving out their login details, the bank “should” give back the stolen funds.  Clients expect a sense of security and protection when they put their assets in a specific company. Thus, the bank must fulfill their expectations.

When a client signs up with a financial company, their data and privacy must be secure (and no one should have access to them without their consent). At the same time, the bank must protect them from fraud, errors in payments, provide them with trustworthy customer service whenever they need it, and representatives should treat them equally and respect their rights. But as we know, this is not always the case, and often when the client is victimized, because of their own error, the banks turn their head the other way.

Lastly, people should never forget the ‘Hang Up, Look Up, Call Back,’ motto. If someone suspects that they’re receiving a possibly fraudulent call, they should kindly tell the caller that they’ll hang it up.

Since most fraudsters claim they’re from a company the person knows, the client must look at the company phone numbers and see if they’re receiving calls from them. Then, customers should actually phone the company and ask if they have been calling.

Even though this is not a way to absolutely prevent scams from happening, it’s an effective strategy to avoid them. Fraudsters rely on people’s innocence to provide sensitive information when reputable companies ask for it, which is why customers must try to avoid giving it away so easily unless they’re sure that it’s the company they hired.

Robert is a security expert and private investigator with 30+ years experience, #1 Best Selling Amazon.com author of 5 books, and the architect of the CSI Protection certification; a Cyber Social Identity and Personal Protection security awareness training program. He is a frequent speaker and media commentator, and CEO of Safr.Me and Head Trainer at ProtectNowLLC.com. Robert has been featured on CNN, Fox News, CNBC, MSNBC, ABC World News Tonight, NBC Nightline, CBS Early Show, Today Show, Good Morning America and in the NY Times, Wall Street Journal, Time Magazine, Fortune, Forbes, Entrepreneur and many more.

DOJ Alleges $8 Million Familiar Fraud at Transit Authority

Would Your Employees Notice Millions in Fraud?

The United States Department of Justice (DOJ) announced indictments against two individuals suspected of familiar fraud schemes that led to $8 million in losses for Massachusetts Bay Transit Authority commuter rail operator Keolis between July 2014 and November 2021. Both the scope and the longevity of these schemes are exceptional, although the methods used to steal the money are very common, raising questions about why the individual charged was able to commit this fraud for so long.

What Happened in the Keolis Familiar Fraud Case?

John P. Pigsley of Beverly, Massachusetts, a former Assistant Chief Engineer of Facilities for Keolis Commuter Services, has been accused of running two schemes that netted $8 million. In the first scheme, Pigsley is accused of conspiring with John Rafferty of Hale’s Location, New Hampshire, the former General Manager of LJ Electric, to create fraudulent invoices for vehicles and equipment, leading to more than $4 million in losses.

In the second scheme, Pigsley is accused of ordering copper wire for Keolis projects, picking it up himself or delivering it to his home address, then selling it to scrap yards. Over the course of several years, Pigsley is alleged to have made more than $4.5 million from the scheme. The actual value of the stolen material was not disclosed.

In a statement, Keolis Commuter Services said, “In late 2021, our enhanced financial controls and project management oversight identified project anomalies linked with the practices of an employee.” According to the DOJ indictment, this was 7 years after the fraud began.

Employees Must Be Empowered to Recognize Risks

Cyber threats are not the only challenges that businesses face. Familiar fraud, committed by an employee, family member or trusted business partner, can be more devastating and more difficult to detect. As with cyber security, employee training is essential to prevent losses. Employees must know how to recognize fraud and trust their instincts. They must also feel empowered to call out anything suspicious.

In the DOJ indictment against Pigsley, three common familiar fraud techniques that should have been caught stand out:

  1. Phony invoices: This is one of the most common types of familiar fraud. An employee with purchasing authority may conspire with a third party to create fake invoices and split the proceeds, or set up shell companies to invoice for goods and services that do not exist. This type of fraud can be difficult to detect in large, complex organizations, such as a railway operations company, or in businesses that frequently order large volumes of material from multiple vendors. Strong vendor approval and verification processes must be in place to detect this type of fraud; all new vendors should be verified by someone other than the person placing the orders. Shipments should be tracked and matched against invoices for at least the first 90 days of any new relationship. Any changes in volume or frequency in orders with a particular vendor should be flagged for follow up.
  2. Home deliveries. There are very few circumstances where an employee should receive materials shipments at home. Home addresses for all employees with purchasing authority should be kept on file by accounting staff. Any deliveries that match against a home address should be flagged for review. Any changes in regular delivery addresses, even if they only account for a portion of a shipment, should also be flagged for review.
  3. Personal pickup. Some employees may pick up and deliver materials as a regular part of their job. In an ideal world, purchasing and pickup are separate, so that no single employee has the ability to order and collect goods. When this is not practical, regular audits must be conducted of employees who can both order and deliver supplies, services and materials. Employees should be able to provide invoices for what was ordered, receipts for what was received and documentation for what was delivered.

