Archive for Scam

« Older Entries

FBI Says Hackers Stole $262M by Impersonating Bank Staff

Posted in Commentary with tags on November 25, 2025 by itnerd

The FBI has warned that cyber criminals are impersonating staff at financial institutions to steal money or information in Account Takeover (ATO) fraud schemes. Since January 2025, the FBI Internet Crime Complaint Center (IC3) received more than 5,100 complaints reporting ATO fraud, with losses exceeding $262 million.

Details can be found here: https://www.ic3.gov/PSA/2025/PSA251125

Jim Routh, Chief Trust Officer at Saviynt, commented:

“The large majority of ATO accounts referenced in the FBI announcement occur through compromised credentials used by threat actors intimately familiar with the internal processes and workflows for money movement within financial institutions. The most effective controls to prevent these attacks are manual (phone calls for verification) and SMS messages for approval. The root cause continues to be the accepted use of credentials for cloud accounts despite having passwordless options available.”

If you want to protect yourself from a scam like this, this link will help: Learn about the phony bank investigator scam

Leave a comment »

PayPal Users Targeted in Account Profile Scam 

Posted in Commentary with tags , on September 4, 2025 by itnerd

Researchers have uncovered a new PayPal phishing scam in which the scammers successfully spoof PayPal’s email address and use the email subject line of “Set up your account profile”.

Details can be found here:  https://www.malwarebytes.com/blog/news/2025/09/paypal-users-targeted-in-account-profile-scam

Here’s the TL:DR:

The sender address service@paypal.com (sometimes the emails come from service@paypal.co.uk) looks legitimate because it is, but the scammers have spoofed the address.

Basically, when someone sends an email, their computer tells the email system what address to show as the sender. Scammers take advantage of this by using special software or programs that let them type in any “From” address they want. This technique is called spoofing. The scammer sends their email through the internet, and since most email systems aren’t strict about checking this information, the fake sender address is displayed just like a real one would be.

So it’s hard for the everyday user to tell if the email has been spoofed or not.

Ensar Seker, CISO at cybersecurity threat intelligence company SOCRadar, commented:

“At first glance, it may appear like just another scam, but it highlights a growing sophistication in how attackers weaponize trust, familiarity, and urgency. What stands out in this case is the use of email spoofing combined with psychological pressure, a classic one-two punch. Spoofing the sender address to mimic PayPal adds a false sense of legitimacy, while the alarming message about a nearly $1,000 unauthorized charge triggers panic. This kind of emotional manipulation is exactly what makes phishing so effective: it hijacks the victim’s instinct to act before thinking. The attackers also cleverly obscure their tracks by using odd recipient addresses and distribution lists, likely to bypass simple recipient verification and to cast a wider net. That detail alone suggests this wasn’t a one-off email but a scaled campaign, which raises the stakes for detection and response.

From a technical standpoint, these types of threats bypass many traditional security controls, especially if there’s insufficient email authentication in place like lacking proper SPF, DKIM, and DMARC configurations. Organizations must ensure those protocols are correctly implemented to prevent spoofed emails from ever landing in inboxes.

On the user side, education remains vital. Even though the visual layout of the phishing email imitates PayPal’s design, a trained eye can spot the inconsistencies. But let’s be clear, users shouldn’t have to carry the burden of being the final line of defense. We need to build systems that assume attackers will get through and are resilient enough to stop damage downstream. We also need to treat email security as part of a broader threat intelligence operation. That’s why real-time visibility into spoofed domains, impersonation attempts, and phishing infrastructure is essential, not just for defense, but for proactive disruption.”

Organizations need to make sure that they are using DKIM, DMARC and SPF because it makes scams like these way less effective. The reason being that emails like these will end up either deleted or in the junk folder. Which means that you won’t be a victim. Hopefully the message gets through that this is no longer optional or a nice to have.

