[Master "Scams" Thread] The SCAM Report [merged threads]

[Family 3,988]

 

AT&T account customers :

What’s at risk

Hackers did not get any names, addresses or Social Security numbers. What they did get is metadata — call logs that contain a record of every number AT&T customers called or texted (including customers of other wireless networks), the number of times they interacted and the call duration.

A cybercriminal could now identify relationships among phone numbers, a useful data point for hackers trying to make their scams more believable.

 

For example, a hacker could see that a customer is in constant contact with a big bank’s line and could send a phishing attempt posing as the bank.

The hacker could text the customer saying, “This is Bank of America. We have some suspicious activity on your account. Click this link to review the charges, or call this number,” said John Dwyer, director of security research at Binary Defense, a cybersecurity solutions firm.

 

Or the hacker could pose as someone the customer has a personal relationship with, like a friend or family member. The age of artificial intelligence makes this even more pressing, according to Collin Walke, cybersecurity and data privacy partner at Hall Estill.

“Once they know who you’ve been communicating with, it allows deep fakes and those sorts of hacks to occur much easier,” Walke said.

 

https://www.cnn.com/2024/07/12/business/att-customers-data-breach-protection/index.html

[Family 3,988]

19 hours ago, Ban Hammer said:

which the hackers will be quick to send out bogus text messages and emails about..............

I have been getting a barrage of those…all pretty near perfect in English  and utilizing pertinent personal info. Ex: I have USPS informed delivery, recently went on an emergency trip , so I got texts /emails w tracking and action required for my “parcel has cleared customs “….

[Family 3,988]

Elon Musk’s X deceives users and breaches online content rules, EU says

 

KEY POINTS

• The European Commission’s preliminary view, published Friday, is that X has broken rules regarding dark patterns, advertising transparency and data access for researchers.
• If the commission’s views are confirmed, X could face a fine of up to 6% of its global annual revenue.
• It comes as the EU clamps down hard on tech giants like Google and Meta.

The European Commission on Friday accused Elon Musk’s X of deceiving users and infringing digital content rules, putting the social media giant at risk of a hefty fine.

The commission, which is the European Union’s executive arm, started an investigation last year to assess whether X is in breach of the Digital Services Act (DSA) — a piece of landscape legislation requiring Big Tech firms to better police the content on their platforms.

 

The body’s preliminary view, published Friday, is that X has broken rules regarding dark patterns, advertising transparency and data access for researchers. So-called dark patterns are deceptive tactics designed to push people toward certain products and services.

 

X’s use of the blue checkmark for verified accounts does not correspond to industry practices, the commission said, as anyone can subscribe and obtain a verified status. It added that there was evidence of “motivated malicious actors” abusing the verified status to deceive users.

The commission also accused X of putting in place design features and barriers that hinder advertising transparency, and said it fails to allow researchers to access its public data, as is required by the DSA.

 

https://www.cnbc.com/2024/07/12/elon-musks-x-deceives-users-and-breaches-eu-online-content-rules-regulator-says.html

[Family 3,988]

 

[Family 3,988]

CDK cyberattack expected to cost car dealers more than $1 billion, Michigan study says

 

A cyberattack on Chicago-based dealership software provider CDK Global that began June 19 forced CDK to shut down most of its systems across the country for its dealership customers until July 5. It left about half of the nation's car dealerships struggling to operate, forcing some to return to the days of pen-and-paper. According to Bloomberg, the group that orchestrated the attack demanded tens of millions of dollars in ransom to end it.

 

The result of the attack led J.D. Power and GlobalData to forecast late last month that U.S. retail sales in June across all automakers will be about 5.4% lower than they were in June 2023.

Based on June sales results, Anderson Economic Group on Monday issued a revised estimate to its June 28 estimate, which was a prediction that dealers would experience $944 million in losses. The group now estimates that total direct losses to car dealers in the three calendar weeks of the cyberattack actually reached $1.02 billion.

 

https://www.freep.com/story/money/cars/2024/07/15/cdk-cyberattack-cost-car-dealerships/74408247007/

 

The massive car dealership cyberattack has ended with a $25 million ransom

CDK Global reportedly paid the ransom in Bitcoin so there could be no trace

https://qz.com/cdk-global-cyberattack-million-dollar-ransom-1851593508

Edited July 18 by Family

[Family 3,988]

Chelsea Man Pleads Guilty to Selling Fake Social Security Cards and Green Cards

BOSTON – A Chelsea man pleaded guilty yesterday to selling fraudulent Social Security cards and Legal Permanent Resident cards, often referred to as “Green Cards.”  

