Tag Archives: fraud

Despite the Friction, I Read This Message Anyway. And Wished I Hadn’t.

I simplified my social life a few months ago by no longer posting on Instagram. I don’t even have Instagram on my phone any more.

But Instagram Meta-relative Facebook is “nice” enough to inform me when I receive Instagam messages, as well as unsolicited Instagram message requests. Which I obvously can’t read on my phone (in part because I also removed Meta for Business).

Joining the “brand ambassador” inner circle

So one day when I happened to be on my laptop, I brought up my Instagram account. I wanted to see the latest message request, reportedly from “Navin Nandra”…even though I already knew it was in a languge using the Cyrillic alphabet. And probably wouldn’t bring Bredemarkeet a ton of business.

So here’s what I had to do:

  • Go from my phone to my laptop.
  • Log in to Instagram.
  • Find my message requests.
  • Translate the message request that I received.

After translating, I was right in guessing that this was a waste of time. Here is how the message began:

“Good day! This is the brand manager for the clothing brand PRIME Wear

“I’m messaging you from a tech/alternative account—we use these to avoid getting blocked by Instagram Direct limits.

“We absolutely love your style and the content on your blog!

We would love to invite you to join our inner circle of PRIME brand ambassadors.”

Um, no. These “we love your style” messages are always amusing to me. Especially when account number one tells you to contact account number two. Because reasons.

Google Gemini.

Yeah, “ambassador.” My last name isn’t Jenner, and my look isn’t Jenner either.

Google Gemini.

The underlying scams

So I asked Google Gemini about the scam behind these amazing offers, because I suspected a scam. To please me, Google Gemini said that there are scams related to this. I could have fact-checked this on a live web page, but I had already wasted too much time on this.

Here’s one of Gemini’s reported scams:

You are told you have been “hand-picked” to represent the brand. They offer to send you jewelry, sunglasses, or clothing for “free” so you can take photos with it.

  • The Catch: They give you a discount code that brings the item’s cost to $0, but you have to pay $10 to $15 for shipping.
  • The Reality: The brand is usually a front for a dropshipping operation. They buy the items from bulk wholesale sites for less than $1. Your “shipping fee” actually covers the cost of the item and gives the scammer a profit.
  • The Outcome: You paid full retail price (or more) for a low-quality, cheap item, while giving them free advertising.

Bad enough, but it could get a lot worse.

Some requests are much more malicious. A “talent scout” or “brand manager” will message you offering high-paying sponsorships ($500+ per post), even if you only have a few hundred followers.

  • The Catch: To “set up the partnership” or “verify your account,” they send you a link to a portal or ask for your 2FA (Two-Factor Authentication) code.
  • The Reality: The link leads to a fake Instagram login page designed to harvest your password. If you give them a 2FA code, they will immediately change the email associated with your account, lock you out, and hold your account hostage or use it to scam your friends.

So “Navin Nandra” is now blocked. And I can avoid Instagram again for a while.

“Accept Without Posting” Issue Resolved…Even Though I Appeared To Be Very Evil

Here’s the resolution to the “Accept Without Posting” issue that I discussed on Saturday.

You’ll recall that I initiated a Zelle transfer to my account at “the blue bank,” but the blue bank “placed this transfer on hold so they can conduct further review.”

With no word on what the blue bank was reviewing. And the “blue bank” representative whom I spoke with on Saturday didn’t know either.

  • I had already ruled out the simple explanations, such as either the sending Zelle account or the receiving Zelle account didn’t exist.
  • I figured that perhaps my use of Zelle was the issue. The day before I sent the “on hold” transaction, I had sent another transaction. I figured that two transactions in two days tripped up some odd alert of possible account draining.

Neither of these turned out to be the issue.

On Monday (just after I had rated the “blue bank” 5 out of 10 for its handling of the issue; coincidence, or no?) I received a call from someone at my local “blue bank” branch.

Turns out that the issue was the COMMENT that I attached to the Zelle transfer.

My comment referenced another individual. Without revealing this person’s personally identifiable information (PII), I will state that his first name begins with a K, his last name begins with a P, and he is a “Junior.” So because acronyms are wonderful, I referred to this person as “KP2” in the Zelle transfer field.

Which was an extremely evil thing to do, because that tripped up an anti-money laundering check.

“AML.” Google Lyria. Public Domain.

Basically, anti-money laundering checks verify that a person isn’t transferring money for a sanctioned person.

