WEBVTT

00:00:00.000 --> 00:00:05.160
JACK: A few years back, a listener wrote to me to tell me about a problem they were facing. Okay,

00:00:05.160 --> 00:00:09.800
check this out; they went to buy a house, right? When you go to buy a house,

00:00:09.800 --> 00:00:16.320
there’s a little dance that everyone does. Like, do you give them the money first or do

00:00:16.320 --> 00:00:22.480
they give you the deed first and the keys, or do you do a quick swap at the same time? What

00:00:22.480 --> 00:00:28.360
if it’s a phony check or the deed is made up? This is where escrow comes in. Both

00:00:28.360 --> 00:00:33.840
the seller and buyer hand their things to a third party, someone that both sides trust,

00:00:33.840 --> 00:00:39.480
and waits for everything to clear. If the check clears and the deed is valid, then escrow says,

00:00:39.480 --> 00:00:44.840
okay, the deal is done, and gives the money to the seller and the keys to the buyer. So,

00:00:44.840 --> 00:00:49.480
this guy, a listener of mine, says he bought a house and during this process,

00:00:49.480 --> 00:00:58.440
he gave $250,000 to the escrow company. But then someone scammed the escrow company. They

00:00:58.440 --> 00:01:04.920
posed as the seller and said, hey, could you just deposit the money into our bank account directly?

00:01:04.920 --> 00:01:10.040
Escrow’s like, oh yeah, of course. No problem. We do this all the time. Here you go. They deposited

00:01:10.040 --> 00:01:18.280
the $250,000 into the scammer’s account instead of the actual seller. But here’s the crazy part;

00:01:18.280 --> 00:01:25.880
because the seller never got the money, escrow wouldn’t give the keys to the buyer. They were

00:01:25.880 --> 00:01:32.040
being jerks about it. They were trying to say, sorry, we lost the money. No house for you. The

00:01:32.040 --> 00:01:36.520
deal has been canceled. The buyer is like, whoa, whoa, whoa, no, no, no, that’s what

00:01:36.520 --> 00:01:43.560
escrow is for. You’re our trusted third party. We trusted you to do this deal. You screwed up,

00:01:43.560 --> 00:01:52.280
and that’s not our problem. That’s yours. But escrow’s like, mm, no. I never got an update

00:01:52.280 --> 00:01:57.120
on what happened here and if this got resolved. I think the buyer took escrow to court to try

00:01:57.120 --> 00:02:03.000
to get their money back. What a nightmare though, to send a huge check somewhere only

00:02:03.000 --> 00:02:12.257
for it to go to the wrong place, and then someone else runs off with the money. Ah!

00:02:12.257 --> 00:02:14.560
(INTRO): [INTRO MUSIC] These are true stories from the dark side of

00:02:14.560 --> 00:02:33.840
the internet. I’m Jack Rhysider. This is Darknet Diaries. [INTRO MUSIC ENDS]

00:02:33.840 --> 00:02:42.120
JACK: I was clicking around the other day and came across this story on Good Morning America.

00:02:42.120 --> 00:02:46.280
HOST1: Shreya Datta thought she’d met the man of her dreams on a dating app,

00:02:46.280 --> 00:02:51.980
only to find out her prince charming was a scam and she was out more than $450,000.

00:02:51.980 --> 00:02:55.320
JACK: What the…? How in the world does some guy

00:02:55.320 --> 00:03:01.340
on a dating app scam someone for $450,000? That’s insane.

00:03:01.340 --> 00:03:05.560
SHREYA: This person presented themselves to be everything I was looking for.

00:03:05.560 --> 00:03:11.960
HOST1: She was the victim of a scam known as pig butchering. A scammer pretends to be looking for

00:03:11.960 --> 00:03:18.080
love online. They find a love interest, casually encourage them to invent in crypto via a fake app,

00:03:18.080 --> 00:03:25.140
but eventually they can’t access the money at all. The money is gone. The investments? Not real.

00:03:25.140 --> 00:03:28.560
JACK: Dang. The things we do for love,

00:03:28.560 --> 00:03:35.340
huh? Or maybe it was for money. Or maybe it was for the love of money. I don’t even know.

00:03:35.340 --> 00:03:38.560
RONNIE: Yeah, so, hearing that story, I’ve heard it a thousand times over.

00:03:38.560 --> 00:03:40.580
JACK: Okay, hold on. Who are you and what do you do?

00:03:40.580 --> 00:03:45.400
RONNIE: Oh, yeah, yeah. So, my name is Ronnie Tokazowski. I’ve been fighting business e-mail

00:03:45.400 --> 00:03:50.600
compromise for the last eight years now. So, my role in this is I work behind the

00:03:50.600 --> 00:03:54.000
scenes with a lot of the people who are working with romance scam victims. I do

00:03:54.000 --> 00:03:58.000
a lot of work with Secret Service, FBI. I also work back and forth with victims,

00:03:58.000 --> 00:04:02.320
too, because a lot of what happens is the scammers will go to different dating websites;

00:04:02.320 --> 00:04:07.960
they will go and find people in order to date. They will move the discussions off of the platform

00:04:07.960 --> 00:04:11.640
just because most of the platforms cost, but they’ll move you up to WhatsApp and then from

00:04:11.640 --> 00:04:16.760
there they’ll start grooming the person. They’ll say loving things. We’ve had cases where some of

00:04:16.760 --> 00:04:21.680
victims might send nude pictures over to their lover, and once they go and are exchanging those

00:04:21.680 --> 00:04:25.560
sweet nothings, the scammers directly build that relationship and build those emotions.

00:04:25.560 --> 00:04:31.040
JACK: So, I heard this term ‘pig butchering’ and it just — I’m not connecting the dots here.

00:04:31.040 --> 00:04:36.160
Nowhere in this romance or crypto or gold — sending money to people,

00:04:36.160 --> 00:04:39.540
is there a pig involved. Where is this term ‘pig butchering’ coming into?

00:04:39.540 --> 00:04:45.480
RONNIE: Yeah, so, the term ‘pig butchering’ comes from a Chinese phrase called Sha Zhu Pan, which is

00:04:45.480 --> 00:04:48.920
essentially a broil — I think it’s broiled meat, if I remember. I forget the exact

00:04:48.920 --> 00:04:55.320
translation. But what the concept is is the scammers will go and try and fatten the pig,

00:04:55.320 --> 00:05:01.800
if you will. So, what they will do is extract as much money as they can out of a victim,

00:05:01.800 --> 00:05:06.920
and where the pig butchering comes in is that once the scammers get to a point where they

00:05:06.920 --> 00:05:11.560
feel like they can’t get any more money out of the victim, they will take the pig

00:05:11.560 --> 00:05:15.840
in for slaughter or slaughter the pig, and what they mean by that is actually pulling

00:05:15.840 --> 00:05:19.680
the rug out from under the victims and walking away, and essentially being like,

00:05:19.680 --> 00:05:24.060
I got all the money that we could. So, that’s kind of where the phrase ‘pig butchering’ comes from.

00:05:24.060 --> 00:05:29.760
JACK: Okay, so, for some reason, Ronnie is attracted to this type of scam or fraud or

00:05:29.760 --> 00:05:34.360
whatever you want to call it, and zooms in to whenever he sees this stories come up. [MUSIC]

00:05:34.360 --> 00:05:39.660
One day, he heard about a colleague who got pig butchered, and wanted to help him out.

00:05:39.660 --> 00:05:44.200
RONNIE: Him and his girlfriend, they were dating for several years. They had been together for

00:05:44.200 --> 00:05:50.760
as long as I’ve known him. It’s probably about eight years now that they’ve been together. So,

00:05:50.760 --> 00:05:55.760
they were engaged to be married. They had a house together, and unfortunately things

00:05:55.760 --> 00:06:01.280
happened and that relationship kinda flopped. So, they went their separate ways. He lost the house,

00:06:01.280 --> 00:06:03.560
and unfortunately it wasn’t really a good circumstance.

00:06:03.560 --> 00:06:08.720
JACK: Break-ups are hard. It’s a tough time for anyone. You can sink into deep levels

00:06:08.720 --> 00:06:14.940
of depression. Your defenses are weak and your vulnerabilities are exposed.

00:06:14.940 --> 00:06:20.400
RONNIE: So, he went to go online and go date somebody. So, he went onto a dating platform,

00:06:20.400 --> 00:06:25.280
found this really pretty French girl who was very involved with him and very attached to

00:06:25.280 --> 00:06:31.240
him. The two of them really hit it off, and at some point she popped the question. Goes, hey,

00:06:31.240 --> 00:06:36.710
I’m also doing a lot of crypto investments. Is that something you’d be interested in?

00:06:36.710 --> 00:06:41.240
JACK: Hm, okay, I don’t see any red flags yet, and he didn’t, either. At this point they were just

00:06:41.240 --> 00:06:46.720
chatting through text, like, a lot. She seemed to be into everything he was interested in, and he

00:06:46.720 --> 00:06:52.440
was liking that. He was coming out of his breakup and she seemed to be caring and helpful. Yeah,

00:06:52.440 --> 00:06:59.000
okay, so, she’s into crypto investments. That’s fine. She can be into that. But he was curious;

00:06:59.000 --> 00:07:05.400
was it really working for her? He had some crypto somewhere and was like,

00:07:05.400 --> 00:07:10.480
tell me more about what you’re invested in. So, she tells him, man, there’s this hot investment.

00:07:10.480 --> 00:07:16.920
It’s making mad bank. He’s like, yeah, okay, well, what is it? Show me. So, she keeps talking it up;

00:07:16.920 --> 00:07:21.520
I’m basically just living off the profit from this thing. It’s nuts. He’s like,

00:07:21.520 --> 00:07:25.640
you gotta show me what you’re talking about. So she’s like, okay, so you know how your

00:07:25.640 --> 00:07:30.440
savings account makes interest, right? This is like that, but it just pays much more. You put

00:07:30.440 --> 00:07:35.640
your money in and then daily it makes interest and you could just take that interest out if you want,

00:07:35.640 --> 00:07:41.080
or leave it in and it adds up and you make even more. So, he’s like, well, how much interest are

00:07:41.080 --> 00:07:49.240
you earning? She’s like, 20%. If you have $1,000 invested, it’ll earn you $200 in interest a day,

00:07:49.240 --> 00:07:54.080
and at any time you could just take your $1,000 out if you want. He’s like, man,

00:07:54.080 --> 00:07:59.320
that does sound too good to pass up. So, she gives him the links to read up on.