Familiar fraud is one of the most difficult challenges that businesses face, because it comes not from external actors, but from trusted co-workers, friends and family. Proper business controls can prevent it, but only if employees understand what to look for and how to respond. Protect Now’s CSI Protection Certification training focuses on cyber crime but enables employees to spot any kind of suspicious behavior by teaching them to trust and act on their instincts. To learn more about our training programs, contact us online or call us at 1-800-658-8311.

This GUN Website is a Fraud. How to Determine if a Website is Fake or Real

There are many scammers out there, and one of the things they like to do is to create fake sites that are meant to trick people into giving them personal information, commit identity theft or wire fraud or they’re designed to facilitate a P2P payment like Venmo or PayPal or they’re designed to siphon money via a wire transfer.

One such site is https://empiregunshop.com/ Empire Gun Shop is set up specifically to scam users via a wire transfer. I stumbled upon the site via a Google search looking for a specific part for an old firearm that was provided to me. Google index’s the site, which is scary, and people are being scammed every day. The site has been in operation since March 2020. They also have a Yelp and a Yellow Pages listing which furthers their “legitimate” presence. What also makes this site so effective, beyond the quality web development, is the fact that the URL has HTTPS meaning the “S” designates it is a “secure site” but that doesn’t mean it’s safe.

The site also has a “Live chat” feature that allows visitors to immediately connect with a live operator. And if you do, and feel free to try it, they will respond directly to you. And what is likely to occur is they will set up a wire transfer either via email or via chat. All communications with the scammers are done via a Google voice phone number. I’ve talked to them, engaged in email communications and text. Based on their thick heavy accents and they’re utter brazen attitudes, it’s likely they are from West Africa or Nigeria etc.

Their “Contact us” page provides both a phone number and an email address. And as soon as you contact them they will respond. They will convince you that they have your product in stock, and they will work with you to set up a wire transfer or a peer to peer payment. And once you do, that’s it it’s over Johnny, you lose that money.

When I engaged them to purchase a part, I became immediately suspicious when they were unable to answer a single question that I had asked. Firearms are a certain specialty, and there is a specific language that one needs to speak in order to understand the world of guns. These scammers have no idea what they’re talking about. And if you’re a new gun enthusiast and don’t understand the language of firearms you are likely to get scammed. And that is their edge. Newbies are their mark.

So for laughs, I engaged them via text. I asked if I could buy a “Bazooka” which if you didn’t already know, a Bazooka is a common name for a man-portable recoilless anti-tank rocket launcher weapon, widely deployed by the United States Army. It’s a grenade launcher.

And I told them that my intent was “I am declaring jihad against the infidels.”  Which for any normal company would set off red flags. But not these guys. They’re all about the jihad! And they asked for the FFL which is the Federal Firearms License. And I provided  “Youra Sheethed” Get it? You’re a Shithead. He He.

And I gave them the physical address of the ATF and Boston. And they responded with their PayPal identification number. Feel free to send them some money. Or report them to Paypal. Whatever you wanna do.

Once I started to see this was a scam, I quickly researched the name of the company and found numerous online forums that enforced my belief that it was fraud. Here are those links below:

https://www.bbb.org/us/pa/danville/profile/gun-shop/empire-gun-shop-0241-236059607/complaints

https://www.scam-detector.com/validator/empiregunshop-com-review/

https://www.glocktalk.com/threads/empire-gun-shop-anyone.1883574/

https://www.ar15.com/forums/hometown/Is-Empire-Gun-Shop-in-Danville-legitimate-/14-652483/

https://www.yelp.com/biz/empire-gun-shop-danville

https://www.yellowpages.com/danville-pa/mip/empire-gun-shop-6086596

Here are some of the ways that you can determine if a site is real or fake:

You Aren’t Sure How You Got to the Site

 Have you found yourself on a site and you don’t know how you got there? Did you click on an email link? This is one of the most effective methods that a scammer uses to get a victim to go to a fake site. This is also the case with links on social media sites. Whatever you do, do not click these links. Instead, if you know you want to go to a site, either use a bookmark or type it directly into your browser.

