True Crime Thursday – Cybercrime Then and Now

Public domain

by Debbie Burke

@burke_writer

Cybercrime continues to expand globally with costs estimated to reach more than $10 trillion. That’s trillion with a T.

At the turn of this century, cyberattacks affected relatively few individuals. From 2001 to 2017, statistical charts showed a gradual increase. Between 2018 and 2020, cybercrime numbers shot up like a rocket. Since then, the rise maintains a nearly vertical trajectory.

Take a look at this chart by Statistica.com.

According to Keepnetlabs.com, cyberattacks occur every 39 seconds, with ransomware incidents happening every 11 seconds.

I first wrote about cybercrime, hackers, and deepfakes back in 2019, imagining how AI could be misused in the future. Early on, attacks were often pranks, like that naked guy who crashes a Zoom meeting.

During Covid, people were stuck home with nothing to do. Idle hands are the devil’s workshop. Cybercrime blossomed into a major industry. Since then, with AI advances, it’s exploded beyond all imagination. I’ve written about various forms here, here, and here.  

Here are four updates on cyberscams:

  1. Social media cloning continues to be a growing problem, according to attorney Steve Weisman who writes the great informational site, Scamicide.

Almost a decade ago, cloning happened to me on Facebook. I’d developed a small but loyal following on FB, including readers from all over the US, Canada, UK, Australia, and Japan. Then someone cloned my identity. At the time I didn’t even know what the term “cloning” meant.

Cloning is a process by which a bad actor takes over your social media handle, creates a new account using your same name, information, photo, etc. and pretends to be you. They usually send out new friend “requests” to your contacts. Anyone who accepts the request is now caught in the bad actor’s web.

My FB friends received strange messages supposedly from me. I learned about it after several emailed me, asking if I was in Spain and needed bail money. Uh, no. When I tried to access my account, it was blocked. Nor could I contact FB for help. A brilliant astrophysicist friend figured out what happened and contacted them on my behalf.

Many hours of work later, things were back to normal, with newly adjusted stringent privacy settings. But why did fixing the problem require help from a friend with a Harvard PhD?

Some months later, my account was cloned again. At that point, I decided if FB’s security was that lax, and reporting a problem was so difficult, I didn’t need the headaches. I closed my account, unfortunately losing contact with valued readers.

Back then, FB was reluctant to acknowledge the problem and made it nearly impossible to report. I figured maybe my case was an unusual occurrence.

Wrong.

Now, according to Steve, FB/Meta admits to “as many as 60 million phony cloned Facebook accounts including hundreds of its founder Mark Zuckerberg.”

Cloning happens across all social media platforms, and is especially pervasive when they’re interconnected with each other, like FB and Instagram. Criminals are happy to exploit any opportunity to reach thousands, if not millions, of people with a few clicks. Cloning is only one of many ways they victimize users of social media. That topic could fill up a whole ‘nother post.

2. Smishing scams – According to Steve Weisman’s new post, smishing is defined as:

…Text messages that lure you into clicking on links or providing personal information in response to a text message from what appears to be a trusted source, such as a company with which you do business.

Steve’s post says the FTC warns of a huge uptick in smishing that cost $470 million in the past year. Text messages often appear to come from Amazon, FedEx, USPS, Cash App, Netflix, banks, etc.

A new twist is: 

Making matters worse, scammers are able to use bots to send thousands of smishing text messages in a matter of seconds and while many phones have anti-spam filters to recognize repetitive text patterns used by scammers, scammers are able to use AI to create slight variations of their smishing text messages to avoid detection.

 

Every week, I receive smishing messages supposedly from my bank, warning of suspicious activity in my account. 

Phony messages from Fedex and the post office claim there’s a problem with a delivery and tell you to click on this link. Don’t do it!

And speaking of the post office…

3. Account hacking – Here’s a weird crime twist that recently happened to me.

For years, I’ve used usps.com to preprint and prepay postage for priority mail labels. During extended absences from home, I preprint labels for the friend who forwards first class mail to us once a week at a Florida address.

