Kim was bored one day and received a phishing scam message on LinkedIn and decided to play it through and see what happens.

This is what happened and it shows the preparation involved in some scams.

Dear Kim,

Thanks for accepting my connection in Linkedin and i will formally introduce myself to you. I am Mrs Sarah Catherine LEGG, Non-executive Director at the Hang Seng Bank Plc. I am contacting you concerning an abandoned sum of $22,500,000.00 USD. In June 2003, A customer called Richard Kim a foreign contractor with Royal Dutch Plc came to our bank for business discussions and investment, As the officer in charge of his transaction then, I encouraged him to consider various growth of funds with prime ratings. Then he invested Nineteen Million Five Hundred Thousand United State Dollars only. Based on my advice, we were able to spin the initial deposit with profit and interest to 22.5 million U.S Dollars. Unfortunately, my client died in a car crash and he died without leaving a Will.

Our dear client died with no known or identifiable family member. After failing to receive viable claims and at the expiration of ten years the funds will revert to the ownership of the Hong Kong Government.

Now, I am prepared to give the necessary details to you as the closest surviving relation of our deceased customer (Richard Kim). I am also proposing that after a successful execution of the business deal, the funds will be shared in the ratio 40/60. You will get 40% and I will be entitled to 60% as the initiator of the deal. You know that I must have done my home work already before contacting you. I will tidy up the legal aspect with the assistance of a lawyer who will prepare all the documents that will be needed to transfer the money from Hong Kong to your country. If you give me positive signals, I will initiate this process towards a conclusion. I wish to inform you that should you not contact me via official channels because our calls are being monitored at the bank

Mrs Sarah Catherine LEGG           

Kim replied : It’s an interesting deal. Please explain more details of the deal.

=======================================================

The scammer then provided more detailed information about how the transaction would take place. 

Kim replied : Thanks for your intriguing proposal in advance. I think this is a fantastic deal ever I have. It’s like a Hollywood movie story and much better than lottery.

=======================================================

Then the scammer asked for proof of identity and for Kim to send some documents by email to Mr James Walter at  Lloyds Bank but the email address is clearly fake- (This email address is being protected from spambots. You need JavaScript enabled to view it.)

Kim forwarded the documents as instructed and an apparent date of birth, address etc.  etc. as requested.

=======================================================

She received a reply from “Lloyds”

On behalf of myself and the bank, accept our deepest condolences. We have received a formal approval from the deceased personal account officer verifying you as the legal next of kin. We have initiated the process of

funds transfer as stated in your application. We are ready to release the reference account to you as the legal next of kin of Engr. Richard Kim. The reference account has quite a huge closing balance with a high interests gained over a period of time. It was initially difficult locating the account because it has not been operated for a while but this account remains valid.

Our policy requires you provide the following documents stated below to enable us assist you wire the funds to your designated bank account which will take 24 hours for the funds to reflect.

The required documents are:

1: Police Report of Mr. Richard Kim

2: Sworn Affidavit of truth and claims

3: Death certificate of Mr. Richard Kim

4: Power of Attorney/Administration Letter

Upon receipt of these documents, we will then legally transfer amount & account’s backup file to you. Expecting your quick response to serve you better.

Yours in service,

Mr. James Walter

Head of accounts (GLD)

Kim  replied to scammer (role of sarah):

Please send me those documents that Walter listed.

=====================================================

Then she got a reply about a lawyer named HAMMED KAZIM .

Kim replied to scammer(role of Hammed Kazim):

My relative died in untimely, I am the only his next of kin.

I’m contacting you for the release of legal documents as below.

(list of documents)

 Please let me know the cost of this process, I hope you to work on it very speedy.

=======================================================

The scammer (role of Hammed Kazim) replied:

Find below our Retainer Agreement, we should be able to get you all 4 documents within two working days to enable you secure the release of your unclaimed proceeds in Lloyds Bank.