00:07:59.320 --> 00:08:05.600
RONNIE: Being in the field, he knew a good bit of crypto. He’s naturally a very skeptical person,

00:08:05.600 --> 00:08:09.960
so he did his research on a lot of the way that they present the money. So,

00:08:09.960 --> 00:08:15.960
he went — they provided links and information for him to check once he went and submitted his money.

00:08:15.960 --> 00:08:21.360
JACK: This scheme was very, very clever. I mean, this guy was a cyber-security professional. He

00:08:21.360 --> 00:08:27.480
knew about the dangers of cryptocurrency and was suspicious about all this. But this had a

00:08:27.480 --> 00:08:33.840
mix of legitimate information with just a small dash of fraud. See, the way they had this set

00:08:33.840 --> 00:08:38.600
up was they made it look like it was using a legitimate exchange. In this case, crypto.com.

00:08:38.600 --> 00:08:43.120
RONNIE: The way that the application was presented to him was — and this is his perspective. I’m

00:08:43.120 --> 00:08:47.560
still trying to get the full scope here, but there was actually a browser that they could

00:08:47.560 --> 00:08:53.480
use within crypto.com that will have it show up that actually looks like the application.

00:08:53.480 --> 00:08:58.000
Looking at some of the screenshots, it looks like it was right within the crypto.com application and

00:08:58.000 --> 00:09:03.220
because of that, when your user goes and clicks on stuff, it appears to be 100% legitimate.

00:09:03.220 --> 00:09:06.800
JACK: I looked at some of these screenshots myself. It’s hard to tell what’s going on,

00:09:06.800 --> 00:09:11.720
but one thing is clear; they social-engineered him and tricked him into sending his crypto to

00:09:11.720 --> 00:09:17.400
the scammer’s wallet. They just disguised the wallets to look trustworthy. Basically,

00:09:17.400 --> 00:09:22.480
he would buy cryptocurrency on crypto.com with real money and then send those crypto coins to

00:09:22.480 --> 00:09:27.680
this “investment” project. ‘Investment’ in quotes there. Really it was a scam,

00:09:27.680 --> 00:09:32.160
and it looked really good. It didn’t look like a scam at all. You could see your balance. You

00:09:32.160 --> 00:09:35.680
could see your earnings. You could interact with it. You could pull your money out at any

00:09:35.680 --> 00:09:42.160
moment. [MUSIC] So, he decided to give it a try. He put some money in, sent the crypto,

00:09:42.160 --> 00:09:47.600
and when he saw it was generating interest, he tested it by taking some out and was like, wow,

00:09:47.600 --> 00:09:52.320
this is actually working, because it looked like it was. But this is where the pig-butchering scam

00:09:52.320 --> 00:09:57.720
comes in. The scammers wanted him to take the bait, start with putting in a little, see that

00:09:57.720 --> 00:10:02.400
it’s working, and then hopefully he’ll put in some more and more and more, and hope that he dumps a

00:10:02.400 --> 00:10:08.480
ton of money into this. When they think he’s put in enough, they’ll take the money and run. So,

00:10:08.480 --> 00:10:14.160
as he starts watching the money grow on this site, the scammers start ramping up the pressure. They

00:10:14.160 --> 00:10:18.800
tell him if he invests a little bit more within this timeframe, he’ll get locked in for bonus

00:10:18.800 --> 00:10:24.140
interest, basically presenting him with more exciting opportunities that were time-sensitive.

00:10:24.140 --> 00:10:29.240
RONNIE: In addition to putting his own money in there, because of the high returns that

00:10:29.240 --> 00:10:36.080
were being shown, he also went and had filed a — had gotten a loan. So, he actually used a loan to

00:10:36.080 --> 00:10:40.600
go and put more money into it. Because again, if you can use that loan to go and get more money,

00:10:40.600 --> 00:10:44.000
who wouldn’t do that? So, that’s another common thing we see with a lot of people,

00:10:44.000 --> 00:10:48.760
is they’ll go and take loans out from a financial institution. They’ll take a

00:10:48.760 --> 00:10:55.080
second mortgage out on their home in order to go and get more money based on those investments.

00:10:55.080 --> 00:11:02.240
JACK: Taking loans out? Now I see how someone can end up losing a ton of money in this scam. But not

00:11:02.240 --> 00:11:07.680
only that; these scammers were really tricky. They would sometimes tell him, look, we locked

00:11:07.680 --> 00:11:12.920
your account because there’s not enough funds to cover withdraws. Please deposit another $40,000 in

00:11:12.920 --> 00:11:17.560
the next ninety-six hours to unlock your account. He’s like, whoa, whoa, whoa, wait a minute. What

00:11:17.560 --> 00:11:23.520
if I don’t deposit that? Then you risk losing your money. So, he’s like, oh no, I don’t want that.

00:11:23.520 --> 00:11:28.360
So, he goes scrambling, looking for even more money to put into this. So, this guy eventually

00:11:28.360 --> 00:11:35.960
goes all in and then some, putting all his savings in and taking a loan out to add more, because to

00:11:35.960 --> 00:11:42.720
him, this was a way to get out of debt, a path to financial freedom, and it was very exciting.

00:11:42.720 --> 00:11:48.780
RONNIE: From there, the scammers were able to successfully collect about $90,000 out of him.

00:11:48.780 --> 00:11:55.960
JACK: Oh, how cruel. Yeah, this $90,000 was a nice, fat pig, and the scammers were like,

00:11:55.960 --> 00:12:01.160
okay, that’s ripe. Let’s take it. And they did. They took his money, leaving him high

00:12:01.160 --> 00:12:11.440
and dry. Ouch. He saw his money disappear and he knew he was screwed. [MUSIC] Ugh. But he sat and

00:12:11.440 --> 00:12:20.120
thought about it for a bit. Is there a way to get any of this money back from the scammers?

00:12:20.120 --> 00:12:26.000
RONNIE: What he did was he used the exact same emotional manipulation tactics against

00:12:26.000 --> 00:12:30.880
the scammers. What he did was he was like, hey, I’m gonna go ahead and invest more,

00:12:30.880 --> 00:12:34.640
but I need to pull this little bit of money out in order to help with this loan. So,

00:12:34.640 --> 00:12:39.080
if you can let me pull some of my money out or wire it over here, I’ll go ahead and do that. So,

00:12:39.080 --> 00:12:46.560
he was able to get $10,000 of his back by, again, deploying those same tactics against the scammers,

00:12:46.560 --> 00:12:49.920
and he was able to build up enough trust with them to where he was able to get that money back.

00:12:49.920 --> 00:12:56.760
JACK: He scammed them back. Hilarious. Man, that reminds me of this story I have. Okay, so this one

00:12:56.760 --> 00:13:02.800
time I was in Vegas, right? [LAUGHS] Yeah, I was actually going there for Defcon. When I went, I

00:13:02.800 --> 00:13:07.800
brought a burner phone with me, right? That’s just a phone that I paid with cash, got a prepaid plan,

00:13:07.800 --> 00:13:13.800
all that stuff. It was a new phone number. When I got to Vegas, I was getting text messages from

00:13:13.800 --> 00:13:18.960
a scammer. I sniffed it out right away. They were trying to play on my empathy, saying things like,

00:13:18.960 --> 00:13:23.600
ah, we can’t afford money to buy food for our kids and medicine and clothes and something, and they

00:13:23.600 --> 00:13:30.880
specifically asked for $749 to get themselves sorted, and I’d be an absolute angel if I could

00:13:30.880 --> 00:13:42.040
help. I was like, hm. I replied, look, I’d love to help, but I’m currently stranded. My boyfriend

00:13:42.040 --> 00:13:46.200
and I got in a fight and he dumped me off in the middle of nowhere, and I don’t know anyone

00:13:46.200 --> 00:13:51.320
here who can help me. I don’t have any money to get home. I am screwed. I was trying to use

00:13:51.320 --> 00:13:57.360
the scammer’s tactics on themselves, trying to be someone in distress, just like they were saying.

00:13:57.360 --> 00:14:03.440
It did not work. They kept asking me for money and I was like, okay, listen, I’m happy to help you.

00:14:03.440 --> 00:14:09.160
I have money to help you, but my boyfriend took my purse and all I have is my phone, and there’s

00:14:09.160 --> 00:14:15.080
strangers all around me. So, unless you can help me get home — like, I don’t know, send me $200.

00:14:15.080 --> 00:14:23.280
Then once I get home, then I can help you. It didn’t work. They stopped texting after that and

00:14:23.280 --> 00:14:28.000
just left me alone. So, when you run into someone who’s been a victim of this, how do you help them?

00:14:28.000 --> 00:14:34.080
RONNIE: So, the way I help them is I help them a couple ways. So, the first place is that when it

00:14:34.080 --> 00:14:40.680
comes to understanding the emotions in our body tie back to a lot of the way the scam works,

00:14:40.680 --> 00:14:45.560
people feel a lot of shame. They feel a lot of hurt. They feel a lot of disconnect because of

00:14:45.560 --> 00:14:50.760
the stigmas associated with it. What I mean by that is when you’re a victim like this,

00:14:50.760 --> 00:14:56.320
people don’t want to come forward on this. So, I try and help them learn how to work with their own

00:14:56.320 --> 00:15:01.280
bodies in that regard. So, that’s one way that I help them. The second way is I point them to

00:15:01.280 --> 00:15:07.000
the resources where they can go and submit a live request. So, they may be working with IC3, they

00:15:07.000 --> 00:15:12.600
may be working with colleagues who also work with romance scams, or it may be helping introduce them

00:15:12.600 --> 00:15:17.600
over to some of the crypto assets where they can start getting — pulling some of that money back.