Around the 2024 holidays, our forwarded mail didn’t arrive in Florida. Tracking showed a circuitous route that ended with the vague message “in transit.” We visited the local Florida post office. The clerk said a bin of mail had gone missing. “It happens all the time. It’ll eventually turn up.”

How reassuring since our envelope contained bills that needed to be paid now.

After more trips to the post office, we learned the envelope had been “returned to sender” to our address in Montana.

What???

The mailing label was totally correct since it had been officially printed by the post office. So why wasn’t it delivered?

Meanwhile, our friend sent another batch of mail to Florida using another preprinted label. But when I checked tracking, it showed that envelope had been delivered to an address in Maryland.

What???

Back to the Florida post office. The same helpful clerk ran the tracking number through his computer. Yup, his also showed delivery to Maryland. Then he disappeared in the back processing room. Fifteen minutes later, he came out with our envelope. Even though tracking showed delivery to Maryland, here it was in Florida where it was supposed to be.

Something smelled fishy.

Since our friend in Montana still had several preprinted labels that had not been used, I checked the tracking numbers for those. Incredibly, all showed as already delivered to addresses around the country—New York, Georgia, California, etc.

What???

Back to the post office to show this evidence to the same long-suffering clerk (who was now our new best pal). He called fraud/security and dug deeper. After nearly an hour of research, he suspected someone had hacked into our usps.com account. He recommended changing the password, which I did.

Fortunately, no one had accessed the VISA card I used to pay for the postage.

The plot thickens.

Turns out this is a regular racket. Clever thieves hack into usps.com user accounts, and steal labels that have already been paid for but not yet used. They reprint the labels with the same tracking bar code but a different address. They then use those fraudulent labels to ship merchandise (usually stolen) to customers of their own shady businesses.

Selling stolen merchandise and shipping it with stolen postage equals zero expenses and 100% profit for crooked operators. Our post office pal gave the thieves a grudging compliment: “These guys are very good.”

A clear case of postal fraud, likely an inside job. Most of the bogus labels had been routed through the post office’s Bethesda, MD distribution center. If I were a detective, I’d start my investigation in Bethesda. Hint, hint.

Did fraud/security ever follow up? Dunno. Our PO pal never heard another word. Will anyone ever get caught or prosecuted? Unlikely.The advantage for cybercriminals is they are nearly impossible to track. 

4. Impersonation scams – For years, scammers have posed as government agencies and law enforcement. They contact victims by phone, email, text, or social media with bogus claims you owe fines and/or back taxes that must be paid immediately or else you’ll be arrested. But because they are such generous, caring folks, they’ll make your problem go away if you pay them with cryptocurrency, gift cards, wire transfers, or other untraceable funds. 

This morning, I received a public service announcement from the FBI warning of scammers who pose as representatives of the FBI’s Internet Crime Complaint Center (IC3) who claim they recovered money you’d been previously scammed out of. They will return that lost money to you…you guessed it…for a fee, payable by cryptocurrency, gift cards, wire transfers, or other untraceable funds. 

Yup, the cybercrime situation has gotten so out of control that the FBI’s IC3 division has to issue PSAs about their own department being impersonated. Talk about irony.

Back in 2000, we wondered IF we might ever be victims of this mysterious new method of crime.

Now it’s a certainty and the only question is WHEN? 

A sad fact of life in the 21st century.

~~~

Now that I’ve spoiled your day, it’s your turn, TKZers.

Share your personal experience with cybercrime. Any brilliant suggestions to block criminals? Do you have favorite security software?

~~~

Coming July 2025! Debbie Burke’s new writing craft guide:

The Villian’s Journey ~ How to Create Villains Readers Love to Hate

For more details, please click here. No, this link won’t ask for cryptocurrency, gift crads, or wire transfers!

True Crime Thursday – No Honor Among Thieves

Photo credit: dolldreamer

by Debbie Burke

@burke_writer

Book piracy is a widespread, growing problem that cuts into authors’ already-dwindling incomes. Back in 2020, I wrote about book piracy.

In a recent ironic twist, an ebook piracy site was hacked, per a July, 2024 Scamicide post by attorney Steve Weisman.