Sincerely,

Abdul Sameera

www.hammedkazim-lawfirm.com

HAMMED KAZIM LAW FIRM

Then they mentioned a barrister from the same law from who could represent him in court to process the legal documents from the high court of law.

=======================================================

 Then comes the first mention of money. They want £3,450, with a down payment of £700, to cover legal fees.

At this point Kim switches to the offensive and tells them that as they retained the legal firm it’s their duty to pay the retainer fee of £700.

Emails fly back and forwards and eventually the scammer gives up as it is clear she won’t get any money from Kim.

There is a lot of detail involved in this scam with numerous template letters, multiple characters involved, various companies etc.  The scammers have honed the process and clearly understand the process of building confidence in the victim (and greed) to the point where the victim willingly hands over a lot of money.

These scams rely on the victim’s greed – don’t be caught out.

 

Original story at https://okebari.wordpress.com

If you have any experiences with scammers, spammers or time-wasters do let me know – go to the About page then Contact Us.

Moved by the heart-breaking tale of a woman who lost more than £12,000 in a fake romance online, Daily Post Reporter Amelia Shaw decided to see how easy it was for the con artists to find their prey

This woman (the victim of the scam) was still grieving the sudden loss of her beloved husband, had fallen in love with a man she thought was a senior ranking member of the United States Army. Over the course of six months, the scammer convinced the woman to send him more than £12,000 by telling her he needed money for his son’s medical bills.

It set Amelia thinking - how easy is it for these scammers to find vulnerable women online, and how easy would it be for her to pose as one?

It took around 20 minutes to create a fake persona - 60 year old Audrey Davies on Facebook.  Just a few clicks and her character was live. The fake story is that Audrey is from London, her husband passed away three years ago, and she recently retired having sold her very successful laundry business. That was all the information there was to see.

For scammers, Amelia  was the perfect victim - single, grieving the loss of her husband and sitting on millions.

It took just two days for someone claiming to be ‘Harley Peters’ to find Amelia.

He struck up a conversation with Amelia on August 23 and told Amelia he was a 58 year old Veterinary Doctor from Brooklyn, New York and was currently working in Malaysia looking after chickens with bird flu. The picture he claimed was on himself was almost certainly taken from someone who had no idea their image was being used. And photographs he sent claiming to show the places in which he was working were easily traceable as being stock images when Amelia put them through a reverse image search on Google.

It took just two hours for him to start asking Amelia personal questions - what did you do with the money from selling your business? Do you have a big house and car?

He told Amelia he was a very jealous person and he didn’t want Amelia talking to any other men online.

Amelia contacted Vic Grout, a computing professor at Wrexham Glyndŵr University who had been researching scammers, to see if he could shed more light on why these scammers do what they do.

He told Amelia that the problem was largely psychological and not technological - technology was just the vehicle used by the scammers.

 “They are certainly very clever and skilled,” Vic said, “they target vulnerable people and manipulate them when they are at their weakest. They use emotional blackmail and time constraints to put their victims under pressure.”

Amelia witnessed this first hand just two days after Harley began speaking to her.

He sent Amelia a picture of a bloodied and bandaged hand and told Amelia he was in hospital. He’d been attacked by Indian gangsters who stole his phone and wallet when he was on his way to the cash point to withdraw money to send to China for the medication for his poultry.

He no longer had his ATM card so could not pay for his medical bills - he needed her help.

He asked Amelia to send £3,765 immediately so that he could get out of the hospital and come to London.

Just 48 hours in and he was already asking Amelia for money - unbelievable. Of course it was accompanied by his promise of love and marriage, but only if Amelia got the funds to him quickly.

He begged Amelia - “please darling, please help me, my dear Audrey” - and sent Amelia pictures of his fake children, saying they wanted Amelia to be their “new mummy”.

 

By August 31st he was sending all sorts of bank account details under different names, claiming they were the details of the nurses looking after him.

He told Amelia if he didn’t have his money by Friday he would be sent to prison.

