Moment, need chop! Inside an employment scam - Beth Young

all right and before I start on this because I do run a b sides I know how important the sponsors are to the B size community so be sure to thank the sponsors go talk to them tell them thank you for supporting the b-sides because without the sponsors these things wouldn't happen so be sure to express that to them so that we can get them to come back year after year so uh presentation moment neat chop this is inside of an employment scan so I'm going to tell you a little bit about myself then I'm going to outline the scam just kind of tell you how this works from beginning to end and then I'm

actually going to walk you through this um we have lots of screenshots and conversations between a victim and one of the scammers that they the victims had shared with us so we're going to walk this through you're going to see all of the screenshots and then we're going to talk about what we did at Aflac so it's um internal because it we had to have some internal support we also had some external support so we're going to talk through all of that so as Aaron mentioned um my name is Beth Young I've run the Bayside Springfield I work for Aflac I've been there almost five years now I think before that I was a jack handling

Associates and then for almost 20 years at the University of Missouri so what is an employment scam and this usually starts with a person posting their resume on a job site it's going to be someplace like indeed.com ZipRecruiter monster.com we have seen all over the place there was no one spot that these scammers were picking from and we heard about these scams from all of the job sites once the person has posted their resume they get contacted by an HR recruiter notice that's in quotes because obviously it's the scammer they're going to reach out to that person either by text or by email if they put their phone number on there they usually Reach Out

by text otherwise it did start by email they were then told to install a secure messenger app in our case it was always wire but we have seen other cases and heard of other scammers that like to use telegram WhatsApp signal there it's all over the place but in our case specifically they were using an application called wire this person has been interviewed um strange interview it's always done over text there is no video there is no voice it was always done over text messages and then the person's going to get a job offer and then they're told they either need to go buy equipment and then it has to be shipped somewhere to be configured

um obviously if they ship the equipment off um it's usually never seen again or they could be told to supply Bank information um direct deposit information sometimes just credit card numbers usually there's a money mule they'll either be turned into a money mule or they're shipping money to a money mule but again once the money is gone it's usually just gone so what does this look like this is one of the emails that was sent to one of the victims that we spoke to um you'll notice that this says uh I am Max Broden Max Bergen does actually work at oh awesome thank you my new Hebrew so match burden does actually work at Aflac if you Google his name it will

show up as Aflac the only problem is he's not a recruiter he is our CFO so um yeah they picked a high up person here I'm not sure if anybody has told Mr Broden that he's been demoted yet but uh he he is they're using his name and then you'll see as you read through here that they're offering a job as a customer support representative and they're going to be paid 30 an hour which of course in today's job market that's pretty good for a customer support rep and they're told to install the wire messenger for secure messaging and to reach out to a Mr Brian Richard so one of our victims got this and then

she did install the wire app and then she reached out to Brian Richard and so what I'm going to show you is compressed so this actually went on for several days so I want to point out as I go through this it's easy for us to see the red flags because we are looking at it in a compressed format and we're seeing it in 50 minutes this conversation actually happened over about four days so I did put some dates in here so you can kind of see how he was grooming her because what I want to really get people to think about is these people are not stupid they're not your losers that are out there that why did they miss all of

this these people are being groomed for this and they do spend several days in these environments trying to groom these people so we can't you have to stop blaming the victims because if we blame them they're not going to report it it makes us harder for us to shut these things down so with that in mind on Friday um one of our victims we're going to just call her D um reached out to Mr Brian Richard and he's like good day it's nice to see you how are you doing he's doing you know the polite conversation get to know you type questions and then he's like are you ready for an interview we're going to conduct this interview over a text

message here so that he can just cut and paste questions to her basically so one of the first questions how many I'm going to show my age here but you guys do remember the ASL age sex location common thing that's what the scammers start with ASL so um he's asking you where are you from um where are you living how old are you just basically get to know you questions again he's trying to build a rapport with this person because it will make it easier for him to ask those difficult questions or sneak in some of those questions like Bank information so they had this conversation it goes on for a few minutes and then he's like

okay well let me tell you a little bit about Aflac and so this you know screens of text comes through I didn't put all of them up here but there was screens of text and we're reading through this going wow you know this is pretty accurate but he didn't steal it from our website so where are they pulling this information and then we happened to notice that there was a footnote in there and it's like huh I bet that's the Wikipedia article for Aflac which it was they were just cutting and pasting directly from our Wikipedia article so he gave her a lot of information um uh from about Aflac what we did and then