UPDATE: Roger Grimes, Data-Driven Defense Evangelist at KnowBe4 had this comment:

“Any time a scammer can use a legitimate site or service to send an email that is coming from that legitimate domain, it’s a problem. The popular advice of hovering over a link to inspect it before responding and performing the requested action fails. That’s why KnowBe4 teaches users two easy signs to look out for to detect a potential scam, and neither involves inspecting links or trying to determine if the site or service involved is legitimate. Our two-step recommendation is this: If you receive an unexpected message (no matter how received) and it’s asking you to do something you’ve never done before, research the request using an alternate trusted method (don’t rely on any contact or URL information in the original message) before performing the requested action. Any message with these two traits (unexpected and asking you to do something new) is at higher risk for being a scam than a message that does not have those two traits. So, while a message with those two traits might be legitimate, users need to recognize that any message with those two traits are at a higher risk than other messages and needs to be researched more before performing.”

Leave a comment »

A New And Dangerous #Scam That Uses The Names Of Rogers & The CRTC To Further The Scam Is Making The Rounds

Posted in Commentary with tags , on July 16, 2025 by itnerd

It appears that a new scam involving Rogers is making the rounds. And it uses the CRTC to get you to fall for the scam. Here’s the scam:

  • You get a phone call from a number that starts with 416-935-xxxx
  • When you pick up the phone, the scammer will claim to be someone from Rogers calling on behalf of the CRTC.
  • They will have some basic information about you or a relative, and claim that a suspicious SIM activation has been traced back to you or a relative.

Now the person who got this call hung up as they clued in that it was a scam. Thus I do not know what their endgame was. But here’s some random thoughts based on what was told to me.

First of all, the CRTC has nothing to do with investigating “suspicious” SIM activations. In fact they don’t really investigate much at all. If you want to see what the mandate of the CRTC is, click this link. But what the scammers are counting on is that you don’t know what the CRTC actually does and fall for the scam.

Second, the scammers are spoofing a phone number that starts with 416-935-xxxx. Why is that important? Using a random number may result in someone either not answering the call, or hanging up very quickly. But by using 416-935-xxxx make the call appear to come from Rogers because that is the local phone number of Rogers HQ in downtown Toronto. And more importantly it will appear in a Google search. Meaning that they are counting on the fact that at worst, you will Google the number, see that it comes back to Rogers, and be more likely to fall for the scam. Assuming that you don’t recognize the number immediately and just get sucked into the scam as a result.

Third, the fact that the scammers have some basic information about you implies that that this is a targeted attack via customer data belonging to Rogers making its way into the hands of scammers. I’ve personally experienced something like this before. And what it tells me is that Rogers really needs to investigate the handling of their customer data as this is the second time that I have seen scammers utilize Rogers customer data to try and scam their customers.

This is really dangerous as I can see people easily falling for this scam. As I said earlier, I don’t know what the endgame of these scammers is, but it can’t be good for you. Thus if you get a call that fits this description, your best course of action is to hang up and move on with your life.

Leave a comment »

Hackers Impersonate CNN, BBC Sites to Promote Investment Scams

Posted in Commentary with tags , on July 16, 2025 by itnerd

Researchers from Malwarebytes have uncovered a large campaign impersonating news websites, such as those from CNN, BBC, CNBC, News24, and ABC News to promote investment scam:

Here’s how the scam works:

  1. The scammers buy ads on Google and Facebook, which follow a similar pattern along the lines of “Shocking: [Local Celebrity] backs new passive income stream for citizens!”
  2. If you click the link, you’ll be taken to a website that look like one of the major news outlets, and which will tell you about a breakthrough investment strategy.
  3. The article will encourage you to sign up for a program that will earn you money without having to lift a finger. You sign up by providing your name, email address, and phone number.
  4. A friendly advisor (scammer) calls you about the opportunity, referencing the article and explaining how it all works.
  5. You’ll be told that to start off you’ll have to make a small deposit (around $240) and then you will see your investment grow (on the fake trading platform).
  6. Your friendly advisor urges you to invest more to increase your return. And it keeps on growing, until you want to cash in when you’ll find there’s extra fees to pay, problems with account verifications, and all sorts of delays.
  7. When it dawns on you that you’ve been had, your entire investment and all the fees you paid are gone. Also gone is your friendly advisor who has sold your details to another scammer, to squeeze the last dollars out of the ordeal.

