Latest posts by Graham Barrow (see all)
How to protect yourself from scams, boiler-rooms and other people trying to take your money?
We live in a world where the internet has become ubiquitous and this is as true for criminals as it is for the likes of you and me. And that means that any serious criminal operation will be accompanied by some sort of internet offering designed to underpin and provide credibility to whatever scam the criminal are operating.
But, there are ALWAYS ways of testing the provenance of websites to see if they are legitimate or not so I thought I’d put pen to paper (or, more precisely, fingers to the keyboard) and take you through a real life case-study to show you some of the many clues the average criminal website contains.
My starting point is the FCA’s “Warnings” page (https://www.fca.org.uk/news/search-results?np_category=warnings&start=1) where they helpfully post firms known to engages in dubious or unauthorised activity.
I have chosen as my example the following case (taken from http://stevemanagement.com – I’m sure they won’t mind)
Let’s start of by looking at what basic information we can find out about the domain itself.
The first thing we can do is check the registration against the ICANN domain name registry (https://whois.icann.org/en).
This yields the following results:
Two really interesting things come out of this search:
1. The domain registrant is hiding behind a secrecy organisation
2. The domain was registered on 11 November 2016.
Compare this to the biography given for the founder of Steve Pearson Management (bizarrely, his name is Richard Stevenson) in which he claims that he founded the company in 1995 – it took him 21 years to register his domain name and that after growing the company to over $30bn in combined revenue!
There are a few other things on this page worthy of note.
1. A $30bn dollar company might be expected to get its three major players in the same font
2. Denrick Peterson is a very unusual name. He must be easy to find on the internet!
So let’s search for him (using quotation marks to return exact matches only).
This is what we get:
One hit! And that’s the website in question! How strange.
And have you noticed the Side Menu? One of the links is to “Due Delligence”. What on earth is that?
I’ve always been interested in Psychology (in fact I’m doing an Open University degree in the subject) so I like to think about the psychology of the criminals who create websites such as this. And the one thing you can be sure of is that they won’t spent weeks creating the content all on their own. Oh no!
They are far more likely to find an existing legal site for the bulk of their text and use that instead. So I wonder which one furnished Steve Pearson Capital Management with theirs?
Let’s have a look. The knack here is to find some text which looks distinct and quite specific and then see if you can find a legitimate company that is using it. I chose the following (search string highlighted in blue):
The very first hit was for Platinum Equity (a very well-known private equity company). The page the text came from looks like this:
As you can see, visually quite dissimilar but textually identical. But that wasn’t the only website that came up in Google. There is a list at the end of this article of all the other “rogue” sites that contained the same text.
And a further search through the website turns up and interesting phrase on their “Advocacy” page (as if!):
Which led me to the following site!!:
Recognise that picture?
The site contains the following text:
Which is the same as on the stevemanagement.com site.
A quick check on ICANN tells me that the domain for this organisation was registered on 28 March 2017 so I think we can safely assume they are as bogus as all the rest (and are almost certainly part of a “recovery” scam which attempts to scam victims a second time under the pretext of recovering the money they lost first time around).
None of this took long to do and I have numerous other examples I could have used but discovering a scam masquerading as the “Anti Cyber Crime and Financial Fraud Agency” was just too extraordinary to miss.
There is much more but by now you will have got my drift. These, by the way, were the other live sites I identified during the course of the investigation (there were more but they are no longer live):
My one fear, after writing all of this, is that the people who read this article are precisely the ones who wouldn’t fall victim in the first place and the ones who can’t be bothered too, most likely will.
Featured image courtesy of The Wolf Of Wall Street