Professional View Point

COUNTERFEIT U.S. CURRENCY

brian@blue6investigations.com (Brian Harkins) — Sun, 11 Apr 2021 06:45:47 GMT

AUTHENTICATE YOUR CASH

Learn to identify counterfeit money.

Report suspected counterfeit currency to the U.S. Secret Service.

Most counterfeited U.S. currency: $20 and $100 denominations

Depends on the location in the world.

U.S. counterfeiters' favorite: $20 bill

It is readily accepted everywhere without question.

It has been said that when one person sells and another one buys, they both think they were smart. But no one feels smart when their money gets confiscated as counterfeit and they are left with seller’s remorse. The risk becomes worse if the victim decides to pass it off on someone else and a criminal investigation ensues. It is advised that you accept the loss and turn in the illegitimate loot to the police, a bank, or the Secret Service along with any evidence of the crime committed against you. Being a victim of a crime is a better legal position than being suspected as an instigator or co-conspirator of a crime. With these skills you can be smart.

How to Inspect U.S. Dollar Bills:

1.   Feel the Texture of the Bill
2.   Compare Bills of Similar Denominations and Series
3.   Look for the Quality of Printing
4.   Look for Blue and Red Fibers
5.   Study the Serial Numbers
6.   Look for Security Features

TEXTURE. Currency paper is a cotton/linen mix made according to a secret formula. Proper U.S. notes feel crisp, glossy, and elastic, not like regular paper and will not easily tear. Use your fingers to feel the money. A security pen can be purchased at most office supply stores. Mark on the money and a dark brown or gray color means it is not good currency. A legitimate note will leave a light gold color.

DENOMINATION/SERIES. Some businesses which frequently deal with cash will keep bills of each denomination from various years (Series) which they already know to be legitimate. They will keep bills of the same denomination from different years, because the designs have changed over the decades. They use the known legitimate bills as specimens against which they can compare the features of unknown bills from customers to help them determine if the customer’s currency is legitimate.

PRINTING QUALITY. Legitimate notes have some of the finest printing possible. It will be sharp and clear with no smudging. Firmly press and glide your fingers over the note to see if you can get the ink to smudge. If character edges are fuzzy or there is smudging then you have counterfeit money.

FIBERS. Red and blue fibers are woven within the paper of a note, not on it. A magnifying glass can help you best see it. Counterfeiters may paint colors on the paper to look like fibers.

SERIAL NUMBERS. Digits should be evenly spaced and properly aligned. Notes of the same denomination will never have the same serial number if they are legitimate. Counterfeiters will sometimes print a lot of bills with the same serial numbers because it is efficient.

SECURITY FEATURES. Notes above $1 and $2 denominations have many special features, such as a polyester security strip running the width of the bill with the denomination printed in them and they may glow different colors under a black light and be magnetic. Watermarks are ghost images barely seen to the right of the portraits. Most counterfeit money will not include those, but they may. Some images include color shifting ink that can be seen as the bill is moved at different angles. There is microprinting on designated spots of some bills. Some have intaglio images, raised images that can be felt.

Educational Site:   https://www.uscurrency.gov/

Ransomware Attack! Part 2

brian@blue6investigations.com (Brian Harkins) — Tue, 15 Oct 2019 01:30:33 GMT

Emails that Scare into Submission

Have you ever heard your mobile phone buzz, pick it up to check it, notice that there is no activity on your phone, and then realize that the alarm was really coming from your television? You got faked. Con artists do similar things, but on purpose. They try to get you to believe that an alarm is ringing when in reality nothing is happening at all. They use your predictable emotions against you, just like a hunter calling in the turkeys for the kill.

There is an email scheme that is currently active, among many others. It starts like this:

"Hello! I have very bad news for you. 17/07/2019 - on this day I hacked your OS and got full access to your account xxxxx@xxxxx.xxx. You can check it - I sent this message from your account...."

It goes on and on for a long time with all kinds of gentle threats. The header will show that it was sent from you, to you. So, it genuinely looks like they sent it from your own email! First off, don’t fall for that. It is a fake. Then they go on to explain to you how they exploited a software vulnerability in your router. The truth is that they do not even know who you are or where you are. It really sounds scary and believable at that point, but then it builds an even stronger case.