Erich Kron, Security Awareness Advocate at KnowBe4, commented:

“Trust is a big factor when deciding where to invest your hard-earned money, so bad actors work hard to find ways to trick us into believing what they offer is legitimate. The use of well-known and trusted national or global brands to promote their schemes is certainly a part of this, but they are also able to mimic local celebrities and then, using the targeted power of advertising on places like social media or Google, can really change the game.

“The advancement of tools such as AI for doing automated research into trusted people in local communities, then creating deepfakes using their likeness has really made this a serious threat. They will commonly fake investment sites that show huge returns on investments that you have made through them but are in reality just designed to get you to keep pumping money into these fictitious investments. A person may test the waters with $100, see that they’ve made $1000 from that, and be convinced into putting thousands more into the investment, only realizing it’s gone south when they try to get their money.

“It’s important for people to do research on any investments they are considering, and to carefully check the URLs of any websites they may consider investing with, and doing some research related to the investments they are pushing. Education is critical for people to avoid falling victim to these very crafty attackers.”

I tell people who ask me about how to avoid scams to treat everything and everyone with suspicion. That’s because scams have become so dangerous, you need a certain amount of paranoia to stay safe. And as Andy Grove wrote, just because you’re paranoid doesn’t mean that they’re not chasing you.

Leave a comment »

Fraudsters Abuse Google Forms via Phishing to Steal Logins

Posted in Commentary with tags , , on April 23, 2025 by itnerd

According to researchers, fraudsters are abusing Google Forms via phishing campaigns that steal email logins. You can read more here: https://www.welivesecurity.com/en/scams/how-fraudsters-abuse-google-forms-spread-scams/

Here’s the TL:DR:

Malicious actors are always looking for ways to add legitimacy to scams and evade email security filters. Google Forms offers a great opportunity to do both. It is favored by cybercriminals because it is:

  • Free, meaning threat actors can launch campaigns at scale with a potentially lucrative return on their investment
  • Trusted by users, which increases the chances of victims believing that the Google Form they’re being sent or redirected to is legitimate
  • A legitimate service, meaning that malicious Google Forms and links to malicious forms are often waved through by traditional email security tools
  • Easy to use, which is good for users but also handy for cybercriminals – meaning they can launch convincing phishing campaigns with very little effort or prior knowledge of the tool
  • Cybercriminals also take advantage of the fact that Google Forms communications are encrypted with TLS, which may make it harder for security tools to peer in and check for any malicious activity. Similarly, the solution often uses dynamic URLs, which may make it challenging for some email security filters to spot malicious forms.

Roger Grimes, data-driven defense evangelist at KnowBe4, commented:

“All public services like Google Forms, need to be better at defeating phishing attempts that use their product. I think most people can easily come up with a dozen signs that they can easily see in a message that indicates a scam. These services need to be doing more to fight cybercriminals using their products to conduct scams. Because they don’t, it causes trust issues and lessens the value of those products. Each of these services will tell you that they are already spending a bazillion dollars and lots of resources to fight scammers, but they simply aren’t doing enough. They are letting the revenue they are making by being bad at spotting cybercriminals get in the way of them better detecting and spotting scammers. It’s a business decision. One that isn’t being made correctly by many service providers and it’s unfortunate.”

This isn’t the first time that I’ve seen Google Forms used for nefarious purposes. And to Google’s credit, when I’ve reported a dodgy form, they’ve been quick to take it down. But it often pops up again in hours or days. I am not sure how Google addresses this, but they do need to address it.

