
Public domain
by Debbie Burke
Cybercrime continues to expand globally with costs estimated to reach more than $10 trillion. That’s trillion with a T.
At the turn of this century, cyberattacks affected relatively few individuals. From 2001 to 2017, statistical charts showed a gradual increase. Between 2018 and 2020, cybercrime numbers shot up like a rocket. Since then, the rise maintains a nearly vertical trajectory.
Take a look at this chart by Statistica.com.
According to Keepnetlabs.com, cyberattacks occur every 39 seconds, with ransomware incidents happening every 11 seconds.
I first wrote about cybercrime, hackers, and deepfakes back in 2019, imagining how AI could be misused in the future. Early on, attacks were often pranks, like that naked guy who crashes a Zoom meeting.
During Covid, people were stuck home with nothing to do. Idle hands are the devil’s workshop. Cybercrime blossomed into a major industry. Since then, with AI advances, it’s exploded beyond all imagination. I’ve written about various forms here, here, and here.
Here are four updates on cyberscams:
- Social media cloning continues to be a growing problem, according to attorney Steve Weisman who writes the great informational site, Scamicide.
Almost a decade ago, cloning happened to me on Facebook. I’d developed a small but loyal following on FB, including readers from all over the US, Canada, UK, Australia, and Japan. Then someone cloned my identity. At the time I didn’t even know what the term “cloning” meant.
Cloning is a process by which a bad actor takes over your social media handle, creates a new account using your same name, information, photo, etc. and pretends to be you. They usually send out new friend “requests” to your contacts. Anyone who accepts the request is now caught in the bad actor’s web.
My FB friends received strange messages supposedly from me. I learned about it after several emailed me, asking if I was in Spain and needed bail money. Uh, no. When I tried to access my account, it was blocked. Nor could I contact FB for help. A brilliant astrophysicist friend figured out what happened and contacted them on my behalf.
Many hours of work later, things were back to normal, with newly adjusted stringent privacy settings. But why did fixing the problem require help from a friend with a Harvard PhD?
Some months later, my account was cloned again. At that point, I decided if FB’s security was that lax, and reporting a problem was so difficult, I didn’t need the headaches. I closed my account, unfortunately losing contact with valued readers.
Back then, FB was reluctant to acknowledge the problem and made it nearly impossible to report. I figured maybe my case was an unusual occurrence.
Wrong.
Now, according to Steve, FB/Meta admits to “as many as 60 million phony cloned Facebook accounts including hundreds of its founder Mark Zuckerberg.”
Cloning happens across all social media platforms, and is especially pervasive when they’re interconnected with each other, like FB and Instagram. Criminals are happy to exploit any opportunity to reach thousands, if not millions, of people with a few clicks. Cloning is only one of many ways they victimize users of social media. That topic could fill up a whole ‘nother post.
2. Smishing scams – According to Steve Weisman’s new post, smishing is defined as:
…Text messages that lure you into clicking on links or providing personal information in response to a text message from what appears to be a trusted source, such as a company with which you do business.
Steve’s post says the FTC warns of a huge uptick in smishing that cost $470 million in the past year. Text messages often appear to come from Amazon, FedEx, USPS, Cash App, Netflix, banks, etc.
A new twist is:
Making matters worse, scammers are able to use bots to send thousands of smishing text messages in a matter of seconds and while many phones have anti-spam filters to recognize repetitive text patterns used by scammers, scammers are able to use AI to create slight variations of their smishing text messages to avoid detection.
Every week, I receive smishing messages supposedly from my bank, warning of suspicious activity in my account.
Phony messages from Fedex and the post office claim there’s a problem with a delivery and tell you to click on this link. Don’t do it!
And speaking of the post office…
3. Account hacking – Here’s a weird crime twist that recently happened to me.
For years, I’ve used usps.com to preprint and prepay postage for priority mail labels. During extended absences from home, I preprint labels for the friend who forwards first class mail to us once a week at a Florida address.
Around the 2024 holidays, our forwarded mail didn’t arrive in Florida. Tracking showed a circuitous route that ended with the vague message “in transit.” We visited the local Florida post office. The clerk said a bin of mail had gone missing. “It happens all the time. It’ll eventually turn up.”
How reassuring since our envelope contained bills that needed to be paid now.
After more trips to the post office, we learned the envelope had been “returned to sender” to our address in Montana.
What???
The mailing label was totally correct since it had been officially printed by the post office. So why wasn’t it delivered?
Meanwhile, our friend sent another batch of mail to Florida using another preprinted label. But when I checked tracking, it showed that envelope had been delivered to an address in Maryland.
What???
Back to the Florida post office. The same helpful clerk ran the tracking number through his computer. Yup, his also showed delivery to Maryland. Then he disappeared in the back processing room. Fifteen minutes later, he came out with our envelope. Even though tracking showed delivery to Maryland, here it was in Florida where it was supposed to be.
Something smelled fishy.
Since our friend in Montana still had several preprinted labels that had not been used, I checked the tracking numbers for those. Incredibly, all showed as already delivered to addresses around the country—New York, Georgia, California, etc.
What???
Back to the post office to show this evidence to the same long-suffering clerk (who was now our new best pal). He called fraud/security and dug deeper. After nearly an hour of research, he suspected someone had hacked into our usps.com account. He recommended changing the password, which I did.
Fortunately, no one had accessed the VISA card I used to pay for the postage.
The plot thickens.
Turns out this is a regular racket. Clever thieves hack into usps.com user accounts, and steal labels that have already been paid for but not yet used. They reprint the labels with the same tracking bar code but a different address. They then use those fraudulent labels to ship merchandise (usually stolen) to customers of their own shady businesses.
Selling stolen merchandise and shipping it with stolen postage equals zero expenses and 100% profit for crooked operators. Our post office pal gave the thieves a grudging compliment: “These guys are very good.”
A clear case of postal fraud, likely an inside job. Most of the bogus labels had been routed through the post office’s Bethesda, MD distribution center. If I were a detective, I’d start my investigation in Bethesda. Hint, hint.
Did fraud/security ever follow up? Dunno. Our PO pal never heard another word. Will anyone ever get caught or prosecuted? Unlikely.The advantage for cybercriminals is they are nearly impossible to track.
4. Impersonation scams – For years, scammers have posed as government agencies and law enforcement. They contact victims by phone, email, text, or social media with bogus claims you owe fines and/or back taxes that must be paid immediately or else you’ll be arrested. But because they are such generous, caring folks, they’ll make your problem go away if you pay them with cryptocurrency, gift cards, wire transfers, or other untraceable funds.
This morning, I received a public service announcement from the FBI warning of scammers who pose as representatives of the FBI’s Internet Crime Complaint Center (IC3) who claim they recovered money you’d been previously scammed out of. They will return that lost money to you…you guessed it…for a fee, payable by cryptocurrency, gift cards, wire transfers, or other untraceable funds.
Yup, the cybercrime situation has gotten so out of control that the FBI’s IC3 division has to issue PSAs about their own department being impersonated. Talk about irony.
Back in 2000, we wondered IF we might ever be victims of this mysterious new method of crime.
Now it’s a certainty and the only question is WHEN?
A sad fact of life in the 21st century.
~~~
Now that I’ve spoiled your day, it’s your turn, TKZers.
Share your personal experience with cybercrime. Any brilliant suggestions to block criminals? Do you have favorite security software?
~~~
Coming July 2025! Debbie Burke’s new writing craft guide:
The Villian’s Journey ~ How to Create Villains Readers Love to Hate
For more details, please click here. No, this link won’t ask for cryptocurrency, gift crads, or wire transfers!