New Fraud Trends from the IC3.gov 2022 Report

Gary Warner, Director of Intelligence

The numbers from the IC3.gov 2022 Annual Report reinforce the trends that we’ve been trying to draw attention to from DarkTower. Criminals flock to where the money is, and right now, the fraud funds are flowing more freely than ever as the criminal refine their tactics. As we look at the enormous increase, please be aware that there is still a huge under-reporting of cybercrime! These numbers are confirmed victim losses, but only of the people who took the time to report their losses to IC3.gov. When you hear that someone has been scammed, please send them to IC3.gov and have them click “File a Complaint.” Are they elderly? confused? not tech-savvy? Sit with them and walk them through the process. Documenting losses and providing all the details we can is one path towards fighting these crimes. IC3.gov calls it “Protect one another” and I agree.

BEC, Romance Scams, and West African Organized Crime

For at least the past five years we have been talking about how #BEC and #RomanceScams are largely run by West African organized crime groups called Confraternities. Most prevalent among them are the Black Axe (NeoBlack Movement of Africa), the SEC (Supreme Eiye Confraternity, or AirLords), the Buccaneers (Brodas/Brothers Across Nigeria), the SVC (Supreme Viking Confraternity, or SeaLords), the SEC (Supreme Eiye Confraternity, and the MAPHITES (Green Circuit Association). While they continue to dominate Business Email Compromise, the first reduction in Romance Scams in several years is because the Romance victims are now being lured into Investment Scams, of which most are “Crypto Investment Scams.” These groups are still a primary recruiter of Money Mules around the world. In North America, they mostly show up as Financial criminals, in Europe, they are heavily involved in Human Trafficking for forced prostitution and drug trafficking, as was so well-documented by the BBC Africa Eye in “Black Axe: Nigeria’s Mafia Cult.” Our stolen funds enable those crimes.

Pig Butchering

The biggest change that led Investment Scams to more than double is the vast improvement and refinement in this area by Chinese Organized Crime operating slave shops of scammers in neighboring countries. The term “Pig Butchering” comes from the story of a Myanmar labor-trafficking victim that I shared on my Cybercrime & Doing Time blog: “Please stop calling all Crypto Scams Pig Butchering!” but the same situation is going on in Cambodia, as was so incredibly well-documented by Al Jazeera in “Forced to Scam: Cambodia’s Cyber Slaves.” As my friend Erin West leads the charge against “Pig Butchering” from California’s REACT Task Force, be aware that there are two very different models of this crime, but both leading to the same result. Social media and Dating site recruitment play heavily in both models. The West African version tends towards investment on a web page, while the Chinese version tends more towards a longer recruitment cycle followed by installation of a dodgy APK “Investment App.”

WE NEED THE INDUSTRY TO BRAINSTORM WITH US ON HOW TO SHUT DOWN CRYPTO INVESTMENT WEBSITES AND THE RELATED SOCIAL MEDIA GROUPS! Right now, Registrars and Hosting companies are not accepting the role they play in the NUMBER ONE CYBERCRIME IN AMERICA. Quit dodging and come to the table ready to engage.

There is another way of tracking Crypto Investment Scams. Most of them are visible from the Blockchain if you have access to the right analytical tools. The Chainalysis 2023 Crypto Crime Report shares the news that the top ten scams last year were all Crypto Investment Scams. According to blockchain analysis, just those ten scams were responsible for stealing $3.469 Billion dollars! At DarkTower, we’ve identified more than 25,000 such websites. And the losses from TEN of them exceed all of the losses reported to the FBI in 2022 in this category.

Source: Chainalysis Crypto Crime Report 2023

Indian Call Centers, VOIP, and “Open-Ups”

The other HUGE surge in cyber financial crimes is based in the Indian Call Centers. Last year at the RSA Conference I joined Josh Bercu from USTelecom in a presentation called “Knowing the Robocallers: Illegal Call Centers and Efforts to Stop Them” and spoke afterwards to WIRED magazine for their story “Here’s Why You’re Still Stuck in Robocall Hell.” #TechSupportScams are up 231% THIS YEAR, but up 800% over the past two years! After a slight improvement in Government Impersonation scams, we had another huge surge in these last year. Same issue. We must DISRUPT their ability to function. For the Call Centers this means BLOCK THEIR USE OF #VOIP SERVICES. We must identify and eliminate, not at the telephone number level, but destroying the ability of fraudulent call centers to easily re-acquire a new number.

Call Center fraud also surged because of the emergence of new financial companies in the US who just do not understand how fraud works. The successes we had here in blocking merchant accounts and credit card processing, and then the successes we had in Gift Card payments. The new monetization method which has allowed their resurgence is how easy it is to open US-based financial instruments among the NeoBanks and FinTech companies. As each of those companies fights for market share, their marketing departments are fighting with their security teams to “reduce friction” in new account creation. “Runners” working for the Indian Call Centers, not just in America, but in the UK, Australia, and other western countries, are doing “open ups” at scale to have western bank accounts that can receive funds directly via Zelle, CashApp, Venmo, or other “fast payment” systems.