Leave a comment »

E-ZPass toll payment texts return in massive phishing wave 

Posted in Commentary with tags on April 7, 2025 by itnerd

 An ongoing phishing campaign impersonating E-ZPass and other toll agencies has surged recently, with recipients receiving multiple iMessage and SMS texts to steal personal and credit card information. This scam is not new, with the FBI warning about it in April 2024, and Highway 407 warning about it it March

Commenting on this is James McQuiggan, Security Awareness Advocate at KnowBe4:

“Mobile phishing campaigns are becoming more common, as cybercriminals are impersonating companies like E-ZPass in a very believable way by telling people that they have unpaid tolls. Cybercriminals prey on a person’s heightened emotions to encourage behaviors that can be harmful if acted upon. Whenever a text message seems urgent and arrives unexpectedly, it is important to always remember to verify the validity of the message before taking any requested action. Instead of clicking on the link provided in the text message, instead go to the known valid website of the sender first and double check that the information provided is accurate. Always stop and think before acting, especially if the message seems urgent.”

My advice is if you get one of these texts, don’t click on anything. Then stop, take a pause, and think about it. Keep in mind that it is highly unlikely that you will receive a text like this without you being identified by name. Furthermore, it is also highly unlikely that any organization will reach out to you in this manner. If you do that, it is highly unlikely that you will be victimized.

Leave a comment »

One Of My Clients Got Hit With A SIM Swap Attack… Here’s What Happened

Posted in Commentary with tags on April 4, 2025 by itnerd

I was at a wedding in Niagara On The Lake with my wife last weekend when I got a series of iMessages from a client of mine. He first said that his email inbox was being flooded with all sorts of garbage email. As in hundreds of them. He asked if he could stop them from coming in and I texted back discreetly that no he couldn’t and that I would call him later.

Fast forward about two hours and I get another series of iMessages from the same client saying that he got a phone call from one of Canada’s “big three” telcos that his account had an issue and they would have to take his cell phone offline for 24 hours to resolve it. That immediately got my attention as that is not any of Canada’s cell phone providers, “big three” or otherwise behave. Since the actual ceremony was over, I texted a friend who is married to a person who holds a significant position in the telco in question to confirm that I wasn’t delusional. Which that person did. At the same time, I noted that the iMessages were coming from his iCloud account as opposed to his cell phone number. That confirmed that he was the victim of a SIM Swap Attack.

Now I went down the rabbit hole of what a SIM Swap Attack is here. But here’s the TL:DR:

SIM stands for Subscriber Identity Module. That’s telco speak for the chip that goes inside your phone to allow you to get cell phone service. Your cell phone number is associated with that SIM and what the threat actor is going to try and do is to either trick a telco employee into moving your number to a SIM that they control, or have an accomplice inside the telco who will help them move your number to a SIM that they control.

And:

So in short, a SIM swap attack is a means for a threat actor to take control of your number to get access to two factor authentication codes that allow the threat actor to take control of anything from social media accounts, to bank accounts, to crypto wallets. That’s because two factor authentication codes are often sent by text message. And since the threat actor is unlikely to get direct access to your phone, taking over your SIM is the next best option.

I told the client to phone the telco and confirm that they didn’t make the phone call, and then have them take action to regain his phone number and account. Which he did. I also told him to start phoning his banks and credit card companies to try and get ahead of whatever this threat actor was up to, as well as change all his passwords. Which mirrors this advice from the article that I linked to. Now I didn’t have my MacBook Pro with me, so I wasn’t able to investigate this until the next day via a remote session with the client. But my belief was the email issue and the SIM Swap were connected. And it didn’t take long for me to prove that.

What the threat actor had done is used some sort of automated process to sign my client up to hundreds of email based distribution lists. That in turn sent hundreds of emails to my client flood his inbox. Now you’re likely wondering why they would do that. The answer is that they were trying to cover up what they were really up to. Once I cleared out all that “noise”, I found that they were trying to attack his Zoom accounts. Why I do not know. But I also noticed that someone had also applied for a credit card with a $20,000 credit limit with Canadian Tire which is a big retailer in Canada. Finally, the threat actors changed the password on his telco’s online account. I knew that because the notification about the password change showed up via email. I changed his password to a new one and looked through his account because I was thinking that the threat actors might have tried to order a phone to ship it to an address that they could get the phone and ship it elsewhere for resale. Thus I advised him to phone his telco to confirm that this had not happened.

