A Millennial’s Guide to Avoiding Romance Scams

As online dating has started to gain traction as a means of finding your match, so too has the threat of being scammed in romance fraud.

We often hear about these stories where an elderly person was manipulated by a con artist into giving away their life savings, or a predator has been grooming an adolescent to take advantage of them. Many of us millennials and gen z have a false sense of immunity to these scams because we have grown up with the internet and online dating. We might think that we already know all the signs, or that it might be less likely to happen because these dating platforms have established trust in the consumer base.

And yet, romance-based scams account for some of the highest dollar losses per year in the category of mass marketing frauds. It is one of the least reported types of fraud despite its proliferation across the internet, and it can target people of all ages.

Usually these types of situations have a few common themes:

  • They ask you early on to move communication off the dating platform. Moving away from the online dating site messaging services means that the interaction can be harder to track. Usually they will ask to communicate by email or text messages instead.
  • The relationship moves very fast. If after just a few contacts, they are expressing their profound love or feelings of deep friendship for you, it’s time to be suspicious. This is a tactic to try to manipulate vulnerable people into trusting the con artist, so that they can be more easily scammed.
  • Yet they will not meet you in person or talk on the phone/video chat. Even though they could be professing deep feelings for you, they are somehow evasive when it comes to the topic of meeting in person, or they have all these excuses about why they can’t speak on the phone or video chat. This factor alone is huge– when romance is real, you want to be together and you want to see each other. So even if on the off chance that they are not scamming you and don’t want to meet, they still may be hiding a big secret.
  • They want you to send them money. This is usually not something that happens immediately. It takes time and grooming for the con artist to build trust with their target. At that point, they may come out with an elaborate story about how they need financial help to get out of a problematic situation. Common stories of this nature include being stuck traveling and needing help with airline tickets, requiring assistance with medical bills, or having a family member in a life or death situation. These stories are engineered to prey upon your need to help those that you care about. If the victim agrees to pay even just once, there will most likely be more requests in the future to cover other fictitious expenses.

You should never agree to send money to someone that you don’t know. Besides the potential of opening up a figurative drain, you could be unknowingly helping the scammer in something shady. Especially if they ask you to move money or goods on their behalf.

If you feel like something about the person’s profile doesn’t quite add up, you can reverse image search the photo by right-clicking it on the website and selecting the ‘Search Google for image’ option. This will show you if the profile picture has been uploaded anywhere else, which could show if it was taken from someone else or a stock photo. This also works on mobile if you access the photo through the Chrome browser app, hold your finger down on the photo until a pop-up menu appears, and then you can select the option to search google as usual.

One more thing to consider is avoiding sending intimate photos of yourself or providing sensitive details about your personal life that could be used against you. Scammers have been known to hold individuals hostage in these relationships by threatening to blackmail them with information they had voluntarily provided.

If, over the course of reading this article, you have found yourself recognizing red flags in a situation you or someone you know are involved in, know that you can reach out to us to help. Visit our website https://www.datecheckonline.com/ for more information on our identity verification investigations and to get in contact with us so that we can help you.

This article was written by Kristina Weber, Content Manager of Centry Global. For more content like this, be sure to subscribe to Centry Blog and follow us on Twitter @CentryGlobal and @DateCheckOnline.

2 Years of Centry Blog!

After two years in operation, Centry Blog has been steadily reaching a wider audience and netting more and more views across Facebook, Twitter, and LinkedIn. If you take a look in our archive, you will find all sorts of content ranging from simple guides on how to bolster personal security to full articles on issues such as counterfeiting, money laundering, data breaches and more. For all of our new followers, we warmly welcome you and invite you to learn more about who we are!

CENTRY GLOBAL is an international security solutions company that not only advises businesses on best practices in security, but also carries out the dynamic services needed to meet those goals. Our work takes us around the world – it’s more than a job; it’s a lifestyle.

Our professionals come from many different cultures and backgrounds, with a combined expertise based around security and risk management. Within our ranks, you will not only find professionals in investigative, fraud control, security and risk issues, but also experts in programming, software development, and security technology.

