In a new type of cyber scam unearthed in recent months, North Korean criminals posing as employers at a cryptocurrency company accidentally scammed fellow North Korean scammers posing as potential job seekers.
The inadvertent double scam, of sorts, happened as North Korea hackers have for years been posing as potential employees to join companies and later hack them from the inside.
This time, however, they unknowingly encountered fellow North Korean hackers who posed as employers to target victims seeking jobs in the cryptocurrency field. The two groups ended up trying to compromise each other’s systems.
The encounter, highlighted recently by cybersecurity firm Silent Push, may seem comedic but victims of these scammers won’t see the funny side of things.
Ken Bagnall, Silent Push’s chief executive officer, told Techgoondu in a recent interview that one victim was filling a form sent by the fake North Korean employers when his crypto wallet was emptied of its currency.
The episode is a new twist to the usual North Korean employee scam. It also reflects how fast cyber scammers change tactics to target specific groups of victims, according to Silent Push, which specialises in proactively finding online threats before hackers strike.
As Bagnall tells me in the interview, online scams may seem like high-tech crimes but they rely on “old fashioned social engineering”.
In a way, it is no different from the old days when someone called your elderly parent or grandparent at home to say you were in trouble unless they brought a wad of cash to deliver to the scammer, say, at a void deck or somewhere quiet.
Today, the trust that people place on their digital devices, thanks to daily interactions online, has made them vulnerable. In Singapore, a staggering S$3 million is lost to scams each day.
And the bad guys are getting smarter. Now if generic calls purportedly from your bank doesn’t work any more, they will resort to more “local” authorities that are trusted and less suspicious to victims, Bagnall explains.
As a result, scammers pretending to be, say, the local utilities provider calling up to say you haven’t paid your bills won’t be a surprise, he adds.
And emboldened by their illegal gains, criminal organisations do what they do best – they expand their network globally.
The China-based gangs that have been successful operating out of Cambodia, for example, have set up “franchises” of sorts to export their technology stack to crime groups elsewhere, like Africa, says Bagnall.
And like any good IT provider, they claim to have as many as 300 “front desk” staff answering queries from partner crime groups that depend on their network to set up scams and launder money, he adds.
One reason why scammers are winning is that impunity with which they operate in “host” countries. “Pig butchering” scams that have hit Singapore and other countries regularly, for example, may account for as much as 40 per cent of the formal economy of Cambodia, Myanmar and Laos, according to some estimates.
A second reason is the difficulty involved in preventing such scams, because they can pop up on the Internet and be gone before they are shut down, say, by cloud providers such as Amazon or Microsoft.
What Silent Push does is to sift through the domain name records of different websites – up to millions of them – to look out for specific groups of scammers that are often active online.
When it spots the scammers setting up shop – moving around domains and preparing the infrastructure for an operation, for example – Silent Push warns its clients to be wary of an upcoming scam.
Of course, the ultimate victim of a scam is often the unfortunate consumer, not a bank or utilities provider, and he has little recourse if he’s given access to a hacker unknowingly. So, keeping abreast of the latest scam tactics and using tools that filter out harmful sites and calls are key.
That said, scammers are fast adapting to the heightened awareness as well. AI, for one, will let criminals easily craft e-mails, SMSes and even deepfake videos that trick people into letting them in.
Now that everyone has access to such AI tools, says Bragnall, their efforts will be accelerated in a “terrifying way”.
“In e-mails, they will have the correct tone and speech for the target, with no oddity in language,” he says of some of the scam toolkits he has seen. “Next year is going to be scary.”
Met her on a dating site called Ann and we matched and she asked we exchange email and what’s app to keep in touch and that caused me financial loss of trying to move her to the States therefore I plead an ExecutiveOrder on cybersecurity rather than taxes as USA citizens are loosing billions yearly and am a victim & lost over 100K in romance fraud but luckily the perpetrator was brought to justice when I reported to the Embassy:ConsularAccra (at) state (dot) gov who directed my complaint to the GhanaCrimeUnit; info.ghanapolice [at] consultant [dot] com.Beware and do not send money to any1 online.!