he's like okay well we need to ask you some questions so he asked send her a list of 11 questions and he really didn't care about the answers especially on questions one through nine and these questions are like um how many words per minute do you type are you currently employed he really didn't care about the answers to those what he really wanted was questions 10 and 11. what bank do you up to do you use and do you want prepaid or post-paid this is that started those grooming well this was part of my interview question so I guess this is stuff that they need to know I'm going to go ahead and answer them because they're mixed in with all

of the other questions that would be normal interview questions so we've started that grooming process they discussed those questions again it went on for um several minutes I think it was actually close to an hour they were discussing her answers what she felt about the job that she think she could do it and then he was like okay well equipment here's the equipment that you're going to be using and you'll notice that it's all top of the line equipment we've got an Apple MacBook Pro here we've got a really nice printer all high-end equipment and again we're starting to place them the victim's mind that oh this is equipment that I'm going to be using this is going to be great

um he says at this point that he will provide it he being Aflac will provide this equipment you'll see later on he starts uh qualifying that statement a little bit they talk again they talk for several hours on Friday and he's like okay that's enough for today you've done a really good job you know you're we really like what your answers were we think you're going to be a great fit but I need to go talk to somebody else I need to go talk to my HR department about this so why don't we meet up again tomorrow and we'll talk some more but first just give me this this information so again he's asking for full name address

telephone number Etc and of course she gives it to him so they end on Friday and they come back on Saturday now I don't know about you all but my HR department does not work on Saturdays but we have a conversation that picks up on Saturday and they I I'm still a late sleeper I am not up at 7 46 a.m on a Saturday but she's up she's ready to go she reaches out to Bryant Mr Brian Richard again and again he starts that conversation uh we're just friends so he's like you know how did you sleep last night did you have a good night have a good evening and so he's working on that friendship

piece with her so they they talk a little bit more and then he comes right out and says yay you got the job you know can you start Monday again most jobs are not going to be interviewed one Friday and you're hired on Saturday especially for some kind of customer support position but in this case she's like that's awesome I got a job yes I can start on Monday um in this is again where he starts talking about uh you know before we had the list of equipment here's where he starts planting in her mind that she's gonna have to buy the equipment and then maybe be being be reimbursed for that so you're starting on Monday but then he

says I have to put my glasses on so I can actually read this um the funds the funds for the software and working equipment will be provided for you by the company so now he started that grooming of well we're going to give you the money to go buy the equipment um we're just not going to ship you equipment so he started her thinking about this and this becomes important a little bit later on and then um they they again they talk for a few more uh minutes on on Saturday they disconnect she comes back Monday again it's a really early on Monday morning but they connect back up she's bright and early she's ready to go

they start that conversation again and remember grooming uh you can trust me I'm your friend I want to know how you're doing so how was your Sunday how was your weekend so they have some conversations and then he says um again put the glasses on so I can see note that the reason why we are sending you the funds is to ensure a good working relationship between the employer and the employee oh okay you trusted me enough to hire me but now you're testing me by sending me funds to buy equipment um again it's easy for us to look at this until that's really odd he's obviously grooming her but for her and most victims it's like well I don't know how

this remote works actually works anymore maybe this is normal Maybe This Is The New Normal so he's gonna send her funds and then he starts asking about her bank information [Music] um let me see if it's on the screen um he starts asking what bank did you open so she had told him previously that she didn't have a bank account that she had opened one so now he starts asking you know what bank did you open and do you have a debit card strange questions but at this point she feels really comfortable with him you can kind of tell that she's not questioning what's going on that she's just rolling with these questions so um she doesn't have a debit card yet but

she has opened the account so that was the first bump in the road for our scammer she doesn't have an active bank account um she says she had not received it yet the debit card is coming in the mail and he's like okay well we can just deal with that um before we proceed any further do you have a credit card so he really wanted that debit card because obviously a debit card gets them direct access to her bank account but he'll sell it for a credit card and then he wants to know what's the limit on her credit card and also what phone company do you use I think I have ever been asked who my