As a result, we use technology where it proves to be suitable tool, but we don’t get hooked on the tools because we know that the type of security risks you face are not machine made; they are related to people. And above all, we are people persons. We are highly communicative, we like to interact and network, and we do that in many different languages across many different countries.

The facets of our core business are divided into five different streams – those being Security Risk Management, Compliance Screening & Investigations, Business Support, Cyber Security Services, and Supply Chain Security.

Our Security Risk Management program revolves around the service of a Project Security Manager, who is a highly experienced professional, usually with prior military experience, that works to secure client project sites, no matter what country they are in. Our PSMs have worked in countries such as Algeria, The Ivory Coast, Mexico, Ukraine, Iraq, Yemen, India, and more. Each of these places comes with their own unique set of risks and we always rose to the occasion.

Meanwhile, our Compliance Screening and Investigations professionals are on the frontline, protecting our clients from unknowingly engaging with shady businesses or sanctioned individuals. Our services on in this sphere range from performing background security checks for recruitment to months-long corporate investigations to private field investigations for individual persons.

Our Business Support program has two avenues: Pathfinding and Business Process Analysis. Pathfinding is an advisory and liaison service that is useful for businesses looking to expand to a new location or culturally different market. Our professionals serve as the middle-man between our clients and the new area, by conducting research on the locality and liaising with relevant officials to ensure client operations are as seamless as possible. The Business Process Analysis (BPA) is an operational review specifically designed to identify vulnerabilities associated with a process on a preventive basis. A BPA can also be used to investigate specific losses by reviewing the process where the losses originated, without creating a negative atmosphere with employees having to be involved in an internal investigation.

Our Cyber Security professionals have the singular goal to ensure that our clients’ online business assets are safe and secure. This takes a multi-faceted approach comprised of security training, a high-level business review of existing policies and procedures, a threat risk assessment, and the creation of new policies and procedures if necessary.

Finally, the stream of Supply Chain Security services work around supporting organizations that are interested in enhancing the resilience of their supply chains by applying for and remaining compliant with international certificates and authorizations, such as TAPA and AEO.

Above all, we are a united team that takes pride in providing meaningful impact on the world around us by ensuring that the people who work with us can be protected and taken care of.

If you have any questions or comments for us, please feel free to submit them on the Contact page of this website!

Cyber Security in the Supply Chain

Cyber Security is generally accepted to encompass the protection of our interconnected information systems and assets including hardware, software, applications and data.  In that range of topics, one of the most important areas of concern for Cyber Security professionals is Vulnerability and Patch Management within the realm of Security Operations.

Vulnerability and Patch Management is the ongoing practice of ensuring that your systems and applications are kept up to date, scanned for known and unknown vulnerabilities.  The conventional wisdom is simple – when a software vendor provides security updates for critical application, these should be installed as soon as possible. Right?

Microsoft issues security patches for Windows and Office applications on the second Tuesday of each month. Apple issues security updates a handful of times per year.  Other vendors have similar programs.

When a vendor issues security updates, they usually disclose the particular security vulnerabilities that it was intended to fix.  So, as soon as a security update is released, the vulnerability becomes “public”. Now that the vulnerability is available (to bad actors) it is even more crucial that the fixes be applied in a timely manner.

All of this assumes that the vendor (the “Supplier” of this particular “Supply Chain”) has not already been compromised.  Imagine if a hacker could get in to the systems of our software supplier, make changes to released software that add malware.  Diligent users would unknowingly, and quite reliably continue to install updates, that now include malware.

If this sounds like a nightmare scenario, it is.  And it has already happened.

Examine the case of the Not Petya worm.  This started at a small company in Ukraine that supplies a piece of software called M.E.Doc.   You probably don’t use M.E.Doc. so you are not worried, right? M.E.Doc. is accounting software, used in Ukraine (think Quicken/TurboTax) and is required for filing national taxes.  So a large number of Ukraine based companies use it. In the spring of 2017, outside forces (likely Russian) hijacked the company’s update servers, injecting malware that included a small, but critical backdoor into the software.  As users updated their systems, they were infected with a backdoor, which laid latent for a month or two.