00:15:17.600 --> 00:15:22.040
The third thing I do is, again, just trying to help put them in contact with the right people,

00:15:22.040 --> 00:15:27.960
because what happens is when you’re in the scam, it become — your head’s spinning a thousand miles

00:15:27.960 --> 00:15:31.600
an hour. You don’t know which way is up. You don’t know which way is down. You don’t know

00:15:31.600 --> 00:15:37.360
who to trust. Many of us work behind the scenes to try and help be that good driving force for

00:15:37.360 --> 00:15:41.080
many of these victims. When we go and we try to help them out, that’s kind of where we do

00:15:41.080 --> 00:15:47.440
our assistance. In addition to that, we’ve also been running a mailing list for the last seven

00:15:47.440 --> 00:15:52.480
years talking on many things that is the result of this e-mail compromise and a couple of things

00:15:52.480 --> 00:15:57.560
with that. We have close contacts with a lot of the banks and financial institutions to

00:15:57.560 --> 00:16:02.960
help either try and reverse some of that money or do what we can to get some of that money back or

00:16:02.960 --> 00:16:07.560
try and flag those thing — those assets to where we know, hey, these are actually part of a scam.

00:16:07.560 --> 00:16:12.440
JACK: $90,000; that’s a lot of money to lose. Is that kinda the upper limit of

00:16:12.440 --> 00:16:15.040
where you’ve seen people losing stuff or are people losing more?

00:16:15.040 --> 00:16:18.240
RONNIE: I really wish I could say that that was the upper limit,

00:16:18.240 --> 00:16:22.200
but I have seen so much more. I’m working with one victim now — I’ve been working with

00:16:22.200 --> 00:16:27.780
them for the last two weeks — where he was suicidal and didn’t know which way to turn.

00:16:27.780 --> 00:16:30.920
JACK: Geez, you really take some heavy phone calls.

00:16:30.920 --> 00:16:31.520
RONNIE: Mm-hm.

00:16:31.520 --> 00:16:33.160
JACK: So, how did this guy lose his money?

00:16:33.160 --> 00:16:39.560
RONNIE: So, very much the same way as the first person. He found the relationship and

00:16:39.560 --> 00:16:43.680
as the relationship built, they were like, hey, I have this great investment opportunity. They

00:16:43.680 --> 00:16:48.320
strung him along as far as they could, and once he went and put some of the money in,

00:16:48.320 --> 00:16:55.520
he saw his returns, it was the same story. This individual actually is — was ready to retire. He

00:16:55.520 --> 00:17:00.520
had several homes as well. So, because of that, he ended up opening — doing a

00:17:00.520 --> 00:17:04.280
second mortgage on a couple of his homes in order to pull some money out. So,

00:17:04.280 --> 00:17:08.920
because of that and because of what he was able to pull out on those homes, he may now be facing

00:17:08.920 --> 00:17:17.546
losing those homes as well. As it stands right now, he has lost over $1.7 million.

00:17:17.546 --> 00:17:21.000
JACK: [MUSIC] Dang. I mean, I’ve heard of people losing their life savings,

00:17:21.000 --> 00:17:25.800
but for some reason this feels worse than that. I guess it’s one thing to lose all your stuff

00:17:25.800 --> 00:17:31.160
when you’re young, but it’s different when you’ve worked your entire life to

00:17:31.160 --> 00:17:37.240
save up for retirement and then lose all of that. Your retirement’s now gone. Poof. You

00:17:37.240 --> 00:17:46.360
were financially stable and now super in debt, and your whole future is screwed. It’s awful.

00:17:46.360 --> 00:17:50.160
RONNIE: I was at a RSA last year — or this year, as a matter of fact. Got to speaking

00:17:50.160 --> 00:17:57.640
with somebody who had a — it was a grandfather who had committed suicide and they didn’t know why.

00:17:57.640 --> 00:18:02.340
They ended up going to look through his records and it was over $5 million that he had lost.

00:18:02.340 --> 00:18:05.800
JACK: What? People are actually killing themselves

00:18:05.800 --> 00:18:12.200
over pig-butchering scams? This is nuts. Whoever is behind this is just ruthless.

00:18:12.200 --> 00:18:17.840
RONNIE: I wish that was an isolated case, but I’ve also had — I had another victim out at

00:18:17.840 --> 00:18:23.600
Defcon. It was a couple years ago. For her, she ended up losing her house, losing custody of her

00:18:23.600 --> 00:18:31.720
kids, lost her relationship with her husband, and lost her business. She lost — she was into — over

00:18:31.720 --> 00:18:36.800
$2 million. When I asked her what kept her in, she said her husband was abusive and she just wanted

00:18:36.800 --> 00:18:42.480
to feel love. That’s the reality of many of these crimes, is that people don’t realize that you have

00:18:42.480 --> 00:18:47.280
two factors at play here; you have the financial losses and then you have the emotional hurt that

00:18:47.280 --> 00:18:53.960
goes along with it. Somebody may lose $90,000; it may mean nothing to them, or you may have

00:18:53.960 --> 00:18:59.640
somebody who loses $8,000 and it’s the entire world to them. So, it really — right now, we’re

00:18:59.640 --> 00:19:04.280
not accounting for the emotional losses on this or the emotional damages for many of the victims.

00:19:04.280 --> 00:19:15.880
JACK: So, in these first few stories we’ve heard, it’s — it keeps getting back to romance, right?

00:19:15.880 --> 00:19:16.320
RONNIE: Yep.

00:19:16.320 --> 00:19:21.520
JACK: Do you see kind of a pattern of who the victims typically are? Are they usually people

00:19:21.520 --> 00:19:29.760
who are looking for love, or what are some other…? If we’re gonna watch our own back, we gotta know

00:19:29.760 --> 00:19:34.580
when we’re in a vulnerable state. What makes a person more vulnerable to this sort of stuff?

00:19:34.580 --> 00:19:38.720
RONNIE: Yeah, so, first and foremost, one of the constant patterns that I’ve seen — and this

00:19:38.720 --> 00:19:44.200
is something I’ve seen with many victims. I’ve kinda discussed and researched the topic. Many

00:19:44.200 --> 00:19:49.960
of them tend to be extremely trusting, where if you were to be walking on the side of the street,

00:19:49.960 --> 00:19:54.880
this is the type of person who will go and help a homeless person in need. If a dog was hurt on

00:19:54.880 --> 00:19:59.800
the side of the road, they would go and help them out. They’re some of the most kind souls

00:19:59.800 --> 00:20:05.000
you’ll ever meet, and because of that trust, the scammers have figured out that they can

00:20:05.000 --> 00:20:10.680
go and manipulate and abuse that person and get them to do things that they want. A lot of what

00:20:10.680 --> 00:20:17.040
happens is from that control perspective, they will actually — I’m gonna use a term that one

00:20:17.040 --> 00:20:21.800
of the victims used with me, is that they’ll essentially hijack their own consciousness

00:20:21.800 --> 00:20:26.880
and give them a different perspective of reality and a different perception of reality.

00:20:26.880 --> 00:20:32.560
What happens is is the victims will be manipulated to a point where they will be pulled away from

00:20:32.560 --> 00:20:37.760
friends and be pulled away from family and only put all their trust in this one person. Because

00:20:37.760 --> 00:20:41.720
of that and because of the kind words that they were saying, the victims will want to

00:20:41.720 --> 00:20:46.880
go and be with that person. In addition to that, you’ve also got a case where they will say the

00:20:46.880 --> 00:20:52.440
right words in the right way to make the victims want to stay in it even longer. So, like I said,

00:20:52.440 --> 00:20:56.880
it’s a matter of working with the emotions and kind of manipulating the people in that way,

00:20:56.880 --> 00:21:04.840
too. Another piece that I also notice is that when it comes to how we as humans process our emotions,

00:21:04.840 --> 00:21:09.400
so many of us are just disconnected and we don’t even know how our emotions work. It’s like,

00:21:09.400 --> 00:21:13.000
we might feel this one way about this one thing. We might feel this one way about another, but we

00:21:13.000 --> 00:21:18.680
don’t realize that — how — that we actually pick up emotions from other people. Because of that,

00:21:18.680 --> 00:21:23.800
it’s something where we don’t understand how those mechanics work in our own bodies, let alone how we

00:21:23.800 --> 00:21:28.040
are emotionally manipulated to go and do this thing or influenced to go and do that thing.

00:21:28.040 --> 00:21:34.760
JACK: Yeah, it’s — so, what are some of the skill sets that these scammers or thieves

00:21:34.760 --> 00:21:39.800
have? ‘Cause it sounds like they understand psychology a bit, so that would put them in

00:21:39.800 --> 00:21:46.240
social-engineering skills, right? Trick people, posing as someone on a dating app, whatever,

00:21:46.240 --> 00:21:51.480
but also being able to set up these websites and understanding crypto and putting malware

00:21:51.480 --> 00:21:56.380
on systems or whatever the case is. What do you see as their skill sets in these cases, at least?

00:21:56.380 --> 00:22:01.800
RONNIE: Yeah, so, I’ll kind of talk on the geographic of where some of these skill sets

00:22:01.800 --> 00:22:08.400
are. So, for the pig-butchering angle, which is out of — mostly out of Southeast Asia, we see

00:22:08.400 --> 00:22:13.320
scammers who are skilled in setting up websites. They are skilled at working with cryptocurrencies.

00:22:13.320 --> 00:22:20.160
They understand that they need to influence a person’s emotions and play on the emotions.

