Attila: How do you get a crypto expert out of your house?
Attila: Oh, I'm just paying for the pizza.
Matt: You're listening to the Cyber Secured Podcast, helping you become safer in every way.
Matt: Now, your hosts, Matt and Attila.
Attila: Welcome to the Cyber Secured Podcast.
Attila: I am Attila.
Matt: And I'm Matt.
Attila: And I know it's been a hot minute since we've done our last episode, but not in the ears of our listeners.
Attila: As far as they know, it's been seconds.
Matt: Yes, but the last episode might have been 10 minutes ago for them.
Attila: You never know.
Attila: You know, we've had a busy past few weeks.
Attila: Of course, we deal with cyber incidents on a regular basis, and we travel, and we have lives.
Matt: Yeah, life happens, too.
Matt: You had life in Japan.
Attila: Life in Japan.
Attila: I went to Japan for the first time.
Attila: And I know you're not supposed to tell people when you leave town.
Attila: That's a security problem.
Attila: But the good news is that I'm not really on social media.
Attila: Or if you do see that on social media, that's one of our friendly marketing folks that we have reaching out to folks to try to help them.
Attila: That's not me personally.
Attila: And you can tell people after the fact.
Attila: So as long as your house is not sitting there empty and you've posted all these wonderful pictures of you in Japan, you're okay.
Attila: So anyways, we have a hot topic today.
Attila: The FBI's Internet Crime Report of 2024.
Attila: Pretty exciting stuff.
Matt: Oh yeah, you listened to that, what, two days ago?
Attila: Yeah, a couple days ago.
Attila: So we tune in regularly with the FBI to our part of InfraGuard.
Attila: And what they do is they reach out to private sector individuals like ourselves, and they try to share wisdom.
Attila: You know, like, what are they seeing?
Attila: And what should we do about it?
Attila: And the big report that came out the end of April was the 2024 Internet Crime Report.
Attila: And it's pretty interesting in that it's, why it's important is because, you know, they compile data from the previous year.
Attila: So everyone who's submitted a case or a complaint to the FBI's Internet Crime and Complaint Center, otherwise known as IC3, right?
Attila: So like IC is in Charlie the Letter, then the number three.
Attila: And the reason it's three C's, they do C3 is because it's Crime and Complaint Center.
Attila: That's where the three C's come from.
Matt: I always wondered about that.
Attila: Yeah.
Attila: They love their acronyms, right?
Attila: And what they look for is trends, and everyone who's submitted stuff to the Internet Crime and Complaint Center.
Attila: And they put that together into the Internet Crime Report.
Attila: And it's really important because it serves as a really good indicator for us cyberguys of new trends and shifts in the cybercrime space, so we can see what's been going on.
Attila: And it is about 47 pages long, so some light reading.
Matt: Yeah.
Attila: Some light reading.
Matt: Good material for when you're trying to go to bed at night.
Attila: Yes, exactly.
Attila: You probably get to page four and you're out.
Matt: I'd be halfway through the first page.
Attila: First page?
Attila: The introduction.
Attila: In this report, we will be.
Matt: Yeah, exactly.
Matt: That's how I roll.
Attila: And so rather than ask people to go to this Internet Crime Report and try to figure out what it all means, I thought we could talk about it during this podcast and why these numbers are important, why the trends are so relevant.
Attila: And I guess we could probably start with just how many reports they got and what kind of reports were they.
Attila: These reports that come into the FBI, they really cross the spectrum of all kinds of cyber incident activity.
Attila: So that ransomware intrusions, extortions, any kind of fraud you can think of, international money laundering, investment fraud, etc.
Attila: So in 2024, the FBI received 859,000 reports plus.
Attila: So it's like a change.
Attila: So 859,000 reports, so just under a million reports.
Attila: And to me, honestly, that sounds like it's a little low.
Attila: In 2023, there were more reports submitted, but in 2024, less reports.
Attila: And there's an interesting thing about that.
Attila: Okay.
Attila: So these reports, there were fewer of them, but they're actually at higher value.
Attila: So more money was lost, as you might have predicted.
Matt: But fewer reports.
Attila: But fewer reports.
Matt: Because the malicious activity is going after larger payouts?
Attila: Yeah, like bigger payouts.
Attila: So the average money lost per incident was around 19,300.
Matt: Right.
Attila: So just under 20 grand.
Attila: So less complaints, but the dollar amounts of money stolen per incident went up.
Matt: That's interesting.
