Finance & Banking , Fraud Management & Cybercrime , Fraud Risk Management
In September, Sergio Narvaez, a physician in Manhattan, sought out a high-interest certificate of deposit and found one on a website. That's where the trouble started.
See Also: Live Webinar | Empowering Your Human Firewall: The Art and Science of Secure Behavior
Narvaez found an Iowa-based bank called VisionBank that was offering market-leading rates. The simple website had a phone number, which he called. He spoke to someone named Paul R. Smiley, a senior account executive with Vision Banking Group.
"He had no foreign accent," Narvaez says. "He had a complete American accent. He sounded like somebody that you would picture was sitting at a desk in a bank in the Midwest, honestly."
He invested $200,000, sending two $100,000 wire transfers from his Chase account on Sept. 16 and Sept. 17. Chase called him after he initiated the first wire transfer to double check that's in fact what he really wanted to do.
The money moved from New York to an ING account in Poland and from there to a DBS Bank branch on Hong Kong. The bogus VisionBank website, which spoofed a real bank's site, went offline. The money has disappeared.
Since then, Narvaez and I have been trying to figure out who is behind the scam and locate his money. His case illustrates the legal complexities in investigating cross-border internet crime, privacy laws that ironically favor cybercriminals and one core problem: There's so much internet crime, law enforcement can't address all of it.
Last year, the FBI's Internet Crime Complaint Center recorded more than 350,000 complaints worldwide, comprising reported losses of $2.7 billion, nearly double the amount in 2017. Still, the losses are likely only a small slice of the true scale of internet crime because the IC3 reports are voluntarily filed by victims.
Narvaez has filed complaints with four law enforcement agencies in three countries.
The physician filed a report with the IC3, but filing a report doesn't necessarily trigger an investigation. The agency is a clearinghouse for fraud complaints, which are then forwarded to relevant agencies. The FBI did not respond to my query about Narvaez's incident.
He also filed a report with the New York City Police Department's 24th Precinct in Manhattan, which recorded a complaint of grand larceny by deception. But Narvaez says a detective told him the fraud was beyond their reach because the money went overseas. So he filed a report with Lithuania's national police as well as with the Hong Kong Police Force.
Unfortunately, it doesn't appear any agency is investigating. That's not surprising, says Alana Maurushat, a professor of cybersecurity and behavior at Western Sydney University. "If it involves a jurisdiction outside their own, they tend to do nothing about it," she says.
Maurushat says the exceptions are the FBI and the U.K.'s Metropolitan Police, which will take on complex cases with international angles. But Narvaez's case illustrates how it's difficult for even high-dollar internet crime victims get the attention of law enforcement.
Many victims take large fraud investigations to private investigation firms, Maurushat says. She's a director at one such company, IFW Global, based in Sydney, which specializes in asset recovery, including from business email compromise and other types of internet-based fraud. Many other consulting firms offer similar services.
Over the years, I've written many stories about fraud cases and scams, which has lead to a steady stream of emails from internet crime victims. Most of the losses are in the range of a few hundred dollars, but Narvaez' experience stood out: No one had ever contacted me with such an astounding loss. I said I'd look into it.
The wire transfer instructions show that Narvaez' money went to the ING account in Poland that belonged to Paysera, which is a legitimate Lithuanian payments provider.
To its credit, Paysera was helpful. Mantas Ambrazeviius,who is head of Paysera's anti-money laundering and due diligence department, says as the result of being alerted by me, the company suspended the account of its business client who received Narvaez's money.
By the time it was alerted, however, the money was already out of Paysera's account, Ambrazeviius says. It was transferred the same day it arrived in the Paysera account to a DBS Bank branch in Hong Kong.
Typically, there's only a short period in which wire transfers can be blocked or reversed. When that period expires, there's not a lot of recourse.
"You need to be in a position where you can act on it immediately," Maurushat says. "And if you don't, you're going to lose the money."
Ambrazeviius says he can't reveal the business client's name because of the General Data Protection Regulation, which is Europe's strict privacy law. But Paysera warned DBS about the client and asked it to return the money if possible.
DBS Bank told Narvaez on Dec. 2 that the account that received his money was closed last month. The bank didn't provide more information on where the money went from there.
