The FBI is warning timeshare owners to be wary of a prevalent telemarketing scam involving a violent Mexican drug cartel that tries to trick elderly people into believing someone wants to buy their property. This is the story of a couple who recently lost more than $50,000 to an ongoing timeshare scam that spans at least two dozen phony escrow, title and realty firms.

One evening in late 2022, someone phoned Mr. & Mrs. Dimitruk, a retired couple from Ontario, Canada and asked whether they’d ever considered selling their timeshare in Florida. The person on the phone referenced their timeshare address and said they had an interested buyer in Mexico. Would they possibly be interested in selling it?

The Dimitruks had purchased the timeshare years ago, but it wasn’t fully paid off — they still owed roughly $5,000 before they could legally sell it. That wouldn’t be an issue for this buyer, the man on the phone assured them.

With a few days, their contact at a escrow company in New York called ecurrencyescrow[.]llc faxed them forms to fill out and send back to start the process of selling their timeshare to the potential buyer, who had offered an amount that was above what the property was likely worth.

After certain forms were signed and faxed, the Dimitruks were asked to send a small wire transfer of more than $3,000 to handle “administrative” and “processing” fees, supposedly so that the sale would not be held up by any bureaucratic red tape down in Mexico.

These document exchanges went on for almost a year, during which time the real estate brokers made additional financial demands, such as tax payments on the sale, and various administrative fees. Ms. Dimitruk even sent them a $5,000 wire to pay off her remaining balance on the timeshare they thought they were selling.

In a phone interview with KrebsOnSecurity, Mr. Dimitruk said they lost over $50,000.

“They kept calling me after that saying, ‘Hey your money is waiting for you here’,” said William Dimitruk, a 73-year-old retired long-haul truck driver. “They said ‘We’re going to get in trouble if the money isn’t returned to you,’ and gave me a toll-free number to call them at.”

In the last call he had with the scammers, the man on the other end of the line confessed that some bad people had worked for them previously, but that those employees had been fired.

“Near the end of the call he said, ‘You’ve been dealing with some bad people and we fired all those bad guys,’” Dimitruk recalled. “So they were like, yeah it’s all good. You can go ahead and pay us more and we’ll send you your money.”

According to the FBI, there are indeed some very bad people behind these scams. The FBI warns the timeshare fraud schemes have been linked to the Jalisco New Generation drug cartel in Mexico.

In July 2024, the FBI and the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) warned the Jalisco cartel is running boiler room-like call centers that target elderly people who own timeshares:

“Mexico-based [transnational criminal organizations] such as the Jalisco New Generation Cartel are increasingly targeting U.S. owners of timeshares in Mexico through complex and often yearslong telemarketing, impersonation, and advance fee schemes. They use the illicit proceeds to diversify their revenue streams and finance other criminal activities, including the manufacturing and trafficking of illicit fentanyl and other synthetic drugs into the United States.”

A July 2024 CBS News story about these scams notes that U.S. and Mexican officials last year confirmed that as many as eight young workers were confirmed dead after they apparently tried to quit jobs at a call center operated by the Jalisco cartel.

The phony escrow company the Dimitruks dealt with — ecurrencyescrow[.]llc — is no longer online. But the documents sent by their contact there referenced a few other still-active domains, including realestateassetsllc[.]com

The original registration records of both of these domains reference another domain — datasur[.]host — that is associated with dozens of other real estate and escrow-themed domains going back at least four years. Some of these domains are no longer active, while others have been previously suspended at different hosting providers.

061nyr[.]net
061-newyorkrealty[.]net
1nydevelopersgroupllc[.]com
1oceanrealtyllc[.]com
advancedclosingservicesllc[.]com
americancorporatetitle[.]com
asesorialegalsiglo[.]com
atencion-tributaria.[]com
carolinasctinc[.]net
closingandsettlementservices[.]com
closingandsettlementsllc[.]com
closingsettlementllc[.]com
crefaescrowslimited[.]net
ecurrencyescrow[.]llc
empirerllc[.]com
fiduciarocitibanamex[.]com
fondosmx[.]org
freightescrowcollc[.]com
goldmansachs-investment[.]com
hgvccorp[.]com
infodivisionfinanciera[.]com
internationaladvisorllc[.]com
jadehillrealtyllc[.]com
lewisandassociaterealty[.]com
nyreputable[.]org
privateinvestment.com[.]co
realestateassetsllc[.]com
realestateisinc[.]com
settlementandmanagement[.]com
stllcservices[.]com
stllcservices[.]net
thebluehorizonrealtyinc[.]com
walshrealtyny[.]net
windsorre[.]com

By loading ecurrencyescrowllc[.]com into the Wayback Machine at archive.org, we can see text at the top of the page that reads, “Visit our resource library for videos and tools designed to make managing your escrow disbursements a breeze.”

