How to Troll a Nigerian Prince

Have you ever received an email from a Nigerian prince? Why not answer for a change and see how things unfold.

Inside an Advance Payment Scam

Boy, I am lucky. Steven Richards, a regional director for the UBS bank just informed me that I am entitled to over 16 million pounds. Steven sent me the information in German from a Hotmail account, as he explained that he was doing this without the knowledge of his employer. It turns out that I am the last of kin of a UBS customer who recently died with his entire family. At first, I was devasted. Losing relatives is always hard and I didn’t even know them. After a brief phase of grief, I decided to claim my inheritance and answer to Steven. Of course, we all know that none of what is stated before is true. It is part of an advance payment scam. I decided to play along and see how far I can get in this scam.

I knew at some point I would have to present identification, so I googled pictures of German IDs until I found a picture that might do the job. Around this ID, I created a fake persona: Thomas, a 65 year old retiree that speaks very bad English. I created a new Protonmail account bearing his name and replied to Steven in German. Not even an hour later did I receive the answer, even though he obviously never sent an email to this account. This time the email was in English. As my alter ego Thomas didn’t understand much of what was written, he decided to call Steven (Steven provided a phone number in the initial email). The phone number was a virtual phone number registered in the UK. This was start of many interesting conversations between my fake persona and the scammer known as Steven. For starters, Steven didn’t sound British at all. He had a thick central of western African accent. I gave Thomas a thick German accent and Steven took the bait. Steven explained that I would need to send a letter to UBS making my claim to the 16 million pounds. While we were still on the phone, Steven sent me a pre-drafted letter that I only needed to sign and send to the an UBS email-address he provided as well. I found a signature from the person I modeled my fake persona after on Google, “signed” the letter and sent it. Needless to say, the email address wasn’t really one belonging to UBS.

1

Afterwards, I called Steven again just to make sure I was doing things right. He told me that I should forward him all emails coming from the bank, so he could process them and give me further instructions. Immediately after our conversation, I received a reply from UBS. Almost, as if Steven had sent it himself 😉

2.png

I forwarded this document to Steven and he said he would take care of the first three things on the list, while I was to provide him with my banking details and a copy of my ID. I was also asked to pay about 60,000 pounds to Steven and his lawyer, so they could prepare the death certificate, will and affidavit that I obviously didn’t have. I sent him bank account details for an account that is used in another scam (fake invoices) and a copy of the ID I had based my fake persona on.

3.pngBy the way: Google could have warned Steven that something wasn’t right with Thomas…

In the next phone call, I told Steven that the money I had wasn’t on my account since it was dirty money. I had obtained it through tax fraud. Clearly, Steven wasn’t amused about this and we had several phone calls and emails regarding the topic.

4

Eventually, he accepted this money and I told him I could go to the bank and try to transfer the money. For this, he requested a payment receipt as proof that I had sent the money. Steven called multiple times to make sure I was going to the bank. As with the ID card I googled and all the other fake documents I sent Steven, I quickly made a fake payment receipt without putting too much effort into it. To be honest, I was surprised that Steven was still taking me serious after all the obviously fake information I sent him. He didn’t seem to be the smartest person.

5.png

Upon sending the fake payment receipt, I called and told him that I could only transfer 10,000 Euros a day and that I would have to go back the next to transfer another batch. Steven seemed very satisfied and called back the following day, asking if I had already made it to the bank again. Again, he showed no signs of suspicion and was eager to receive the money.

Payback Time

So far, I played along and made the scammer think he was receiving money. During this, I unraveled additional email addresses, the bank account he used and received copies of the documents he created for this scam. Steven was happy as can be, assuming lots of money would soon end up on his bank account. It was time to give Steven a little something to think about.

While my alter ego, Thomas, was supposedly on the way to the bank to transfer the next batch of money, I used Emkei’s Fake Mailer to send Steven a fake email from Interpol.

6

One hour later, I called Steven again. This time posing as a special agent working for Interpol. I told him that Thomas was arrested upon trying to transfer money to a bank account that was linked to African terror groups such as Boko Harram. I could clearly hear the fear in his voice and he demanded to speak to Thomas.

In the next phone call, I switched between fake personas (special agent John and Thomas) and made Steven believe that Thomas had been arrested while visiting the bank a second time. To make things more believable, I used various different background sounds (thanks to Youtube) during all these conversations. Thomas was also crying on the phone when speaking to Steven. All of this really freaked Steven out and he denied having anything to do with this. Eventually he stopped answering phone calls, but he did still answer to emails sent to him. I was having so much fun, I pushed it a little bit to far. However, I finally got to use a phrase I’ve been waiting to use for a long time.