 

Wilberto Sandoval Mazariego, 40, pleaded guilty to one count of unlawful transfer of a document or authentication feature. U.S. District Court Judge Allison D. Burroughs scheduled sentencing for Oct. 3, 2024. In October 2023, Sandoval Mazariego was arrested and charged by criminal complaint. Sandoval Mazariego was later indicted by a federal grand jury in October 2023.

During an investigation into Tomas Xirum for selling fraudulent Green Cards and fraudulent Social Security cards, law enforcement allegedly identified Sandoval Mazariego as the creator of the fraudulent documents Xirum was selling. Following Xirum’s arrest in August 2022, law enforcement found a text message string between Xirum and Sandoval Mazariego that contained approximately 568 attachments. Xirum would regularly text Sandoval Mazariego pictures of unknown persons along with a name, date of birth and country of birth – to which Sandoval Mazariego would later respond with pictures of Social Security cards and/or Green Cards with the person’s photo and information that Xirum provided.

 

On Aug. 17, 2023, Sandoval Mazariego sold a fraudulent Green Card and a fraudulent Social Security card to an undercover agent. 

 

On Oct 3, 2023, Sandoval Mazariego was arrested after leaving his Chelsea residence. During a search of his residence, all items necessary to produce counterfeit forms of identification were found, including two laminators, card stock paper, photo paper, glue, trimmers and printers.  Also recovered were nine Legal Permanent Resident cards, six Social Security cards and five driver’s licenses. Five of the recovered Social Security cards contained the names provided by the undercover agent to Sandoval Mazariego as part of the investigation. A total of $17,095 in cash was also recovered from the residence.  

On Aug. 21, 2023, Xirum pleaded guilty to three counts of unlawful transfer of document or authentication feature and three counts of unlawful production of document or authentication feature. In January 2024, Xirum was sentenced to 18 months in prison.

https://www.justice.gov/usao-ma/pr/chelsea-man-pleads-guilty-selling-fake-social-security-cards-and-green-cards

 

[Family 3,988]

 

[Nature Boy 2.0 8,370]

Interesting thread 

[Family 3,988]

A federal grand jury charged the following defendants in a 22-count indictment that was returned on May 23 and was unsealed May 31:

• Yang Song, 40, of Corona, the alleged ringleader.
• Junwei Jiang, 37, of East Los Angeles.
• Zhengxuan Hu, 26, of Alhambra.
• Yushan Lin, 30, of Corona.
• Shuyi Xing, 34, of Corona.

All the defendants are charged with one count of conspiracy to commit wire fraud and mail fraud, one count of aggravated identity theft, seven counts of wire fraud, 12 counts of mail fraud, and one count of conspiracy to traffic in counterfeit goods. They were arrested May 30 and were arraigned May 31 in U.S. District Court in downtown Los Angeles.

 

According to the indictment, from at least December 2015 to March 2024, Song and Jiang coordinated with co-conspirators in China to ship counterfeit Apple iPhones, iPads and other devices to them and other U.S.-based co-conspirators. The counterfeit Apple devices shipped to Song, Jiang, and others in the U.S. were designed to look like genuine Apple devices and included identification numbers matching the numbers on real Apple products that had been sold in North America, were owned by real people, and were under warranty through Apple’s manufacturer warranty and AppleCare+, Apple’s extended warranty program.

 

The defendants allegedly fraudulently returned the counterfeit iPhones, iPads and other devices to Apple as if they were genuine and had been legitimately purchased, were eligible for Apple’s warranty programs, and they were the lawful possessors of the Apple devices. The real identification numbers and serial numbers on the counterfeit devices were designed to impersonate the real Apple devices owned by real people throughout the United States, which defrauded Apple’s warranty programs and potentially deprived the Apple devices’ lawful owners of the warranty benefits to which they were entitled.

 

The defendants allegedly knowingly and fraudulently represented that the counterfeit Apple devices they returned were genuine but were broken or non-operational and were covered by the company’s warranty programs. Some of the false reasons given to Apple store employees were because the devices purportedly would not power on, were physically damaged, or had other defects. As part of the scheme, the defendants allegedly visited multiple Apple stores throughout Southern California, including in Beverly Hills, Sherman Oaks, Pasadena, Irvine, Northridge, Manhattan Beach, Brea, Rancho Cucamonga, Cerritos and at shopping malls such as The Grove in Los Angeles, South Coast Plaza in Costa Mesa, Fashion Island in Newport Beach, and The Americana at Brand in Glendale. In many cases, they visited as many as 10 different Apple stores in a single day.

