Welcome to our pick of this month’s OSINT-related stories!
Being a fool in love has taken on a new meaning in the realm of online dating, where social engineering scams have gained a remarkable lease of life. Meanwhile, the soaring popularity of NFTs – tradeable units of blockchain data – has led to a surge in money laundering and fraud activities, with regulations on the horizon. And finally, it seems that modern warfare has spilt over into the cyber domain.
Read on for the details.
Bleeding Hearts and Bank Accounts as Romance Scams Go Through the Roof
According to the US Federal Trade Commission (FTC), financial losses through romance-framed social engineering scams hit a record high of $547 million in 2021. This figure represents a sixfold (!) increase compared to 2017, and an 80% jump from 2020.
Shocking as these statistics are, the real numbers are actually far bigger. The FTC has stated that the majority of such fraud incidents go unreported because the duped individuals just feel too frustrated and embarrassed to own up to what’s occurred.
Cupid’s Poisoned Arrow
No security system or privacy setting can rule out the human element. And where the online world meets the interpersonal, credulity is the name of the game. Dating apps and social networks have become vast arenas where users can be defrauded by the irresistible lure of a potential sweetheart.
Romance scammers rely on social engineering to trick their targets into sharing money or sensitive information. In nearly 30% of reported cases, initial contact is made through a direct message on Tinder, Facebook or Instagram, with the tricksters then elaborating communication over months to lull their targets. Eventually, a message is sent about some crisis situation such as a sick relative or robbery, accompanied by – of course – an urgent plea for financial help.
There are also alternative scenarios where victims are asked to transfer money or deliver some goods, and unwittingly become smugglers or money launderers. But scammers don’t always use the ‘crisis’ angle. Sometimes people are lured into making investments into crypto Ponzi schemes – a type of fraud where a non-existent enterprise keeps the illusion alive by bouncing money and returns between investors. Such approaches made a staggering $139M for fraudsters in 2021 alone.
The Pitfalls of Tinder
With the spread of dating apps, the number of fraud victims via such platforms has been increasing exponentially – from 2017 to 2021 the number of fraud victims between the ages of 18 and 29 rose tenfold. And while payouts between this age range averaged out at $700 per young adult, the elderly have sadly been defrauded to quite awful extents, with victims over 70 years old sending paying out an average $9000 to con artists.
Recently, this topic of romance scammers has been propelled into the limelight by the Netflix documentary ‘The Tinder Swindler’. Telling the story of Israeli fraudster Simon Levaev, the film follows the rogue’s workings as he lures his victims via Tinder with pictures of a posh jet-set life. This eventually leads to him urging women to take out bank loans and max out their credit cards so he can sponsor his next affairs. Notably, the scammer remains at large.
Social engineering is extremely difficult to combat because it centers on human behavior and psychology rather than the technology they are using. However, OSINT systems can help law enforcement agencies identify swindlers, and as the general awareness of this traceability spreads, it will become a significant deterrent for would-be scammers.
NFTs: Expedients for Cybercriminals?
The Financial Action Task Force (FATF), an intergovernmental organization that establishes international policies for anti-money laundering and and anti-terrorist funding, has shared their position on NFTs. Having already issued its guidelines on cryptocurrencies, introducing the terms ‘virtual assets’ and ‘virtual asset provider’, the FATF is now highlighting the cryptos that should be subject to regulation.
A Shunned Regulation
In their latest guidance, the FATF advises evaluating NFTs on a case-by-case basis, then regulating them if they can be considered virtual assets. The main concern of the regulatory body is the issue of the know-your-customer procedure and due diligence – processes usually neglected with regards to NFTs.
However, with transaction volumes driving their revenues, NFT platforms aren’t remotely interested in slowing down their trading speeds with due diligence procedures. For FATF, this is a red flag that NFTs will consequently be adopted as a means of money laundering in a process known as ‘wash trading’ – legitimizing assets by moving them between entities in legal trading operations.
According to FATF, “[The] value sent to NFT marketplaces by illicit addresses jumped significantly in the third quarter of 2021, crossing $1 million worth of cryptocurrency. The figure grew again in the fourth quarter, topping out at just under $1.4 million. In both quarters, the vast majority of this activity came from scam-associated addresses sending funds to NFT marketplaces to make purchases.”
Like cryptocurrencies, NFTs are quickly becoming a means of conducting illicit activities on the internet. If mighty regulators such as FATF turn a blind eye, we can anticipate an influx of scams and money laundering operations.
While NFT trading may someday be regulated with due diligence standards, for now it seems to be a safe haven for illicit transactions. Law enforcement agencies worldwide should employ effective intelligence tools like OSINT solutions to detect criminal activity on the NFT market.
Poland Officially Deploys Cyber Defense Troops
Until the end of the 19th century, warfare had only ever been conducted on land and sea. In the early 20th century, airspace became territorial and a new battleground emerged. Then in the advent of the first military satellites outer space became a fourth dimension. Now, in the information age of the 21st century, warfare has spilled into a fifth realm – cyberspace.
Where does this leave us? To this day, only a handful of countries have officially deployed cyber defense troops, so to speak. This seems rather surprising, considering NATO officially recognized cyberspace as a formal warfare battleground back in 2016. But one notable example is the Cyberspace Defense Forces of Poland which has recently been established to carry out reconnaissance as well as defensive and offensive operations. Poland is notably progressive in this sphere, having already established the National Cyberspace Security Center that is in charge of research and infrastructure protection.
Far from being a concept of science fiction, cyber warfare is real and here to stay. The question is whether nations are taking the issue seriously enough to protect their citizens and infrastructure from the dangers of this new battleground.
The Fact of the Month
Romance scams through social engineering rose by a factor of six between 2017 and 2021, while the number of actual reports only showed a threefold increase.
- Laundering Couple with a Staggering Balance
A husband and wife from the US have been charged with laundering $70M worth of bitcoin from a Bitfinex hack back in 2016. At the time of arrest, their bitcoin balance had ballooned to a value of $4.5 billion.
- The UK Fights Back Against Hackers
The British government has issued its first civil cyber security strategy. The £37.8 million budget is aimed at ensuring the protection of public services, where 40% of cyberattacks in Great Britain take place.
- Private Health Data Leaked to Marketers
Digital health and genetic testing websites have reportedly been leaking personal health information through ad-tracking tools, with Facebook users receiving targeted marketing tailored to their personal health status and specific illnesses.
- 30 Best OSINT Resources: Courses, Podcasts, Books, Tools, and more
From blockchain handbooks, infosec news outlets, and online video courses to up-to-date blogs, live-and-kicking podcasts, and software solutions, our shortlist of best OSINT resources has something for everyone with interest in open-source intelligence.
That wraps our digest for March and we hope it has given you food for thought. Stay tuned for more OSINT news and our latest releases!