Then, the attack was launched.  The attack leveraged other vulnerabilities in Windows known as Eternal Blue and Mimikatz. These vulnerabilities rely on being “inside” the network of a company, behind the firewall, and once there, were able to spread globally encrypting data and asking for ransom.  Large multinational companies were affected, including banks, large shipping interests, manufacturing and more. If your company had an office in Ukraine, you may have been affected. If one of your suppliers, to whom you connect has offices in Ukraine, or is connected to someone who does, you might have been affected.

The upshot is this: Supply Chain security in Cyber Security is a now multi level concern.  Security professionals must now consider not only who might get in to their own network, but who might get in to their supplier’s network and who might get in to their suppliers’ supplier’s networks, and so on.

As is the case in other areas of Supply Chain security, we must concern ourselves with not only preventing bad things from happening, but assuming that they can, and trying to limit what can be done when bad things happen anyway.

And there is no simple answer.  Keep systems up to date to protect from know vulnerabilities.  But know that these updates can themselves introduce other vulnerabilities.

This article was written by Dave Ehman and edited by Kristina Weber. For more content like this, be sure to subscribe to Centry Blog for new articles every other week on topics relevant to the security industry. Follow us on Twitter @CentryCyber and @CentryLTD!

What is Social Engineering?

One of the most common methods of fraud is social engineering. This refers to a calculated deception that targets people in order to obtain sensitive information relative to their business, identity, or finances.  

There are two main categories of social engineering: (a) Mass Fraud, which is mostly comprised of basic techniques meant to scam a high quantity of people; and (b) Targeted Fraud, which is a highly-specialized method of fraud that singles out a specific individual or company.

The majority of these schemes follow the same general path. It begins usually with gathering information on a topic or target. Once enough information about the target has been obtained, scammers can focus on developing a false sense of security and trust with their target. In cases of mass fraud, this could look like replicating the design of a Netflix customer service email, or in targeted fraud establishing enough of a friendly rapport with an individual over the phone that they feel comfortable providing more and more information. Once this has been established, scammers can exploit any of the identified vulnerabilities and ultimately execute the scam.

Social engineering works because it preys on our instinct to trust.

Let’s say you are at work and receive a call or email from a “colleague” asking for some sort of account number or other piece of information related to the business. If you haven’t had any training on your company’s confidentiality policy, you might not think twice about providing this person the information they ask for. After all, they might seem trustworthy, or talk about things in a way that would give you no reason to suspect they aren’t a fellow coworker. That’s because they have meticulously studied how to prop up the illusion.

These types of attacks are common; all you need to do is look at the news to find examples. Just recently it was found that hackers connected to the Russian government were impersonating US State Department employees and sending emails with downloadable attachments. These attachments would then install software that could provide the hackers access to internal systems.

These fraud attempts aren’t just work-related. They can target you at home, too.

The Internal Revenue Service (IRS) of the United States just issued a warning about a new tax related scam. A surge of emails recently have been impersonating the IRS and using “tax transcripts” as bait to trick users into opening documents that contain malware. The malware behind this scam, Emotet, has been historically associated with posing as financial institutions in order to encourage people to download the malicious attachments. The IRS has recommended that if you have received one of these emails to delete it or forward it to phishing@irs.gov.

So how can you protect yourself?

Individuals can take the time to be vigilant of unfamiliar calls and emails. Sometimes social engineering won’t be a singular attempt. It could be repeated calls over years that slowly harvest the information needed to execute a scam. When in doubt, you can double check with the source, and avoid providing personal information. Meanwhile, companies can develop a guide for handling sensitive information to avoid blunders with fake employees. With sufficient training, employees can be taught to recognize different types of fraud and have an established plan for handling it should they come across it.

This article was written by Kristina Weber of Centry Global. For more content like this, subscribe to our blog and follow us on Twitter @CentryLTD!