And I didn’t trip up just ANY anti-money laundering check.

This one was bad.

AML catches evil people.

Really bad.

AML catches evil people.

How bad?

  • Let’s look at ISO 3166 country codes. The alpha 2-digit country code for the Democratic People’s Republic of Korea (North Korea) is…KP. KP-02 is the specific administrative code for South Pyongan Province (Pyeonganbuk-do).
  • And the Korean People’s Army includes a II Corps that is sometimes abbreviated as…KPA II Corps or KPA 2nd Corps.

Back to the call I received from my local “blue bank” branch. The representative didn’t go into all that, but just said that my comment about “KP2” looked like a reference to North Korea.

I burst out laughing.

I gave the “blue bank” representative the full name of K[REDACTED] P[REDACTED] Junior, explained that there were five “KP”s, and that I used numbers to tell them apart.

Ironically, both “KP2” and “KP4” are veterans. I wonder if they realize their initials associate them with this guy.

Kim Jong Un. By Mil.ru, CC BY 4.0, https://commons.wikimedia.org/w/index.php?curid=177498377.

Anyway, my answer satisfied the banker, the hold was removed from the Zelle transfer, and I received the money within minutes.

And I know to be careful when using acronyms beginning with the letter “K” in financial transactions.

Accept Without Posting (I may be a fraudster, June 2026 edition)

Remember in March 2022 when I searched my (then) Twitter profile picture against TinEye and found 0 matches, indicating that I may be a fraudster because TinEye didn’t have a history on me?

Taken 2019, in case you’re curious.

Well, I found additional evidence of my supposed shady nature.

For purposes of this discussion, I will refer to the two banks in question as the “red” bank and the “blue” bank. (No political implications here.) I’ve previously referred to the blue bank as Wildebeest Bank, but today I’m sticking to the color scheme idea.

Both banks use Zelle to support instant transactions between member institutions, and I have Zelle-enabled accounts with both banks. For the record:

  • I frequently perform immediate Zelle transfers from the blue bank to the red bank.
  • On Wednesday, I successfully performed an immediate Zelle transfer from the red bank to the blue bank.

So on Thursday, I thought nothing of sending a second Zelle transfer from the red bank to the blue bank.

Until the red bank emailed me.

“The recipient bank [the blue bank] has placed this transfer on hold so they can conduct further review. Upon completion of the review, they will either complete your transfer or [the red bank] will contact you with more details. No further action is required from you at this time.”

Now why would a bank conduct further review? Three possible reasons.

  • The recipient isn’t enrolled in Zelle. Not a problem here.
  • The recipient bank is conducting a technical check. This shouldn’t be a problem here, since both Zelle accounts have been successfully used before.
  • The recipient bank is conducting a fraud check. This, perhaps an anti-money laundering investigation, seems the most likely scenario, especially since this was launched one day after another transfer. Even though the second transfer is SMALLER than the first transfer, perhaps the one-day timeframe looks like someone is trying to drain the red bank account.

So this happened Thursday, and as of Saturday (two calendar days and one business day later) I hadn’t heard a thing.

So I called the blue bank, reached a helpful representative, and waited for her to research the issue. I heard her mutter over the phone:

“Accept without posting”

Then, a minute later:

“What does THAT mean?”

While I waited for her to officially talk to me again, I performed some online research and confirmed that “accept without posting” is another way of saying that the transaction is under review. Here’s what the Cleveland Federal Reserve says about FedNow, one bank transfer method:

“[T]he FedNow Service sends the payment information to the receiver’s financial institution and asks that bank to confirm that it intends to accept the payment message. It can accept, or reject, or accept without posting, which means some of the pre-checks of the transaction are pending or delayed.”

Then when the blue bank representative did speak to me, things got even more confusing as she said that there were notes from Monday involving “the green bank” that wasn’t even involved in the transaction. Wisconsin Travel Federation?

The representative didn’t have access to the group that put my Zelle transfer on hold, so for now I wait.

Technically it’s only been one business day.

The Bangladesh Identities Weren’t Synthetic Identities, But They Failed The “Somewhat You Why” Test

Andrew Austin at Sardine has written an eye-catching blog post that discusses a fraud ring exhibiting unusual patterns.

  • Some fraudsters use synthetic identities to fool systems, but good systems can catch the synths.
  • But other fraudsters use mules and other techniques that pass identity verification checks, because the people are REAL people.
Google Gemini.