The email goes on to explain that they have downloaded all kinds of illicit material from your “device.” They claim to have used your own computer camera to take pictures and have put together an interesting presentation that you would not want anyone to ever see. They say they have also downloaded your contacts. So, supposedly they even know who to send your unfortunate information. To top it off, they explain that when you opened the email, it automatically started a timer which they will be monitoring. You have 48 hours to pay them $948 in Bitcoin, or your reputation will be ruined and your information locked up. A common Bitcoin wallet address given to which to send the Bitcoin is as follows: 15yF8WkUg8PRjJehYW4tGdqcyzc4z7dScM.

They tell you that if you try to take actions to fix the issue then it will create further problems for you. They explain that getting rid of the data from your computer will not help you because they have already downloaded it, plus what they have recorded from watching you.

A query with the website www.BitcoinAbuse.com revealed that as of this writing, that wallet address had been registered as abusive 239 times with approximately 3.3 Bitcoins having been paid in ransom money.

That is a pure shame if it is accurate.

The threat is a SHAM. It is a fake. They do not have anything. Don’t fall for it.

Someone just has an email list. They are emailing thousands of people and changing each header to make them look like they are sending an email from you to you. Why? Because that looks scary! They only need to convince less than one in a hundred to pay and they will make some good money.

If you receive such a threat, go to https://ic3.gov on the internet and file a complaint with the FBI.

Ransomware Attack! What To Do

Sun, 15 Sep 2019 22:56:04 GMT

Ransomware is soundly defeated by Backup Data

FIRST THING TO DO : If your computer has ransomware, then isolate the computer from all other devices and the network/internet. Do NOT turn off your computer, and do NOT use your computer to create, edit, or save information. That can change the status of current data. You need things to stay as they are. Call your IT Department if you have one. Most of the information on here is for a Windows computer. There are detailed instructions below. It is advisable to hire a professional private investigator to recover your computer files.

One of the most insidious cyber threats today is Ransomware. A reviewed article cited that DOJ reported 4,000 such attacks in the first eight months of 2016. The FBI recommends that you not pay a ransom since it only encourages more criminal activity when someone pays. Ransomware is the situation when an unexpected message pops up on your screen telling you that your data has been taken hostage in some way. The message will go on that if you pay thousands of dollars then they will furnish you a way to get your information back. What a nightmare.

Evil doers can hold or threaten your information in several ways. They can encrypt your data and force you to purchase the encryption key. That is a bad version. They can lock your screen. That is easier to overcome. They can overwrite your Master Boot Record, which can be overcome. Finally, they may simply pretend they have control and try to frighten you to do what they want. They may even pretend to be the FBI or IRS. That is nothing to be concerned about.

How to determine your status? If you can browse through your computer folders, but you cannot open actual files, then your data has been encrypted. That is bad. If you cannot move off the warning screen, then it is likely a screen-locker. That can be easily defeated. If you are able to freely access everything on your computer then you are likely the victim of a hoax threat and they hope to scare you into paying. In that case, you are in no danger. You can simply close the web page. In some cases you may have to use the Task Manager to close the page as it may be forced to stay open, but that is no big deal.

Paying a hostage ransom is not advised. First, there is no guarantee that your information will be released after you pay. Secondly, it encourages additional attacks on you and others. However, just know that generally, if you have something that is truly necessary to get back because you were unprepared, a lot of people have found that for a mere $300 ransom they could get their information back. So, even if you feel that you MUST pay, keep it a low amount, and never leave your information so vulnerable again. We recommend that you never pay. Rebuild the information again no matter how much work it takes, and do not encourage criminal activity.

So, what can you do? Well, first off, in preparation you should keep daily backups of everything important. Then, if you get attacked you can erase/wipe the computer and reload everything back onto it. That is a lot of trouble, but at least you are not rewarding criminals and you have not been made a victim.

If you use old software then turn off macros except for when you need them. They can be exploited, especially as attachments to email. The best thing is to upgrade to modern software. Microsoft uses “Protected View” to protect you from macros that automatically engage and allow a virus to unleash. That allows you to safely look at an email attachment sent to you before allowing it to be active, like an Excel spreadsheet or Word document. If you do not recognize it then do not fully open or save it. Also, software can be installed called a “Sandbox” which isolates email attachments until they can be reviewed.