Matt: I've actually kind of thought for a while that, you know, the information, the messaging of scams and the call center scams and all the different kinds of scams that we see happening, especially for blue collar, the lower amounts of money.
Matt: I feel like that's been getting out to the public more, so people are more aware.
Matt: I mean, here in Hawaii, we've talked about on the podcast about the toll scams.
Matt: And obviously, most people here in Hawaii, they have never been across a toll bridge or toll highway, so it doesn't apply here.
Matt: So obviously, it's a scam.
Attila: Well, that came up last night on a PBS special.
Matt: Right, right.
Attila: So for those of you who don't know, I get on PBS and other news outlets pretty often.
Attila: And last night's episode on PBS, we had a police officer from Crime Stoppers, and he was saying about the toll road scams.
Attila: But many of the viewers of the PBS special, 730 on a Thursday night, they're 60-plus.
Attila: And 60-plus people have a lot more money and resources sometimes and time to travel.
Attila: So they may go to some other part of the US and not know about these toll roads, and then come back home, get a text message, hey, you owe money to a toll road, and not know, and just pay it.
Attila: So they are a prime target.
Attila: And that is a big find of this, by the way, is that most of the target audience for these scammers is 60-plus.
Matt: Yeah, well, my thought process...
Attila: Not 65, 60.
Matt: Yeah, my thought process still, I feel like, kind of applies, though, because there was a large viewership, the information is getting out there, you are on a show talking about it.
Matt: So I feel like there's less likely, like an outcome of people getting money from the 60-plus audience, versus going after larger sums of money through other means.
Attila: They're getting clever.
Attila: And I have some bombshells coming up.
Attila: I have some bombshells.
Attila: So good thing you didn't read my newsletter.
Matt: I haven't.
Attila: The bombshell is in there.
Attila: Okay.
Attila: So in short, 859,000 reports, average 20 grand, so 19.3.
Attila: Less complaints, but the dollar amounts of money stolen up.
Attila: But total losses, right?
Attila: So total losses that was reported to the FBI last year, $16.6 billion.
Attila: Whoa.
Matt: Okay.
Attila: $16.6 billion.
Attila: Now to put some perspective on that, in 2020, so four years before, that was only about $4 billion.
Matt: That's still a lot of money.
Attila: Yeah.
Attila: It's going up by a billion a year.
Matt: That is insane.
Attila: It's a lot.
Attila: And politics aside, we are a prime target.
Attila: So this is just $16.6 billion in the US.
Attila: Globally, trillion.
Attila: It's a big industry.
Attila: Because the US is not the only country on the planet.
Attila: Let's be clear on that.
Attila: And we're not the only first world country on the planet, too.
Attila: And we go on a bleeping computer and all the Homeland Security Information Network, Hisin Network, InfraGard.
Attila: A lot of the stuff that you see there, these are all international crimes that are occurring, too.
Attila: So the US is not the only target, but $16.6 billion.
Attila: And as you know, a lot of these incidents are not reported at all.
Matt: Right.
Matt: Yep.
Attila: So I would easily double that number for reality's sake.
Attila: In fact, a lot of the folks that come to us, they have already moved on.
Attila: Either they paid the ransom or they decided that they just were going to start fresh, and that was it.
Attila: So it's not an easy pill to swallow, but sometimes you do have to move on and just accept it as a loss for your business.
Matt: And what are these, since we've been talking about this, what is the mechanism, what is the conveyor belt of this money?
Matt: Like, how is the money getting to the bad guys?
Matt: What are they doing?
Attila: So a lot of this is coming in by crypto.
Attila: Okay.
Attila: And if you want wonderful tech support, all you have to do is reach out to any scammer who's demanding payment by crypto, and they will walk you through it.
Matt: They will walk you through every step.
Matt: Yeah, I've seen that.
Attila: They are experts at getting you the crypto.
Matt: Where to click on, where your screens are.
Attila: And so, you know, we have these scammers that are winning, right?
Attila: They are clearly getting more money out of everyone, especially the 60-plus people.
Attila: And unfortunately, the 60-plus folks, they account for a lot of the cases.
Attila: So, of those 859,000 cases that were submitted, about 160,000 were those from age 60-plus.
Attila: And they accounted for 4 billion of those losses.
Attila: So out of the 16, 4 billion was 16.
Matt: Did they specify whether the loss of crypto came from either, like, breaking into someone's account, or if it was from specifically a scam?
Attila: So, that leads us to the big bomb show we deal with, right?
Attila: So, the biggest scam category of all, by far, was cryptocurrency fraud.