"We have also alerted the HK [Hong Kong] authorities accordingly," Elvin Lim, senior vice president of financial crime and security services at DBS, wrote in an email to Narvaez. "Unfortunately due to banking secrecy, we are not able to reveal further information. If you would like to pursue further recourse, you can do so through an international legal assistance channel, by lodging a report with your relevant country authority."
Although Narvaez has filed the complaints that DBS Bank suggests, it doesn't mean law enforcement is going to take the case. The odds have long been in favor of internet fraudsters due to complexity in international law.
Law enforcement agencies in different countries often exchange information in accordance with a Mutual Legal Assistance Treaty that has been signed between two nations. A MLAT lays out the protocols for requesting electronic data, querying witnesses, forfeiting assets, collecting evidence and much more. The U.S., for example, has an MLAT with Hong Kong.
But the MLAT process can't keep up with the pace of internet crime and the speed at which money and data can be flicked around the world.
"This [MLAT] process often takes months, and it's widely accepted that the MLAT structure is opaque and under too much stress due to the volume of requests," writes Dan Jerker B. Svantesson, a professor in the Faculty of Law at Bond University in Brisbane, in The Conversation.
The U.S. has sought to make exchanging data easier. In March 2018, Congress passed the Clarifying Lawful Overseas Use of Data Act, also known as the Cloud Act.
The act allows a communications service provider in one country to directly respond to a lawful order from another country. But that exchange can only take place if the two countries have signed an agreement ensuring that both countries have commensurate due process procedures and judicial oversight. In October, the U.S. reached a Cloud Act agreement with the U.K.
For internet crime victims like Narvaez, the Cloud Act could mean more enthusiasm by law enforcement to take on cases, knowing they could get the data. But it's early days for the Cloud Act.
Just weeks after Narvaez was defrauded, the U.S. Securities and Exchange Commission warned on Oct. 23 of spoofed banking websites offering fake certificates of deposit.
The SEC's Office of Investor Education and Advocacy says these websites often have warning signs, such as minimum deposits of $200,000, promotion of only CD products, bogus clearing partners and wire transfers instructions to institutions outside the U.S.
The fake VisionBank website ticked most of those. Narvaez acknowledges he should have seen the warning signs and that the fault remains his.
The real VisionBank in Iowa had been aware of the scam. Narvaez eventually contacted the bank, which confirmed that its brand had been targeted. The page for its CD offerings now carries a warning.
There are indications that the criminal group that ran the fake VisionBank site has launched many others. Some of the sites shared the same boilerplate text for the abnormally high CD rates and as well as other similarities.
I called a number on a suspicious website, southcaliforniabt[dot]com (Note: Web Archive link, safe to click), that appeared to be run by the same criminal group. Although the bank was purportedly based California, the call rang to a call center in Margate, Florida.
I was told that the bank was closed at 4 p.m. even though the call center employee had just told me the bank closed at 5:30 p.m.. This strange chat occurred after Paysera suspended the account of their unnamed client, so it's possible the group suddenly had trouble getting money out of the U.S.
Inquiries around domain name registrations only go so far these days because much of the data in the whois database is either private or fake. Even fake information, however, can result in new leads. I had no luck. Most of the domain name information was private.
Still, some patterns emerged. Some of the dodgy bank domain names were bought from Reg.ru, the large Russian hosting and domain registration company. It seems extremely unlikely any U.S. financial institution would buy a domain name from Reg.ru. Plus, the registration dates were far too recent. Southcaliforniabt[dot]com, for example, was registered through Reg.ru on Oct. 4.
There also was another tenuous Russia link that emerged. Southcaliforniabt[dot].com had reused a Google Maps API key. Google Maps is a product for business and metered based on usage. Anyone can pluck a Maps API key out of a website's HTML web coding. To prevent that, controls can be set to limit calls only from certain HTTP referrers or IP addresses.
The Maps API key for southcalifornia[dot]com was shared across more than 2,300 other domains, according to PublicWWW, which indexes the code of websites across the internet. Many are Russian language or have country TLDs of .ru.
This finding doesn't mean much because it's possible whomever controlled the Maps API key forgot to set the security configuration, which then resulted in many other websites trying to scrimp free API calls.
