Ronnie Tokazowski

is when they go and send that phishing email to that company, they will use those romance scam victims as the money-muling network to send money for these scams. So the victims will be the ones who will be receiving the money, who then wire it from the United States elsewhere in order to launder it up the chain.

is when they go and send that phishing email to that company, they will use those romance scam victims as the money-muling network to send money for these scams. So the victims will be the ones who will be receiving the money, who then wire it from the United States elsewhere in order to launder it up the chain.

They have. They have. Yeah. And it's a combination of honing their skill, yet still keeping the stigma that these things are simple and unsophisticated. And that's the thing is that quote, unquote, simple and unsophisticated crime, again, minus last year, it was number one crime seven years in a row based on financial losses.

They have. They have. Yeah. And it's a combination of honing their skill, yet still keeping the stigma that these things are simple and unsophisticated. And that's the thing is that quote, unquote, simple and unsophisticated crime, again, minus last year, it was number one crime seven years in a row based on financial losses.

Business email compromise. So from 2015 to 2021, it was the number one cybercrime based on losses year after year. And the only reason it was not the number one LAT for 2022 was because we had this crime called pig butchering that came up. So the way it was ranked was pig butchering was number one, business email compromise was number two.

Business email compromise. So from 2015 to 2021, it was the number one cybercrime based on losses year after year. And the only reason it was not the number one LAT for 2022 was because we had this crime called pig butchering that came up. So the way it was ranked was pig butchering was number one, business email compromise was number two.

We've seen cases where they will go and find and use different lead generation services in order to identify the key controllers and the key stakeholders within the company. And when they do that, that's where they get that information on who's the person within the company that they can go ahead and target.

We've seen cases where they will go and find and use different lead generation services in order to identify the key controllers and the key stakeholders within the company. And when they do that, that's where they get that information on who's the person within the company that they can go ahead and target.

And based on something that tells us that we've seen, we know that they'll target the controllers of companies. We know that they will target companies different financial advisors. So they will go and find that recon in order to identify who can I target within the company.

And based on something that tells us that we've seen, we know that they'll target the controllers of companies. We know that they will target companies different financial advisors. So they will go and find that recon in order to identify who can I target within the company.

Mm-hmm. And we actually did a study where we gave gift cards to the scammers and tracked where they clicked from. Crazy, crazy insights that we were able to gain from that. But it was such a different perspective of what we thought we were going to get. But like I say, it was really fascinating with some of the data we had that came back from that.

Mm-hmm. And we actually did a study where we gave gift cards to the scammers and tracked where they clicked from. Crazy, crazy insights that we were able to gain from that. But it was such a different perspective of what we thought we were going to get. But like I say, it was really fascinating with some of the data we had that came back from that.

Another area to look at for a lot of domains is how long has the domain been registered? If it's been registered within like the last month, more than likely it's going to be a phishing email. So looking for the reputation, the age of domain is a very, very important

Another area to look at for a lot of domains is how long has the domain been registered? If it's been registered within like the last month, more than likely it's going to be a phishing email. So looking for the reputation, the age of domain is a very, very important

successful way to do stuff because most scammers will go and just like get one month's worth of domain time and then use that for their attack.

successful way to do stuff because most scammers will go and just like get one month's worth of domain time and then use that for their attack.

Yeah. And just from the way BEC is, so many of these emails still get through. There's a reason it's been the number one crime 70 years in a row. So many email gateways are trying to put protections. And a lot of information security focuses on the malware, the APTs, the blinky boxes. And this stuff still gets passed because there's no malware. There's no malicious URLs or content in there.

Yeah. And just from the way BEC is, so many of these emails still get through. There's a reason it's been the number one crime 70 years in a row. So many email gateways are trying to put protections. And a lot of information security focuses on the malware, the APTs, the blinky boxes. And this stuff still gets passed because there's no malware. There's no malicious URLs or content in there.

It's manipulating the humans. So many of these attacks just bypass your email gateways. with a lot of your BEC actors from an attribution perspective. This ties back to groups such as like Black Axe, where they will go and use those type of manipulation in order to gain that foothold. Wait, so what's Black Axe? So Black Axe is one of the larger Nigerian con fraternities that dabble in this.

It's manipulating the humans. So many of these attacks just bypass your email gateways. with a lot of your BEC actors from an attribution perspective. This ties back to groups such as like Black Axe, where they will go and use those type of manipulation in order to gain that foothold. Wait, so what's Black Axe? So Black Axe is one of the larger Nigerian con fraternities that dabble in this.