Yup, the pirates got pirated.

The site itself Z-Lib didn’t suffer as much as the 10 million users of the site who had their information stolen. Steve’s post reports the theft of:

…usernames, email addresses and passwords, the stolen data also included Bitcoin and Monero cryptocurrency wallet addresses for the nearly ten million people affected.

Z-Library was a major site funded by donations that offered free access to copyrighted works including pirated material. In 2022, the FBI temporarily shut down Z-Library.

According to blog.acer.com:

Z-Library, the shadow library project that provided access to millions of textbooks, novels, journal articles, and magazines was shut down in November 2022 when U.S. authorities seized a number of the organization’s domain names. Despite the efforts of law enforcement, the project never fully went away. Z-Lib even staged an official comeback in early 2023 by working around the previous domain name issues. However, the project has been disrupted again by further FBI domain seizures.

In other words, if law enforcement seizes pirate domain names, just register new domain names and go underground on the dark web.

Are Z-Library, Z-Lib, and its clones legal?

In this article, DOIT Software says:

It is illegal in many jurisdictions since it offers pirated content and violates copyright regulations. Users are encouraged to consider the ethical implications of accessing content from platforms like Z-Library, which often involves the distribution of copyrighted materials without proper authorization.

The clone site Z-Lib charged to access its shadow library, meaning users entered their personal and financial information. That valuable cache of info made a tempting target for other thieves who hacked in and stole it.

That raises an interesting philosophical discussion: If thieves steal from other thieves, is it a crime? Or poetic justice?

Are there degrees of guilt? How would you rank these perpetrators?

  1. Pirate sites that steal copyrighted works from authors;
  2. Users who pay pirate sites;
  3. Hackers that stole from the pirate site and its users? 

TKZers, the floor is yours.

I’m traveling today and won’t be able to respond to comments until later.

True Crime Thursday – Baby Grand Piano Scam

Searobin, CC BY-SA 3.0 <http://creativecommons.org/licenses/by-sa/3.0/>, via Wikimedia Commons

by Debbie Burke

@burke_writer

A college music major receives an email that’s a dream come true. A professor from the same college retired and must find a good home for a gently used baby grand piano. Money isn’t important. In fact, the professor will give the piano away as long as the recipient cherishes it as much as the professor did. To receive the piano, the student only needs to pay a moving company to deliver it.

For a little over $500, delivery is in 10 days, or for expedited two-day service, the fee is $1000. Simply pay the charge in advance by Zelle or cryptocurrency.

A university alum receives a similar email from a professor at that university who’s assisting the widow of a faculty member. She must downsize and wants to donate her husband’s precious baby grand piano to someone who will truly appreciate it. Similar terms: pay a moving company only for delivery charges by Zelle or crypto payment in advance.

Seeing a pattern?

In reality, there is no retired professor or widow, no moving company, and, most of all, no piano. There is only a scammer who preys on unsuspecting victims, pocketing untraceable payments that can’t be recovered.

Scammers understand psychology and know how to appeal to emotions. They offer a music lover’s dream come true for free. But free is almost never free. 

Attorney Steve Weisman posts daily fraud warnings on his excellent website Scamicide. His report from June 21, 2024 says:

“Cybersecurity company Proofpoint recently discovered a scam in which people are receiving emails offering a free piano which is available often purportedly due to a death in the family.  The scam has largely targeted students and professors at colleges and universities. Often in the email, the scammer poses a someone from the same college or university as that of the targeted victim.  According to Proofpoint they have identified about 125,000 of these emails sent since the beginning of the year.”

Steve adds:

“People may trust emails such as this due to affinity fraud where we tend to trust people with whom we share some kind of connection and getting an email such as this that appears to come from someone at your college or university may cause the person receiving the email to trust it to be legitimate.”

The free baby grand piano scam has been around for several years but affinity angle may be a newer, more sophisticated refinement. Reddit has numerous reports about the fraud, including this one from 2021 where the intended victim fortunately caught on before sending money.