This was all unsubstantiated suspicion of something shady, for sure. But there were also U.S. tangents that U.S. law enforcement could pursue.
For example, some of the fake banking websites were hosted on Wix.com, a San Francisco hosting and web design company. Wix.com didn't answer my inquiries about who paid for those sites.
There are strict privacy rules around domain name registrations, so I didn't expect to get much. As a journalist, I can ask for information, but it's entirely up to an entity whether it wants to share. But law enforcement agencies could serve binding legal requests to service providers that compel an entity to turn over the data.
With Narvaez's case, there are plenty of threads to investigate even within the U.S., such as Wix.com and the call center in Florida. Who paid or contracted for those services? Where are they based? Could there be U.S-based cybercriminals involved?
The answers to those questions could shed light on a group that has likely defrauded many more people in the U.S. than just Narvaez - that is, if anyone wants to ask the questions.
More:
$200,000 Internet Fraud: Will Anyone Investigate? - BankInfoSecurity.com
- Google researchers have cracked a key internet security tool - Recode [Last Updated On: February 26th, 2017] [Originally Added On: February 26th, 2017]
- Letter: Internet security is in jeopardy - INFORUM [Last Updated On: February 26th, 2017] [Originally Added On: February 26th, 2017]
- New internet security device launched to safeguard schools against child abuse - Phys.Org [Last Updated On: February 26th, 2017] [Originally Added On: February 26th, 2017]
- Everything You Need to Know About Cloudbleed, the Latest Internet Security Disaster - Gizmodo [Last Updated On: February 26th, 2017] [Originally Added On: February 26th, 2017]
- Data from internet-connected teddy bears held ransom, security expert says - Fox News [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- Emsisoft Internet Security 2017.2.0.7219 - TechCentral.ie [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- What you need to know about 'Cloudbleed,' the latest internet security bug - Globalnews.ca [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- Google cracks longtime pillar of internet security - MarketWatch [Last Updated On: February 28th, 2017] [Originally Added On: February 28th, 2017]
- BullGuard | Internet Security and Antivirus protection ... [Last Updated On: March 2nd, 2017] [Originally Added On: March 2nd, 2017]
- Internet Storm Center - SANS Internet Storm Center [Last Updated On: March 2nd, 2017] [Originally Added On: March 2nd, 2017]
- Internet-connected 'smart' devices are dunces about security - ABC News [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Derry internet security expert warns that advanced internet technology 'a risk to us all' - Derry Now [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Firewall Test, Web Tools and Free Internet Security Audit ... [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Internet security in the spotlight: How is the internet safer today than it was 20 years ago? - Mobile Business Insights (blog) [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Jim Mullen: Unsocial internet security | Columnists | auburnpub.com - Auburn Citizen [Last Updated On: March 11th, 2017] [Originally Added On: March 11th, 2017]
- Internet security company launches a perfume line to promote cybersecurity - Mashable [Last Updated On: March 12th, 2017] [Originally Added On: March 12th, 2017]
- Internet security - Wikipedia [Last Updated On: March 12th, 2017] [Originally Added On: March 12th, 2017]
- Are you undermining your web security by checking on it with the wrong tools? - The Register [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Bruce Schneier on New Security Threats from the Internet of Things - Linux.com (blog) [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Carpe Diem: home internet security - KFOX El Paso [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Motivation Monday: home internet security - KFOX El Paso [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Medical records of 26m patients at risk because of GP surgeries' failing internet security - The Sun [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Free Internet Security | Why Comodo Internet Security Suite ... [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Internet Security Software | Trend Micro USA [Last Updated On: March 18th, 2017] [Originally Added On: March 18th, 2017]