Do You See Spelling or Grammar issues?

 Another sign that a site might be fake is a lot of grammar and/or spelling issues. Many of these fake sites are created by non-native English speakers, and they often make mistakes with spelling and grammar. Some also use translation software, which is notorious for making mistakes like using “there” instead of “their.”

Is the Site Endorsed?

If you see that a site is endorsed, you might believe that it’s totally safe, but just because you see an icon that looks like an endorsement, it doesn’t mean it’s real. A person creating a fake website can add information saying, for instance, that it is endorsed by a news outlet, but that doesn’t mean it actually was. The same can be said for authenticating badges. You should be able to click on these badges and be directed to a site explaining what it means. If you can’t click it, it’s probably a fake.

Look at the Address

Another sign that a site is a scam is if the website address is incorrect. For example, let’s say you want to do some online shopping, and you get an email coupon from Kohl’s. You click on the link, but instead of going to Kohls.com, it takes you to K0hls.com. This is a fake site. You also want to pay attention to the beginning of the address, too. You should only be doing shopping or entering information at a site beginning with HTTPS, not HTTP.

How to Make a Purchase

Almost every website out there takes credit cards. This is a good thing, because a credit card gives you protection. If a site doesn’t take cards, and it only wants a check or wire transfer, you should be suspicious. Empire Gun Shop doesn’t take credit cards.

Are the Prices Too Good to Be True?

Are the prices on a site too good to be true? If the prices are much lower than other prices, this could be a sign of a scam. For example, if you want to buy a new designer purse, and every other site has them for $400, but this one has it for $100, this is a red flag.

Read Reviews

Finally, you can determine if a site is real or not by looking at reviews. You can do this by searching on Google, or you can look at the Better Business Bureau listing. There is also a scam tracker on the BBB website, too. And as I did above, seek out the name of the company and its domain on various forums that specialize in that product or service. Keep in mind, however, that some of these reviews might still be fake, so spend a little time on this and don’t always give these landing pages or splash pages too much credibility.

And hey, feel free to mess with those scumbags at Empire Gun Shop and make their life hell.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Understanding Familiar Fraud

Have you heard the saying “familiar fraud?” If not, you should. This is a crime that is as old as they come; essentially, it’s a crime where someone is taken advantage of by someone they know. For instance, a woman named Axton Betz-Hamilton had her entire savings account drained and the person responsible was unknown…that is until Axton’s mother passed away, and it was discovered that it was her, Axton’s own mother, who had drained the account.

credit fraudIt’s believed that familiar fraud is not often reported, likely because victims of these crimes think that police won’t take them seriously, or that it will negatively affect their relationship with their family. There is also the fact that, in many cases, these crimes go undetected because people just can’t believe a member of their family would do something like this.

As you might imagine, the fallout of familiar fraud can run deep. Think, for a minute, how it would feel to find out that your best friend of 30 years has stolen your identity. Something similar happened to a man named Thomas Nitzsche. He hired his cousin to remodel his bathroom, and he gave his cousin his credit card. What did Thomas’ cousin do? He took the card, bought a bunch of merchandise, and then he sold the merch on the streets.

Even when this happens, it’s common for people who learn that they are a victim of familiar fraud to want to naturally protect their loved ones. This might be due to protecting relationships or to avoid backlash from others. There is also the fact that your family might not believe you when you tell them your sister or your father has been stealing from you.

What Should You Do?

 If you think that you are the victim of familiar fraud, you should do the following:

  • Do your best to keep your emotions out of it.
  • Keep an eye on your credit report. You should also place a fraud alert or better, get a credit freeze on your credit file.
  • Think about resolving things without police intervention if it is pretty minor.
  • If not, you might want to contact the cops, but think about the pros and cons of this.
  • If you do report this, expect some turmoil within the family, but also realize that you are protecting your credit.