My advice to him at the time was to call Canadian Tire’s financial services and stop that credit card from being issued, and to continue to change password for any and all online accounts. Finally, I advised him to sign up for credit monitoring and report this to the Canadian Anti-Fraud Centre. I then made an appointment with him to see him the next day.

I followed up with him and he had taken the following action:

  • Signed up for credit monitoring
  • Reported this to the Canadian Anti-Fraud Centre
  • Reported this to his bank and credit card company. Of interest, the credit card company cancelled his credit cards and issued new ones. The bank took no action as they didn’t see anything suspicious.
  • He had phoned his telco and confirmed that no account changes had been made and nothing had been ordered via his account.
  • Interestingly, Canadian Tire Financial Services phoned him to say that someone had tried to sign up to a credit card in one of their stores, and then tried to buy thousands of dollars worth of product. He shut that down immediately. But it implies that the goal of this SIM Swap Attack was identity theft followed by retail theft.

Now while I was there, I helped my client to not only change his banking password as he was having difficulty doing that, but enable push notification based two factor authentication. I did that because a SIM Swap Attack relies on the target having two factor authentication codes coming over text message. If they come via push notification, then a SIM Swap Attack would be totally ineffective as those notifications are not connected to the SIM. In fact, I encourage anyone who reads this to see if you can move any two factor authentication codes to push notifications as a means to mitigate an attack like this should it happen to you.

Now you might be noticing that I am not naming the Canadian telco in question. That’s because after he reported this to the Canadian Anti-Fraud Center, I got a number of calls from them, and then a police agency that I will also not name. In short, this situation is now part of a larger investigation into a SIM Swap gang that seems to be operating inside a couple of provinces in Canada. And the police agency also told me that there might be insiders that work for the telco that he deals with. If that’s true, I’ve seen this before here. And that caught my attention because my first thought was that they might have asked him to provide them with access to his online telco account via the PIN number that gets emailed every time you try to log in or reset the password. But when I looked for that in his email, I did not see any evidence that he received such an email. The only thing that I saw was the email that said that his password was reset. The other odd thing that caught my attention was that he reported that when he got the call from the threat actor pretending to the an employee of the telco in question, the woman at the other end of the line knew him by name and phoned his cell phone directly. Now I have experienced this personally here with a threat actor pretending to be Rogers who knew my wife’s name and who was trying to get me to sign on to a great deal with a free phone. Which I knew to be a scam immediately. So it doesn’t surprise me that this might be the case with the telco in this incident. I do have a follow up with him in the next day or two, so I will see if I can try again to confirm that he played no part in the SIM Swap Attack by providing any information that helped the threat actors.

This is likely not going to be the last that I am writing about this incident. Thus I would suggest that you stay tuned for updates if and when they come. And just to make it clear, there are things that I can’t talk about regarding this, so please understand if I cannot answer all your questions. But if you do have questions, I will answer them as best as I can.

1 Comment »

YouTube phishing scheme targets creators with CEO deepfake videos

Posted in Commentary with tags , on March 5, 2025 by itnerd

Hi there — Hackers have been sending fake emails that include deepfake videos of YouTube’s CEO to announce fake changes to YouTube’s monetization – only to hack into creators’ accounts.

YouTube and its employees will never attempt to contact you or share information through a private video. If a video is shared privately with you claiming to be from YouTube, the video is a phishing scam. Do not click these links as the videos will likely lead to phishing sites that can install malware or steal your credentials. Never click on links in these videos and you can report the video by following these steps.