00:22:20.160 --> 00:22:24.200
We have some tutorials and documents from the scammers where it’s like, thirty — a thirty-page

00:22:24.200 --> 00:22:30.960
PowerPoint in Chinese that essentially comes out to, here is where you go and tell them this piece,

00:22:30.960 --> 00:22:35.400
here is where you influence their emotion here and do this. So, they understand that emotional

00:22:35.400 --> 00:22:41.960
manipulation piece there. For some of the romance scammers in Nigeria, they’re a whole different

00:22:41.960 --> 00:22:48.160
basket. For them, they’re sophisticated in money laundering. They know how check systems work. They

00:22:48.160 --> 00:22:54.360
know how to wire money from a United States’ bank out to another bank, and they also understand the

00:22:54.360 --> 00:23:00.440
underlying cryptocurrency networks to go and cash out a giftcard or move money over here

00:23:00.440 --> 00:23:06.480
for Bitcoin. So, it’s — depending on the geography of where the scammers are coming from, it really

00:23:06.480 --> 00:23:12.120
depends on what that skill set is. That’s just two of the top countries that we see, but there

00:23:12.120 --> 00:23:18.520
is probably four more that I could list off that we see elements of social-engineering scams coming

00:23:18.520 --> 00:23:23.800
out of that, again, go back to that human emotion and kind of those human pieces, if you will.

00:23:23.800 --> 00:23:32.160
JACK: The thing that strikes me — I think it should strike us all with a bit of fear,

00:23:32.160 --> 00:23:38.400
is that this isn’t — you see the cyber-security news every day. It’s ransomware hit by this

00:23:38.400 --> 00:23:42.720
company and this other company got hacked, and all that. This is us getting hacked.

00:23:42.720 --> 00:23:47.200
This is you and me. This is each one of our neighbors. This is individuals of the world,

00:23:47.200 --> 00:23:52.840
the citizens of the United States or wherever they are. That is just such a close-to-home

00:23:52.840 --> 00:23:57.920
thing. It’s not far away in some other company that I don’t have to deal with. It’s me and my

00:23:57.920 --> 00:24:05.360
personal assets — are being attacked, and that — I don’t know. When you realize that

00:24:05.360 --> 00:24:12.720
the threat actor is right here in my bedroom on my computer, it gives us a different sense of safety.

00:24:12.720 --> 00:24:19.320
RONNIE: Yeah, and the other thing, too, because of that safety, we will go and play so much on

00:24:19.320 --> 00:24:23.400
trusting the social media providers to be like, okay, this social media provider has a really big

00:24:23.400 --> 00:24:27.400
name, so that means they have to be safe and I can trust anything that’s coming from there. So,

00:24:27.400 --> 00:24:33.680
because of how large many of these providers are, there’s inherent trust of using these platforms.

00:24:33.680 --> 00:24:38.200
So many victims will go and be like, okay, I’m gonna go and trust Facebook for seeing this stuff.

00:24:38.200 --> 00:24:42.560
Yet, there was a article that came out a couple weeks ago that said, no, eight out of ten cyber

00:24:42.560 --> 00:24:48.280
crime — or eight out of ten cases of cyber-fraud originate on Facebook. So, when you see numbers

00:24:48.280 --> 00:24:54.920
like that, it’s something where the scammers are going to use those trusted platforms to try and go

00:24:54.920 --> 00:24:59.320
after people on that. But no, I agree with you 100% — is that it definitely adds a different

00:24:59.320 --> 00:25:04.000
level of fear to how the scam actually works. It’s because, yeah, it’s like, that scammer

00:25:04.000 --> 00:25:09.800
is now in your bedroom with you and they’re now stuck in your head as you’re ruminating over all

00:25:09.800 --> 00:25:13.120
of the ways — where they would be like, okay, does this person love me? Are they trying to build this

00:25:13.120 --> 00:25:17.360
relationship? What else is going on? The victims run it through their head over and over again.

00:25:17.360 --> 00:25:23.080
JACK: With these victims you’ve talked to, like the $90,000-one, the $1.7-million one,

00:25:23.080 --> 00:25:29.600
are they actually — like, how far along in the — how close are they to these people,

00:25:29.600 --> 00:25:33.780
right? Are they having video calls with them? Are they having phone calls? Are they texting?

00:25:33.780 --> 00:25:37.040
RONNIE: Yeah, so, many of them will be texting back and forth or using

00:25:37.040 --> 00:25:41.360
WhatsApp to communicate. Like I said, we know that that’s how some of them are,

00:25:41.360 --> 00:25:49.440
and many of them are receiving multiple messages per day. The one colleague who was in for $90,000,

00:25:49.440 --> 00:25:53.000
I’m pretty sure they would have been sending pictures back and forth, just ‘cause again,

00:25:53.000 --> 00:25:57.360
you’re now — you’re not thinking of it in the case of, okay, this is a victim. You’re

00:25:57.360 --> 00:26:00.920
now trying to think of it — who’s somebody who believes they’re in a relationship. So,

00:26:00.920 --> 00:26:05.200
you’re gonna go and do everything that you can if you believe that you’re in a relationship.

00:26:05.200 --> 00:26:09.840
Like, I had one victim who was sending pictures of his food to his girlfriend.

00:26:09.840 --> 00:26:13.440
JACK: The scammers do all kinds of weird things; like, they’ll send photos of two

00:26:13.440 --> 00:26:17.560
different outfits and ask, which outfit should I wear today? Then when the victim picks one,

00:26:17.560 --> 00:26:21.320
it gives them just that little bit more of information to know about them. Like,

00:26:21.320 --> 00:26:25.560
they like formal clothes more than casual clothes, so let’s send them more photos of that,

00:26:25.560 --> 00:26:31.760
keep them on the hook. Just think about how much you share about yourself on a personal level when

00:26:31.760 --> 00:26:36.760
you have a new love interest. A scammer could easily write all that down and figure out your

00:26:36.760 --> 00:26:43.560
vulnerabilities and play on that if they’re really good. But I still think one way to sniff out these

00:26:43.560 --> 00:26:48.120
scammers is just to pick up the phone and call them. I’m betting that a lot of these scammers are

00:26:48.120 --> 00:26:53.400
just guys posing as women, you know? How do they sound on the phone? Even if they grab someone else

00:26:53.400 --> 00:26:58.440
to just pose as them and get on the phone, that person isn’t gonna know your whole chat history

00:26:58.440 --> 00:27:03.080
and won’t be able to carry on a conversation in any way that makes sense. Or even more,

00:27:03.080 --> 00:27:08.680
let’s do a video call and see what you really look like. So, just keep that in your head, that it’s

00:27:08.680 --> 00:27:14.680
probably a red flag if your love interest refuses to answer the call or get on video chat with you.

00:27:14.680 --> 00:27:20.440
RONNIE: Yeah, so, sometimes that is a red flag. However, some scammers have figured ways around

00:27:20.440 --> 00:27:25.960
that. I know in the content of deepfakes and AI — and I know it’s a whole buzzword right now,

00:27:25.960 --> 00:27:31.680
but some scammers are using that technology in order to generate video messages back and

00:27:31.680 --> 00:27:37.280
forth. The other thing, too; some of them will also use online video without audio,

00:27:37.280 --> 00:27:41.520
and they’ll just be kinda moving in the camera and be like, oh, my microphone’s not working. Or

00:27:41.520 --> 00:27:46.480
they’ll go and share and have a phone call with them and they won’t share video and just say,

00:27:46.480 --> 00:27:52.280
hey, my — this part here — my video isn’t working. So, they know that that’s a piece

00:27:52.280 --> 00:27:58.140
that people use in the metric, but they will go and try and find different ways to bypass that.

00:27:58.140 --> 00:28:03.680
JACK: Oh, yeah. Dang, I didn’t even think of that. So, I’ve done video interviews with people a lot,

00:28:03.680 --> 00:28:09.640
you know? But I use a Snapchat filter on my video to obscure my face. In real time

00:28:09.640 --> 00:28:15.920
on a live video call, my face gets distorted. Yeah, you could absolutely just use a filter

00:28:15.920 --> 00:28:20.760
to change your face to be a pretty lady even though you’re just some dude who doesn’t even

00:28:20.760 --> 00:28:25.720
speak English. We’re gonna take a quick ad break here, but stay with us ‘cause when we come back,

00:28:25.720 --> 00:28:31.960
we’re gonna talk about Black Axe, and you’re not gonna want to miss this. Okay,

00:28:31.960 --> 00:28:36.400
so, I’m looking you up online. You’re know as ‘that BEC guy’. What’s BEC?

00:28:36.400 --> 00:28:39.300
RONNIE: BEC is business e-mail compromise.

00:28:39.300 --> 00:28:41.120
JACK: Okay, so, let’s stop there.

00:28:41.120 --> 00:28:42.800
RONNIE: Okay, sounds good, sounds good.

00:28:42.800 --> 00:28:46.360
JACK: BEC — we break down the term; business e-mail compromise, right? So,

00:28:46.360 --> 00:28:53.280
let’s — the compromise part makes me think somebody has taken over my Office 365 e-mail

00:28:53.280 --> 00:29:00.500
server and is in my e-mails. They’ve compromised my e-mails. But that’s not what you say is BEC.

00:29:00.500 --> 00:29:06.680
RONNIE: No. So, if you go and look up the history of BEC, business e-mail compromise has been the

00:29:06.680 --> 00:29:12.920
number-one crime seven years in a row, minus last year. But the way it — and most people know it as

00:29:12.920 --> 00:29:18.320
is if you’re — if you receive an e-mail that says, hi, I’m the CEO of your company and I

00:29:18.320 --> 00:29:23.760
need you to do this urgent wire transfer for me. Can you wire $40,000 out to this account?

00:29:23.760 --> 00:29:28.268
That’s what most people think of as business e-mail compromise. But the problem with that…

00:29:28.268 --> 00:29:30.240
JACK: Well, to me, I just think — when you tell me that story,

00:29:30.240 --> 00:29:35.060
I just think that’s a phishing — I don’t call phishing BEC. I just call it phishing.

00:29:35.060 --> 00:29:37.560
RONNIE: Right, right, and it’s — phishing is kind

00:29:37.560 --> 00:29:41.240
of the overarching term for any e-mail-based threat like that.

00:29:41.240 --> 00:29:46.360
JACK: Is BEC always money-related or is it sometimes, no, we’re just gonna phish

00:29:46.360 --> 00:29:49.620
them so that we can get our malware on to steal their intellectual property?