phone provider is at any job maybe it's because people give me the work phone because I'm on call but I I'm not sure exactly why he wanted to know what a phone provider she had but he asked so she answers and then um again they've talked for a little bit more and Mr Richard seems okay it's like oh well you don't have a bank account yet but you know that's okay I can I can deal with this just let me know when the bank account is active and you have the money and they end that conversation now I don't have what happened in between here there there wasn't any screenshots or breaks um in our the data

that we received but somehow our victim got it in our head that because she was sent a PDF document for reimbursement that she needed to go out and buy the equipment and speculation on my part I admit this but I suspect it's because he kept asking her about the money that she had in her account did she have a credit card the equipment the the statements about the funds she got it in her head that she needed to buy the equipment locally so they stopped conversing in the morning and she comes back and I think the time on this is close to 2 P.M yes so about 2 p.m she reaches out to him again

and was like Mr Richard I can't find this equipment locally what am I supposed to do here and he acts all surprised really you're gonna buy equipment and then we'll just reimburse you that's so awesome you're going to be a great employee you can just see that in the text so she has now got it in her mind that she has to buy the equipment and you know she actually says well I thought that's what the reimbursement form was for will the company be shipping the equipment and he's like no no no you you can go buy it and we'll just get it configured or whatever um so they think so silence and then he

pings her and was like um is there she asks is there a specific site to order from and he's like um before we proceed how much money can you come up with basically he's trying to figure out how much money can I take her for so how much line of credit does she have and um he says can you come up with a thousand dollars um are you able to come up with a thousand dollars for the purchase of your working equipment so he's like uh I've got it she's hooked I might be able to get a thousand dollars out of her so um she's like she she was a little concerned I'm not sure exactly how to do

this and he's like don't worry about it just follow my directions he's going to walk her through how to do this and the instructions um to be followed are it's broken English here but um are you familiar with Apple Bank she's like sorry I don't have Apple pay he's like okay well no Apple pay do you have a Bitcoin ATM close and he's she's like no cash app do you use Zell um working in the financial industry I know Zell has been the the app I guess you are the the service that these scammers like to use there's not as much broad detection around the Zell and the payment transfers so they really like to use it at the moment and

the banks are obviously scrambling trying to figure out how to do this and protect the Zell accounts um but she he goes through this list you know Apple paid Bitcoins though finally choose the set I have cash app so he's like awesome cash out I can get some money through cash out so um he's like I need you to transfer a thousand dollars to this account and the account name is Matt D Dixon so here's our first actual account that we have that we're gonna turn over to law enforcement we're going to talk to the cash out people to try to get this account shut down so but you know we're still in the middle of the scam here so

uh he's like don't spend it all in one lump sum though because obviously cash app has something in here that is looking for people transferring large amounts of money he wants this broken up into two payments of 500 a piece sent to this to us a random person but for him he's like oh he's a vendor he'll go out sending a thousand dollars and we'll get you'll get your equipment so we have our first account for this that runs into a problem remember she did not have an active bank account she was just still setting it up so she had told him that she was waiting for a wire transfer she went to her grandmother

to get money get the thousand dollars that this scammer wanted the the grandmother was going to wire the money into her account so that she could then send it to the scammer so it was taking a while and gosh Grandma couldn't make it to the bank that day it might be tomorrow before that money was transferred which in this case was good because she didn't have the money to send to the scammer and we got it we talked to her before that money was transferred but for our poor little scammer here Mr Brian Richard he's like well here's my afternoon it's been a couple hours at this point it's about four o'clock in the afternoon and he's still waiting you

know he's had his money meal rating waiting for those 500 transfers he still doesn't have his money for the wire transfer so he's like okay well I understand you're still waiting for the wire transfer we'll just pick this up in the morning and so he really wanted that money and he thought he had you know a live person a live victim on here and she's just managed to avoid him foreign so um let's see okay this was the conversations you know I'm still waiting for the money so they break off the conversation it starts up again Tuesday um they again they start at 7 30 in the morning um and he's like you know good morning how

are you doing today again having that conversation making sure that they're friends and then they chat for about an hour and the last message that they had sent was at 8 35 a.m once you have the thousand dollars at hand please notify me immediately and I'll get you more instructions and I say that was the last conversation because by that point both her mom and her grandma had said I think this is a scam please reach out to Aflac and find out for sure so she her family had stepped in said something doesn't feel right about this please call Aflac and so we talked to her and it was like yes we're so sorry that this happened to you but yes this

