MIDASearch’s monthly trawl through the Internet to find trends and news relevant to online investigators.
Free UK Online Fraud Investigation Course
The City of London Police have joined up with Future Learn and Coventry University to develop and deliver an online free course on how to conduct Fraud Investigations.
The course is available for four weeks to all students who enrol and covers the following topics:
- Fraud types and enablers.
- The Fraud Investigation Model.
- Conducting effective fraud investigations.
For more information and to enrol visit: Future Learn Website Fraud Investigation: Making a Difference
Return of the NCSC Phishing Guidance
In August the National Cyber Security Centre (NCSC) released an updated version of their Phishing Guidance Document that was first published in February 2018.
This new version of the guide includes all the phishing alerts that were previously only available through NCSC blogposts.
The new guidance focus is centred on businesses developing a layered approach to combat Cyber Phishing.
Any UK Phishing Attacks you discover should be reported immediately to Action Fraud.
New Facebook Search Tool
On the 2nd September Tech Crunch reported that Facebook are considering giving users an option to hide the ‘Like’ counter on their News Feed’s. This could lead to more misery for Online Investigators as the likes counter is often a good way of finding a users friends when their friends list is blocked to the public.
However, some long awaited good news has arrived. Since Facebook closed their graph search options gathering intelligence / information from Facebook profiles have been much more difficult……..but there is now a new ‘tool’ which helps unlock information that is in the public domain:
FBInsight is a very useful new tool that can help locate public related information from a user’s URL or Username or FB User ID number (enter the chosen format and then make sure you scroll down the screen to access the menu of options).
- Other users they most interact with.
- The users real-time likes.
- The users liked posts.
- The users liked videos.
- Posts the user has commented on.
- Posts the user has been tagged in.
- Places the user has ‘checked in-to’.
- Events the user has ‘joined’.
UK Property Fraud
ABC Finance Limited, a specialist finance broker, has published their recent research into fraud claims reported to the UK Land Registry. Their research found the UK Land Registry has received 30 times as many fraud claims as it has prevented since 2009.
Property identified in the report as most at risk are as per info-gram below:
The UK Steps Up ‘War’ on Fake News
The British Army has announced that it is setting up a new unit within their ‘6 Division’ to combat Cyber Threats including Fake News.
The unit, confirmed by Lieutenant General Ivan Jones the UK’s most senior soldier, is expected to go beyond the normal remits of military operations to focus on information warfare including social media accounts that generate fake news and propaganda across all social media platforms.
The unit will also be utilising traditional army techniques including information jamming and similar proactive offensives as well as supporting allied intelligence agencies.
New Anti-Application Fraud Partnership Announced
With the continued increase of criminals using stolen or fake documentation to commit application fraud by opening fictitious accounts (source: UK Finance), two online fraud prevention initiatives have formed a partnership to combine their resources to offer businesses a new defence solution.
Emailage, an email risk assessment technology that uses data science techniques and combined machine-learning technology to generate digital identities from a user’s email address have combined forces with Featurespace, providers of risk detection and fraud prevention applications.
Businesses can subscribe to access Featurespace’s ARIC platform combined with Emailage’s global consortium of data and risk assessment scores to receive real-time reports of potential application fraud.
Fake Resume Generator
With a simple search of the internet it is easy to find ‘Fake name generators’ and photos of ‘people’ that have been generated using Articficial Inteligence.
Example of the search results:
The next logical step in the evolotion of creating a fake profile is to combine the name generator data and AI images.
The resume site builder Enhancv have combined their resources to build a random ‘Fake Resume Generator’.
The Generator uses random information and AI created images within ten seconds. The purpose of the generator is to showcase the types of resume’s you can build on their sites. It also, however, shows how quickly technology is evolving to create believable profiles of people who don’t exist.
Example header of a fake ‘persons’ resume:
Social Media Searches
**** See the September 2019 entry for an update ****
Friday 7th June Facebook made some unannounced background changes to the way Facebook could be searched. For years the search parameters were built around their own ‘Facebook Graph Search’ which let users search using either string commands in the relevant URL or any number of third party website tools – one of the most popular was ‘Stalk Scan’.
………but this extremely useful way to search Facebook has now been ‘suspended’ with no news as to if it will be re-instated or if a new way to search is on the way……. or if we are just stuck with the new primitive search bar………
Facebook is a valuable tool for online investigations and these changes have made a huge impact to investigators information / intelligence sources. However a few tools have surfaced to try and make searching a bit easier including ‘Sowdust’:
However these recent Facebook issues are a good opportunity for investigators to put more emphasis on other social networks that still have good search interfaces. The list below has links to third party tools that will enable ‘deep searching’ of some of the other big social network sites:
- Instragram online tools.