Searching on that bit of text at publicwww.com shows the same text appears on the website of an escrow company called Escshieldsecurity Network (escshieldsecurity[.]com). This entity claims to have been around since 2009, but the domain itself is less than two years old, and there is no contact information associated with the site. The Pennsylvania Secretary of State also has no record of a business by this name at its stated address.

Incredibly, Escshieldsecurity pitches itself as a solution to timeshare closing scams.

“By 2015, cyber thieves had realized the amount of funds involved and had targeted the real estate, title and settlement industry,” the company’s website states. “As funding became more complex and risky, agents and underwriters had little time or resources to keep up. The industry needed a simple solution that allowed it to keep pace with new funding security needs.”

The domains associated with this scam will often reference legitimate companies and licensed professionals in the real estate and closing businesses, but those real professionals often have no idea they’re being impersonated until someone starts asking around. The truth is, the original reader tip that caused KrebsOnSecurity to investigate this scheme came from one such professional whose name and reputation was being used to scam others.

It is unclear whether the Dimitruks were robbed by people working for the Jalisco cartel, but it is clear that whoever is responsible for managing many of the above-mentioned domains — including the DNS provider datasur[.]host — recently compromised their computer with information-stealing malware.

That’s according to data collected by the breach tracking service Constella Intelligence [Constella is currently an advertiser on KrebsOnSecurity]. Constella found that someone using the email address exposed in the DNS records for datasur[.]host — jyanes1920@gmail.com — also was relieved of credentials for managing most of the domains referenced above at a Mexican hosting provider.

It’s not unusual for victims of such scams to keep mum about their misfortune. Sometimes, it’s shame and embarrassment that prevents victims from filing a report with the local authorities. But in this case, victims who learn they’ve been robbed by a violent drug cartel have even more reason to remain silent.

William Dimitruk acknowledged that he and his wife haven’t yet filed a police report. But after acknowledging it could help prevent harm to other would-be victims, Mr. Dimitruk said he would consider it.

There is another reason victims of scams like this should notify authorities: Occasionally, the feds will bust up one of these scam operations and seize funds that were stolen from victims. But those investigations can take years, and it can be even more years before the government starts trying to figure out who got scammed and how to remunerate victims. All too often, the real impediment to returning some of those losses is that the feds have no idea who the victims are.

If you are the victim of a timeshare scam like this, please consider filing a report with the FBI’s Internet Crime Complaint Center (IC3), at ic3.gov. Other places where victims may wish to file a complaint:

Federal Trade Commission – https://www.ftccomplaintassistant.gov
International Consumer Protection and Enforcement Network – https://www.econsumer.gov/en
Profeco – Mexican Attorney General – https://consulmex.sre.gob.mx/montreal/index.php/en/foreigners/services-foreigners/318-consumer-protection

Read More

82% of all phishing sites target mobile devices, with 76% using HTTPS to appear secure

Read More

Learn about CIS Benchmarks Community Volunteer Rick Handley. Handley has been a Community Member for 10 years and has a background in Microsoft 365 security.

Read More

House GOP unveiled a bill to combat Chinese cyber threats to US infrastructure, led by CISA and FBI

Read More

Clever:

A malware campaign uses the unusual method of locking users in their browser’s kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware.

Specifically, the malware “locks” the user’s browser on Google’s login page with no obvious way to close the window, as the malware also blocks the “ESC” and “F11” keyboard keys. The goal is to frustrate the user enough that they enter and save their Google credentials in the browser to “unlock” the computer.

Once credentials are saved, the StealC information-stealing malware steals them from the credential store and sends them back to the attacker.

I’m sure this works often enough to be a useful ploy.

Read More

Adam Meyers, CrowdStrike VP for counter-adversary operations, appeared before a US congressional committee to answer questions about its July faulty software update

Read More

2024 Cyber Resilience Research Unveils Transportation Sector Challenges

New data illuminates how transportation leaders can prioritize resilience.

Transportation organizations find themselves at the intersection of progress and peril in the rapidly evolving digital landscape. The latest data underscores that the trade-offs are significant and pose substantial risks to transportation providers.

Get your complimentary copy of the report.

One of the foremost obstacles is the disconnect between senior executives and cybersecurity priorities. Despite recognizing cyber resilience as a crucial imperative, many transportation organizations struggle to secure the support and resources from top leadership. This lack of engagement hinders progress and leaves institutions vulnerable to potential breaches.

Meanwhile, technology continues to advance astonishingly, as do the risks posed by cyber threats. The 2024 LevelBlue Futures™ Report reveals this delicate balancing act between innovation and security within the transportation industry. Our comprehensive analysis identifies opportunities for deeper alignment between executive leadership and technical teams.