was a scam so some of the supporting documentation that had been sent so most of these victims were emailed PDFs um from a corporate person these PDFs are awful most are very poorly designed the logos would never pass any kind of corporate Communications there's typos in there there's that employment contracts where the fields are blank there's different fonts that are in use it's just they're they're a nightmare to look at and then um most of them had Dan Amos and if you don't know anything about Aflac this name means nothing to you but he's one of the he's actually the son of one of the founders of Aflac so he's our CEO but he has also been demoted uh Mr Amos

is devoted to a managing director position from CEO again I'm not sure if anybody has told him this yet um so that they were trying to at least put enough legitimate names in there that it would pass at least a cursory group Google search you know is is Dan Amos associated with Aflac yes he is it just happens that his signature was as a manager director not a CEO so these are some of the some of the PDFs that were sent to our victims um how many of you go have done corporate reimbursements and travel expenditures yeah it's a nightmare right don't you wish it was that easy oh look I'm gonna do a name my my job title and

how much money do you owe me no receipt no nothing as I got volume was that easy and then um the one on the the upper right get my left and right right here um different font this this first one was probably 20 20 at one time and they went in and changed the font to 20 or the date to 2021 you'll notice also on these logos they've been stretched this is not something that I did take in the screenshots they actually stretched the image to make it go across the screen which our corporate Communications people would be horrified if I think document went out like this and then of course down in the bottom

you can see that they misspelled corporate but they did get our address right our headquarters are in Columbus Georgia so they got that right at least um and then this is that blank field that I was talking about I have never received a job offer where they left my job title blank in the offer letter this is um this is not from victim D this was a second victim that we had talked to we'll call her L um this is where Dan Amos was demoted to a managing director position but his family Center is easy to find you know he's the SEC filings other documents that are out there so they had pulled his signature from somewhere and put it

into this employment letter and you'll notice again on the logo on this one um that was pulled from a website called Investopedia it's not actually an official Aflac logo hmm and then this one if you didn't know what you were looking for if you were just looking to see well is this a well-defined form or not this form is really well done you know why it's the U.S government form so this is the direct deposit form for federal employees so again if you didn't know what you were looking at or you hadn't read the text across the top to know that a corporation wouldn't be using this um it could easily fool somebody especially since it is a very well

designed form even when warned people were downloading the PDFs so this is the victim at victim Act was talking to a scammer you'll notice that we've also moved on from Mr Brian Richard to Just Jack so Jack and victim s were talking and she was sent to the PDF forms and she's like I get this warning now of course she's talking to the scammer so what's the scammer going to say it's fine just ignore that warning just download it it's all fine but if you it's really hard to read that text but the text says um this is a this these documents could be fishing you know make sure who you're getting these documents from you know

maybe not download them because they're trying to steal your information and Jack was like it's fine just download them you can ignore that warning so of course she did um so attribution we were dealing with this for about six weeks at the beginning of the year so this was January end of January through most of February and we were kind of curious can we do any kind of attribution for this so attribution is really really hard um we suspect we were dealing with Nigerians just based on some of the wording and the next slide I'll talk a little bit about those linguistics but we didn't have any proof we we couldn't prove that we were dealing with

Nigerians we also suspect might have been dealing with two groups one group might have been the Nigerians we also suspect the other one might have been India could have been Singapore somewhere in that area of the world um we we based that on the facts that we had two separate sets of documents that were being sent to the victims so the one with the Dan Amos signature that was sent to one group of victims those PDFs and like the reimbursement documents were sent to a separate set of victims so we suspect we might have been chilling with two groups at the time we're not sure why they hit us both at the same time but that's kind of what we

were suspecting instead of the study of linguistics do you pay weekly or bi-weekly that was one of the questions that she was asked very early in this process this language is very common to the Nigerians um I went to the BEC folks Ronnie the I Heart malware and the BEC work that he does I went to him and I was like okay what can you tell me about these do you recognize any of this type of stuff and he's like yeah that's very common to the Nigerians they usually get paid weekly so that is one of the questions that they like to ask I didn't talk about this yet but you'll I I'll get into this more in a moment