It was time to come clean - Amelia told him she was a journalist investigating online romance scams, and just as quickly as he appeared, Harley was gone.

Sadly, Harley Peters wasn’t the only person who saw Amelia as fair game. Another man appeared, named Jones Paull who also claimed to be in the US Army. The problem with scammers using the identities of US Army officers is so great that the Army CID have issued a warning to Facebook users.

Whether the law will ever catch up with ‘Harley Peters’ is unknown, but Amelia does know that at least for a brief time she stopped him preying on someone who may have believed his lies.

[Source: http://www.dailypost.co.uk/news/north-wales-news/how-daily-post-scammed-facebook-11835901 ]

Do not put your trust in people you don’t actually know – many are genuine of course but some are practised liars who will tell you whatever you need to hear in order to get money from you.  

If you have any experiences with scammers, spammers or time-wasters do let me know – go to the About page then Contact Us.

A French security blogger named Ivan Kwiatkowski was incensed when scammers tried to scam his parents, by pretending to be Microsoft, helping them sort out virus problems.

Ivan’s story:-

A few days ago, I received a panicked call from my parents who had somehow managed to land on a web page claiming they had been infected by a virus called Zeus and needed to call a support line for help.

First call:

Ivan decided he would give them a call. A lady named Patricia answered. Ivan told her that  he was a businessman and that time was of the essence. Patricia guided Ivan through the steps needed to download remote-assistance software and take control of the PC.

 

She then blatantly typed in information and tried to make it look as if the computer was displaying the message. It said "1452 virus found”.

 

After a lot of messing about, she reached the conclusion that the computer had been infected  and needed to be cleaned up. She encourages Ivan to buy package software  - either ANTI SPY or ANTI TROJAN, for $189.90.

 

"Look! In the terminal! 1452 viruses found!

Ivan agrees to buy the software and says he’ll buy it in Paris. End of conversation.

 

Second call:

Ivan assumed that Patricia must have been a trainee scammer. He waited half an hour or so and called again. This time Dileep answered and went through the whole procedure again.

Dileep seemed much more familiar with his script, and he added some nice details such as showing Ivan that the machine has a lot of stopped services which is "totally not normal". [Oh yes it is!]

Dileep then tells Ivan he has cleaned out the viruses without charge but he recommends that Ivan purchase a Tech Protection subscription (safety from viruses) for €299.99.

Ivan agreed to purchase this package and found a test credit card number.

For obvious reasons, the payment was rejected and Ivan and Dileep tried again four or five times. In the end, Ivan suggested using a second credit card and give him another random yet valid number. Dileep makes Ivan repeat both payment details at least ten times and Ivan play dumb. Dileep calls his superior in the hopes of figuring out why the payment isn't going through.

Result

Now as part of his job, Ivan was working on j.locky ransomware and had a copy on another PC. J.Locky is a nasty pieces of software - once it infects a machine, it encrypts all of the data then demands a payment to provide the encryption unlock key.

The remote-assistance client Ivan had installed at the request of the scammers has a feature allowing him to send files to the operator. He uploaded photos of the credit card complete with J.Locky infection and tells Dileep what he’s done so that Dileep can enter the numbers himself.  

Dileep said nothing for a short while, and then admits nothing seems to be happening.

Ivan struggled not to burst out laughing as he knew that the J. Locky infection would be busy encrypting the scammers data files and would then demand a ransom to release them. Couldn’t happen to a more deserving guy.

Eventually, Dileep gives up, suggesting that Ivan contacts his bank

Conclusion

We don’t all have the technical expertise that Ivan has, but you can still keep the scammers occupied and the more of their time you waste – the fewer people they can scam.

 

If you have any experiences with scammers, spammers or time-wasters do let me know – go to the About page then Contact Us.

Click here to listen to US Government Takes Down PCCare247 Scammers podcast

The US government set up a sting operation to gather evidence against a company called PCCare247 which was defrauding people.

The SCAM

This is a variant on the classic windows support engineer scam.