00:29:49.620 --> 00:29:53.280
RONNIE: Yeah, yeah. So, business e-mail compromise, in most of the cases,

00:29:53.280 --> 00:29:59.560
it does not use malware. It does not employ any of those tactics around trying to install software

00:29:59.560 --> 00:30:04.240
on the computer. At most they will do credential phishing where they’ll try and harvest the e-mail

00:30:04.240 --> 00:30:08.920
credentials and e-mail passwords. But for a vast majority of business e-mail compromise,

00:30:08.920 --> 00:30:13.560
there is no malware tied to that. There’s only been a handful of cases that have been publicly

00:30:13.560 --> 00:30:20.640
documented specific to BEC actors using malware or something like that. But just from — for the

00:30:20.640 --> 00:30:24.520
most case, there is just no malware that’s tied back to these — those types of crime.

00:30:24.520 --> 00:30:28.742
JACK: So, if we’re gonna classify some — ‘cause let’s say we get phished, alright?

00:30:28.742 --> 00:30:28.754
RONNIE: Yep.

00:30:28.754 --> 00:30:32.480
JACK: Somebody sends us a phish. We click the link. We installed malware. You’d say,

00:30:32.480 --> 00:30:37.920
oh yeah, that wasn’t BEC. But if it was, okay, we got phished,

00:30:37.920 --> 00:30:42.540
it was send money to this, and I sent the money, you’d say, oh yeah, that was BEC.

00:30:42.540 --> 00:30:44.040
RONNIE: Yep.

00:30:44.040 --> 00:30:49.460
JACK: Okay. So, if you’re gonna classify it as BEC, it’s likely gonna be financial-related.

00:30:49.460 --> 00:30:50.900
RONNIE: Yeah, yeah.

00:30:50.900 --> 00:30:55.080
JACK: So, now this pivots the whole thing in my head, right? Instead of you and me

00:30:55.080 --> 00:30:59.120
being targeted, now they’re like, well, why target somebody who has thousands

00:30:59.120 --> 00:31:02.700
of dollars when we can target a business who has hundreds of millions of dollars?

00:31:02.700 --> 00:31:08.240
RONNIE: Yep, and that is exactly what it is. So, when you — so, we did a study;

00:31:08.240 --> 00:31:14.520
what we found was that when you go and think of your Nigerian prince scams, your 419 scams,

00:31:14.520 --> 00:31:20.880
your — you have this long-lost relative in Nigeria; go send me this money. What we found

00:31:20.880 --> 00:31:28.240
was that business e-mail compromise was not some new crime. It was a symptom of ignoring your,

00:31:28.240 --> 00:31:35.560
quote, unquote, “easy” 419 scams. We’ve had direct confirmation that the scammers behind business

00:31:35.560 --> 00:31:40.260
e-mail compromise are the same people who have been doing these Nigerian prince scams for years.

00:31:40.260 --> 00:31:43.880
JACK: By the way, 419 scams are those Nigerian prince scams. You know the ones,

00:31:43.880 --> 00:31:47.840
where they send you an e-mail saying, oh, if you pay us some money, we’ll release the inheritance

00:31:47.840 --> 00:31:53.960
that we owe you. The reason why it’s called 419 scams is because specifically in Nigerian law,

00:31:53.960 --> 00:31:57.840
Section 419 makes it illegal to do this. We’ve all laughed at these

00:31:57.840 --> 00:32:01.720
scams in the past, but they’re getting more sophisticated now. They’re evolving.

00:32:01.720 --> 00:32:06.440
RONNIE: So, very much with what you said, they realize, oh wait, no, I can go and get $40,000

00:32:06.440 --> 00:32:12.840
out of this company as opposed to going to hit this one victim over here. That’s where

00:32:12.840 --> 00:32:19.680
we see the overlap between the romance scams, is that when the — is when they go and send

00:32:19.680 --> 00:32:25.840
that phishing e-mail to that company, they will use those romance scam victims as a money-muling

00:32:25.840 --> 00:32:30.320
network to send money for these scams. So, the victims will be the ones who will be receiving

00:32:30.320 --> 00:32:35.540
the money who then wire it from the United States elsewhere in order to launder it up the chain.

00:32:35.540 --> 00:32:42.520
JACK: I mean, what I was — that’s amazing, but what I am surprised of is just hearing the

00:32:42.520 --> 00:32:47.640
evolution of it. It sounds like they’ve really honed their skills over time.

00:32:47.640 --> 00:32:51.640
RONNIE: They have, they have. Yeah, and it’s a combination of honing their skill

00:32:51.640 --> 00:32:56.800
yet still keeping the stigma that these things are simple and unsophisticated. That’s the thing,

00:32:56.800 --> 00:33:00.840
is that quote, unquote “simple and unsophisticated crime”, minus — again,

00:33:00.840 --> 00:33:05.700
minus last year, it was the number-one crime seven years in a row based on financial losses.

00:33:05.700 --> 00:33:07.920
JACK: What’s the number-one crime?

00:33:07.920 --> 00:33:14.400
RONNIE: Business e-mail compromise. So, from 2015 to 2021, it was the number-one

00:33:14.400 --> 00:33:21.200
cyber crime based on losses year after year. The only reason it was not the number-one for

00:33:21.200 --> 00:33:27.200
2022 was because we had this crime called pig butchering that came up. So, the way it was

00:33:27.200 --> 00:33:31.266
ranked was pig butchering was number-one. Business e-mail compromise was number two.

00:33:31.266 --> 00:33:36.800
JACK: [MUSIC] Wow. So, this is the number-one crime? I guess I’m just so surprised that it’s

00:33:36.800 --> 00:33:43.000
those awful Nigerian scammers who are doing this. When I say awful, I mean the least-sophisticated

00:33:43.000 --> 00:33:48.400
phishing e-mails I’ve ever seen. You know the ones; sir, you had a long-lost relative who was

00:33:48.400 --> 00:33:53.200
the prince of Nigeria and he has recently died and left a large inheritance for you.

00:33:53.200 --> 00:33:58.200
Just send us $500 so we can process this, and we’ll get the money over to you. Like,

00:33:58.200 --> 00:34:02.120
who in their right mind thinks their long-lost relative is the prince of Nigeria and you never

00:34:02.120 --> 00:34:08.880
knew it? It’s just the absolute dumbest attempt at a phishing scam that everyone laughs at, and it’s

00:34:08.880 --> 00:34:15.920
those guys who are number one? This is the biggest criminal financial loss for companies today?

00:34:15.920 --> 00:34:21.280
Now, getting a business to pay a fake invoice can take a lot of prep. You gotta figure out

00:34:21.280 --> 00:34:26.080
who this company normally pays large bills to and then try to pose as them. One way

00:34:26.080 --> 00:34:30.560
to pose as them is to register a domain that’s one letter off from the real one,

00:34:30.560 --> 00:34:35.040
so at first glance it looks like it’s from that person you normally do business with,

00:34:35.040 --> 00:34:42.720
but it’s not. Or sometimes you can pose as the CTO sending a bill to the CEO of the same company. But

00:34:42.720 --> 00:34:47.400
still, to know who to the CTO and CEO are, you gotta know who the people are that work at this

00:34:47.400 --> 00:34:50.960
company and what their e-mails look like and what their invoices look like so that it can

00:34:50.960 --> 00:34:55.740
be as close to the original as possible for this to work, and that takes a lot of work.

00:34:55.740 --> 00:35:03.440
RONNIE: We’ve seen cases where they will go and find and use different lead-generation services

00:35:03.440 --> 00:35:08.480
in order to identify the key controllers and the key stakeholders within the company. When they do

00:35:08.480 --> 00:35:14.280
that, that’s where they get that information on who’s the person within the company that they can

00:35:14.280 --> 00:35:18.880
go ahead and target? Based on the intelligence that we’ve seen, we know that they’ll target

00:35:18.880 --> 00:35:24.840
the controller’s companies, they will target different financial advisors. So,

00:35:24.840 --> 00:35:29.480
they will go and find that recon in order to identify who can I target within the company.

00:35:29.480 --> 00:35:33.320
JACK: Oh, and it’s not always bill-paying. Sometimes they try to scam these companies

00:35:33.320 --> 00:35:39.040
to send them giftcards. The scammers will pose as some manager in the company and they’ll ask

00:35:39.040 --> 00:35:43.640
someone higher up, hey, the company did such a great year. I’d like to give my employees

00:35:43.640 --> 00:35:48.840
giftcards as rewards. The person’s like, oh, that’s a great idea. Then the scammer’s like,

00:35:48.840 --> 00:35:53.640
okay, well, since everyone’s remote, could you just purchase the giftcards and then send me a

00:35:53.640 --> 00:35:58.160
photo of the back of the cards and I’ll just pass those giftcards out to the employees?

00:35:58.160 --> 00:36:04.640
That’s how these companies end up sending giftcards to Nigerian scammers. It’s crazy.

00:36:04.640 --> 00:36:07.920
RONNIE: Mm-hm. We actually did — we actually — with that, we actually did a study where

00:36:07.920 --> 00:36:13.080
we gave giftcards to the scammers and tracked where they clicked from. Crazy,

00:36:13.080 --> 00:36:17.560
crazy insights that we were able to gain from that. But it was such a different

00:36:17.560 --> 00:36:20.520
perspective of what we thought was — we were gonna get. Like,

00:36:20.520 --> 00:36:23.600
say, it was really fascinating, some of the data we had that came back from that.

00:36:23.600 --> 00:36:29.800
JACK: Now, e-mail providers or system admins need to work to protect users from all this. You can’t

00:36:29.800 --> 00:36:34.040
just present every e-mail that comes in to the user. That used to be the case in the old days

00:36:34.040 --> 00:36:39.200
when we didn’t filter any e-mails at all. But think about this; suppose you do get an e-mail,

00:36:39.200 --> 00:36:43.760
but it’s one letter off. They switched the lower-case l for the capital I,

00:36:43.760 --> 00:36:48.840
and it looks the exact same to the human eye to make you think this e-mail is from someone you

00:36:48.840 --> 00:36:55.600
normally get e-mail from, but that one letter off means it’s not. So, if a human can’t detect it,

00:36:55.600 --> 00:37:01.080
we better have machines that are detecting it. There’s a thing called the Levenshtein Distance,

00:37:01.080 --> 00:37:05.680
which is an algorithm that will compare two words to tell you how different they are. I

00:37:05.680 --> 00:37:11.280
sure hope that e-mail providers today are using this to first develop a baseline of who you’re

00:37:11.280 --> 00:37:17.360
normally getting e-mail from, and then look for e-mails coming in with a very similar domain. If

00:37:17.360 --> 00:37:22.280
the Levenshtein Distance is very low, meaning it’s only one letter off from someone you normally see

00:37:22.280 --> 00:37:28.160
e-mail from, then that should be flagged, maybe rejected or quarantined, and let the user know.