but we had some threat Intel guys that decided to kind of infiltrate this and see what they could learn and they were chatting with the scammers and they used some Nigerian slang so this is where the the title of this talk comes moment need chop so our threat Intel guys were in a conversation and they're like moment need chop and the response came back immediately get chopped which in Nigerian slang means just a minute I need to go get some food and the response was yes you know go go get some food go eat whatever there was no hesitation or delay in there so for somebody to understand the Nigerian slang like that it's like yeah

that's that's another tick mark in that yeah they're probably Nigerians and then of course for any of you that have been around for a long time seeing the 419 scams just the wording kindly do this hence some of the language that they use is again very common to those Nigerian groups but again we didn't have any proof so what did we do we had all of this data what do we do with all of this so we decided to start making friends and it's not just external friends we made friends with our internal people we knew that this stuff was happening and we needed to get the word out to all of the groups inside of Aflac so that

they would know what was going on where to funnel any calls or reports that they got and what to be able to be aware of this so we worked a lot with our security awareness groups um this was our security Warners people had contacts and a lot of departments we run what we call the ambassador program which every Department should have an ambassador that is the person that the security awareness team works with to get information out into the Departments so we used the our ambassadors to get the word out we did internal presentations we send emails we put blog posts out we talked we set up a meeting with our human resources and our talent

acquisition people we explained the scam we basically went through this presentation with them so they could see what it looked like they put banners up on websites so if somebody went to the main Aflac website or if they went to our careers page our talent acquisition Pages there was all a banner saying Please be aware that scammers are using our brand um again trying to get the word out so they knew what to watch for our threat Intel people we obviously work really closely from the IR department and our threat Intel people we work closely together so we sat down and was like okay well what can we do about this so our threat Intel people

decided to infiltrate them and I'll talk about that more in a moment we also used our brand protection so we noticed that the scammers were registering email addresses they were using the Aflac image so the doc everybody knows Aflac is the deck that is a registered trademark so if it's showing up on web pages we can do trademark disputes and get those sites taken down so we worked with our brand protection people to to go out there using their tools look for who is infringing on our brand and get those slides taken down they had registered a domain that was um Aflac Inc for the domain to send some emails from so we got the domain taken down

The Producers so if you've talked to an Aflac agent before those agents are 1099 contractors they're not Aflac employees so we talked to the producers so I mentioned that most of this information came from the January February time frame I'm in my mind I'm really hoping that we made it so painful for them that they stopped targeting us directly but they started going after our Market offices which are those 1099 employees so they were using images from some of our agents to start using those for the names and pictures for the employment scams so we needed to make sure that our producers understood what was going on so they could protect their own Market offices also

and within that was the Aflac trust which again the trust was part of that brand protection piece um so we had to make all kinds of internal friends people that the incident response team didn't normally talk to we were reaching out to them and making friends and letting them know what was going on which helped immensely we were getting reports from our special Investigation Unit which is mainly focused on insurance fraud they were getting phone calls and they're like oh yeah you need to talk to Beth and so they were funneling phone calls to me I was getting them from our Customer Support Center the HR department I got to know them really well so I I really

want to stress you cannot do this as an incident response person alone you need to make friends throughout the organization if you're dealing with this because you're going to need all of that support to get these to cause pain to the scammers so we also need to make external friends so our threat Intel team was like okay well we know about Mr Brian Richard we know about Jack we knew about several Gmail domains our email addresses we got those taken down but what if the scammers are still out there you know what if somebody hasn't reported something to us so they brushed off all of their op sack and went out there and posted some fake resumes and and started

talking to these scammers um one of our threat Intel guys had five jobs at Aflac at one point one real one and four fake wins so he was getting new account information we were trying to map out their infrastructure and we used all of that information to do takedowns of their account try to cause them pain get their infrastructure um taken down so we reported email addresses you know we had one we had several that were using Gmail accounts we reported all of those now I will say that I'm a little disappointed in Google um there was uh Aflac Inc dot HR desk was one of the email addresses that was used way back in February we reported it we showed the

documentation where we reported it um the scammers you said again in August so obviously the account wasn't taken down like we thought it was um so if you're going to do this lesson learned for me was verify that all of the email addresses that we've reported have been taken down I've never had a problem with Google not following through with takedowns before so that was a little bit of a surprise for me [Music] we reported the cash app account um or any of the other bank accounts that we found we used the BEC group to do some money mule reporting and takedowns we didn't have any cash app person that we knew so we used our FSI