Finnish Security Awards 2018

We are honored to have been part of the Finnish Security Awards (FSA), which took place last month in October 2018. This is the fourth time that this event has been organized, thanks to Turvallisuus & Riskienhallinta, a Finnish security and risk management magazine.

This year the awards were held at the Old Student House in Helsinki. The opening ceremony featured a presentation about the future of security and safety by Professor Esko Valtaoja. There are eleven award categories at FSA, and each one had its own jury that was comprised of respected professionals in the industry.

A number of us at Centry attended the awards ceremony, and Mr. Risto Haataja of Centry was a member of the jury that selected Security Company of the Year!

This slideshow requires JavaScript.

5 Basic Digital Privacy Tips for the Average Person

As interconnectedness and personalized browsing experiences have become the norm in today’s society, our lives – increasingly impacted by our digital footprint – have become less private.

The right to digital privacy has been a slow growing movement, and its biggest marker was the General Data Protection Regulation that affected the EU. It was a legislation that marked digital privacy as a right, not a privilege, and companies all over the world scrambled to make sure they met compliance requirements. Now, for users in the EU, the internet has become a more transparent place for how information can be used or accessed. But, of course, it is still a work in progress.

Digital privacy is a massive topic that can be very easy to get lost in, especially if you’re new to to it. However, you don’t need to be a security expert nor do you need any particular reason to bolster your privacy on the internet. So, here are some simple security pointers for the average web user:

1. Keep your OS updated

The first thing you will want to do on any device is to make sure that it’s updated. As annoying as the notifications can be, they’re there for a reason– updating is important, and not staying on top of them could mean your device has a critical security vulnerability. So whether it’s installing the new macOS update, iOS 12, or Windows update, etc. just make sure that you take the time to do it, or set up your device to update automatically (usually configurable in settings).

2. Be mindful of Public WiFi networks

Public WiFi and open networks are notorious for security vulnerabilities, and connecting to one could pose a risk to your information. While it’s better to avoid connecting to them at all, sometimes you need to, so if you do, here’s some steps you can take. First, you’ll want to make sure that you turn off network sharing (usually preferences can be found in wifi settings on your computer). On Windows devices, you can also make sure you have Windows Firewall enabled.

When browsing connected to a public network, it’s best to avoid anything sensitive, such as banking. You should check to make sure that what websites you navigate begin their web address with HTTPS, as well.

3. Use a secure web browser

Make sure that you are using a secure web browser. Mozilla Firefox and Google Chrome are some good choices depending on what you want. If your priority is maintaining as much privacy as possible online, Firefox is better as it has more options for privacy and security. It is also the more lightweight program of the two, which would run more smoothly on computers with less RAM.

Google Chrome is also a comparatively secure option in terms of protecting you from malicious websites, however it is less private as a lot of data about your internet usage goes to Google. That may be a positive or a drawback to you depending on your priorities – if you want privacy, it’s not so great, but if that’s not extremely important to you and your computer is equipped to handle Chrome’s resource demands, then it’s a solid choice as well for speed and reliability.

In either browser, make sure you take the time to navigate to the Privacy and Security settings and adjust them to your preference. Some of the settings you can choose are to clear your browsing data/history, unselect the option to send usage statistics to the company, enable Do Not Track requests, etc.

Additionally, you can install an ad blocker extension/addon, such as uBlock Origin, in both browsers that serve as an additional line of defense against unwanted scripts running on websites that you visit. This can be easily obtained for free through the Chrome Web Store or Firefox Addons.

4. Secure your social media profiles

One common mistake that people make on social media platforms like Facebook and Instagram is that they have their profiles set to public. This means that anyone, anywhere can view your profile and all the content on it. This is great for a business page, but maybe not so much for your personal profile.

Every big social platform has privacy and security options. These can usually be found in the settings menu, where you can navigate to the relevant sections to adjust what you want to be seen. On Facebook, you have full control over who can see your posts and friends lists, as well as whether you can be searched by your email address or phone number.