7

Aftermath

After a while, Steven wouldn’t reply to emails any more. Two days later, I wanted to log on to the Protonmail account I used in the case to go through the mails again before writing this blog article. It turns out my account had been suspended for apperently being part of an advance-fee scam. According to the Protonmail team, someone reported my account and provided them with messages as evidence (since Protonmail can’t see the content of emails).

8

To be honest, I find this hard to believe. The person that was so stupid and was fooled with cheap photoshopped images, an outrageous story and multiple fake personas (that all sounded alike), then reported my account to Protonmail and provided evidence? To me, it looks like something else triggered this…are we really sure Protonmail can’t read the content?

In any case, I sure did have fun trolling a scammer and while doing so, I did many others a great favor. Spending time interacting with me left less time for Steven to interact with people that might have actually fallen for this scam. And, it sure is a nice story to tell!

Matthias Wilson / 26.01.2020

My First Professional Social Engineering Job

Can you remember the first time you manipulated someone to give you information? The first time I used social engineering professionally to obtain information resulted in loads of pics of cool fighter aircraft.

This week my digital photo album made me aware of some pictures from a deployment in Afghanistan exactly 15 years ago and reminded me of one adventure I had while trying to obtain information on a specific air traffic control radar.

Why is this adventure still relevant to me so many years later? Well, back then I was in a Signals Intelligence (SIGINT) unit, but this task required some Human Intelligence (HUMINT) skills. Or, speaking in civilian terms: Social Engineering. It was actually the first time I had directly gathered information from a conversation with my intelligence target, rather than relying on communications being intercepted. While I had quite the experience stepping into other characters in my free time (these are stories more suitable for a night out), I had never before tried this in my professional career.

A lot has been said and written about successfully manipulating people to make them give you information or allow access to restricted areas. For me, the most important aspect is the ability to read other people’s emotions and sentiment towards oneself and to anticipate their reactions. I think it is much like a game of chess and whoever plans several steps ahead, will be in control. To achieve this, I have learned that it is important to have your counterpart feel comfortable and give him or her the feeling that they are in control of the situation at all times. Last but not least, you should always have a good cover story, or pretext. Instead of going on about the methodology of social engineering in theory, I would just like to share my adventure with you.

In January 2015, I was stationed in Kabul (Afghanistan) with an electronic warfare detachment. Our parent unit back in Germany was in charge of monitoring radar systems worldwide, as part of their Electronic Intelligence (ELINT) mission. They had a large database in which they gathered information on all types of radars. Not only those used by potential adversaries, but also from allied nations. One day our detachment was asked to travel to a nearby US airbase, because a new air traffic control radar was apparently installed there. If possible, we were to take a picture of this new system, which would then be uploaded to the database. This should be a simple task. Fluent in English, I was asked to join this “mission”. After driving for about an hour, we arrived at the airbase and soon noticed that there was no way to get a clean shot of the radar system. Of course, it was located on the flight line. I knew we couldn’t just ask to see that radar system, as itwould seem a little bit too suspicious, and I also knew that “sightseeing” tours of the aircraft were fairly common. There actually is a German word to describe this: Gefechtsfeldtourismus.

One of the guys with us was an old German air force sergeant major and I came up with a pretext that might enable access to the flight line. We walked up to the nearest security office at one of the gates and I stepped into character. I introduced ourselves as a German patrol, which just happened to visit this air base in order to go to the PX and that my sergeant major was command sergeant major of a German fighter squadron back home. Obviously, I couldn’t state we were part of an electronic warfare detachment. And as it was the sergeant major’s final deployment before retirement, we kindly requested to get him one last look some of some the aircraft. A plausible (and made up) pretext, a direct and firm request and most important: leading this conversation with a friendly and calm demeanor. After all, a smile can open doors.

Soon afterwards, a young A-10 pilot showed up and gave us a full flight line tour. We had achieved step one and gained access to the flight line. We spent the next half hour of so walking around, taking pictures and acting like tourists. Now step two: get some pictures of the radar and possibly some additional information on it. In order to achieve this goal, I switched characters. While I was very serious, yet calm and friendly, to get inside, I was now the kid in the candy store.

What’s that? Can I look at that? Gosh, that’s cool.

I wanted it to appear as if I had no idea what everything around me was, so that when I asked questions it would seem like I was asking more out of personal interest than having a professional agenda.

Is that the control tower? I bet you have a great view from up there!