Matt: Right.
Attila: That was $9.3 billion in losses.
Matt: And in plain text, what does that mean to people?
Attila: So, that is someone who is reaching out to a victim by social media, by text messaging, by email, any number of ways.
Attila: They flatter them, they get their trust, and they tell them about how they made money with cryptocurrency.
Matt: Right.
Matt: Yeah, I've heard of this.
Attila: And cryptocurrency every year becomes more and more accepted and normalized, and the Bitcoin billionaire mythology floats around out there, and everyone thinks that they could be the next one to have their own private island if they just jump in on this crypto.
Matt: The other one I heard about was where someone convinced a guy to invest in their thing and went to this website.
Matt: The website looked legit.
Matt: It was all functioning.
Matt: It was able to transfer money from his bank account.
Matt: He was able to transfer money back into his bank account.
Matt: He even did some transactions, made some money, took that money out, put it back into his account, and it's when he was fully convinced that it was a good investment and he put everything in that they just did a dump and run.
Attila: Dump and run.
Attila: Absolutely.
Attila: And it happens all the time in those fraud sites.
Attila: And as you know, especially now with AI, those sites can be coded quick.
Attila: We're talking minutes.
Matt: And even if you're not super skilled in the backend programming, AI can fix that for you.
Attila: I'm sure that you can buy them premade on the dark web today.
Attila: Like, hey, you want to have your own crypto scam?
Attila: No problem.
Attila: Have a choice from our selection of many premade scam websites for you to...
Matt: You know the other thing that I saw on a YouTube channel, too, that was just mind-blowing was some of these scams involving pretty girls that, you know, they accidentally text you and then you start messaging back and forth and they send a photo and, you know, you immediately think this isn't real.
Matt: This isn't a real, you know, person.
Matt: Turns out they actually are real, but they're actually working at a call center with a bunch of guys and the guys are the ones that are texting you.
Matt: And then if you ever get into a situation where you want to do a video chat with them, they call the girl in.
Attila: Oh, interesting.
Matt: And then they do a video call between you and the girl.
Matt: So you are completely convinced this chick is real.
Attila: Interesting.
Attila: It's like, hey, let me call my manager.
Attila: But really, the manager is the bait.
Attila: Yep.
Matt: Wow.
Attila: That makes sense.
Attila: And then you can have one girl, you know, on call for a thousand simultaneous scams that are taking place.
Matt: Yep.
Matt: Yikes.
Matt: Yeah, I think this particular one I was watching was operating out of Dubai at the time.
Attila: Dubai?
Attila: Yeah.
Attila: That's random.
Matt: Yeah.
Matt: It was interesting.
Matt: I didn't expect that, but it was, you know, Dubai is a fairly affluent country, but there's still, you know, people that are struggling to make ends meet.
Matt: So and you have, you know, probably some attractive women that live there as well, that need to make money somehow.
Attila: You know, a bit of a side note that was, I mean, this, this is not in the Internet Crime Report, but I was reading about North Korea and their very interesting program where they have a pipeline of candidates that they identify as early as elementary school.
Attila: And then they put them in really good universities and just inject them inside of corporate America.
Attila: And they gain trust and it's not always about siphoning money back to North Korea.
Attila: It's about holding an employer hostage or espionage.
Attila: So taking an IP out to North Korea where they can do whatever they want with it.
Attila: And it just goes to show that people who are desperate like that, I mean, the way that they see it, it was kind of sad actually.
Attila: They were doing it to feed their families.
Attila: And so it wasn't, I don't think they were looking at it as malicious, they were just looking at it as survival.
Attila: So it's survivalist crypto.
Attila: And the original, I'm sure you heard about this on Darknet Diaries, there's the original ransomware came from North Korea because it was survivalist.
Attila: Like they had sanctions against them from every country on the planet.
Attila: And now they're like, what do we do?
Attila: How can we survive?
Attila: Well, there's this new thing called crypto.
Attila: There's this new thing called ransomware.
Attila: And the original ransomware didn't even, like even if you pay the ransom, it didn't work because they had not developed the decrypting technology at that point.
Matt: They were just testing it out.
Matt: Yeah, no, it's interesting things that have come out of North Korea.
Matt: Interesting, scary, and it just keeps happening more and more.
Matt: And then the types of things that they figure out and the loopholes, it's just amazing.
Attila: Well, I love their new invention that I think I put in Slack the other day.
Attila: It's the AI-powered kamikaze drones with nuclear warheads on them.
