I have to admit that what I read in this Gizmodo story wasn’t on my BINGO card for today. But here I am talking about it. Though perhaps I shouldn’t be shocked by this.
Gizmodo submitted a Freedom of Information Act (FOIA) request with the FTC for consumer complaints about Truth Social filed in the past two years. The complaints to the federal agency include some stories from people who’ve been banned from the site (unjustly, they claim) and others who say they got signed up for mailing lists they never wanted to be on in the first place. But the complaints about scams are the most shocking, if only because there are such large sums of money involved. And we’re publishing a sample of the full, unedited complaints below.
One person who says they lost $170,000 explained they were initially scammed on a different site but met someone on Truth Social who claimed they could help get their money back. That turned out to be a scam as well. But more often, the victims are first contacted on Truth Social before being told to take the conversation somewhere else, like WhatsApp. Truth Social seems to be a target-rich environment for people who are easy to con.
Another thing that sticks out about the complaints filed with the FTC is that they seem to involve plenty of elderly fans of Donald Trump. One 72-year-old man who reported chatting with a “beautiful” woman on the site was scammed out of $21,000. His complaint ends with, “I haven’t told my wife about this blunder. She still doesn’t know about it.” Another person in their 60s said they lost $500,000 to scammers on Truth Social and seemed to think there might be a way they could get their money back, telling the FTC, “After I pay this they promise there will be no more fees and I will receive my assets.”
I encourage you to read the scams that are listed in this article. Now some of this is the stuff that I see when I get called in to help with the aftermath of someone being scammed. But the dollar amounts that are being highlighted here are mind blowing. The most expensive scam that was successful that I’ve come across was about $4000 CDN. The biggest dollar amount that a threat actor tried to get from a client of mine was about $50000 CDN. This article has examples well north of $100000 USD which is insane.
So you might be wondering, what is Truth Social doing to stop this. Here’s what they said:
Gizmodo tried to contact representatives from Truth Social on Thursday, but after sending an email to the address listed for media organizations on the social media platform’s website, it bounced back as undeliverable. After finally getting a hold of someone at something called the MZ Group, which works for Trump Media & Technology Group, the owner of Truth Social, the representative said they have “a robust team that actively searches for scams and bots on the platform and bans them as soon as they’re found.” Follow-up questions did not receive a response.
I think that this translates to they’re doing nothing substantial to stop scams on the platform. But I might be reading that wrong. But what this shows is that Truth Social is a target rich environment for threat actors who can scam with impunity. And that’s not surprising because this was a site that was literally thrown together quickly to give Donald Trump someplace to share his thoughts after he got kicked off Twitter, Facebook and other forms of social media after the January 6th insurrection. It wasn’t designed to stop this sort of thing from happening. Nor do I believe that Truth Social has the will to stop this sort of thing from happening. Now combine that with the sort of person who goes to Truth Social who are far more likely to fall for this sort of stuff and you get this situation. For those two reasons, I believe that you fully expect more people to be scammed on Truth Social for a whole lot of money, and little if anything done by Truth Social to stop it.
White House Official Calls For Insurance Companies To Stop Covering Ransomware Payments
Posted in Commentary with tags Security on October 7, 2024 by itnerdThis past Friday, Anne Neuberger, the U.S. deputy national security adviser for cyber and emerging technologies, wrote an opinion piece for the Financial Times warning that ransomware was “wreaking havoc around the world,” and insurance companies must stop issuing policies that incentivize extortion payments in ransomware attacks.
The initial call for the practice to end was made at the end of the 4th annual International Counter Ransomware Initiative summit in the US last week, where the 68 members discussed tackling the problem.
“Some insurance company policies — for example covering reimbursement of ransomware payments — incentivize payment of ransoms that fuel cyber crime ecosystems. This is a troubling practice that must end,” Neuberger wrote.
The insurance industry could play a “constructive role” by “requiring and verifying implementation of effective cyber security measures as a condition of underwriting its policies, akin to the way fire alarm systems are required for home insurance,” Neuberger continued.
Attempts to engage with the insurance industry have not yet delivered any promises or formal agreements.
Earlier this year, the UK’s NCSC announced that it would agree on guidance that expressed a joint view of how businesses should handle ransomware attacks. Furthermore, during the CRI summit, just 39 members and 8 insurance industry bodies from around the world endorsed a similar guidance encouraging “organizations to carefully consider their options instead of rushing to make payments.”
Despite the availability of other guidance on best practices in ransomware responses, attacks targeting victims in the UK and the US have roughly doubled over the past two years.
Steve Hahn, EVP Sales US, BullWall:
“The global ransomware market has seen a 200% increase in successful cyber attacks in the last two years. They know global ransomware payments exceeded a billion dollars for the first time last year. This increase in money for the criminals gives them all the incentive they need to continue innovating their attack techniques. It’s clear many companies are seeing these events as inevitable, which is true, but relying on insurance to pay their way out of it. Unfortunately, even if they pay the ransom, their infrastructure was down for days or weeks and they are unlikely to recover more than 78% of their data even if they pay the ransom.
United Healthcare paid at least $22 million in ransom payments, but that didn’t stop billions of dollars of downstream economic loss, including multiple healthcare companies that were forced out of business because of this event. Paying the ransom increases activity, increases funding, and throws gasoline on what is already a raging fire. Yes, these events are inevitable, but companies must focus on containing these events quickly, segmenting their environments, limiting the blast radius, and focusing on how to recover quickly from immutable backups. These strategies will ensure a quick recovery from the inevitable without lining the bloated coffers of the criminal underground.”
Ted Miracco, CEO, Approov:
“Paying ransoms only fuels the ransomware economy, emboldening attackers, and encouraging future attacks. Businesses must focus on bolstering their fundamental cybersecurity practices— not adding more insurance coverage, as insurance is a reactive measure and often only provides temporary relief, while the underlying vulnerabilities remain unaddressed. Insurers should play a constructive role by mandating stricter cybersecurity practices as a prerequisite for coverage, much like requiring fire alarms in homes. This would help elevate overall security standards and reduce the attractiveness of ransomware as a profitable venture.”
I’ve said it before and I will say it again. These sorts of attacks are out of control. Everyone needs to do better when it comes to responding to attacks. And that includes not paying the ransom. Ever.
Leave a comment »