Austin’s post discusses an example of the latter.

Sign-up patterns in Bangladesh

In this particular case (Example 3 of 3), a gig economy company had discovered a fraud ring operating out of Bangladesh, but the identities were those of real people. The investigator noticed something right off the bat:

“When we looked into it, something was off: all of the locations seemed to be clustered in a few small towns.”

But wait…it gets better.

“The fraudsters were going door-to-door and signing up anyone who was willing to share their information….

“Dozens of routes snaked through neighborhoods where new accounts were being created, each of them running from North to South and then back to their starting point on the next street over.”

It turns out that the fraudsters were going down each street, paying people to borrow their identities, and then moving on to the next street.

Google Gemini.

How identity factors (in the plural) identified the fraud

In Bredemarket’s view, this raised alarms surrounding two factors of identity verification and authentication.

  • The first was geolocation. Once the identities were plotted, it seems strange that all of the identities lined up down each street and on to the next street.
  • The second is what I call somewhat you why. It’s reasonable to believe that if person A signs up for a service, their neighbors may sign up also. But it’s NOT reasonable to believe that people would sign up for the service in address order, moving from street to street. “No, Jim, 158 1st street can’t sign up for the service! 156 1st street hasn’t signed up yet!”

Now even if you don’t believe that “somewhat you why” is a real factor (Sardine prefers to talk about “device and behavior intelligence“), it’s clear that fraudsters were using the identities of real people to engage in a massive fraud scheme.

Look at the patterns, and you can discover from unusual ones.

And now a word from our sponsor

And if you’re wondering why I discuss SIX factors of identity verification and authentication (rather than five or three), check out my ebook “Proving Humanity: The Six Factors of Identity Verification and Authentication.”

Four pages from "Proving Humanity: The Six Factors of Identity Verification and Authentication" by John E. Bredehoft, Bredemarket. Click on the image to purchase.

The Continuing Adventures of Will and Chad

Technically Chad Smith engaged in identity fraud on Saturday Night Live when he started giving Will Ferrell’s monologue.

But no harm was done.

And while the face modality fooled many of us, the voice modality gave Chad away. Score one for multimodal authentication.

Why Are Identity Verification and Authentication Critically Important?

Imagine if we didn’t have identity verification and authentication.

I could walk into a luxury car dealership and buy a car, telling the salesperson that my name is Bill Gates. I could buy the car, and Gates would get the bill.

Sounds great…until someone impersonates YOU and gets YOUR money.

Learn more about the six identity factors

Six identity factors. One Bredemarket ebook. Total identity protection. Purchase “Proving Humanity: The Six Factors of Identity Verification and Authentication.”

Four pages from "Proving Humanity: The Six Factors of Identity Verification and Authentication" by John E. Bredehoft, Bredemarket., Click on the image to purchase.

I’m Hurt. I Thought ViVi Contras Belleville Brown 429 Only Tried to Scam Me.

Do you remember ViVi Contras Belleville Brown 429, the long-winded scammer who contacted me at length about a position at “the intersection of Global Supply Chain and Systemic Accountability”?

Well, I guess I’m not the only candidate she targeted. I just received an email that read, in part, as follows. (I’m hiding the identity of the emailer to spare them from other scammers.)

“I received a very similar ‘contact’ from Vivi Brown trying to solicit my employment interest in the same AI/Energy Structure start-up. Oddest ‘interview’ procedure I have ever seen. No concrete job descriptions, organization structures, identification of Founders, etc. All communications mandated on WhatsApp (encrypted). Very verbose ‘corporate speak’ exchanges. When I asked if this was AI, they obviously denied that it was. Answers to background questions don’t necessarily add up. Company startup name given to me was “ARCLight’, and their interest in me reportedly ties to my mgt experience in Energy Structure Development. Numerous pictures (AI driven ?) of the young Vivi Brown have been forwarded with ‘feel good’ influence peddling formats, mixed in ‘business’ answers to my structure comments/questions. It looks like the AI derived Vivi was created as an Influencer on EezyCollab (“catfishing”?).”

I never encountered the WhatsApp red flag since I applied my KYB Fraud Failure flag early on, but I’m not surprised.

As for EezyCollab (which was NOT part of the scam, but may have been used by the scammer), it “connects AI products with the right creators across global markets — powered by an AI platform of 100M+ creators, direct pricing, and end-to-end delivery.” Plus its founder Yiki Chen is a marketer and vibe coder who has been vibe coding since 2021. Groovy.