The scammer runs ads in online marketplaces like Craig’s List, offering a premium piano for free. The ad is embellished with sentiments that appeal to the buyer’s emotions, like: “want[ing] the piano to be used to share with friends and family the joys of music.”

The person who answers the ad is then referred to a professional-looking website of a moving company that will deliver the piano. Contact may be by email or live chat. The mover even sends a photo of the piano to add legitimacy. However, the photo is probably a generic one from a stock photo site…like the one I used to illustrate this post.

Pro tip: To check photo sources, run a reverse image search through TinEye or Google. This tip also works to verify photos featured on dating sites where the subjects are often models, not real people.

The terms for the delivery payment should set off deafening alarm bells: No credit cards, no PayPal, no secured money transfers. Payment must be made in advance via Zelle, money order, or gift cards.

Peer-to-peer (P2P) payments are popular because they are a fast, convenient way to send money.

The downside: if the merchandise isn’t delivered or is defective, the buyer has no recourse.  Once fraudsters receive the money, they disappear. The victim is out of luck because law enforcement can’t help.

Here’s Steve’s recommendation about using P2P services: 

“There are many other scams involving Venmo, Zelle and other P2P services and the legal protection that you get with these services in the event you are scammed is nowhere near as great as the protection you get with your credit card.  A good rule to follow is to never use Venmo, Zelle or any other P2P service for any business transaction, but limit their use to small transfers between friends and family.”

Brown University posts piano scam warnings on their “Phish Bowl” site. They included the below email which was particularly entertaining. Notice Josiah’s position.

From: Josiah [deleted]
Subject: Baby yamaha piano for free
Date: October 13, 2023 at 5:37:10 PM EDT
To:

Dear Student /Staff/Faculty,
One of our staff, Mr. Phil H. is downsizing and looking to give
away his late dad’s piano to a loving home. The Piano is a 2014 Yamaha
Baby Grand size used like new. You can write to him to indicate your
interest on his private email [deleted] to arrange an
inspection and delivery with a moving company. Kindly write Mr. Phil H. via your private email for a swift response.

Josiah [deleted]
Professor of Psychoceramics

Per Wiktionary: “Noun. psychoceramics. The study of crackpots.

Gotta appreciate a scammer with a sense of humor.

Many thanks to Steve Weisman for permission to quote.

~~~

TKZers: Do you know about frauds where valuable items (like a piano) are offered as bait? Have you or someone you know ever been targeted by an affinity scammer?

~~~

 

Investigator Tawny Lindholm encounters a clever affinity scam in Stalking Midas. But a glamorous con artist has killed before to cover her tracks. Now Tawny is in her crosshairs.

Sales link.

 

 

 

True Crime Thursday – Federal Gas Relief

 

Photo credit: rock staar, unsplash

By Debbie Burke

@burke_writer

 

Something for nothing is the bait that lures many people to fall for scams. Even more insidious are the ones that promise to solve a bona-fide problem. When there is pending legislation about that problem, the scam becomes even more convincing.

With skyrocketing gas prices, the stage is set for enterprising fraudsters who never let a good crisis go to waste.  

Attorney Steve Weisman, creator of Scamicide.com, is consistently on the forefront of new scams that surface faster than lawn mushrooms after a rain. (His alerts have spawned several True Crime Thursday posts and he graciously agreed to be quoted again.)

The latest scam he highlighted is the Federal Fuel Relief Program.

Except there is no such program.

The FTC reports an uptick in calls, emails, and texts supposedly from government representatives who offer rebates or relief checks to soften the impact of high gas prices.

According to Steve: “All you need do, they tell you, is provide some personal and financial information in order to be eligible for the program.”

Sounds simple, right? Simple for scammers to steal your information to commit further fraud.

Why do people continue to fall for these tricks? Because it’s increasingly confusing to parse out actual facts from the news/rumor mill.

It’s even more difficult when some municipalities are in fact paying out such rebates, as described in this article on GoBankingRates.com:

The city of Chicago has already started issuing some of the 50,000 prepaid $150 gas cards and 100,000 prepaid $50 transit cards approved by the city council.

North Carolina and California have pending legislation for similar measures. Californians could qualify for up to $1050 in relief.