ENCRYPTION RANSOMWARE

STEP 1. If it appears to be an encryption attack, then immediately disconnect the computer from the network, other computers, and any external devices such as drives. At that point you have isolated the problem, assuming that it has not already been passed to other devices.

STEP 2. Make a record of the ransom note with a photograph. You can take a screenshot, but you risk saving it over data that you may want to recover. Making sure that date and time information are always correct on your devices keeps them ready for emergency situations like this. The images will be used as photographic evidence which can be turned over to the FBI and police.

STEP 3. Contact the FBI at www.ic3.gov and your local police department. Report the crime with as much detail as you can, including information about your system, your operating software, your access points to the internet, the circumstances of discovering the message, an account of what you last remember doing before the ransom message, and your ransom message photographs.

STEP 4. Consider calling a professional private investigator at this point. Below is additional information but you proceed at your own risk.

STEP 5. Use anti-virus or malware software to remove the ransomware. You may have to put the computer into Safe Mode. To do so, reboot the computer and hold down the “S” key on the keyboard while it is rebooting. Removing the ransomware will not decrypt your files, but it will stop additional damage from continuing. It will also kill your opportunity to pay the ransom later. So, be sure that is the route you want to take before you do it.

STEP 6. Recover deleted files. It is a common method to encrypt files by making a copy of each file, encrypting the copy, saving it with the original file name and deleting the original file. In that case, there will likely be deleted versions of the files which can be restored. That is why you do not want to continue working on the computer even if you have control of it. Doing so could overwrite that deleted data, making it nonrecoverable. There is software available to recover deleted files, but make inquiries as to whether loading it may overwrite some of the files you wish to recover. That’s another reason to call a professional. If they have overwritten the Master Boot Record, then see Step #14.

STEP 7. Attempt to identify the ransomware through an online service such as ID Ransomeware or Crypto Sheriff. You can upload one of your files and they can often tell you whether the encryption can be reversed.

STEP 8. If the ransomware could be identified then try the website “No More Ransom” to find a decryptor, or many other online sources, including antivirus software companies. Often the files cannot be decrypted.

STEP 9. If you have backups of your files, then that is your best resource, once the virus software has been removed. First, you need to check those backup files and make sure that they too have not been infected, preferably using a different computer. That is also why it is a good idea to have a backup of the backup once in a while, like once per month or so. That gives you a point far back in time to restore even if your regular backup has been recently compromised in addition to your computer. Do not use the backup yet.

STEP 10. Wipe the computer hard drive completely, and do a clean installation of your operating software, like Windows. If you simply restore your files, there is a chance that some of the ransomware could remain on the computer and cause issues. Install all of your software programs and get the computer reset up.

STEP 11. Restore your backed up files back onto your computer. Everything here is a time consuming process, but it is the best hope of recovery.

STEP 12. I am loathe to even list this step. If there is some reason that you feel that you must deal with the criminals then negotiate for a better deal. They expect you to do so and they expect to collect less. However, again, realize that they may take your money and leave your computer data locked up. It is a gamble. OR…

STEP 13. You can just Start Over. Forget about the lost data, wipe the hard drive clean, and reinstall your operating software. This can be done with no loss if you maintain your data in multiple locations. It is advisable to not only backup your data, but to keep actual working copies on other drives which are not usually connected to your computer except to copy the files for this purpose. If you have a lot of data it may take several hours for your computer to copy information over to an external hard drive, but you can continue to work while it does that if your data use is not high, like drafting documents.

STEP 14. If the Master Boot Record was overwritten, then you can take it to a computer repair shop and they can recreate it. The best antidote is to create a bootable file ahead of time along with a Master Boot Record and to keep it on separate media like a USB device (or whatever is later in vogue) and in a safe place.

SCREEN-LOCKING RANSOMWARE

STEP 1. Immediately disconnect the computer from the network, other computers, and any external devices such as drives. At that point you have isolated the problem, assuming that it has not already been passed to other devices.

STEP 2. Make a record of the ransom note with a photograph, and if possible, a screenshot. That’s a good reason to make sure that date and time are always correct on your devices. The images will be used as photographic evidence which can be turned over to the FBI and police.