 

Once at the Apple stores, Apple employees then either replaced or repaired the counterfeit Apple device with a genuine Apple device in the same visit or, on other occasions, took the defendants’ counterfeit devices and shipped them to a repair center. Apple then shipped to the defendants a genuine replacement Apple device or a repaired device to either an Apple store, where the defendants returned to pick up the new device or at the dozens of mailboxes that the defendants allegedly rented across Southern California.

 

As part of the scheme, the defendants allegedly took multiple steps to disguise their identities and hide their fraud over the years. For example, they allegedly rented dozens of mailboxes at UPS stores across Southern California for use in the scheme, including to receive counterfeit devices from China and receive genuine replacement devices from Apple. They allegedly also misspelled the mailing addresses they provided to Apple and added or removed extra characters to the mailing addresses, to disguise the fact that they were processing numerous fraudulent returns of Apple devices. Other times, they allegedly used aliases to make appointments at Apple stores to process their fraudulent returns of devices.

 

After successfully returning the counterfeit Apple devices for genuine ones, the defendants allegedly shipped the genuine devices to co-conspirators both in the United States and abroad, primarily in China, where the genuine Apple devices were resold at a substantial profit.

 

In total, the defendants fraudulently returned and attempted to return more than 16,000 counterfeit Apple devices, causing Apple at least $12.3 million in losses.

 

https://www.dhs.gov/hsi/news/2024/06/03/chinese-nationals-arrested-alleged-123-million-fraud-involving-counterfeit-devices

[Family 3,988]

Fifteen Southern California residents charged in alleged auto insurance fraud ring

Stolen CHP reports, vehicles held hostage and collusive collision on video discovered by task force

 

SAN BERNARDINO, Calif. — The Inland Empire Automobile Insurance Task Force arrested 12 Southern California residents yesterday after an investigation found they allegedly conspired together to create fraudulent insurance claims to illegally collect over $350,000. The investigation discovered the large-scale organized auto insurance fraud ring was engaged in multiple types of schemes including holding vehicles hostage and collusive collisions. Three additional residents have been charged for their alleged involvement in the organized ring.

 

The Inland Empire Automobile Insurance Task Force began its investigation in November 2022 after they found out a California Highway Patrol (CHP) non-sworn employee, Rosa Isela Santistevan, 55, of Irvine, was unlawfully selling traffic collision report face pages, which contained personal information of people who had been involved in collisions throughout Southern California.

 

The investigating task force includes the California Department of Insurance, California Highway Patrol, San Bernardino County District Attorney’s Office, and the Riverside County District Attorney’s Office.

After the task force served numerous search warrants they seized over 3,500 CHP traffic collision report face pages from the residence of Esmeralda Parga, 26, of Pomona, who the task force determined was connected to Santistevan through the organized ring’s ringleader, Andre Angelo Reyes, 36, of Corona. The conspiracy began after Reyes befriended Santistevan and other CHP employees by donating to various CHP events and parties. Santistevan printed and unlawfully sold thousands of traffic collision face pages to Reyes who would then provide the reports to E. Parga. E. Parga would then contact the parties involved in the collision, pretending to be from their insurance company and coordinate having their vehicle towed to a repair center that they misrepresented as approved by the insurance company.

 

Unbeknownst to the victims, E. Parga did not represent the insurance company and was stealing the victims’ vehicles. Reyes and E. Parga would then dispatch tow trucks, whose drivers cooperated in the scheme and would pick up the vehicles and tow them to CA Collision, owned by Anthony Gomez, 35, of Jurupa Valley. Once the vehicles were at CA Collision, CA Collision would hold the vehicle hostage and demand cash payment from the insurance companies to have the vehicles released.

 

During the numerous search warrants, additional evidence was obtained showing the alleged ring was engaged in other types of insurance fraud schemes, including collusive collisions. One of those collisions was recorded by a defendant and discovered on the defendant’s phone during a search warrant. The video depicts the defendants intentionally crashing a BMW sedan into a Polaris Slingshot. The defendants then claimed two separate crashes occurring on the freeway. Reyes was also involved in this scheme along with four other conspirators.

 

This investigation resulted in 15 suspects being charged with insurance fraud, grand theft by trick, and false impersonation. The charges involved 19 fraudulent claims resulting in a loss of $353,035. Twelve of the 15 suspects were arrested yesterday.

The San Bernardino County District Attorney’s Office is prosecuting this case. The San Bernardino County Auto Theft Task Force assisted in obtaining evidence, and executing search and arrest warrants for this case.