If you file a police report, you will also be able to get an extended fraud statement, which can last for seven years. This may or may not mean you won’t be responsible for any charges. Lenders sometimes look at familiar fraud as an approved purchase and will not negotiate forgiveness.

Other Safety Measures 

  • Each month review your credit card statements.
  • If you see changes, even small ones, you should report it immediately
  • Don’t give out your debit or credit card to your friends or relatives. If you want to give them money, give them cash.
  • Set up push notifications or push alerts so you are aware of charges in real time.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Cryptocurrency Fraud and Malware Scamming Investors

Cryptocurrency is hot right now, and whenever something is hot, hackers pay attention. Research has recently showing that more than 10 percent of all the funds that were raised through the ICOs, initial coin offerings, simply disappeared.

CryptocurrencyIt is popular for ICO’s to be used as an early-stage investment form. So, instead of buying shares, investors buy digital tokens. However, the companies that sell these ICOs don’t have any product to give investors except a whitepaper. This whitepaper tells them how things could theoretically work, the investment scheme, but it seems, it doesn’t always happen that way.

Sometimes the Money Just Disappears

Ernest & Young took a look at over 370 ICOs. The firm found that out of the $3.7 billion raised through these offerings, about $400 million vanished. Where did it go? Research shows it went to hackers using phishing attacks.

It’s not clear if the researchers looked at companies that didn’t deliver or disappeared. For instance, one company, Tezos, pulled in about $232 million during an ICO. However, investors got nothing. That looks like fraud.

How Malware is Responsible for Missing Money

At this point, you might be wondering how these scams are happening. One way is criminal hackers using malware. Specifically, it’s Satori. Satori, which is the actual malware responsible for this, is definitely wreaking havoc with investors who are looking for a huge return. Netlab 360, a Chinese-based company, released a report recently pointing the finger at Satori, which is affecting the Claymore Miner software.

By using mining software, investors are able to obtain the cryptocurrency. However, the malware is making this impossible getting in the middle of the transaction. After the malware gets control of the software, it replaces the address of the wallet with one that is controlled by the hacker.

So, the user believes that this currency is coming into their wallet, but in reality, they are doing the work and someone else, the hacker, is getting the currency. What’s even worse is that the owners of the wallets don’t even realize this is happening unless they look at their software configuration.

In total, researchers have determined just over one Etherium coin has been hacked, so it’s not extremely profitable at this point, yet. However, there is great potential, and when it comes to cybercriminals, they will certainly find a way.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

The First Step to Secure Your Data

Your personal information and data are literally everywhere for criminals to target, and there isn’t much you can do to keep it from spreading. You use your email credentials on countless websites, you use your credit card number with countless vendors, and, believe it or not, your Social Security number is shared rapidly immediately after you’re born.

It’s almost impossible to give out your personal information nowadays. However, criminals know this, and they lurk around the same places that your information is used. You need to take action to secure your information so you are less of a target. Let me show you one simple step you can take today that will create one layer of security and improve your defenses.

There is one specific action you can take to secure your information, and after you do it, you’ll be much less likely to be targeted because criminals tend to take the path of least resistance. That said, if you DON’T do this action today, you ARE the path of least resistance.

All you have to do is set up a credit freeze. There are four major credit bureaus in the United States, and you need to get a credit freeze with them. Just use your preferred search engine and look for Experian credit freeze, Equifax credit freeze, TransUnion credit freeze, and Innovis credit freeze. You should freeze your credit with all four, but you should still review your annual credit reports. More importantly, you should dispute discrepancies with the appropriate bureau AND the lender. Getting a credit freeze won’t gum up your credit score or make it so you can’t use credit. You are able to “thaw” the frozen credit as needed and then freeze it again. You can literally do this in a single day. Then you’ll want to put more layers of defense in place to become an even harder target than the other guy.

A credit freeze will secure your information, but setting up multiple layers of defenses is really what will make you a hard target. Criminals are constantly probing defenses, and even while technology advances, crimes against your data are usually ahead of the curve. You don’t need to know everything about security, but you do need to take on the responsibility of protecting yourself. I’ve created a free guide that will make you a pseudo expert on your own security, and if you follow it’s simple steps, you will have more layers of defense than the average person. If you want to create even more layers of defenses, bring this guide to my next webinar, and I will walk you through each step so you can rest assured that you are creating a smart, secure, safer “me.”