Location settings – especially in mobile apps – are important to adjust as well. Snapchat is a big one for this, as people on your friends list can observe your location in real time through the Discover function unless you have disabled this feature and turned on “Ghost Mode.”

5. Consider using a VPN

Finally, if you want to take your security one step further, you can look into getting a VPN — that is, a virtual private network. VPNs have significant privacy advantages by encrypting your connection and acting basically as an intermediary between your device and the internet. They mask your IP address, which is basically as telling in the digital world as your home address is otherwise. The VPN works by routing your traffic through its own servers, and gives you the option to appear to be from any location of your choosing.

But since you are relying on the VPN in this way, it’s important that you get a trustworthy one, such as F-Secure Freedome. Most free VPNs are unreliable at best or actively malicious at worst.

Overall, online security and privacy is what you make of it. But these simple steps will at least ensure that you’re going in the right direction. For more in-depth information on the topic, be sure to follow @CentryCyber on Twitter.

This article was written by Kristina Weber of Centry Global. If you would like help or have questions, feel free to contact us via email at info@centry.global! Be sure to subscribe to Centry Blog for original bi-weekly articles relevant to the security industry.

Golden Visa for Sale! Now on special offer for the 1%

European passports and Schengen visas are the most desired traveling documents in the world. Not only do they grant the most traveling freedom, they give access to a safe and stable living environment, with free speech, in a market that can fulfill all your needs.

Many EU countries have taken advantage of this by offering entry in exchange for investment. This kind of activity is commonly referred to as a Golden Visa Program. For the subject countries, they are indeed golden, because they have the potential to bring in billions of capital into the country. Latvia, for example, used the program to stabilize its economy after the financial crisis.

According Transparency International, such programs have been in existence since the 1980s, and currently at least 12 EU Member States are offering them. Usually the reward is a residence permit, however Cyprus and Malta offer a fast track to citizenship should the customer invest enough money, and Portugal offers the citizenship option after a six year waiting period.

While the controls in most European countries should prevent individuals who are sanctioned by the EU from obtaining citizenship, many individuals took advantage of Golden Visa programs prior to implementation of the current international sanctions. It is a complicated matter for a nation to try to implement sanctions on its own citizens and capital that is invested within the country.

Most of these programs are legitimate, but the way they are set up invites abuse. Real estate is one of the easiest ways to launder dirty money, and these programs are taken advantage of all over the place.  

Some of the Golden Visa and Golden Passport programs are complex and might involve long red tapes and waiting periods. Of course, sometimes a suitable facilitation payment can fix that…

Latvia Golden Visa Program

The Latvian Golden Visa Scheme was heavily criticized. From 2010 to 2014, Latvia offered it at a discount price of EUR 71,150 if invested in countryside real-estate. The price for living in Riga was doubled to a value of EUR 142,300. As you can see, this could very easily be taken advantage of by someone looking to spend dirty money.

The number of people who took up this offer increased substantially  in 2014, the same year that Russia annexed Crimea. Almost 90% of the visa applicants came from Russia and countries that were formerly in the Soviet Union.  Thus, a program that had originally been intended for economic development and brought wealth to Latvia in the previous years had become embroiled in political significance.GV-by-Year

Picture 1: Latvian Golden Visas per year (Source)

The negative effects of the program eventually convinced the Latvian Administration to dismantle the discount in 2014. The greatest risk of these visa programs was spying, according to the deputy head of the Latvian Security Police in a 2017 parliamentary committee hearing. Then, of course, there was the risk to the economy, since many applicants were unable to prove the legality of their money. Although the program has since been dismantled, the effects of it and risks introduced by it will be felt for years to come.

Hungarian Golden Visa Program

Another interesting notorious golden visa program was the one in Hungary.

The Hungarian Golden Visa program was slightly different than in Latvia. Instead of it being based on investment in real estate, applicants had to buy a state bond from one of eight companies that had solitary rights to sell them on the behalf of the government. These bonds, which totaled up to EUR 300 000, were not inexpensive.