Defendants include:

https://www.insurance.ca.gov/0400-news/0100-press-releases/2024/release016-2024.cfm

[Family 3,988]

British engineering giant Arup revealed as $25 million deepfake scam victim

 

Hong KongCNN — 

A British multinational design and engineering company behind world-famous buildings such as the Sydney Opera House has confirmed that it was the target of a deepfake scam that led to one of its Hong Kong employees paying out $25 million to fraudsters.

A spokesperson for London-based Arup told CNN on Friday that it notified Hong Kong police in January about the fraud incident, and confirmed that fake voices and images were used.

 

Hong Kong police said in February that during the elaborate scam the employee, a finance worker, was duped into attending a video call with people he believed were the chief financial officer and other members of staff, but all of whom turned out to be deepfake re-creations.

 

According to police, the worker had initially suspected he had received a phishing email from the company’s UK office, as it specified the need for a secret transaction to be carried out. However, the worker put aside his doubts after the video call because other people in attendance had looked and sounded just like colleagues he recognized.

 

He subsequently agreed to send a total of 200 million Hong Kong dollars — about $25.6 million. The amount was sent across 15 transactions, Hong Kong public broadcaster RTHK reported, citing police.

“Deepfake” normally refers to fake videos that have been created using artificial intelligence (AI) and look extremely realistic.

 

https://www.cnn.com/2024/05/16/tech/arup-deepfake-scam-loss-hong-kong-intl-hnk/index.html

[TBoneTX 45,260]

8 hours ago, Family said:

the worker put aside his doubts after the video call because other people in attendance had looked and sounded just like colleagues he recognized

Poor guy.  He probably acted in good faith.

This situation is going to become more prevalent, unfortunately.

[Family 3,988]

1 hour ago, TBoneTX said:

Poor guy.  He probably acted in good faith.

This situation is going to become more prevalent, unfortunately.

Just imagine getting a FaceTime call with deepfake of a spouse, child or friend . Guess we need to practice code words…Pineapple ?!

 

 

 

..in Shanxi province this year involving a female financial employee, who was tricked into transferring 1.86 million yuan ($262,000) to a fraudster’s account after a video call with a deepfake of her boss. 
 

Broader implications 

In addition to direct attacks, companies are increasingly worried about other ways deepfake photos, videos or speeches of their higher-ups could be used in malicious ways, cybersecurity experts say.

According to Jason Hogg, cybersecurity expert and executive-in-residence at Great Hill Partners, deepfakes of high-ranking company members can be used to spread fake news to manipulate stock prices, defame a company’s brand and sales, and spread other harmful disinformation. 
 

“That’s just scratching the surface,” said Hogg, who formerly served as an FBI Special Agent. 

He highlighted that generative AI is able to create deepfakes based on a trove of digital information such as publicly available content hosted on social media and other media platforms. 

 

Deepfake technology has already become widespread outside the corporate world.

From fake pornographic images to manipulated videos promoting cookware, celebrities like Taylor Swift have fallen victim to deepfake technology. Deepfakes of politicians have also been rampant.

Meanwhile, some scammers have made deepfakes of individuals’ family members and friends in attempts to fool them out of money.

According to Hogg, the broader issues will accelerate and get worse for a period of time as cybercrime prevention requires thoughtful analysis in order to develop systems, practices, and controls to defend against new technologies. 

However, the cybersecurity experts told CNBC that firms can bolster defenses to AI-powered threats through improved staff education, cybersecurity testing, and requiring code words and multiple layers of approvals for all transactions — something that could have prevented cases such as Arup’s

https://www.cnbc.com/2024/05/28/deepfake-scams-have-looted-millions-experts-warn-it-could-get-worse.html

[TBoneTX 45,260]

16 minutes ago, Family said:

Just imagine getting a FaceTime call with deepfake of a spouse, child or friend . Guess we need to practice code words…

Absolutely right.  It will be important to protect the code words from anyone who could learn and steal them.

[Family 3,988]

Investigations of College Admissions and Testing Bribery Scheme

 

Dozens of individuals involved in a nationwide conspiracy that facilitated cheating on college entrance exams and the admission of students to elite universities as purported athletic recruits were arrested by federal agents in multiple states and charged in documents unsealed on March 12, 2019, in federal court in Boston. Athletic coaches from Yale, Stanford, USC, Wake Forest and Georgetown, among others, are implicated, as well as parents and exam administrators. 

 

Individuals who have questions or inquiries about this case may send an email to the following address:  USAMA.VictimAssistance@usdoj.gov

 

Below is a list of the defendants. The charging documents are attached at the bottom of this page.

 

https://www.justice.gov/usao-ma/investigations-college-admissions-and-testing-bribery-scheme