Fake Real Estate Agent Caught Stealing $30K in Jewelry

Recently, a man was accused of pretending to be a real estate agent just to steal some jewelry from an open house. According to Toronto police, he has been arrested.

The victims are a couple (their identity isn’t being listed for their safety). They had an open house in a small city called Oakville. It’s in Ontario, which is about an hour west of Toronto (also in Canada). According to the investigators, a 29-year-old man saw an online ad for the open house. He decided to pretend that he was a real estate agent, went inside the home, and stole over $30,000 worth of jewelry from one of the upstairs bedrooms.

A native of Willow Beach, Ontario, a nearby town, the man was charged with a single count of being in a dwelling unlawfully and a single count of a theft over $5,000. Local law enforcement believes that this theft wasn’t an isolated incident. They’re currently encouraging people with information to provide details on this case or others in which they believe the man might be to blame.

Throughout the years, many criminals have tried posing as real estate agents to get access to people’s homes and buyer’s homes. Just last month in California, a woman was arrested for posing to be a realtor to steal tens of thousands of dollars from homebuyers.

Along with such, another man was arrested in January on the suspicion that he had posed as a real estate professional to steal rare art, expensive jewelry, and fine wine from a variety of celebrities, including Adam Lambert and Usher. His name was Benjamin Eitan Ackerman. It is important that homebuyers ensure that they are talking with their real estate agent each time that they speak with them on the phone or email them. You should see company letterhead on emails and may want to call the agent back on the number you have for them to ensure your safety.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

How to Phish Google and Facebook and Make Millions

Evaldas Rimasauskas, a Lithuanian man, became very rich. How? He is a criminal who used his lying skills to get more than $100 million from companies such as Facebook and Google between 2013 and 2015.

He’s now in jail, but during his trial, Rimasauskas admitted that he was guilty of several crimes including money laundering, wire fraud and identity theft. According to court records, Rimasauskas created a Latvian company called Quanta Computer Incorporated, which was the same name as a computer hardware company. He then opened several bank accounts in five different countries, which enabled him to keep the scheme up for so long.

How Did He Do It?

He basically used his skills to forge contracts, invoices and letters from existing companies, which he then submitted to banks for wire transfers. By doing things like spoofing email addresses and using the same name as a well-known hardware company, he was easily able to do this without being caught—at least for a couple of years. So, fake invoices along with phishing, and various forms of social engineering, made the victim companies think they were getting bills from a legitimate vendor. Once he got the money, he could distribute the cash to his other accounts, which was an attempt to cover his tracks.

Rimasauskas is certainly not the only person out there trying these schemes. Fake invoices are not at all a new scam. Criminals bombard businesses every day with invoices for products and services they’ve never consumed, and when accounts receivable receives an invoice and demand for payment, they often just write a check or wire the money.

The Internet Crime Complaint Center, which is part of the FBI, has said that these schemes have cost organizations more than three billion dollars in a little over three years. This was a whopping 1,300% increase when compared to the previous years. Before any invoice is ever paid, there needs to be an inquiry into the source of the invoice, a discussion of who the vendor is and if a payment is actually due.

The Maximum Jail Sentence Is…Since Rimasauskas plead guilty, there is no doubt that he is heading to jail for a longtime, and he faces a max sentence of 30 years. He has also agreed to pay back almost $50 million, which is the amount that the U.S. government was able to track as well as the amount listed in the indictment for the wire fraud charge that he faced.

If he is found guilty of every charge, he could see as much as three decades in prison. What about the companies that have been victims of Rimasauskas? According to reports, the money has been recouped, at least in the case of Google. Facebook and other companies have not yet shared if the money Rimasauskas took has been taken back.

There is so much more to this, and, while I can’t solve all the world’s problems, I can at least make you cyber-security smarter and digitally literate. Take a look at our eLearning Courses and our S.A.F.E. Certification.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Woman Chained Like a Dog, Man Killed

Back in August, 2016, Kala Brown and Charles Carver arrived to a 100-acre property in South Carolina for a cleaning job. Charles Carver never made it off the property, and Kala Brown spent more than two months in a metal shipping container, allegedly held captive by Todd Christopher Kohlhepp.

10DIn November of 2016, detectives were searching the property of Kohlhepp when they heard banging coming from the inside of a shipping container. When they opened it, they found Brown chained “like a dog.” According to Brown, she saw Kohlhepp shoot Carver, killing him, and then he took her hostage, chaining and locking her inside of the crate.