- Fix crap Internet of Things security, booms Internet daddy Cerf - The Register [Last Updated On: March 21st, 2017] [Originally Added On: March 21st, 2017]
- Internet of Things security: What happens when every device is smart and you don't even know it? - ZDNet [Last Updated On: March 21st, 2017] [Originally Added On: March 21st, 2017]
- CUJO is cuter than Wall-E, and it's the only internet security device you'll ever need - Yahoo News [Last Updated On: March 21st, 2017] [Originally Added On: March 21st, 2017]
- The Senate just voted to undo landmark rules covering your Internet privacy - Washington Post [Last Updated On: March 25th, 2017] [Originally Added On: March 25th, 2017]
- What the Cloudbleed disaster says about the state of internet security - Information Age [Last Updated On: March 25th, 2017] [Originally Added On: March 25th, 2017]
- Google Has Declared Symantec Harmful To Internet Security - UPROXX [Last Updated On: March 25th, 2017] [Originally Added On: March 25th, 2017]
- Internet Security Analysts: North Korea Is Planning a Global Bank Heist - Breitbart News [Last Updated On: March 28th, 2017] [Originally Added On: March 28th, 2017]
- Internet Security Firm Confirms WikiLeaks 'Vault 7' At Least 40 Cyberattacks Tied to the CIA - The Ring of Fire Network [Last Updated On: April 14th, 2017] [Originally Added On: April 14th, 2017]
- Homeland Security warns of 'BrickerBot' malware that destroys unsecured internet-connected devices - ZDNet [Last Updated On: April 20th, 2017] [Originally Added On: April 20th, 2017]
- A Global Industry First: Industrial Internet Consortium and Plattform Industrie 4.0 to Host Joint IIoT Security ... - Business Wire (press release) [Last Updated On: April 20th, 2017] [Originally Added On: April 20th, 2017]
- Mucheru urges private sector to boost investment in internet security - The Standard (press release) [Last Updated On: April 25th, 2017] [Originally Added On: April 25th, 2017]
- Cloudflare debuts a security solution for IoT - TechCrunch [Last Updated On: April 28th, 2017] [Originally Added On: April 28th, 2017]
- Russian-controlled telecom hijacks financial services' Internet traffic - Ars Technica [Last Updated On: April 28th, 2017] [Originally Added On: April 28th, 2017]
- Avira Internet Security Suite v15.0.26 - TechCentral.ie [Last Updated On: April 28th, 2017] [Originally Added On: April 28th, 2017]
- NSA To Limit Some Collection Of Internet Communication - NPR [Last Updated On: April 29th, 2017] [Originally Added On: April 29th, 2017]
- Report Indicates '10 Concerts' Facebook Trend Could Compromise Your Internet Security - Complex [Last Updated On: April 29th, 2017] [Originally Added On: April 29th, 2017]
- "Improving the World" through Internet Security: Chatting with David Gorodyansky, CEO of AnchorFree - Huffington Post [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- Don't Fall For This Tech Support Scam Targeting PC Users - KTLA [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- Yikes! Antivirus Software Fails Basic Security Tests - Tom's Guide [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- Watch Hackers Sabotage an Industrial Robot Arm - WIRED [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- Decoding Internet Security: Spear phishing - Washington Post [Last Updated On: May 5th, 2017] [Originally Added On: May 5th, 2017]
- From the Desk of Jay Fallis: To internet vote, or not to internet vote - BarrieToday [Last Updated On: May 7th, 2017] [Originally Added On: May 7th, 2017]
- Crippling cyberattack continues to spread around the world - Los Angeles Times [Last Updated On: May 14th, 2017] [Originally Added On: May 14th, 2017]
- Cyber Security Experts: Russia Disproportionately Targeted by Malware - Voice of America [Last Updated On: May 14th, 2017] [Originally Added On: May 14th, 2017]
- The Latest: 29000 Chinese institutions hit by cyberattack - ABC News [Last Updated On: May 15th, 2017] [Originally Added On: May 15th, 2017]
- Cyberattack Aftershock Feared as US Warns of Its Complexity - New York Times [Last Updated On: May 15th, 2017] [Originally Added On: May 15th, 2017]
- This week's poll: Priorities for improving internet security - The Engineer [Last Updated On: May 18th, 2017] [Originally Added On: May 18th, 2017]