Anna Collard, SVP Content Strategy & Evangelist at KnowBe4, commented: 

“This latest phishing scam targeting YouTube creators is a reminder that social engineering tactics don’t need to be new—just more convincing. The use of deepfake videos of YouTube’s CEO isn’t groundbreaking; scammers have long exploited our trust in authority figures to manipulate emotions like curiosity or greed. What has changed is the ease and accessibility of AI, which makes these scams appear more polished and credible.”

“According to Egress (2024), 82% of phishing kits now include deepfake capabilities, democratizing this technology for any cybercriminal with the right motivation. This means low-effort scams can now look far more legitimate, making vigilance more important than ever.”

“The key defense remains the same: digital mindfulness and a zero-trust mindset. Pause before reacting impulsively, particularly if it triggers an emotion or existing bias, verify independently, and never assume legitimacy just because something looks real. AI may enhance deception, but our best defense is still critical thinking and security vigilance.”

This is an example of how threat actors are evolving their schemes using techniques like deepfake videos to lure the unsuspecting into falling for a scam. Which means that the best defense is to ensure that people are trained to spot these schemes so that they aren’t effective.

Leave a comment »

You Can’t Stop SIM Swap Attacks… But There Are Mitigation Strategies That You Can Employ

Posted in Commentary with tags on February 16, 2025 by itnerd

Recently a friend of my wife’s was doomscrolling on her phone and suddenly her phone went into SOS mode. Meaning it had no service. Confused by this she hopped into her car and drove to her local Bell store. The Bell employees had a look and determined that something weird was going on. Specifically her phone number was linked onto a Bell account that had the numbers of 20 other people on it. The Bell employee then went into action to get “the fraud department” involved. But while that was going on, someone was trying to use her credit card to buy some high value items. As in $14,000 worth of items. She would later find out about this when the Bell employee told her to phone her bank to see if her credit cards and bank accounts okay. When she made that call, that’s when she got that bad news. He bank told her that what likely happened was that before the purchase went through, Visa who was the credit card company in question would have sent her phone a two factor authentication code to authorize the purchase. Fortunately for her, her bank seeing clear evidence of fraud reversed the charges. But she had to be issued brand new credit cards and a new bank account to boot.

Welcome to the modern reality of the SIM swap attack.

So let’s go down the rabbit hole of what a SIM swap attack is and why it is one of the most common ways that people get hacked, if you want to call it that. SIM stands for Subscriber Identity Module. That’s telco speak for the chip that goes inside your phone to allow you to get cell phone service. Your cell phone number is associated with that SIM and what the threat actor is going to try and do is to either trick a telco employee into moving your number to a SIM that they control, or have an accomplice inside the telco who will help them move your number to a SIM that they control. This is an example of the latter. And this is an example of a Freedom Mobile customer who fell victim to the former.

And before those of you who might have an eSIM which is an electronic SIM that is sent over the air, or via a QR code, or via an app to a special chip inside your cell phone says that you can’t get pwned in this manner. You can absolutely be pwned in this manner. eSIM’s are simply non-physical SIM’s. The attack method is still the same.

These attacks are either highly targeted, or opportunistic. The former involves the threat actor learning a whole lot about you to not only to figure out if you are a target worth their time, but to know how to quickly take over the accounts that they are interested in. In terms of the latter, I have begun to hear of situations where a target is sent a text message that purports to be a telco, and the victim is sent to a phishing website that gathers enough information about the victim to allow the attack to proceed. Here’s an example of another Freedom Mobile customer who fell for this.

So in short, a SIM swap attack is a means for a threat actor to take control of your number to get access to two factor authentication codes that allow the threat actor to take control of anything from social media accounts, to bank accounts, to crypto wallets. That’s because two factor authentication codes are often sent by text message. And since the threat actor is unlikely to get direct access to your phone, taking over your SIM is the next best option.