Carver’s body was found on the property, and Kohlhepp is suspected of being involved with six more murders.

Brown described her captivity as “hard,” and she said she remained chained for the duration of it. She also says that he did let her walk around a bit, and he fed her one time each day. She was finally found when authorities were searching the property after she was reported missing. Her cell phone was pinging on the property, but it took about two weeks before they could get a search warrant.

Police reported that they had no indication that there was foul play when they began searching. The cargo container was located on the middle of the property next to a garage. After finding the body of Carver, the investigators brought in cadaver dogs to search the property. Additionally, ATV’s, backhoes, and even a helicopter circled the property. The cadaver dogs picked up some scents, and the excavation of the property, began. The investigation found two more bodies, that of Meagan McCraw-Coxie and Johnny Coxie, who had gone missing in 2015.

Since his arrest, Kohlhepp has admitted to killing seven people in total.

Public records show that Kohlhepp is both a licensed pilot and real estate agent. He does, however, also have a record. As a teen in Arizona, he was convicted of kidnapping and crimes against children, and he spent some time in prison for these crimes. He is also on the sex offender registry in South Carolina. This is due to a kidnapping in 1986, which coincides with the incident in Arizona. In total, Kohlhepp served 14 years in prison. According to sources, Kohlhepp kidnapped a girl, aged 14, took her to his home, bound her with duct tape and raped her. He was released in 2001.

As is the case with many serial killers, most people who knew Kohlhepp were shocked by these allegations. One real estate agent that worked with Kohlhepp said that she had known him for a decade, and they had met in college. They had even been study partners for a statistics course. She was in disbelief when she heard that he had admitted the murders.

She also said that most people in the area knew that he was a registered sex offender. However, he told people that it was due to exaggerated charges after he and a girl had gone joyriding and the girl’s father, who was a local official, became angry.

Kohlhepp also had a second home in the area, and neighbors describe his as “private” but “pleasant.” He was also described as “a likable guy.”

All in all, Kohlhepp was charged with a total of seven counts of murder and two counts of kidnapping. He was also charged with three counts of possessing a weapon while committing a violent crime. The relatives of other victims will reportedly file wrongful death lawsuits against Kohlhepp, and Brown has said that she will file a civil lawsuit. Kohlhepp is due in court on January 17th.

Oh, and Jeffrey Lionel Dahmer, also known as the Milwaukee Cannibal, was an American serial killer and sex offender, who committed the rape, murder, and dismemberment of seventeen men and boys between 1978 and 1991. Apparently he was a likeable guy too.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Shred your Boarding Pass

Apparently there are people who take pictures of their airplane boarding pass…and post it online. I’m dead serious. I’ve heard of toddlers getting excited over scraps of paper, but full-grown adults posting images of their boarding pass online? Don’t get me started.

2DLet’s just only say that this is incredulously absurd. Like, who cares about your bleepity bleep boarding pass, right? OK, you got bumped up to First class. SAVE IT. Well wait a minute. Fraudsters care.

Fraudsters also care about the boarding pass that’s left intact in a rubbish can or lying on a seat somewhere.

Few travelers know that the bar code on the boarding pass MAY contain that individual’s home address, e-mail address, name and contact number. All a crook needs is this basic information (revealed via bar code reader off his cell phone!) to get the fraud ball rolling.

  • Keep your boarding pass out of everyone’s sight except the airport employee who requests it.
  • After you no longer need it, tear it up and flush it down a toilet.
  • When you arrive to your hotel, don’t bring it with you to your hotel room and leave it sitting out in full view. Shred and destroy it prior.  Putting it in the hotel room trash isn’t enough. Realize that when you’re not in the room, maids and other hotel employees can gain access—and I can’t say it enough: You just never know who has a bar code reader app.
  • And for Heaven’s sake, don’t post images of it online, if for no other reason, this makes you come across as less interesting than a doorknob. In fact, don’t even think of taking a picture minus the bar code. You just never know with today’s technology what a crook could get off an image online.

Man, if you still don’t believe me about any of this, check out these two very short but alarming videos. You’ll be flabbergasted at how much information about you a techy thief could get off of your boarding pass! “If a hacker can find it, he can find YOU!”

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.