What you are about to read will seem utterly unbelievable, but I can assure you that i didn’t make this stuff up. Try not to read this piece in a public place, because the probability of your mouth being ajar at some point and a stray bug flying in, is very high. I have intentionally excluded the web address or code names of the cyber criminals to avoid giving them traffic or unintentionally leading more people to these knowledge havens for aspiring or practicing fraudsters.
It is with a very heavy heart, that I write this article. I never thought a time will come when thieves will be bold enough to display their spoil publicly, and their coaches will also have the boldness to setup shop online, with almost zero need to be discrete. Prior to now, fraudsters have leveraged the anonymity of the dark web and private channels like WhatsApp, ICQ, Telegram, etc. to communicate, collaborate, share tools and techniques. Although these channels are still in use, there is an emerging crop of openly accessible platforms that provide huge networking opportunities for fraudsters; serving as knowledge centers and catering for beginner – intermediate level fraudsters. Just like authority blogs, these platforms use thought leadership as a marketing tool, to attract their customer base, trade and cut deals.
One of many of these platforms unashamedly displaying their “goods” on the worldwide web is www.smart***yh*******s.com, created and run by M*** *us*. For the purpose of this article, I will refer to this person as Mr. M. He describes himself as an entrepreneur, but is infact using his www.smart***yh*******s.com platform to train fraudsters. Though he remains anonymous, the audacity to keep these platforms openly accessible to anyone, is mind boggling. The implication of this is, a simple google search is all an aspiring fraudster needs to access this type of knowledge and get started in his “career”. Talk about low entry barriers!
You won’t believe it, but this website also has an Instagram account and YouTube channel with over 6,800 subscribers and followers across both platforms. Filled with motivational posts, his Instagram page paints the crime of fraud as a means of livelihood, hustle; one he encourages his followers to face squarely and consistently work hard at. Keeping his followers motivated, in one of his Instagram posts, his caption read, “Economy no affect everybody; my guys are Ballers. It all boils down to hustle. Work hard and payday will come.”. In another post, he says, “…Hustlers never quit! Payday is coming soon”
On the www.smart***yh*******s.com, Mr. M offers literary classes to help fraudsters perfect their blackmail letter writing abilities. His articles are very detailed and highly sought after by fraudsters. This is evident in the over 300 comments his article discussing the updated ways to hack a Nigerian bank account, garnered. Some of the ways he discussed included phishing, creating fake e-commerce websites, Smishing, the use of keyloggers, banking trojans, etc. Although Mr. M discusses unethical hacking methods openly, he only scratches the surface and doesn’t share deep secrets of his art. He shares the deeper secrets on his WhatsApp group, for which he charges N3,000 ($8) admission fee. Other channels of communication for his teeming followers include email and the comment section of his website. Interestingly, other users also leverage the comment section of his blog to transact illegal business, seek partnerships and agree to collaborate and jointly defraud their victims (often referred to as clients).
Mr. M is actively solving problems for his criminal base of clients. You’ll agree one of the easiest ways to spot a fraudster is poor grammar, Mr. M fixes this challenge by offering free templates of blackmail letters. Infact, he advices his followers to use Grammarly, a popular free writing app used to make their messages, documents, and posts clear, mistake-free, and effective. Who knew the online tool, Grammarly, could also be applied in this way!
When his customers experience challenges using his format (fraud model and templates), he steps in and offers advice, more like mini consultancy services.
In one of his articles, Mr. M explains how fraudsters can create fake Facebook accounts that look very real, to prevent the accounts from being taken down by Facebook. He also offers the alternative of hacking existing accounts of real people and using these hijacked accounts to carry out operations. Mr. M teaches a fraud starters/crash course for just N3,000 ($8) via WhatsApp. He also sells powerful software and scripts like video cloning tools that allow fraudsters to take the facial appearance and voice of a person they are impersonating, while making video calls. It is these kinds of deep fake tools that make military dating fraud schemes, so convincing…but that’s a post for another day. Other tools Mr. M sells include but not limited to, Brute Force attack software, banking trojans, keyloggers, VPNs, victims personal data, etc. He is effectively bridging the gap and serving newbie con artists that might not know how to access or navigate the dark web.
Some of his other interesting articles teach how to accept blackmail ransoms using bitcoins, how to use stolen credit cards without getting caught, errors people make while using stolen credit cards, apps and websites criminals can use to spoof phone numbers, etc. He also touches on leveraging insider jobs to illegally transfer moneys from a victim’s bank accounts.
Sadly Mr. M’s website is one of many such platforms I have found so far in my time researching and providing cyber fraud intelligence services to clients my organization serves.
If you’ve been terrified by this article, please know that all hope isn’t lost. In a sequel post, I will suggest what can be done to deal with the issues raised in this piece.
This article was originally posted here.
Confidence Staveley is an unconventional ethical hacker and enterprise solutions architect, passionate about helping individuals and organizations securely leverage technology to solve business and everyday problems.
For more articles, visit OD Blog.