Fraud Insight from a Reformed Cybercriminal and the FBI: The State of Fraud Today
Recently, special agents from the FBI Cyber Crime Unit visited SafeChain Headquarters to take a deep dive into responsive action plans for a fraud scenario. It was a great opportunity that allowed our team to hear their latest best practices as well as share ours with the top experts in the field. As a partner in the title industry, we knew we needed to share the insights from the FBI and our Title Tech Council to help everyone as we work to eliminate wire fraud. This is the first of a three-part series that sheds light on how to take action before and after a fraudster strikes.
The following is a summary of our discussion with FBI special agents, insight from the former “Internet Godfather,” Brett Johnson, and the Title Tech Council.
The State of Fraud Today
To start, the FBI shared some statistics with us (whether you’ve heard them before or not, they’re still staggering) and we think they help set the stage of what we’re dealing with as an industry. The FBI pointed out that some fraud attempts and cases go without being reported so the following figures are just the ones that are known about to-date:
An average of $12.5B is lost annually due to business email compromise (averages ~$7M per day)
There have been 78,617 reported incidents of business email compromise since 2013; however, many cases go unreported.
A 136% increase in business email compromise has been realized from December 2016 to May 2018.
From the real estate side, special agents are continuing to see wire information being intercepted and a “decent” amount of fraud through digital signature services.
The FBI also stressed that in order to effectively combat fraud attempts, it’s important to know as much as possible about who we are fighting against, the modern-day internet fraudster.
Silicon Valley National Bank interviewed reformed fraudster, Brett Johnson, aka the “Internet Godfather,” on the mindset of the modern-day internet fraudster. Johnson discussed the motives of fraudsters, how fraud has no borders, the big secret behind fraud, and what full identity theft looks like. Below are the details as outlined by Johnson and the FBI.
Johnson outlines three key motivations fraudsters have to commit the crimes that they do: money, status, and ideology.
It’s not surprising that money is the most common motive behind fraud. According to Johnson, defrauding people and companies has become easier while detecting and recovering funds has become increasingly more difficult. Johnson provided additional insight adding, “fraudsters look at this as their job they’re certainly not going to go apply at McDonald's to flip burgers for $8 per hour due to one failed attempt.”
Status is a big motive in the fraud community as well. Johnson discusses how fraud in its simplest form can be accomplished by purchasing someone’s credit card information for $6 – $20 on the Darknet, and then use social engineering from there to see a return on that small investment. This form of fraud does not gain the respect of the fraudster’s peers. However, should a fraudster successfully defraud a large company, they will achieve a celebrity-like status.
The last motive Johnson discussed was ideology. Examples used for this were the foreign involvement in hacking elections and WikiLeaks. The mindset of the ideological fraudster is that they are defrauding for the “greater good.”
Having a clear understanding of the motives behind these attacks allows us to effectively combat against fraudsters and develop solid plans of action in the instance that it does occur.
Fraud Without Borders
It’s very rare that fraud occurs solely at the hand of one person and in one location. The three major steps in committing cybercrime are: gather information, commit crime, and cash out.
Johnson says it is very rare that all three of these steps can happen in the same place and be executed by the same person. The trading and bidding on information across a global network of cybercriminals is what allows fraud to happen today.
Realizing that multiple parties in multiple locations are being utilized for one fraudulent attempt helps us to develop the proper preventative measures.
The “Big Secret” Behind Fraud
According to Johnson, the biggest secret behind fraud is that, “cybercrime is not rocket science.” It’s a common misconception that all cybercriminals are top-tier, very sophisticated “hackers,” when in reality; 99% of them are very talented social engineers.
These fraudsters have a deep understanding of human psychology and are easily able to manipulate people into things like resetting passwords and initiating ACH transfers among other things. Due to the nature of these cybercriminals, Johnson attributes the evolving nature of fraud to two failures—human and systemic.
If we understand that human error, flaws in systems, processes and/or protocols opens the door for fraudsters, we can combat these cyber criminals by implementing solutions that reduce, if not completely eliminate human and systemic failures.
What Full Identity Theft Looks Like
The term “FULLZ” is slang in the cybercriminal community for having full packages of individuals’ personally identifiable information. What does a FULLZ package look like? It usually contains the following 10 items.
Social Security number
Date of birth
Mother’s maiden name
Driver’s license number
Additional information that can be used for knowledge based authentication (KBA) questions
These complete profiles can be purchased on the Darknet from anywhere between $40 - $130.
Fraudsters are also able to create their own FULLZ profiles in a few easy steps:
Buy a bank account login on the Darknet
Visit a site and buy SSN and DOB for as little as $2.90
Pull a background check
Figure out KBA answers by comparing the questions’ answers across several sites and looking for direct matches
Pull a credit report
Do any follow-up research necessary
Fraudsters are able to retrieve and create these profiles with increasing ease and accuracy. We can no longer accept that traditional methods of verification will remain effective.
Understanding the state of fraud today is just the beginning of protecting your business and customers against wire fraud. In Part 2 of “Fraud Insight from a Reformed Cybercriminal and the FBI” we’ll focus on understanding the ease of the most common fraud scheme, business email compromise (BEC), and start to discuss what to do if fraud occurs.
With the increasing amount of information available online and the evolving sophistication of fraud schemes, it’s crucial that title companies stay up to date on best practices for fraud prevention. But you don’t have to do it alone; we’re here to help. And it’s why we created our industry-leading wire fraud prevention software, SafeWire. Schedule a free in-depth demo of the platform today.