STEP 4. Put the computer into Safe Mode. To do so, reboot the computer and hold down the “S” key on the keyboard while it is rebooting. Access your antivirus or malware software and attempt to remove the ransomware.

STEP 5. If Step 4 did not work, then for a Windows computer use System Restore to load an older state of the computer system. If that does not work, then take it to a computer repair shop. They can likely get it back in working order for you.

STEP 6. Reboot the computer normally and run antivirus software to make sure the system is as clean as possible.

CON JOBS

Tue, 04 Dec 2018 06:00:00 GMT

Are You Too Big For Your Britches?

CON JOBS

I'm always surprised by people who tell me that they are not concerned about certain fraudulent threats out there because they are aware enough to avoid it. We are primarily talking about interactions with people (through personal interaction, email, telephone, etc.). This is not about database breaches.

I try to help people understand that their confidence is the very perspective that makes them vulnerable to scams. Many people erroneously assume that as long as they are skeptical and aware then they hold a strong, safe position. Big mistake. Scams work because there is something unknown to you, even when you are skeptical. And regardless of what you think you know, you probably cannot predict what that is, making it unknown. THAT kind of slight of hand is why it works.

Your pride may be your downfall. Please understand, the thing that makes a good scam work is that the artist is giving you confidence (the "con") in a situation, often based on confidence in either themselves or in yourself. They used to be known as "Confidence Men" and "Confidence Artists." That's where the term Con Job originated. The slang word is based on the term Confidence Scheme.

The basis is that your confidence is what opens the door to give the crook access to something, like key information, a location, a key person, your signature, etc. And, of course, their supreme confidence is sometimes what fuels your confidence, but that is not always the case. Sometimes, if you are skeptical of them, then they can use your confidence that they may be dishonest as the way to get you to let them scam you. It's crazy.

The crook can do a circumstantial judo move on you. In judo, you push on the person so they will push back in resistance. Then you quickly switch to a pull action and use their energy against them to pull them where you want them, which often is flat on their back.

Similarly, the con artist will get you to think that you need to protect yourself from one or two obvious vulnerabilities. He gains your confidence in the situation by allowing you to do those things your way to make you feel ironclad safe. He may even resist at first, to reel you in. In that case, he does not need you to feel any confidence in him, just in the situation itself. After all, what you are concerned about, is not even what he is really going to do. He has unknown plans. Your confidence that you know what is what is his doorway inside your world.

In the below instance, the woman probably thought she was following safe protocols. She was probably being careful and thoughtful in her conversation with the man who said he wanted to repair her fence. However, by doing nothing other than engaging with the con artist, she played perfectly into his hands even though she never hired him or allowed him into her house.

Be very careful with unknown people and situations. Whatever you think you know or see may not be the real story. Just speaking with someone can play right into their hands. You may think that you have given up nothing, while in reality, in that so-called "useless" exchange you may have unknowingly given up everything the crook wanted.

They KNOW what they are doing. You may THINK that you know what you are doing. But you usually DO NOT know what they are really doing. I'm trained in fraud, and I still follow the humble approach that I may not know what someone is really up to. Everyone can be conned, including me. Just walk away and only engage with those that you seek on your own.

FENCE REPAIR SCAM

According to the Grapevine Police Department, a pair of people conned an elderly couple. A man knocked on a home door and told the elderly lady that he was there to repair her fence. She said she would meet him in the back yard, probably thinking that she was following a safe protocol by controlling his access. The problem was that her mere conversation was exactly what opened the door to the con. They talked in the back yard for about 15 minutes about different concerns and options. Then suddenly the man said he realized that he was at the wrong house. He immediately walked to the front yard, where he entered a van with a waiting driver and they immediately departed. The woman thought no more about it.

What the woman did not know or anticipate was that while they had talked in the safety of the back yard, the man's companion entered the house and stole expensive items from inside the home. The homeowner was kept busy by the first man. The lady was unaware that anything had happened until her husband arrived home and discovered the full measure of what had happened, a burglary. Now they are missing some important things in their lives, because she had confidence that she was being smart and careful. That was exactly what the con artist wanted her to think. He used her distrust to trick her into doing exactly what he wanted.

Good luck and stay safe.