Returning to Vivi, I found the website https://www.shvivi.com/#home for A.R.C (sic) Insight. (Not ARCLight.) It includes insights such as the following:

“Vivi Brown’s profile was not built through display. It was formed through consistency, disciplined judgment, and the gradual development of capability — producing a rare combination of written clarity, operational steadiness, and long-range strategic calm.”

Yes, written clarity.

My Three Word Response to My Latest Scammer

This afternoon I received an email from the very verbose ViVi Brown.

It began with the standard “I hope this email finds you well.” Then the pitch begins.

“I came across your profile on LinkedIn and noted your public contact information, which is why I am reaching out to you directly.”

I couldn’t find Brown’s own LinkedIn profile, by the way. The pitch continues.

“I am currently the Founder of a San Diego-based startup, primarily responsible for managing and assisting our team in establishing connections with industry leaders like yourself. Our company is backed by TPG Capital, with business sectors encompassing Artificial Intelligence, Energy Systems, Semiconductors, and Algorithmic Platforms.”

Now this sounds impressive. TPG backing, multiple high-tech business sectors. It’s a little odd that Brown didn’t mention her company name, but I knew I could deduce it from her corporate email address.

Um, 429? At least it’s not 420.

Unless someone is an independent consultant, there’s no need to use a Gmail address that doesn’t have your name and ends in a number. Especially if you are the Founder (and, as we will see, other things) of a TPG-backed multi-sector high tech firm.

Brown continued her pitch, which went on and on and on. Paragraph after paragraph of corporate-speak, such as a reference to “the intersection of Global Supply Chain and Systemic Accountability.” Because obviously my LinkedIn profile screams global supply chain.

Translating corporate-speak to English, apparently ViVi Contras Belleville Brown 429 wants to chat about a Global Strategic Operations Partner position. And to get to know me via a deeper conversation.

She then closes her email with a signature block listing her positions (but again not her company name).

Signature block?

So she is the Founder, the CEO, the Managing Partner, the Chief Revenue Officer…and the Project Lead? That’s more job titles than I have at Bredemarket—even when you include “Senior Nespresso Operator.”

I don’t know what 429’s scam is. Data harvesting? Identity theft? Financial fraud? For all I know it may be a romance scam. (Run by a 40 year old guy.)

I knew I was going to write about this scam email in the Bredemarket blog and on LinkedIn. Employment fraud is a hot topic on both platforms. But how should I respond to the scammer?

My usual “As an anti-fraud professional, I require that you please provide your corporate email address” would take too much time. So I aimed for surprising brevity:

KYB Fraud Failure

Dang scammer.

Can You Tell Your Local Officials From Scammers?

This is not a comment on the corrupt nature of politics, but a question.

Apparently people in Kennebunk, Maine are receiving emails from their “Board Commissioners.”

“The email claims the permit is ready and approved, but that the “Board Commissioners” just needs a payment of $4,000 via wire transfer to finish it.

“Lee Feldman, deputy director of community development for the department, said Thursday that the email also named a former board member to try to bolster its apparent legitimacy.”

But Kennebunk citizens are smart, and one reported the scam attempt.

Know Your Locality.

Two Footballs, Two Biscuits, Two Presidents: A Cybersecurity Nightmare.

Last year I wrote about a biscuit and a football, but I wasn’t talking about the snack spread on game day.

Google Gemini.

I was talking about the tools the United States President uses (as Commander-in-Chief) for identity verification to launch a nuclear attack.

But sometimes you have to pass the football. If the President is temporarily or permanently incapacitated in an attack, the Vice President also has a football and a biscuit. Normally the Vice President’s biscuit isn’t activated, but when certain Constitutional criteria are met it becomes operative.

Other than this built-in redundancy, the system assumes one football, one biscuit, and one President.

If you’re a cybersecurity expert, you know this assumption is the assumption of a fool.

  • It is not impossible to have duplicate functional footballs and duplicate functional biscuits.
  • And it is not impossible to have duplicate functional Presidents, with identical face, voice, finger, and iris biometrics. Yes, it’s highly unlikely, but it’s not impossible. If the target is important enough, adversaries will spend the money.
Grok.

And most of us will never know the answer to this question, but how do government cybersecurity experts prevent this?