A cold caller tells you your PC has a virus, says he can prove it then offers to fix it for several hundred dollars (or equivalent  in the local currency).

This variant is that PCCare247 advertised heavily that they help people sort out PC issues, but when someone called, then PCCare247 would find faults that didn’t exist and charge a lot of money to rectify the non-existent problems.

The STING

 Agent  Sheryl Novick contacted  PCCare247. They are based in India but had built a lucrative business advertising over the Internet to Americans, encouraging them to call for technical support.

“I saw some sort of pop-up and I don’t know if there’s a problem,” she told a PCCare247 tech named Yakeen. He offered to check the “management part” of her computer for possible problems.  All he needed to run his test was total control of Novick's Windows computer.

She agreed, downloading and installing a remote access tool. Then Yakeen took control of Novick’s computer  and opened a program called Event Viewer.

Event Viewer always shows lots of errors but they are trivial and should be ignored.

Yakeen showed Novick a series of bright red warning messages in her Event Viewer logs.

 “It has 30 errors,” he told her.

“Your computer is hacked by someone,” he said. “They are using your name and your ID, your computer to do some cyber fraud and cyber terrorism.”

This was a brazen lie; forensic examination would later conclude that the single connection displayed  was in fact the remote access tool that Yakeen was using at that moment to control Novick’s machine.

To complete his examination, Yakeen then told Novick that he would scan her computer for viruses. To do so, he ran a command called “tree.” Filenames immediately filled the screen, scrolling away in a blur as hundreds of new names took their place. When the list stopped moving, the command prompt read:

C:\509 virus found

The REALITY

The situation sounded bad—unless you knew that the tree command used by Yakeen has nothing to do with viruses. It merely lists all files within a directory and Yakeen had simply typed the 509 virus found message hoping that Novick would believe it  to be output from the “virus scanner.”

Yakeen promised that he could “remove all the hackers, remove all the errors and 509 virus from the computer and recover all the data?”

All Novick needed was $400.

After some negotiation, Novick agreed to a smaller charge and provided her credit card.

What Yakeen didn’t know was that Novick was actually a Federal Trade Commission (FTC) investigator and she had recorded the entire encounter, which had been conducted using a clean PC located within an FTC lab.

The TAKE-DOWN

 After the call, the FTC sent Civil Investigative Demands—requests for information—to just about every US company that had done any sort of business with PCCare247: banks, credit card processors, domain registrars, telephone companies, Facebook, Google, and Microsoft. In October 2012, agency lawyers had assembled their case into a 15-page complaint against PCCare247 and its owner, Vikas Agrawal .

 “The Defendants operate a massive scheme that tricks consumers into spending approximately $139-$360 to fix non-existent problems with their computers,” the complaint alleged.

Those fees added up to serious revenue for PCCare247. In just one year, $4 million had been deposited in the two main PCCare247 bank accounts—and that was just from US residents.

The company used this cash to build more business, spending more than $1 million on Google adverts.

But PCCare247 went further, taking out ads on search terms like “mcafee phone number usa,” “norton customer service,” and “dell number for help.” The ads themselves said things like “McAfee Support - Call +1-855-…]” and pointed to domains like mcafee-support.pccare247.com. As numerous complaints attest, less savvy computer users searching the Internet for specific tech support phone numbers would see PCCare247’s number near the top of their screens and assume that this was an official line.

It wasn’t difficult for the FTC to obtain a temporary restraining order  against PCCare247, an order that made it all but impossible to do business in the US. Most of the company’s cash had already been transferred to Indian banks, but the TRO did shut down the company’s domain name, local phone numbers, and credit card processing. New money would not be flowing.

The FTC litigation has effectively shut down the PCCare247 business,” the company complained to the federal judge overseeing its case. It admitted to “some improper conduct” but attributed this only to “some overzealous sales personnel who crossed the line” and said that “they will be dismissed or retrained.”

 

One less scam operator – at least in America.

Articles on Fightback

Comments