- LinkedIn online tools.
- Reddit online tools.
- Snapchat online tools.
- Twitter online tools.
- You tube online tools.
Over the past few years electronic online information has become easier to access and distribute than other methods such as print. Information at your finger-tips is a great way to stay informed quickly but has also led to a sharp increase in ‘fake news’.
The Poyneter Institute host an annual Global Fact Checking Network where deligates discuss ideas and tactics to tackle issues such as fake news. This years network was held in Cape Town and featured 57 speakers. The Poynter Institute have issued the advice that was discussed at the forum which will help Investigators and business across the globe to improve their fact checking skills and re-sources. The main points can be found here: 9 fact-checking lessons from Global Fact 6.
MeWe a rival to Facebook
MeWe is a California based social network site founded in 2012 as a rival to Facebook. MeWe have so far raised around $15 million in total since its creation. MeWe is advertised as a private, no adverts, no spyware social media site. MeWe expect to have over 30 million active users by the end of 2019 with over half of this number coming from users outside of the U.S.
Using Machine Learning to Spot Photo Shopped Images
In the June issue of The MidaSearch Trawler there was a piece regarding fake face generators. Image manipulation as well as ‘Deep Fake Videos’ have the potential of fabricating information.
Adobe have over the years been innovators in photo-shopping software, but have now published a paper on how they are using machine learning to spot photo-shopped images. A solution is yet to be made available to the public from Adobe, however the video below gives a good overview of their work in tackling this issue. Whether it will be Adobe or another company who eventually release a solution to businesses and investigators to tackle the issue it is worth keeping an eye on any future developments.
AI technology face generators
The ‘people’ below all have one thing in common – they do not exist. They were all created using AI technology and are available from free open source websites.
How can I check that a face is real?
Currently the faces on the free random generator sites all have a small defect that can be spotted by studying the image. Some are easy to spot whilst others are harder to spot as the defect is not always in the same place.
Spotting the defect….
However with free online photo-shop tools it is easy to remove the defect and even add a whole new back ground, but even with no changes it still has Google fooled…
Have a go at this quiz and see how many fake faces you can spot……
Invoice Fraud Scams
The Nat West Business Hub has an interesting article explaining how invoice scammer gangs are posing as legitimate payees of supply firms and tricking the targeted companies in to transferring money to them. According to figures published by UK Finance in their report Fraud the Facts these scams cost firms over £90million in 2018.
You can read the Nat West article here
Manage your online identity
It is important to keep on top of your social media accounts and to regularly check that your email address(es) have not been compromised. Three easy steps to help are:
- Check to see if your email address has been compromised through known security breaches. A simple easy way to check is by using a free reputable webite such as ‘Have I been pwned?’ The site will check any inputted email address and give instant results along with relevant tips on how you can reduce the risk of being a victim of hacks and scams. https://haveibeenpwned.com/
- Delete old social media and other accounts that you no longer use. – However it is not always as easy as it possibly should be to have companies delete your personal details from their websites. ‘Just delete me!’ has useful information and direct links to a large number of websites account deactivation pages. https://backgroundchecks.org/justdeleteme/
- Update your privacy settings – check privacy settings on social media and other websites you use still meet your personal requirements. If you are unsure how to update privacy settings think about giving a site such as Plus Privacy a try. It is a ‘one stop’ website tool that enables you to easily change privacy settings of several social media sites at once. https://plusprivacy.com/
Stephanie “Snow” Carruthers is a People Hacker for X-Force Red, an autonomous team of veteran hackers within IBM in this article she reveals some of her tricks to gaining vital business information from company employees. https://securityintelligence.com/posts/interns-and-social-media-a-goldmine-for-hackers
FBI take down Deep Dot Web
Public are warned of commonly used methods by travel fraudsters
For more information click on the following link to the Action Fraud press release dated 09th May 2019: https://www.actionfraud.police.uk/news/action-fraud-report-reveals-7-million-lost-to-holiday-fraud
Banking Fraud Prevention System Delayed Until March 2020
For more information click on the following link to the PSR press release dated 09th May 2019: https://www.psr.org.uk/psr-publications/news-announcements/psr-opens-follow-up-consultation-on-cop