The Cybercrime Files- Case #103: An Offer too Good to Refuse!

*This is a true account of a local cybercrime. However, the names of the victims and businesses have been changed to protect their identities. To learn more about Cyber Security Services in Akron, OH click here.


INVESTIGATIVE REPORT

OFFENSE: Identity Theft & Home Invasion

VICTIM:  Mary & Joe Thomas (real names not used)

LOCATION: Akron, OH

DATE: 1-26-19

LEAD INVESTIGATOR: Patrick Carroll

NOTES: *This investigation is still in progress. Check back for updates on this case.

Mary and Joe Thomas love their West Akron home. Their kids grew up climbing the tall oaks in the backyard and there’s plenty of room for all six of their grandchildren to come stay in the summer. Many memories bless their house, and the Thomas’ cherish all the years they’ve lived here.

“It’s our home,” Mary says. “We’ve been here for over thirty years.”

Despite the memories and all of the personal touches the Thomas’ have added over the years, Mary and Joe came very close to selling their home– or at least that’s what they thought.

“The price was just too good to pass up,” Mary says. “We’re retired now and we couldn’t resist thinking about all of the things we could do with the money. Plus, we loved the idea of being able to invest that additional cash for our grandchildren’s future.”

How much money did it take for the Thomas’ to decide to sell their dream home? Exactly $1 million, offered through a local realtor by an undisclosed buyer.

FINDINGS: Mary and Joe Thomas were contacted by a realtor on behalf of an area man who saw and fell in love with their home.

“He said he just had to have it,” Joe remembers.

After much back and forth about if they should sell, the Thomas’ decided the offer was just too good to pass up. Agreements were made and paperwork was prepared. Before closing however, the buyer mentioned he wanted to do some construction on the home and his contractors needed access to the house so they could provide estimates. The buyer had a realtor, and as closing was only a few days away, the couple obliged.

Closing day arrived and the papers were signed, however no funds were transferred. Soon, the deal fell through.

A few days later, to their horror, the couple realized their identities had been stolen. The “contractors” who entered their home were actually scam artists who hacked into their computers and dug through personal files and documents in order to steal the Thomas’ personal information. There had been no interested buyer all along, only an identity thieves looking to prey on unsuspecting victims.

At time of reporting this case has still not been resolved. Let’s hope Joe and Mary get this figured out very soon.

 

CONCLUSIONS: Nearly every person I meet believes that identity theft won’t happen to them. The words “stolen identity” are so common in our daily conversations that we rarely bat an eye when we hear them.

But just because we’ve gotten so used to hearing the phrase, it doesn’t mean we should take the threat any less seriously. In fact, according to a study by WalletHub, Ohio ranks third in the nation in identity theft, and FIRST in the country for the amount of money stolen.

Let that sit for a moment.

Ohio leads every state in the amount of money lost through fraud related identity theft. That’s ahead of California, New York, Florida, and everyone else!

Why are Ohioans so vulnerable to identity theft? One theory is that maybe we’re too trusting and more willing than most people to give out our personal information online.

WHAT YOU CAN DO: You can start by being very careful with who you give you personal information to. If you’re using a credit card to make an online purchase, be certain that the website is credible and has the proper security measures in place.

Also, never give out your personal information on an unsecured WiFi network. If you must use public internet at a coffee shop, library, airport, etc., make sure you use a virtual private network (VPN) to protect your laptop or mobile device. This is especially important if you plan to share personal information or credit card numbers while online.

Here is some good information on setting up a VPN.

 

Want to learn more? Read Cybercrime Files #104>>

Please check back soon for updates on this case.

The Cybercrime Files- Case # 102: The $50,000 Email!

*This is a true account of a local cybercrime. However, the names of the victims and businesses have been changed to protect their identities. To learn more about Cyber Security Services in Akron, OH click here.


INVESTIGATIVE REPORT

OFFENSE: Email Hacking & Wire Fraud

VICTIM:  Property Management Company

LOCATION: Cuyahoga Falls, OH

DATE: 12-21-18

LEAD INVESTIGATOR: Patrick Carroll

NOTES: The moment I arrived on scene both the CEO and CFO of the property management company asked me the same question: “how in the world did this happen to us?” The harsh truth, I told them, is that cyber criminals are getting wiser and more deceitful by the day. As soon as you let your guard down, they’re right there to take advantage.