00:37:28.160 --> 00:37:33.360
RONNIE: Another area to look at for a lot of domains is how long

00:37:33.360 --> 00:37:38.120
has the domain been registered? If it’s been registered within the last month,

00:37:38.120 --> 00:37:42.240
more than likely it’s gonna be a phishing e-mail. So, looking for the reputation,

00:37:42.240 --> 00:37:48.160
the age of domain, is a very, very successful way to do stuff because most scammers will go

00:37:48.160 --> 00:37:53.500
and just get one month’s worth of domain time and then use that for their attack.

00:37:53.500 --> 00:37:57.560
JACK: You know, now that I think about it, I’m disappointed that there’s not better information

00:37:57.560 --> 00:38:03.040
on these e-mails I get. Sure, I have a spam folder and stuff gets thrown in there, but I’d love to

00:38:03.040 --> 00:38:10.920
see reasons for why my e-mail provider put it in spam. To me, spam is ads I don’t want. So, why not

00:38:10.920 --> 00:38:16.920
have a second folder of threats, you know? Spam and threats are two different things in my mind,

00:38:16.920 --> 00:38:22.280
but they all seem to end up in the same bucket in my e-mail. I would love, love, love, to get

00:38:22.280 --> 00:38:28.760
threat intelligence on my inbox where I could see a little dashboard that says, we’ve blocked twenty

00:38:28.760 --> 00:38:33.960
phishing e-mails for you this month. In there we had five BEC attempts, two pig-butchering e-mails,

00:38:33.960 --> 00:38:39.080
and thirteen e-mails containing malware from a threat actor known for targeting journalists. At

00:38:39.080 --> 00:38:44.600
a bare minimum, just show me a big, bright red banner on the e-mail that says, look out, this

00:38:44.600 --> 00:38:49.080
e-mail comes from a domain that was registered two days ago. That would be really cool.

00:38:49.080 --> 00:38:54.280
RONNIE: Google, if you’re listening, fix that, and fix the Google dot bug, too.

00:38:54.280 --> 00:39:00.300
JACK: I mean, they might be already filtering it out and putting it in spam, but…

00:39:00.300 --> 00:39:00.994
RONNIE: Yeah, yeah.

00:39:00.994 --> 00:39:05.060
JACK: …stuff that gets through, I’m like, hey, that is a good tip.

00:39:05.060 --> 00:39:11.880
RONNIE: Yeah, and just from the way BEC is, it’s — so many of these e-mails still get through.

00:39:11.880 --> 00:39:15.520
There’s a reason it’s been the number-one crime seven years in a row. So many e-mail

00:39:15.520 --> 00:39:21.720
gateways are trying to put protections and a lot of information security focuses on the malware,

00:39:21.720 --> 00:39:27.040
the APTs, the blinky boxes, and this stuff still gets past because there’s no malware.

00:39:27.040 --> 00:39:33.040
There’s no malicious URLs or content in there. It’s manipulating the humans. So many of these

00:39:33.040 --> 00:39:38.960
attacks just bypass your e-mail gateways. [MUSIC] With a lot of your BEC actors,

00:39:38.960 --> 00:39:43.760
from an attribution perspective, this ties back to groups such as Black Axe,

00:39:43.760 --> 00:39:47.820
where they will go and use those type of manipulation in order to gain that foothold.

00:39:47.820 --> 00:39:49.980
JACK: Wait, so, who — what’s Black Axe?

00:39:49.980 --> 00:39:57.160
RONNIE: So, Black Axe is one of the larger Nigerian confraternities that dabble in

00:39:57.160 --> 00:40:02.880
this. So, if you’re unfamiliar with that term, confraternity, think of a college fraternity

00:40:02.880 --> 00:40:09.280
here in the states but mixed with black magic and voodoo. What I mean by that is some of the

00:40:09.280 --> 00:40:15.560
hazing rituals for Black Axe include a human sacrifice or trying to use those

00:40:15.560 --> 00:40:20.480
type of techniques in order to, quote, unquote, “gain extra powers to become a better scammer”.

00:40:20.480 --> 00:40:23.780
JACK: Are we still on the same podcast? What is going on here?

00:40:23.780 --> 00:40:25.960
RONNIE: Hey, hey, trust me. Trust me. Yeah, no,

00:40:25.960 --> 00:40:31.680
I am dead serious on it. I sound like I went off into cyber-land, but no, no. But no,

00:40:31.680 --> 00:40:37.386
Black Axe is one of the larger groups who’s doing a lot of the business e-mail compromise activity.

00:40:37.386 --> 00:40:43.520
JACK: [MUSIC] Okay, are we really going here? When someone tells me they’re using voodoo and

00:40:43.520 --> 00:40:51.360
black magic to become a better scammer, I’m like, skeptical and just want to move on past

00:40:51.360 --> 00:40:56.200
that. I don’t even want to pick that up. But for some reason I’m feeling compelled to look

00:40:56.200 --> 00:41:04.640
this one up. So, first of all, I watched an hour-long BBC documentary on who Black Axe is,

00:41:04.640 --> 00:41:10.902
and it’s absolutely bonkers. Just listen to the first forty seconds of their documentary.

00:41:10.902 --> 00:41:14.640
SPEAKER1: [MUSIC] This morning, several bodies, some with their heads decapitated, were littered

00:41:14.640 --> 00:41:19.820
around the city. Thirty people have been killed in con-related killings within the past week.

00:41:19.820 --> 00:41:27.840
HOST2: A secret death cult is thriving in Nigeria, more terrifying than anything I’ve ever seen.

00:41:27.840 --> 00:41:32.080
Around the world, crime agents are cracking down on their multi-million-dollar internet

00:41:32.080 --> 00:41:41.920
fraud and human trafficking network. [COMMOTION] Nigerians are trying to fight back, too. But here,

00:41:41.920 --> 00:41:49.540
in their homeland, the cults seem unstoppable, and thousands of young lives have been destroyed.

00:41:49.540 --> 00:41:56.240
JACK: This documentary explains that Black Axe is a cult full of gang violence.

00:41:56.240 --> 00:41:59.760
HOST2: [FOREIGN IN BACKGROUND] They have agreed to

00:41:59.760 --> 00:42:11.360
let us film what they call a gyration, a cultist ceremony.

00:42:11.360 --> 00:42:17.360
JACK: These guys are really dangerous. They go around murdering people all the time,

00:42:17.360 --> 00:42:20.400
sometimes shooting up buildings or causing massacres, which I guess

00:42:20.400 --> 00:42:24.500
in the US is called mass shootings. The Black Axe has killed thousands of people.

00:42:24.500 --> 00:42:29.800
HOST2: I’m on my way to the University of Benin to understand where all this violence

00:42:29.800 --> 00:42:36.480
began. The Black Axe formed here forty years ago, and students are still being murdered on

00:42:36.480 --> 00:42:41.080
campus today. The Black Axe emerged out of a student fraternity known as the Neo Black

00:42:41.080 --> 00:42:47.400
Movement of Africa, or NBM. The movement initially stood for peace, but over time

00:42:47.400 --> 00:42:54.740
became linked to crime. Today, many people use the names Black Axe and NBM interchangeably.

00:42:54.740 --> 00:43:00.840
JACK: This has been going on for forty years? What? But that’s interesting

00:43:00.840 --> 00:43:07.240
because they initially started as a Neo Black Movement to fight oppression,

00:43:07.240 --> 00:43:11.960
but it’s very different now and it’s unclear to me what their motives are now. Something,

00:43:11.960 --> 00:43:18.840
something, freedom, something, something, defend. But even though Wikipedia thinks NBM

00:43:18.840 --> 00:43:25.760
and Black Axe are the same, the people within NBM don’t agree. Here’s the president of NBM.

00:43:25.760 --> 00:43:31.560
NBM: NBM is not Black Axe. NBM has nothing to do with criminality.

00:43:31.560 --> 00:43:39.840
NBM is an organization that tends to help achieve greatness in the world.

00:43:39.840 --> 00:43:46.080
HOST2: Despite the president’s denials, the NBM is facing mounting international pressure.

00:43:46.080 --> 00:43:51.480
Weeks after our interview, the FBI arrested more than thirty-five NBM members in the US and South

00:43:51.480 --> 00:43:56.600
Africa, charged with multi-million-dollar internet fraud. The US Department of Justice statement

00:43:56.600 --> 00:44:02.680
names the Neo Black Movement of Africa as a criminal organization and part of the Black Axe.

00:44:02.680 --> 00:44:12.680
JACK: Okay, so, you’ve got this extremely violent street gang, a cult, Black Axe/NBM,

00:44:12.680 --> 00:44:19.746
but they seem to also be involved with internet scams. Here’s Vice explaining what they’ve found.

00:44:19.746 --> 00:44:25.400
VICE: [MUSIC] The Black Axe is synonymous with cyber crime. It spread around the

00:44:25.400 --> 00:44:30.020
world. They’ve claimed to have as many as 30,000 members globally.

00:44:30.020 --> 00:44:32.080
SPEAKER3: How much were they trying to get out of you?

00:44:32.080 --> 00:44:35.820
SPEAKER4: Like, knowing these things, I was insane and I was gonna go to jail.

00:44:35.820 --> 00:44:42.920
SPEAKER5: In October 2021, eight men were arrested in Cape Town on serious fraud charges. The men

00:44:42.920 --> 00:44:48.480
were allegedly members of the Black Axe, a notorious Nigerian organized crime group.