Matt: Oh, God.
Attila: Has no one seen like any sci-fi movie?
Matt: The beginning of Skynet, it's actually North Korea.
Attila: It's North Korea and it is nuclear-powered suicide drones.
Matt: Wow.
Attila: Oh, no, not nuclear-powered, nuclear-armed.
Matt: Nuclear, yeah.
Attila: AI-guided, I guess, AI-guided, yeah.
Attila: And they're not small.
Attila: We're talking like they're the size of full-size airplanes.
Matt: Yikes.
Matt: Well, that's a problem for another day.
Attila: Yeah, yeah.
Matt: I don't know if I want to think about that now.
Attila: Internet crime reports.
Matt: Oh, my goodness.
Attila: Oh, my goodness.
Attila: Yeah, what else do we have?
Matt: So for the average home user that is trying to protect against crypto scams and all these scam calls and toll texts and everything, what's the best advice that we can give them?
Attila: Don't respond.
Matt: Don't respond?
Attila: Don't respond to anything.
Attila: And I wrote about this a few weeks back in one of our blog articles.
Matt: Well, what if they're getting a call from the cops and the cops are telling them that there's a fake?
Attila: Yeah, just go to the police station.
Attila: So we also went through this on the PBS special.
Attila: And the police sergeant, he brought up a good point.
Attila: He said, we have detectives, they have a phone number, we have the police station, that has a phone number.
Attila: Guys, sometimes dispatch has a separate phone number, and someone's asking you to call back one of their phone numbers, how do you know if it's the right one?
Attila: And he said, well, you can Google, you can ask a litany of questions.
Attila: He says, the more questions you ask, the better, so you can ask for your badge number, what's your supervisor's name, what's your rank, what officer you land in.
Attila: You gotta start asking all these questions, they'll hang up.
Attila: But if it's a real police officer, they won't.
Matt: The one that scares me is what happened to one of our employee's moms here, was she got a phone call from the Honolulu Police Department, and while she's on the phone with them, she looked up their number, and the number they were calling from matched.
Attila: Even if it does match, and if you're just suspicious in any way, just go to the police department.
Attila: Just walk in there.
Matt: Well, my other thought is to just call back, to hang up and call back.
Attila: You can, yeah.
Matt: Because they can't spoof having the number.
Matt: They can spoof calling with the number, but they can't spoof having the number.
Attila: And I think some of these voice providers are getting more and more wise.
Matt: Yeah.
Attila: Because they just, they become a huge security problem if they just allow people to spoof.
Matt: Liability issues.
Attila: Call IDs, yeah.
Attila: I know we could do it with our phones at some point.
Attila: I haven't tried it in a few years, but over the years, they keep ratcheting up the security on these voice over IP service providers.
Attila: But I know there's even some, there's some fraud apps you can get on your phone now that allow you to spoof.
Matt: Oh, they've been around for years.
Matt: Yeah, you paid two bucks and can spoof pretty much any number.
Attila: I'm surprised those don't get pulled from the app store.
Matt: I haven't looked it up in a while, but yeah, that does seem like something that kind of breaches a lot of...
Attila: Well, and also you compare that up with some voice modulation, right?
Attila: So now someone who has a thick accent, thick foreign accent, suddenly sounds like just someone from the Midwest.
Attila: No problem.
Attila: But they'll have some weird words that they use, and that's how you know something's up.
Matt: Right.
Attila: Well, you know, there is more we could talk about with this critical infrastructure portion of the Internet Crime Report.
Attila: This is pretty interesting.
Attila: So critical infrastructure is telecommunications, water, power, sewer, that kind of thing.
Attila: Fuel, right?
Attila: Energy, petroleum.
Attila: And they are also being heavily targeted.
Attila: And obviously not as many reports to the FBI, but there were around 5,000 reports in 2024 for critical infrastructure.
Attila: And they reported ransomware, viruses, malware, breaches, and a lot of DDoS attacks, surprisingly.
Attila: Yeah.
Attila: And about 1,400 of those 5,000 reports, those were ransomware.
Attila: And the top sectors were manufacturing, health care, and government facilities.
Matt: Okay.
Attila: And they were after ransomware big time.
Attila: Manufacturing in particular is very destructive and very profitable for them.
Attila: Because when you're manufacturing something, I mean, every minute you're not producing, it's very expensive.
Matt: It's a dollar, yeah.
Attila: Those are the ones that were mostly hit by ransomware.
Attila: But data breaches, they're after health care providers.