This got us into the control tower. It was manned by two civilian contractors who never really received any visitors. After all, most people would go have a look at the aircraft. Again, I was the kid in the candy store, asking many questions. The guys felt flattered that someone was interested in their work, they felt like they had the upper hand and ultimately shared a lot of information. I pointed to the radar.

What’s that green thing with the revolving dish?

From there on, I got a full briefing on my actual target. Frequencies, ranges, current issues and some more technical gibberish. Lastly, a couple of close-up pics as well. While many of you may think this was just a fun adventure, it was actually hard work. I had to memorize what I had heard and thus stay concentrated while remaining in character. I couldn’t take notes and I couldn’t record anything. I think this is one of the most challenging aspects of any social engineering attempt. Memorizing new information, while trying keep your pretext in mind.

After one and half hours the tour was finished. Personally, I got some awesome pictures of the aircraft, Professionally, I accomplished the mission. The information I had collected and the close-up pictures of the radar system were reported to our parent unit and they were quite surprised.

How did you get all this?

I just asked friendly 😊

BAF2015Gefechtsfeldtourismus

Matthias Wilson / 14.01.2020

How a Corporate Takeover Went into a Tailspin within Days

When companies change ownership, key employees often get busy looking for new jobs. Some also take intellectual property with them on the way out the door. Here is how a real-world case unfolded – and how investors can prevent such calamities from happening.

The moment the investment started sputtering and stalling was the day the head engineer quit his job. His resignation letter, hand-delivered to the CEO in the morning, hit the new private equity investors of the company like a bucket of ice water. They had only recently acquired the southern German plant manufacturer for a load of cash. The engineer, a key figure in the company, had assured the new owners just the day before, again, that he would stay on in the new era.

As the news of his sudden departure reached the asset managers, they instantly realized the momentousness of his decision. But before they could even discuss how to deal with the consequences, more resignations turned up within hours. Three senior sales people and service technicians quit by lunchtime, a serious upheaval in the midsized company. According to the grapevine emerging that day, they did not believe that their future was golden under the new ownership.

The acquisition had been rather expensive in the first place. It was after all a seller’s market in the German corporate world. Potential investors from all corners of the globe – Europe, the Middle East, China, the U.S. – were lining up around the block to buy up German “hidden gems”. Midsized, globally successful, family-owned businesses.

The backdrop to this phenomenon was fast-growing private wealth, which to this day has been giving private equity investments a massive shot in the arm. Whereas PE assets under management totaled approx. $ 30 billion worldwide in 1992, they had reached $ 4,000 billion (=4 trillion) by 2015, according to the private equity marketplace Palico based in Paris. By 2020, Palico predicts the PE market will have doubled to $ 8 trillion. But the demand for attractive investment opportunities already far exceeds the supply. And thus investors are jumping at the chance to snatch up, among other things, successful German engineering companies. They are seen as solid and reliable, like the plant builder in southern Germany.

iStock-1056730980.jpg

When the Music Stopped Playing

We were hired as investigators to look into the sudden personnel departures and found that the head engineer had started a new Ltd. company in a neighboring country not far from his previous job. The financier of the new venture was a local entrepreneur with deep pockets. Meanwhile, a first wave of customers began canceling their contracts with the plant manufacturer and signed up with the brand-new competition, who were offering competitive prices for their services.

We scrutinized the laptop computers left behind by the departing staff. A breadcrumb trail of bits and bytes showed that customer lists and tens of thousands of engineering documents had miraculously left the building in recent months. Most of them in the last two weeks before the resignation wave.

Also, part of a business plan was discovered, outlining the new Ltd.’s strategic direction. The document’s time stamps suggested that its creators had lied about their intentions for quite some time.

Armed with the assembled proof, the plant manufacturer filed a criminal complaint, a likely breach of competition law, with the local prosecutor’s office. The case is now a government investigation that will probably drag on for years, outcome unknown. It is unclear, too, whether the plant manufacturer’s business will continue to flourish as it did in the past forty years. All it took was a data breach and a few disgruntled key employees to turn a rock-solid investment into a liability within a few days.

Investors beware: prepare for such scenarios. Because cases like this happen every week.

Collect background information about key personnel before the takeover, so that there are no surprises. Look into the IT situation: how well protected are the company’s ‘crown jewels’? Are there any open barn doors that may be used to squirrel away intellectual property? And finally, talk to the key personnel early in the game and keep your promises to them. They will judge you by your actions, not your words.

Sebastian Okada / 28.01.2018

Machtkampf unter den Gesellschaftern – Ermittlungen als Waffe

Neue Investoren sind nicht immer die rettenden Engel, wenn ein Unternehmen in Schieflage geraten ist. Schnell stehen hunderte Millionen Euro auf dem Spiel. Wie Ermittlungen in letzter Minute eine komplexe Verschwörung aufgedeckt haben.