- Akamai Releases First Quarter 2017 State of the Internet / Security Report - PR Newswire (press release) [Last Updated On: May 18th, 2017] [Originally Added On: May 18th, 2017]
- Do Macs get viruses? - PC Advisor [Last Updated On: May 18th, 2017] [Originally Added On: May 18th, 2017]
- Massive Ransomware Attack Underscores Threats To Internet Security - Benzinga [Last Updated On: May 19th, 2017] [Originally Added On: May 19th, 2017]
- Security News This Week: Hoo-Boy, Mar-a-Lago's Internet Is Insecure - WIRED [Last Updated On: May 20th, 2017] [Originally Added On: May 20th, 2017]
- Internet security firm calls for law to compel information sharing to ... - The Star, Kenya [Last Updated On: May 22nd, 2017] [Originally Added On: May 22nd, 2017]
- Check It Out: No need to unplug after reading books on internet security - The Columbian [Last Updated On: May 22nd, 2017] [Originally Added On: May 22nd, 2017]
- How to beat security threats to 'internet of things' - BBC News - BBC News [Last Updated On: May 25th, 2017] [Originally Added On: May 25th, 2017]
- Best Mac antivirus 2017 - Macworld UK [Last Updated On: May 25th, 2017] [Originally Added On: May 25th, 2017]
- Avira, Kaspersky Top Windows 10 Antivirus Tests - Tom's Guide [Last Updated On: May 25th, 2017] [Originally Added On: May 25th, 2017]
- Paranoid about internet security? Here are the most secure OS options - The American Genius [Last Updated On: May 28th, 2017] [Originally Added On: May 28th, 2017]
- Blockchain Offers Hope for the Broken Internet - Fortune [Last Updated On: May 28th, 2017] [Originally Added On: May 28th, 2017]
- New uses for RFID and security for the internet of things - Phys.Org [Last Updated On: May 31st, 2017] [Originally Added On: May 31st, 2017]
- Security Best Practices for the Internet of Things - Web Host Industry Review [Last Updated On: May 31st, 2017] [Originally Added On: May 31st, 2017]
- Internet infrastructure security guidelines for Africa unveiled - Premium Times [Last Updated On: May 31st, 2017] [Originally Added On: May 31st, 2017]
- In addressing internet security issues, make sure to provide solutions - Minneapolis Star Tribune [Last Updated On: May 31st, 2017] [Originally Added On: May 31st, 2017]
- Whistic Partners with the Center for Internet Security to Extend the ... - PR Web (press release) [Last Updated On: June 1st, 2017] [Originally Added On: June 1st, 2017]
- Internet Security Alliance: NIST framework metrics should focus on threats - Inside Cybersecurity (subscription) [Last Updated On: June 1st, 2017] [Originally Added On: June 1st, 2017]
- China cyber-security law will keep citizens' data within the Great Firewall - The Register [Last Updated On: June 1st, 2017] [Originally Added On: June 1st, 2017]
- Cyber security: Africa gets Internet security guidelines - TheNewsGuru [Last Updated On: June 1st, 2017] [Originally Added On: June 1st, 2017]
- China to Implement Its First Law on Internet Security After Ransomware Attack - Sputnik International [Last Updated On: June 1st, 2017] [Originally Added On: June 1st, 2017]
- Decoding Internet Security: Ransomware - Washington Post [Last Updated On: June 1st, 2017] [Originally Added On: June 1st, 2017]
- Internet security upgrade on course - Business Daily (press release) (blog) [Last Updated On: June 1st, 2017] [Originally Added On: June 1st, 2017]
- What's the Safest Laptop For Internet Security? - HuffPost [Last Updated On: June 2nd, 2017] [Originally Added On: June 2nd, 2017]
- Every Day Is Internet Security Day - The Chief-Leader [Last Updated On: June 3rd, 2017] [Originally Added On: June 3rd, 2017]
- 5 Reasons why internet security is crucial in 2017 - Techworm [Last Updated On: June 3rd, 2017] [Originally Added On: June 3rd, 2017]
- Are Pop-Ups An Internet Security Threat? - Good Herald [Last Updated On: June 4th, 2017] [Originally Added On: June 4th, 2017]
- 3 Ways Software Programs Can Help With Internet Security in 2017 - Geek Snack [Last Updated On: June 7th, 2017] [Originally Added On: June 7th, 2017]
- Inside Social Security: Make every day your internet security day - Santa Ynez Valley News [Last Updated On: June 7th, 2017] [Originally Added On: June 7th, 2017]
- SOCIAL SECURITY: Every day is internet security day - Palm Beach Post [Last Updated On: June 7th, 2017] [Originally Added On: June 7th, 2017]