Sac people to make some introductions so we've made friends at Cash app which is owned by square so we made friends with these people we've got gotten to be a lot of really good terms with the security people at wire the messenger app they are very helpful in giving us information when we report count accounts to them again we trolled the fraudsters and we we went worked with them um again this is an expert's game just like other people have said Don't expect to just go into this not knowing how to do good opsec um and we found more email addresses we found that domain that we did to take down on we did report everything that we

found to law enforcement we have there's a local FBI office in Columbus so we were reporting this to them obviously we weren't expecting them to go kicking down doors and make a rest or anything that that was not our expectations but we knew that they do collect this evidence so let's just add our all of our evidence into this and maybe eventually some charges would be filed and then awareness let's do presentations like this one let's get the word out you know maybe you go home tonight and you're like wow I saw this really awesome presentation let me tell you what this what happens on this maybe you talk to your friends maybe you're at the hairdressers whatever but

if you're talking to people about this maybe they will not become a victim because that's really what we're trying to do is disrupt their business model so that it's not profitable for them so getting the word out we hope that we can stop receiving these phone calls about these employment scams but I will say I'm hopeful but I have a friend that was job hunting this summer and I would say 90 of the contacts that she got were from fraudsters over the summer not Aflac specifically but um it was just she had one where she actually was gonna do a video interview and oh gosh darn it so the network went down so we're going to do it over text

and then the scam for that one was well I need you to pay me a hundred dollars so I can do a background check on you so it's gonna be difficult you you know but again all we can do is get the word out so that maybe people won't fall victim this was not a one and done event the scammers do seem to come in waves we battled this for about six weeks in the spring they came back this summer um this summer they did Target the market offices and our producers instead of Aflac corporate be ready for bad days um when I talked to all of the victims in the spring they had all realized that

it was a scam before they lost money this summer I talked to a woman that lost money and can no longer pay her rent and she was convinced that if she just talked to Emily it would all be straightened out and no matter what I said to her and was like Emily is a scammer she was convinced that Emily would fix it she just needed to talk to Emily it would all be all right and she had already given the fraudsters her bank account information her credit card information she had lost about 850 dollars but she was just convinced that Emily would fix it all I tried to get her to go to the police I

tried to get her to call her bank and I just was not getting through to her and at some point I had to stop the conversations because I was afraid if I continued that conversation that she would start equating the scammers and the money with Aflac and at that point I had to stop the conversations because there was nothing that I could do and there was nothing Aflac would be able to do so there will be bad days you are going to talk to victims that have lost money and are absolutely convinced that they just talked to the right person that it will all be all right it was all just a mistake but this woman didn't have the

money to pay her rent and there was nothing I could do about it remember the scammers do groom their victims I've talked about 50 minutes on this and you can see there were all kinds of red flags in there but we saw it in a very compressed format it was a lot easier to see those red flags in a compressed format like this the scammers are really good at grooming their victims and they will spend hours talking to these victims to build that rapport with them so that they feel like they can trust the scammers like that Emily if I just talked to Emily she'll fix this for me that's the scammers doing that grooming

and then if you do simply run into this report those accounts try to disrupt their operations um it might seem like it's just short-term gains you're playing whack-a-mole the cyber security people are experts at whack-a-mole we should we do this with everything but all we can do is report those accounts and try to disrupt those operations especially for people that are overseas like if these really were the Nigerians we're not going to have law enforcement running over there to make arrest but we can hope that if law enforcement gathers enough evidence that they will get interested enough to make some arrests law enforcement moves slowly though remember if I report it now it could be

two years before they have enough information to make a case so report them even though it seems like you're just spinning your wheels report them it does help in the long term and then work on those internal Communications make those friends because you will need them as you go through this process so any questions yes I really appreciate your humanity and not complaining I know I did another talk to her it's like looking at home but like you said we have one individual that can't make bread um this is actually something that I've seen booked professionally and also within my own professional networks uh this type of a uh attack Vector um can you speak to the demographic of

the victims especially the successful victims that lost money or are you seeing a lot of individuals that are either uh recent recent uh who is it making the acting school or perhaps they give you another industry where they're not going to be familiar with uh corporate Communications and best practices to talk about that okay for those that didn't hear he was asking about the demographics do I have any demographics about the victims I don't have official demographics I can tell you the victims that I talked to with the whole spectrum of Ages um obviously I don't know if a race religion any of that um to me they were voices on the other end of the phone