The results of this program were remarkable. The eight companies were able to earn about USD 600 million – and that’s a conservative estimate – over the course of the years that this program was running from 2013 to 2017. (OCCRP May 16, 2018)

The program ended in 2017 after criticism concerning the integrity of the eight bondseller companies. They were pretty mysterious – most were registered in offshore tax havens and it wasn’t completely clear who exactly profited from the sales.  

An investigation conducted by g7.hu and Transparency International Hungary uncovered the way these companies worked. Basically, companies would be assigned to territories around the world and allowed monopolies to sell the bonds under the program. But the way these companies were assigned required inside knowledge and connections – it wasn’t like it was a public tender. They had to have known about it separately since it was never advertised. Per the law, all the applicants were meant to be listed on the Hungarian Economic Committee’s agenda, but this was not always the case.

Although the Golden Visa program in Hungary has since been shut down, there are some rumors that a new ‘golden’ immigration program may be coming. Direkt36 reported that this new program was advertised by a Hong Kong based company on the Chinese platform WeChat. This new program now more closely resembles Latvia’s program, where applicants are required to invest a value of EUR 78 000 into Hungarian real estate.

Case Study: Who buys the visas? 

methode%2Fsundaytimes%2Fprodmigration%2Fweb%2Fbin%2Fb5259512-d8a9-4588-a80a-b4ca90e78b9d.jpg

Picture 2: Screenshot of Mr. Bogolyubov from The Times

Mr. Gennadiy Bogolyubov, the Cypriot, the Israeli, the Brit, the Ukrainian

Main Source: EveningStandard 11 Sep 2018

Mr. Gennadiy Bogolyubov is a popular face in the oligarch edition of the Bold and the Beautiful. He and his business partner, Mr. Igor Kolomoisky, are some of the best customers for UK lawyers – the costs alone for the litigation with their rival Mr. Viktor Pinchuk was estimated to be over GBP 50 million. The allegations and adverse reputation of the duo include alleged murders, violent takeovers and other accusations of mafia-style activities.

The two partners were very successful in post-Soviet era privatizations. Allegedly, the hasty privatization of a national bank in Ukraine to PrivatBank enabled the duo and their associates to empty out the bank’s capitalization with a decade long fraudulent loan scam.

To protect taxpayers’ interest and due to demands from Ukraine government’s external financiers (i.e. USA) PrivatBank was re-nationalized in 2016. “When Ukraine’s finance minister went to oversee the nationalization of the country’s biggest bank in December 2016, he took with him a team of bankers—and a security detail of special-forces operatives” (Wsj.com April 6, 2018).

Amongst Mr. Bogolyubov’s hobbies are philanthropy, which he practices through Bogolyubov Foundation.

Golden Visa United Kingdom Tier 1 Investor Visa (2009)

Cyprus Golden Citizenship (2016)

Nationalities Ukraine, Cyprus, Israel, United Kingdom
Current Residence Switzerland
Net Worth Unknown, was Ukraine’s #3 richest in 2010 (Kievpost)
Frozen Assets At least USD 2.6 Billion, shared with Mr. Igor Kolomoisky
Costs to Ukrainian Taxpayers USD 6 Billion to recapitalize Privatbank
Close Business Partner Mr. Igor Kolomoisky, who, according to a quote from the British Court, has taken over companies “at gunpoint” in Ukraine. Mr. Kolomoisky is a former governor and listed as an inactive PEP (Politically Exposed Person) per Dow Jones
Other Associates Mr. Alexander Zhukov, father of Roman Abramovich’s girlfriend
Powerful Enemies Mr. Viktor Pinchuk
London Real Estate GBP 62.5 Million home

GBP 20 Million house

Eaton Place Mansion

GBP 173 Million office block

Table 1. Mr. Gennadiy Bogolyubov’s Connections

This article was co-written by Oskar Savolainen and Kristina Weber of Centry Ltd. For more content like this, be sure to subscribe to Centry Blog for articles related to the security and risk industries.