The proposed Gas Rebate Act of 2022 is currently being discussed in the U.S House of Representatives, potentially with payments of $100/month or higher to qualified households during every month that average gas prices are above $4/gallon.

Photo credit: boopathi-rajaa-nedunchezhiyan-unsplash

Whether these or other proposals pass is up in the air. Some end up only being hot air.

But people often assume they’ve gone into effect. Next thing they know, that friendly, helpful “government employee” calls up, offering to expedite the process. Just verify your Social Security number and bank account number so they can direct-deposit the rebate.

Steve’s tagline is “Trust me, you can’t trust anybody.” That includes the caller ID that claims the IRS or Social Security is on the line or a link in an official-looking email or text that takes you to a fraudulent site masquerading as a government agency.

Scammers continue to refine their tactics and grow ever more sophisticated and convincing with their frauds.

Warn family and friends, particularly seniors who are prime targets, NEVER to give out personal information when someone calls, emails, or texts, without first verifying the sender is legitimate.

The Federal Fuel Relief Program is pure flatulence. The only relief is to hang up or hit delete.

~~~

TKZers: What’s the latest scam you or someone you know has been targeted by?

Feel free to share horror stories. The more we know, the less likely we are to be victimized.

~~~

 

Please check out my thriller Stalking Midas about a glamorous con artist who targets an addled millionaire with nine feral cats.

Amazon

Major online bookstores

True Crime Thursday – Are You Dead or Alive Scam

by Debbie Burke

@burke_writer

Photo credit: Annie Spratt – Unsplash

 

Attorney Steve Weisman runs a great website called Scamicide.com where he posts daily updates about scams making the rounds. I subscribe to it and highly recommend it to keep current with the latest iterations concocted by criminals.

Added bonus: scams make good story fodder in the devious minds of crime writers.

Recently Steve wrote about a particularly funny email from Nigeria (quoted with Steve’s permission):

 

“From: Mr. Chris jack <hanskaffa@kabelfoon.net>
To:
Sent: Thu, May 6, 2021 10:26 am
Subject: Good Day

I am writing to confirm if you are DEAD or ALIVE and failure to reply back within 48hrs, simply means what Rev Patrick Larry said today was right that you are dead. As he was trying to claim your compensation funds worth $ 850,000.00 from United Nations for USA scams victims. Rev Patrick Larry has offered to pay the needed fee for the Bond Stamp Duty fee of your funds, but we have not gotten the money from him yet, as we want to find out if you are dead or not, Below is the information needed from you Name: ______ Phone: _________ Address: ________Email:
_______ Occupation: __________ So if you are still alive you are advice in your own best interest to reply back immediately with your full details as stated for your funds.Best Regards,
Mr Chris jack,
chairman payment transfer department IMF.”

That rascal Rev Patrick Larry is spreading false rumors about your demise, while greedily attempting to cash in on compensation that’s rightfully due to you.

How dare he?

Of course, there is no United Nations fund that compensates scam victims.

A Bond Stamp Duty fee is typical scammer BS. To an unsuspecting victim, the term sounds official but is totally bogus.

If an innocent soul fell for this, the next email might request payment of the Bond Stamp Duty fee by a gift card or wire transfer (both of which are untraceable and cannot be recovered). Mr. Chris jack also needs bank account details so he can deposit the $850K. And for good measure, better include the beneficiary’s Social Security number in case taxes have to be withheld.

For the beneficiary’s further convenience, Mr. Chris jack also graciously sent a link to click…that downloads malware.  

Side note: I learned about the above criminal tactics from Steve and Scamicide.

If you receive such an email, you could respond by quoting Mark Twain: 

“The reports of my death have been greatly exaggerated.”

On second thought, better to just hit the trash button.

~~~

TKZers:

Are you dead or alive? 

In the comment section, please share the latest scam email you or someone you know has received. 

~~~

 

 

In Stalking Midas, a glamorous con artist creates an elaborate scam to bilk senior citizens who are concerned about their pets. Please check out Debbie Burke’s thriller at Amazon or other online retailers.