Ein mittelständisches deutsches Unternehmen, das innovative High-Tech-Produkte herstellt, war wegen seiner hohen R&D-Kosten über die Jahre in finanzielle Not geraten. Seine Hauptgesellschafterin, eine Familienholding, suchte und fand einen neuen zusätzlichen Geldgeber, der mit einer Minderheitsbeteiligung von 25% bei dem Unternehmen einstieg.

Der Investor, ein Fonds mit Büros in Paris und einer komplexen Firmenstruktur in der Schweiz, sagte und tat zunächst die richtigen Dinge: Bekenntnis zu nachhaltigem Wachstum, Interessenwahrung für Inhaberfamilie und Arbeitnehmer, strategische und sozialverträgliche Neuausrichtung. Große Erleichterung auf allen Seiten – wird schon werden. Doch im Vorstand, in den nun zwei Vertreter aus Paris eingezogen waren, braute sich etwas zusammen.

People in dark room

SCHRITT 1: Die Finanzlage des Unternehmens wird von den Neuen zunehmend dramatisiert, die Zukunftsfähigkeit angezweifelt. (Während der Anbahnungsgespräche klang das alles ganz anders.) Externe Finanzberater geben sich fortan die Klinke in die Hand und stützen mit ihren Berichten stets die Pariser Position.

SCHRITT 2: Weil angeblich immer mehr Geld benötigt wird, bringen die Franzosen einen zweiten Investor ins Spiel – einen Spezialisten aus New York für „distressed assets“, angeschlagene Firmen. Er soll ebenfalls mit einer Minderheitsbeteiligung einsteigen, frisches Geld bereitstellen und international Türen fürs Geschäft öffnen.

SCHRITT 3: Die Pariser Vorstände greifen zunehmend die Vorstandsmitglieder aus der Familienholding an und arbeiten an deren Absetzung. Ein erstes Aktienpaket eines stillen Gesellschafters, der gegen den Strom der Familie schwimmt, wechselt die Seiten zu den Franzosen.

SCHRITT 4: Nach monatelangen Gesprächen und Verhandlungen zieht der New Yorker Investor überraschend sein Angebot zurück und storniert den Deal. Damit steigt der Druck auf die Familienholding, was den Managern aus Paris in die Hände spielt.

SCHRITT 5: Die Franzosen setzen durch, dass das Unternehmen einen Kredit über $ 14 Mio. bei einem obskuren US-Finanzdienstleister aufnimmt, um kurzfristig liquide zu bleiben. Als Sicherheit dient ein Aktienpaket des Unternehmens.

SCHRITT 6: Aufgrund juristischer Schlupflöcher in dem amerikanischen Kreditvertrag, den die Deutschen nicht durchschaut haben, verkauft der US-Finanzdienstleister das als Sicherheit gedachte Aktienpaket kurzfristig an ein Schwesterunternehmen auf den Cayman Islands. Die Aktien sind weg, ihre Stimmrechte liegen jetzt bei unbekannten Dritten, die sich hinter der Offshore-Firma verstecken. Der deutschen Familienholding entgleitet zunehmend die Kontrolle über die Mehrheitsverhältnisse im Vorstand.

Um fünf vor Zwölf beauftragt die Familienholding Ermittlungen und eine umfassende Verflechtungsanalyse zu den beteiligten Personen und Firmen im In- und Ausland. Nach mehreren Wochen Informationsbeschaffung lautet die Feststellung: Die Schweizer Firmenstruktur der Franzosen, obwohl weitgehend anonym aufgebaut, hat nachweisliche Querverbindungen zu dem New Yorker „Firmenretter“: er ist an der Schweizer Struktur durch zwei Muttergesellschaften in der US-Steueroase Delaware beteiligt. Eine davon hat zudem Verbindungen zu der Briefkastengesellschaft auf den Cayman Islands, die so überraschend Stimmrechte bei dem angeschlagenen Unternehmen erwarb. Eine Verschwörung.

Eine internationale Rechtsanwaltskanzlei arbeitete seitdem unter Hochdruck in drei Ländern daran, die gar nicht so wohlwollenden Investoren wieder aus dem Unternehmen zu entfernen. Die Aufarbeitung dürfte noch Jahre dauern und Millionen kosten. Doch ein Totalverlust konnte abgewendet werden – in letzter Minute.

(Details des realen Falles wurden zur Wahrung der Vertraulichkeit anonymisiert.)

Sebastian Okada / 21.09.2018