Attila: So this past year has had some major health care provider breaches.
Attila: IT cloud services providers, so that's where you have like data storage, you know, any sort of, especially like government compliance storage.
Attila: That's a big deal.
Attila: And data breaches also, we had government facilities be breached.
Attila: So we had police departments, local state, municipalities.
Attila: In fact, I believe there's a data, which one was it?
Attila: There's some state right now that's having trouble operating because of the ransomware.
Attila: I remember hearing about that.
Attila: I forgot what state that was.
Attila: Just this week, yeah.
Attila: You know what it is, there's so many, it's kind of hard to keep track.
Attila: But this really helps us because in the crime report, I mean, now we know that almost $10 billion last year, cryptocurrency fraud, and that's something that public awareness can do a lot about.
Attila: And maybe we should circle back to like how that works, because we've seen it firsthand.
Attila: So what they do is someone reaches out to you, social media, text messaging, whatever, and they say, hey, look at me, I made a bunch of money using crypto.
Matt: Yeah, it can be a friend, it can be a stranger, it can be anybody, but yeah.
Attila: I suspect AI is going to come into this too, and now the English is going to be perfect.
Attila: They can replicate someone that maybe you trust in terms of a video or a phone call.
Attila: Then once again, your trust, they get you to go to a website, you transfer some money in, and the website magically shows how your crypto investment has multiplied.
Attila: And now you take your money out, and you just made some money.
Attila: Wow, how nice is that?
Attila: You do that in and out a few times, they get that going to you, plus a few thousand other people, then it's pump and dump, right?
Attila: So then the website mysteriously disappears overnight, and you're out of whatever money you thought was in this website to begin with.
Attila: And because it's been voluntary, there's not a lot of protections behind it.
Matt: Well, and also the altcoin crypto market scams, too, that's been a big one.
Matt: Like coins that have been, you know, propped up by some celebrity or some, you know, figure out there that, you know, it's going to be the next big thing.
Matt: Bitcoin was it, but now it's us.
Matt: And then they get everyone to invest in it.
Matt: And, you know, the same sort of mechanism pumping up.
Matt: Someone takes all the money out of it, and then the value goes to zero.
Attila: We saw this with NFTs, like, about a year ago.
Matt: Yeah.
Attila: Like, I haven't heard those three letters in a while.
Matt: Yeah, yeah.
Attila: NFTs, like, disappeared.
Matt: Pretty much.
Attila: I'm sure we're going to get some hate from that.
Attila: They're going to say, no, NFTs still alive.
Attila: We're going to get some comments.
Attila: Yes, they're real.
Attila: Right next to my Beanie Baby collection.
Matt: Right.
Attila: Yes, we're laughing at you.
Attila: That's okay.
Attila: If you can't take a bit of laughter about NFTs, you shouldn't be.
Matt: No.
Attila: Yeah, in fact, that's some joke I heard.
Attila: It's like, how do you get a crypto expert out of your house?
Attila: Oh, just paying for the pizza.
Attila: Everyone's a crypto expert, yes.
Attila: But yeah, this Internet Karma Report, we're going to put a link to it in the show notes, but it's available on the FBI's website.
Attila: They have some great guidance on what to do if you're in the middle of a crypto scam and how that whole thing works and how to back out quickly, how to talk to your loved ones, because of course, the loved ones, the family members are the ones that listen to other family members the most, right?
Attila: No, they don't.
Attila: That's the whole point.
Attila: So they talk about some methods on how to do that.
Attila: I also encourage you to check out the PBS special that we taped yesterday that's on YouTube.
Attila: I know this is not very time dependent, so maybe yesterday is the wrong word to use.
Attila: Recently.
Attila: Very recent PBS special.
Attila: And we talk about these scams, what to do about it.
Attila: We have Jode Ido on there from UH.
Attila: We had Crimestoppers.
Attila: We had Cyber Hawaii.
Attila: So there's some good people on there with some good expertise.
Attila: And of course, I was on there too.
Attila: Just don't throw that out there.
Attila: But I was on there too, and hopefully we can do our best to help educate, inform, and protect the community.
Attila: So anyways, that's all I got.
Attila: Awesome.
Attila: Awesome.
Attila: Here we go.
Attila: Air high five.
Attila: Bam.
Attila: All right.
Attila: I'm Attila.
Matt: I'm Matt.
Attila: Stay safe out there.
Matt: This episode was brought to you by Cypac.
Matt: To learn more about keeping your business safe from threat, crime, and disaster, visit Cypac.com.