00:44:48.480 --> 00:44:56.360
RONNIE: Specific to the human sacrifice, the way that that plays out, is for your Nigerian scammer,

00:44:56.360 --> 00:45:02.280
they are called a Yahoo Boy. So, in order to become a better scammer or a Yahoo Boy plus,

00:45:02.280 --> 00:45:08.520
there is a human sacrifice ritual where you have to kill somebody to gain better powers to go and

00:45:08.520 --> 00:45:14.440
continue this type of scamming. Like I said, it sounds far out there, but it’s widely documented

00:45:14.440 --> 00:45:19.280
that this is unfortunately one of those cases. That’s why I get so bitter towards ransomware,

00:45:19.280 --> 00:45:22.400
is that people are like, oh, somebody might die here, over here, or somebody might die over here

00:45:22.400 --> 00:45:26.480
because of this ransomware attack. I’m like, no, we have people literally sacrificing each other

00:45:26.480 --> 00:45:30.980
because of this stuff, and that’s where the problems are, in some of these cases.

00:45:30.980 --> 00:45:33.140
JACK: Holy moly.

00:45:33.140 --> 00:45:37.746
RONNIE: Yep, yep.

00:45:37.746 --> 00:45:42.200
JACK: [MUSIC] I also watched a few videos about Yahoo Boys. I guess they get their name because

00:45:42.200 --> 00:45:47.680
they started out using Yahoo Messenger to conduct their scams over, and they interviewed some of

00:45:47.680 --> 00:45:52.080
the Yahoo Boys who then explained how they do it, and they were open about what they were

00:45:52.080 --> 00:45:57.480
doing. They were like, yeah, we scam people. We steal lots of money from them. In fact,

00:45:57.480 --> 00:46:03.880
they even posted a video of one of their victims on the verge of suicide. Here, listen.

00:46:03.880 --> 00:46:09.320
VICTIM: [FOREIGN]

00:46:09.320 --> 00:46:19.320
JACK: [MUSIC] So, even though they’re ruining people’s lives and know that some of these

00:46:19.320 --> 00:46:25.560
victims that they have are committing suicide and they say they’re all addicted to drugs, they deny

00:46:25.560 --> 00:46:32.280
their involvement with human bloodshed. It wasn’t exactly clear from these interviews I watched,

00:46:32.280 --> 00:46:38.360
but it did seem like they were killing cows or other animals to try to level up their scamming,

00:46:38.360 --> 00:46:42.440
which I have to admit, at first I’m just shocked that anyone would think

00:46:42.440 --> 00:46:47.080
that they’d become a better scammer because of an animal sacrifice. But the thing is,

00:46:47.080 --> 00:46:53.600
the culture of Nigeria is rich with a lot of this voodoo and hexing and charms and stuff. In fact,

00:46:53.600 --> 00:46:58.560
when the BBC reporter went to investigate the Black Axe cult, he found a vigilante group who was

00:46:58.560 --> 00:47:05.640
trying to stop the Black Axe, and they gave him a charm to protect him during his investigation.

00:47:05.640 --> 00:47:11.480
VIGILANTE: [FOREIGN] Someone’s ancestral spirits to protect this man.

00:47:11.480 --> 00:47:17.800
SPEAKER6: Just put this sort of amulet, and this will guarantee my safety on this raid, that no

00:47:17.800 --> 00:47:23.880
bullet will penetrate into my skin. Regardless of this, this is what they are relying on.

00:47:23.880 --> 00:47:28.920
JACK: They gave him an amulet to protect him from gunshots. He still wore a bulletproof vest,

00:47:28.920 --> 00:47:34.440
though. But this is what I mean; the culture there is really big into this. You know,

00:47:34.440 --> 00:47:41.880
luck is a weird thing. It feels like a mysterious force. Can it be changed in any way? So,

00:47:41.880 --> 00:47:48.080
I can see why somebody would want to do weird stuff to try to improve their luck. If you really,

00:47:48.080 --> 00:47:54.480
really, really want to improve your luck, then maybe you’ve gotta do something a little insane.

00:47:54.480 --> 00:48:00.760
I can see how bloodshed can get mixed up in all this. It’s very awful and strange,

00:48:00.760 --> 00:48:07.040
though. How the hell did we get from romance scams to this? Man, the places we go on this

00:48:07.040 --> 00:48:12.680
show. Now I can see why you’re so fascinated about all this. These stories are crazy.

00:48:12.680 --> 00:48:13.880
RONNIE: Yeah, yeah.

00:48:13.880 --> 00:48:18.900
JACK: Tell us about that one story you heard about going on in South Africa.

00:48:18.900 --> 00:48:25.920
RONNIE: Okay, yeah, yeah. So, this was a Black Axe case they had down in South Africa. Like I

00:48:25.920 --> 00:48:29.640
mentioned earlier, I do a lot of work back and forth with law enforcement, so I get to hear a

00:48:29.640 --> 00:48:35.560
lot of the good stories as a result of this. But they were doing the case. They went down

00:48:35.560 --> 00:48:40.720
to go and arrest the individuals, and they were kind of at this compound down in South Africa,

00:48:40.720 --> 00:48:45.400
and they didn’t really — and they were able to get into most of the houses and most of the buildings,

00:48:45.400 --> 00:48:49.200
and there was one building in the — or one window in the back that they couldn’t get into. So,

00:48:49.200 --> 00:48:53.600
they were able to bust it down, got in there, and in that building what they

00:48:53.600 --> 00:48:58.480
found was — they found a pile of money covered with blood and dead chickens.

00:48:58.480 --> 00:49:02.960
So, as they came out and unlocked the door to get in there, they kind of got talking to the

00:49:02.960 --> 00:49:08.400
people that they were arresting and they were like, what’s this? Because you don’t

00:49:08.400 --> 00:49:13.800
really expect to find that on a law enforcement engagement. So, what the scammers had said was,

00:49:13.800 --> 00:49:19.000
well, it turns out that the magic here in South Africa is not as strong as the juju in Nigeria,

00:49:19.000 --> 00:49:23.120
so we need a larger pile of money. That’s one of the things that most people don’t realize,

00:49:23.120 --> 00:49:28.720
is that there is a spiritual aspect that plays on this that many of the scammers believe. When

00:49:28.720 --> 00:49:32.160
you account for that and you account for a lot of the way that they perceive a lot of that stuff,

00:49:32.160 --> 00:49:37.600
it gets really, really interesting. Because of, again, that spiritual aspect, it’s — like I said,

00:49:37.600 --> 00:49:42.680
it’s — there’s so many other things that the scammers are kinda playing with and using or

00:49:42.680 --> 00:49:47.580
believe that they don’t fully understand what they’re playing with, in my opinion.

00:49:47.580 --> 00:49:50.920
JACK: Man, Ronnie, I don’t even know what to ask you at

00:49:50.920 --> 00:49:55.520
this point. You’ve just got me going down jackrabbit holes or something.

00:49:55.520 --> 00:50:02.960
RONNIE: [LAUGHS] Yeah, yeah. Yeah, I’m the kind of guy who’s — at the dinner table,

00:50:02.960 --> 00:50:05.440
I was like, hey, let’s talk about blood sacrifices and voodoo.

00:50:05.440 --> 00:50:09.840
JACK: Okay, so, while looking up these Nigerian scammers,

00:50:09.840 --> 00:50:16.040
I saw something about this group called Scattered Canary. Can you tell us about this?

00:50:16.040 --> 00:50:21.880
RONNIE: Yeah, Scattered Canary was a mostly-Nigerian cyber-fraud group that

00:50:21.880 --> 00:50:28.400
we found back in 2018 that was engaging in business e-mail compromise. The reason we

00:50:28.400 --> 00:50:32.440
named them Scattered Canary was because, one, they were very scattered in their targeting,

00:50:32.440 --> 00:50:37.240
and two, they were kind of our canary in the coal mine that let us identify a lot

00:50:37.240 --> 00:50:41.760
of things around 419 scams and business e-mail compromise. One of the things that

00:50:41.760 --> 00:50:49.400
happened during the pandemic was unemployment money was fair — was given out fairly easily.

00:50:49.400 --> 00:50:54.120
Whenever one of these programs happened, the scammers are quick to jump on that, and they

00:50:54.120 --> 00:51:01.200
quickly jumped on that bandwagon for a lot of the unemployment funds. What Scattered Canary did was

00:51:01.200 --> 00:51:06.480
they used different e-mail accounts or e-mail accounts that had the Google dot bug in them,

00:51:06.480 --> 00:51:12.240
and they went and hit the unemployment fraud systems. At the peak, we saw them hitting

00:51:12.240 --> 00:51:19.240
fourteen different states. For unemployment fraud in general, where that stands, we are upwards of

00:51:19.240 --> 00:51:24.680
around $400 billion that had been — [MUSIC] that’s been stolen as a result of some of these things,

00:51:24.680 --> 00:51:31.560
and there’s some new information coming out from — about id.me and how some of the money may not

00:51:31.560 --> 00:51:38.240
have been fully articulated. But what we know of right now is that $100 billion was confirmed from

00:51:38.240 --> 00:51:44.388
Secret Service. We know that $400 billion is up in question for the money that was taken.

00:51:44.388 --> 00:51:46.140
JACK: Wait, $100 billion was confirmed?

00:51:46.140 --> 00:51:47.800
RONNIE: Yep, $100 billion.

00:51:47.800 --> 00:51:56.640
JACK: So, that was — I’ll submit unemployment on behalf of some American,

00:51:56.640 --> 00:52:01.600
and then I’ll tell them to send the money here to me in Nigeria. But it probably is money-muled

00:52:01.600 --> 00:52:05.980
through and then to Nigeria, but that’s where the $100 billion — that’s what I’m…

00:52:05.980 --> 00:52:08.640
RONNIE: Yeah, billion with a B. Billion with a B, yeah. Yeah,

00:52:08.640 --> 00:52:13.200
so — and that’s kind of where the lines get muddy between business e-mail compromise,

00:52:13.200 --> 00:52:18.360
is because we know that Scattered Canary, again, who was doing business e-mail compromise,

00:52:18.360 --> 00:52:21.920
we know they were doing romance scams. We know they were doing unemployment fraud,

00:52:21.920 --> 00:52:25.400
and that’s kind of why I say BEC is the number-one crime that’s out there,

00:52:25.400 --> 00:52:32.760
because that’s over $500 billion that we know are tied back to business e-mail compromise scammers

00:52:32.760 --> 00:52:37.800
who are doing this, and we know other scammers were involved in that, too. But no, it’s — yeah,

00:52:37.800 --> 00:52:42.760
it was $100 billion that was confirmed from Secret Service. There is a possible — it’s a possible

00:52:42.760 --> 00:52:49.600
$400 billion that is up for discretion and kind of being put through for Congress, but that’s what

00:52:49.600 --> 00:52:54.400
it looks like the new number is gonna lay at, is about $400 billion. It has been confirmed.