The question is, what can you do to protect yourself? Sadly, there’s very little that you can do to stop this from happening. The reality is that telcos need to come up with far better security to stop SIM swap attacks from being executed. The fact that insiders who work for a telco can help to execute a SIM swap, or someone can simply walk into a telco store and execute a SIM swap with enough information about you along with fake ID in most if not all cases reflects poorly on telcos and their ability to protect their customers. Now I’ve highlighted Bell and Freedom Mobile in this story. But all telcos need to step up their game here because they are all not doing enough to stop SIM swaps from happening.

Having said that, you can mitigate the dangers that SIM swaps pose. Instead of using text message based two factor authentication, you can use an app-based authentication program, like Google Authenticator. For another level of security, you can choose to purchase a physical authenticator token, like the YubiKey or Google Titan Key. All of this assumes that the online accounts support these options of course. But by doing any or all of these means that if a SIM swap happens, the threat actors get nothing.

You should also check to see if your online accounts directly support sending authentication codes via an app on your phone. For example my bank allows me to send two factor authentication codes via their app and not via text message. That makes accessing my bank account way more secure because again, a threat actor gets nothing if a SIM swap happens.

Finally, if your telco has the option to add a PIN or personal identification number to your account, do it. And pick one that isn’t associated with anything like a phone number or a license plate number for example. And if possible see if your telco has the option to set your PIN yourself. That way a rogue telco employee can’t use it against you.

So what happens if you are a victim of a SIM swap? As in you notice that your phone is in SOS mode meaning that it has no service. Time is of the essence if you are a victim. This is what you need to do in order:

  • First, call your bank and credit card companies and request a freeze on your accounts. This will prevent the attacker from using your funds for fraudulent purchases.
  • Try to “get ahead” of the attackers by moving as many accounts as possible to a new, un-tainted email account. Unlink your old phone number, and use strong (and completely new) passwords. For any accounts you’re unable to get to in time, contact customer service.
  • Call the police and file a report. This is a crime and it needs to be reported without fail.
  • Contact credit bureaus and request a freeze on your credit. Or at least credit monitoring.
  • Contact the telco in question, preferably in person and get them to not only reverse the swap, but to investigate how it happened. Though from what I have heard, telcos often don’t want to properly investigate SIM swap incidents. And if they do, they tend not to want to talk about it.

Finally, I should also note that some homeowner’s insurance policies include protection for identity theft. But that only means something if you’ve filed a police report. So you should look into that.

As I mentioned earlier, all telcos need to step up here and make these sorts of attacks less viable. But until telcos take meaningful action on SIM swap attacks, you need to take action to protect yourself from being a victim.

1 Comment »

Romance Scam Losses Could Exceed $535 Billion

Posted in Commentary with tags on February 13, 2025 by itnerd

On the eve of Valentine’s Day, researchers at ComparitechChainalysis and Bitfender are highlighting the staggering losses to romance baiting or pig butchering observed.

Comparitech estimated that almost 60,000 US romance seekers fell victim to these scams in 2024, resulting in heartbreaking losses of approximately $697 million ($11,616/victim!).

More concerning is an AARP survey that estimated that 4% of Americans have fallen victim to these scams, equating to over 13 million individuals, which is about 3.6% of those officially reported. Researchers estimate the cumulative financial damage from romance scams could exceed $535 billion. 

Chloé Messdaghi, Founder founder of SustainCyber has this comment:

  “These romance scams and pig butchering operations are getting more aggressive and harder to spot. Scammers are weaponizing AI to create fake profiles, deepfake videos, and run chatbot-driven conversations that feel real—they know how to tap into emotions fast. 

   “We can’t keep placing the burden solely on individuals to ‘watch for red flags’ when those flags are increasingly invisible. Platforms need to step up with stronger fraud detection and identity verification, and financial institutions should be doing more to catch suspicious transaction patterns before people lose everything. This is a collective problem that requires a collective response—tech, finance, and policy all need to work together to protect people from being manipulated and financially gutted.”

Since a major part of what I do is scam related, I’ll offer up this story that I did earlier this week. While it’s not the whole solution, it’s a start in terms of protection from these scams.

Leave a comment »

« Older Entries