for the ones that I do have ages on because I had these communications I kind of know you know one of the questions was how old are you so I had kind of some ages in there and they went everywhere from a 22 year old person living in Texas to a 45 year old man living in Maryland so there there was no pattern that I could discern um for the demographics on this I know for the ones that I had some deep conversations with um most of them were just now getting back into the workforce so they had been out of the workforce for a while um the 22 year old was a mother of two

um just based on something she said she was a single mom she was working living with her her mom and her grandma so from that you can kind of maybe infer lower income but um I don't know that for sure but she did say that she was just getting into the workforce which is why she wasn't surprised she wasn't sure how the remote work actually worked um so there there did seem to be some confusion about um this would be the This Is The New Normal because this is how it works when you are a remote employee and I did hear that a couple times good good question yes first call uh second eight different tricks for uh you're

gonna speak up any tips or tricks that you might have uh for people to put in like their disruptions style Playbook okay say that again any instructions that I can put in for playbooks IR playbooks no um do you have any like tips or tricks that you can give around you know disrupting the scammer like you went you went down the path of like ir and Intel like any tips or tricks that companies can use to help like disrupt or take down those scammers a little bit um to make it harder for them um so the question was um do I have any tips or tricks on how to do some of the takedowns how to

disrupt this Gamers um I I don't really um Aflac it I don't know if you guys have heard the term the the security one percenters Aflac has a really strong uh Security Department um we participate in a lot of threat Intel groups so we did Leverage those threat Intel groups where a member of the FSI Sac our threat Intel team and me are part of some information sharing Global Information sharing groups um so we did Leverage the contacts that we had made there for smaller companies use your FS your sorry not just FSI stack but use your eye sack if you're a small company and you don't belong to one of the information sharing and

Analysis centers there's a bunch of them out there start investigating some of those which one would I belong to there's a retail ISAC there's the research and education Network ISAC fsisac is financial services there's an airline ISAC multi-state ISAC if you don't fall under any one specific ISAC check to see if you can report it to your multi-state Aztec which is part of your state government um I I can't think of any specific steps that I would take because obviously anybody can use the abuse address to report uh emails or spam or something so use those abuse addresses that's why they're there that's why companies publish them so good yes that they use like the cash app or

signal and that sort of thing was there any other metrics that you were able to gather to help in your reporting to law enforcement and do these different abusive boxes let me make sure I got this was there anything else that I used when I was gathering account information when I was reporting to law enforcement

there there was not um we did a lot of screenshots with the victims that we we packaged those up and sent them to law enforcement um most of our reporting was for example the wire app they had to register with an email address so we included that registration information the IP address any information that wire was willing to share um if we had the full headers from like the email the emails we did do some forensics work on the PDFs trying to see if there was something inside the PDFs like where were they created um that was what led us to think that maybe we had a second group that would that was targeting us

um some of those PDFs have been created in a plus eight time zone so it was like well that that kind of says that there is another group involved here but it could have just been that's maybe where they had bounced through in their Communications um we we did give all of that information the law enforcement we don't know how much it actually helped law enforcement is a one-way push most of the time and we don't get a lot back of hey this was really helpful to do this again type information from law enforcement was this faster than you like Accord to the news did this go to the news no I mean no it did not make the news

anywhere like I said we did put banners on our web pages so that if somebody went to our talent acquisition page they did see that scammers were hitting us but no this this did not make the news because most of the people that the demographic I've always looking for a job right yeah the the comment was well you know the demographics of speed people were um targeting would might not go to our webpage and might see the news but the problem with that is like I said we talked to somebody in Texas we talked to somebody in Maryland I think there was one from Tennessee one from Georgia one from Florida they were just all over the

place um and what again most of the victims that I talked to figured out that they were being scammed and did not lose any money so at that point the story really is what um you know the the sad to say what makes the news is the woman that lost her retirement money not oh well I was almost scanned um those just don't make the news yeah and but again I'm presenting I'm getting the word out I'm hoping you guys do the same thing talk to your family and friends and let them know how these things work so maybe they don't become a victim good good question anything else a round of applause for Beth that's what

that's what I like to hear