00:52:54.400 --> 00:52:57.781
JACK: Now, I’ve gotta try to understand these numbers more, okay?

00:52:57.781 --> 00:52:57.794
RONNIE: Okay.

00:52:57.794 --> 00:53:04.865
JACK: So, I’m just walking through it in my mind. So, $100 billion is coming from the US Treasury?

00:53:04.865 --> 00:53:05.300
RONNIE: Mm-hm. Yep.

00:53:05.300 --> 00:53:09.440
JACK: That’s a lot of money that’s just — the US Treasury has lost.

00:53:09.440 --> 00:53:12.360
RONNIE: Not only is that a lot of money that the US Treasury lost;

00:53:12.360 --> 00:53:15.140
that’s a lot of money that came out of — are you an American citizen?

00:53:15.140 --> 00:53:15.780
JACK: Yeah.

00:53:15.780 --> 00:53:19.400
RONNIE: Okay, so, that’s a lot of money that came out of mine and your pocket. In addition to that,

00:53:19.400 --> 00:53:24.720
scammers — what it looks like is it may have been upwards about $400 billion, so — and the other

00:53:24.720 --> 00:53:29.880
kicker here, too, is that that’s — fraud is still happening. Two of my intelligence sources out in

00:53:29.880 --> 00:53:36.360
Nigeria, within the last two weeks, they’re still stealing money from the government. The average

00:53:36.360 --> 00:53:42.520
salary for a Nigerian is $100 US per month. So, when you go and you have that much money coming

00:53:42.520 --> 00:53:48.120
in, it becomes very enticing for your youth out there to want to go and try and do this fraud.

00:53:48.120 --> 00:53:54.440
JACK: But still, I can’t fathom this amount of money coming in. Like, the entire GDP of

00:53:54.440 --> 00:54:01.480
Nigeria is $500 billion. You’re telling me that this one group has stolen almost the equivalent

00:54:01.480 --> 00:54:09.200
to the whole country’s GDP from the US government, almost doubling Nigeria’s GDP? It’s just unreal.

00:54:09.200 --> 00:54:12.960
HOST3: Secret Service says nearly $100 billion in pandemic relief funds have

00:54:12.960 --> 00:54:17.880
been stolen. That adds up to about 3% of the cash handed out by the government. Most of the

00:54:17.880 --> 00:54:21.880
lost money is from unemployment fraud. Right now, the Secret Service says it has more than

00:54:21.880 --> 00:54:27.340
nine hundred active criminal investigations into pandemic fraud, with cases in every single state.

00:54:27.340 --> 00:54:31.980
JACK: Man, the more I look into this, the more problems I see. I mean, listen to this guy.

00:54:31.980 --> 00:54:36.360
HOST4: Michael Horowitz is the top cop overseeing the effort to make sure the

00:54:36.360 --> 00:54:42.240
$5 trillion in taxpayer dollars went to the right place. This is his first interview in

00:54:42.240 --> 00:54:46.400
his role as the head of a pandemic response accountability committee.

00:54:46.400 --> 00:54:50.560
MICHAEL: When the Small Business Administration, in sending that money out, basically said to

00:54:50.560 --> 00:54:56.080
people, apply and sign and tell us that you’re really entitled to the money. Of course,

00:54:56.080 --> 00:55:02.640
for fraudsters, that’s an invitation. What didn’t happen was even minimal checks to

00:55:02.640 --> 00:55:06.000
make sure that the money was getting to the right people at the right time.

00:55:06.000 --> 00:55:12.640
JACK: The US government spent $5 trillion to try to help Americans get through the pandemic. But

00:55:12.640 --> 00:55:17.200
it sounds like they didn’t do a very good job at protecting that money from fraudsters. I mean,

00:55:17.200 --> 00:55:20.880
this Rolling Stone article I’m reading right now says it’s more like $1 trillion

00:55:20.880 --> 00:55:26.280
was stolen from the US Treasury. My goodness. I guess it really is the number-one crime,

00:55:26.280 --> 00:55:32.360
and that’s such a waste of money. What an awful problem. How can $1 trillion be stolen

00:55:32.360 --> 00:55:37.720
from the US Treasury and it be an acceptable amount of loss? To me, it must be acceptable

00:55:37.720 --> 00:55:42.040
since this got rolled out in phases. I think $2 trillion was the first to be approved,

00:55:42.040 --> 00:55:46.040
and of course, scammers immediately started grabbing that cash. When that wasn’t enough,

00:55:46.040 --> 00:55:50.800
they rolled out even more trillions of dollars without putting changes in place to stop this

00:55:50.800 --> 00:55:56.000
from happening. You’d think someone would have said, uh, listen, that last round, a lot of money

00:55:56.000 --> 00:56:01.600
got stolen. Is this really an acceptable amount of loss? But no, nobody listened,

00:56:01.600 --> 00:56:09.600
and the money just kept getting handed and handed right to the scammers. What an embarrassment.

00:56:09.600 --> 00:56:13.800
I’m tempted to get to the bottom of this and figured out who bungled this money.

00:56:13.800 --> 00:56:18.440
Who was in charge of handing out $5 trillion and was like, oh, we don’t need guardrails;

00:56:18.440 --> 00:56:23.440
I don’t think anyone’s gonna steal from us? Who denied the budget for a security audit or

00:56:23.440 --> 00:56:28.000
team? Who ignored the person saying, hold on, if we start handing the money out this way,

00:56:28.000 --> 00:56:34.280
we’re gonna get a lot stolen? Who out there thinks it’s totally fine that we lost a trillion dollars?

00:56:34.280 --> 00:56:40.680
I want my voice to be clear; as an American, this is unacceptable to me. I’m very disappointed that

00:56:40.680 --> 00:56:46.520
the US government handed this much money to the same Nigerian scammers who tried to convince us

00:56:46.520 --> 00:56:51.920
all that our long-lost relative was the prince of Nigeria. I would be understanding if the

00:56:51.920 --> 00:56:57.520
government fell victim to some sophisticated cyber attack like a ruthless, unstoppable bull. But you

00:56:57.520 --> 00:57:05.200
got taken by the least-sophisticated scammers on the planet. You need to do better. When you’re

00:57:05.200 --> 00:57:11.160
handing out this much money as fast as you can, you’ve gotta look at who you’re handing it to.

00:57:11.160 --> 00:57:17.920
At the very least, give it to an American. What is this, your first day on the internet? Listen

00:57:17.920 --> 00:57:22.387
to Secret Service agent Roy Dotson here. He’s the lead investigator of this case.

00:57:22.387 --> 00:57:29.160
ROY: [MUSIC] Fast money equals fast crime.

00:57:29.160 --> 00:57:35.160
JACK: At this point of this interview, I’m just kinda feeling defeated. And, surprise…

00:57:35.160 --> 00:57:39.240
RONNIE: Welcome to the last seven years of my life, ‘cause it’s something where it’s like, it’s

00:57:39.240 --> 00:57:44.940
very disheartening. Like I said, staring at this stuff for so long, it’s something where it’s like

00:57:44.940 --> 00:57:49.600
— it is very disheartening because you do feel defeated. You do feel like, okay, we’ve literally

00:57:49.600 --> 00:57:56.320
lost $500 billion and that’s just what we know. If we were to actually piece together what we knew,

00:57:56.320 --> 00:58:01.080
I’m just gonna throw this out there; we’re easily over a trillion dollars that we’ve lost here. A

00:58:01.080 --> 00:58:06.040
lot of what it comes down to is admitting that there is a problem, admitting that something

00:58:06.040 --> 00:58:10.760
needs to be fixed, admitting that something needs to give. Because if you keep having this

00:58:10.760 --> 00:58:16.480
much money that’s going out and you don’t admit that it’s a problem, you’re just gonna be stuck.

00:58:16.480 --> 00:58:21.240
When you go and look at the twenty, twenty-five years of Nigerian prince scams, this is the whole

00:58:21.240 --> 00:58:25.280
reason that we’re here right now, is because no one wanted to admit that, no, this is actually

00:58:25.280 --> 00:58:29.560
something that’s happening. Yes, there are people who are actually being socially engineered into

00:58:29.560 --> 00:58:35.160
this. We have to work with those people in order to identify some of that. So, trust me, I totally

00:58:35.160 --> 00:58:39.400
resonate with you. I totally feel you when you’re like, you feel defeated on that, because a lot of

00:58:39.400 --> 00:58:44.840
times I do, too. But knowing that I’m on the right side of this, knowing that I’m helping victims and

00:58:44.840 --> 00:58:49.240
I’m helping them recover their money and knowing that I’m helping reshape a lot of the way that the

00:58:49.240 --> 00:58:54.720
industry thinks about this stuff is like, that’s what keeps me fighting this stuff every day.

00:58:54.720 --> 00:59:14.560
(OUTRO): [MUSIC] A big thank-you to Ronnie Tokazowski for sharing his stories with us.

00:59:14.560 --> 00:59:17.960
This episode was created by me, the master of disaster, Jack Rhysider,

00:59:17.960 --> 00:59:21.680
assembled by the juicy smoocher, Tristan Ledger, mixing done by Proximity Sound,

00:59:21.680 --> 00:59:25.120
and our theme music is by the mysterious Breakmaster Cylinder. You might be wondering

00:59:25.120 --> 00:59:35.640
what my political association is. I’m ALT + Tab. This is Darknet Diaries.