The Elusive Quest for Cyber Resilience in Transportation

Imagine a world where transportation organizations are impervious to cyber threats—where every aspect of an operation is fortified against disruptions. This is the lofty ideal of cyber resilience, yet it remains an elusive goal for many transportation providers. The rapid evolution of computing has transformed the IT landscape, blurring the lines between legacy systems, cloud computing, and digital transformation initiatives. While these advancements bring undeniable benefits, they also introduce unprecedented risks.

Our research indicates that 86% of transportation IT leaders acknowledge that computing innovation increases risk exposure. In a world where cybercriminals are becoming increasingly sophisticated, the need for cyber resilience has never been more urgent. From ransomware attacks to crippling DDoS incidents, transportation organizations operate in a climate where a single breach can have catastrophic consequences.

Exploring the Relationship Between Leadership and Cyber Resilience

Our survey of 1,050 C-suite and senior executives, including 150 from the transportation industry across 18 countries, highlights the pressing need for cyber resilience. The report is designed to foster thoughtful discussions about vulnerabilities and improvement opportunities.

In the report, you’ll:

Discover why transportation leaders and tech teams must prioritize cyber resilience.
Learn about the critical barriers to achieving cyber resilience.
Uncover the importance of business context and operational issues in prioritizing resilience.

Recognizing the Imperative of Cyber Resilience

Transportation leaders are called to chart a course toward greater security and preparedness. Reacting to cyber threats as they arise is no longer enough; organizations must proactively bolster their defenses and cultivate a culture of resilience from within.

Our research delves into the multifaceted challenges facing transportation organizations in their quest for cyber resilience. From limited visibility into IT estates to the complexity of integrating new technologies with legacy systems, transportation providers grapple with deep-seated barriers that hinder their ability to withstand cyber threats.

Download the report today.

Read More

2024 Cyber Resilience Research Unveils Manufacturing Sector Challenges

New data illuminates how manufacturing leaders can prioritize resilience.

Manufacturing organizations find themselves at the intersection of progress and peril in the rapidly evolving digital landscape. The latest data underscores that the trade-offs are significant and pose substantial risks to manufacturing providers.

Get your complimentary copy of the report.

One of the foremost obstacles is the disconnect between senior executives and cybersecurity priorities. Despite recognizing cyber resilience as a crucial imperative, many manufacturing organizations struggle to secure the support and resources from top leadership. This lack of engagement hinders progress and leaves institutions vulnerable to potential breaches.

Meanwhile, technology continues to advance astonishingly, as do the risks posed by cyber threats. The 2024 LevelBlue Futures™ Report reveals this delicate balancing act between innovation and security within the manufacturing industry. Our comprehensive analysis identifies opportunities for deeper alignment between executive leadership and technical teams.

The Elusive Quest for Cyber Resilience in Manufacturing

Imagine a world where manufacturing organizations are impervious to cyber threats—where every aspect of an operation is fortified against disruptions. This is the lofty ideal of cyber resilience, yet it remains an elusive goal for many manufacturing providers. The rapid evolution of computing has transformed the IT landscape, blurring the lines between legacy systems, cloud computing, and digital transformation initiatives. While these advancements bring undeniable benefits, they also introduce unprecedented risks.

Our research indicates that 83% of manufacturing IT leaders acknowledge that computing innovation increases risk exposure. In a world where cybercriminals are becoming increasingly sophisticated, the need for cyber resilience has never been more urgent. From ransomware attacks to crippling DDoS incidents, manufacturing organizations operate in a climate where a single breach can have catastrophic consequences.

Exploring the Relationship Between Leadership and Cyber Resilience

Our survey of 1,050 C-suite and senior executives, including 161 from the manufacturing industry across 18 countries, highlights the pressing need for cyber resilience. The report is designed to foster thoughtful discussions about vulnerabilities and improvement opportunities.

In the report, you’ll:

Discover why manufacturing leaders and tech teams must prioritize cyber resilience.
Learn about the critical barriers to achieving cyber resilience.
Uncover the importance of business context and operational issues in prioritizing resilience.

Recognizing the Imperative of Cyber Resilience

Manufacturing leaders are called to chart a course toward greater security and preparedness. Reacting to cyber threats as they arise is no longer enough; organizations must proactively bolster their defenses and cultivate a culture of resilience from within.

Our research delves into the multifaceted challenges facing manufacturing organizations in their quest for cyber resilience. From limited visibility into IT estates to the complexity of integrating new technologies with legacy systems, manufacturing providers grapple with deep-seated barriers that hinder their ability to withstand cyber threats.

Download the report today.

Read More

Some 3191 email addresses for congressional staff are available on the dark web

Read More