According to the CFO here’s what went down:

The CFO received and urgent email from the CEO asking that he wire $50,000 immediately into a client’s account. The CEO wrote in the email that he was in a meeting and didn’t have time to wire the money himself.

Not wanting to question his boss or bother him during an important meeting, the CFO made the transfer. Later that day the CFO ran into the CEO and let him know the wire transfer went through. “What wire transfer?,” the CEO asked. Right then the CFO knew he had made a huge mistake.

FINDINGS:

  • Someone hacked into the CEO’s email and monitored his incoming and outgoing email communications.
  • Using the CEO’s email (as well as his style of writing) the hacker emailed the CFO and asked him to wire the money.
  • Because the email was sent from the CEO’s “secure” email, the CFO deemed it to be legit.
  • The CFO wired the money to a bank account provided by the CEO (aka, the hacker).

FORTUNATELY…

Because it was such a large sum of money, the wire transfer had not yet cleared when the CFO realized his mistake. He was able to cancel the transfer and get back the $50,000 before it was gone forever.

LESSONS:

Always be on the lookout for email scams!

If you receive an email from someone you don’t know, or even from someone you do know that looks suspicious, don’t assume anything! Often referred to as phishing scams, hackers will pose as friends, family members, or charitable organizations requesting that you send them emergency funds. They will also use email to upload software into your computer that gives them access to your accounts, passwords, and sensitive data.

In addition, these same emails will often contain ransomware and other programs that can lock you out of your data. The hacker will then ask you to send money to get your own data back! More on this in our next blog post!!!

Read Cybercrime Files #103 to learn about a real life identity theft case >>

Check out this page for some of the latest email scams to look out for.

 

The Cybercrime Files- Case #101: The Art Burglars

*This is a true account of a local cybercrime. However, the names of the victims and businesses have been changed to protect their identities. To learn more about Cyber Security Services in Akron, OH click here.


INVESTIGATIVE REPORT

OFFENSE:  Burglary & Data Theft

VICTIM:  JT’s Fine Art Gallery

LOCATION:  Akron, OH

DATE:  12-11-18

LEAD INVESTIGATOR:  Patrick Carroll

NOTES: I arrived at the scene shortly before 10am to meet with gallery owner, JT Clark.

Clark was understandably shaken at the events that had transpired. Clark told me that he had received a telephone call from local police informing him that several of his clients recently had irreplaceable works of art stolen from their homes. Clark was shocked when authorities informed him that his gallery’s IT Network may have played a significant role in these burglaries.

Clark explained that police discovered documents in a suspect’s apartment that listed the estimated values of all art brought into JT’s gallery to be appraised. The appraisals also included information such as customers’ addresses and occupations.

FINDINGS: It did not take long me long to uncover that hackers had infiltrated the gallery’s network (where all appraisals are stored) and stolen sensitive customer data.

Because Clark did not have the proper security measures in place, hackers were able to use automated software to steal employee usernames and passwords. Hackers then logged into Clark’s network and were able to view all appraisals.

The suspects then identified customers who brought in the most valuable pieces of art, wrote down their addresses, and then broke into their homes to steal their art collections.

PREVENTION: To protect Clark’s Network from being hacked again, we put the following security measures in place:

#1: Multi-Factor Authentication: Clark and his employees used simple passwords that were easy to steal. In order to protect them from future hacks we set up multi-factor authentication for all applications, networks, and servers. (Learn more about Multi-Factor Authentication here).

#2: Installed Proper Firewalls

#3: Did a complete network security overhaul and advised Clark and his staff on proper security practices as well as tips on prevention and detection.

CONCLUSIONS: Small businesses like Clark’s often don’t have the necessary security measures in place because they think they’re “too small” to be a target.

In reality, this can’t be further from the truth. Akron Cyber criminals will intentionally target smaller companies because they are frequently easier to hack and don’t believe it can happen to them. JT’s Gallery is just one of many cases we have seen like this.

This crime could have easily been prevented had the proper security measures been put in place. Please, don’t jeopardize your business or your customer’s safety by being complacent with your data protection practices. Data theft really can happen to anyone, including you!

 

Want to learn more? Read Cyber Crime Files Case #102 to learn more about email scams >>

Is your company a target for cyber criminals? Take our free Cyber Security Audit to find out!