Crime Fraud

The CEO scam still reigns--and guitar store cyber-grifts prove it could get you too...

Several years ago--well before COVID--I began encountering the CEO social engineering scam on scale.

And nobody--literally nobody (but a few dedicated lawyers)--believed me.

The typical line was that this was sensationalism, marketing driven by fear, etc. The skepticism was so sharp, in fact, that at a joint presentation to the legal community of a certain city--together with top lawyers who had worked with me on a case involving millions of diverted euros--lawyers (including partners) at other companies exclaimed (in the midst of our presentation) that such scams were "not possible;" that this was "surely a nasty exaggeration," etc., etc.

In fact, they were most definitely wrong. And ignorant. And perhaps biased. And this would not be the last time, as a recent article on real estate scams for a major publication also drew blowblack from notaries and lawyers in CEE... out of principle. I guess.

But that's a blog for another time. For as more and more criminal lawyers came face-to-face with the CEO scam (and these are incredibly costly "prekrety" that are well-funded, and which can sink a company over night), knowledge of social engineering in the world of business became de rigeur.

Only it didn't, as businesses (and CEOs) continue to disbelieve, continue to get taken, continue to trust in anti-virus software or their own gut instincts or their own naivety--for the forces working against them are in fact, very well-funded, tireless... and smart. As in street smart.

And in the world of scams--whether this be social engineering or cyber-crime, street smarts (and hard work) go a long way.

But this week a cyber-scam caught the eye of Yours Truly, and this scam showed the type of incredibly thorough hard work that fools a top CEO 99.9 times out of 100. As well as almost everyone else.

I'll post examples below, but first, a quick review of just how the social engineering grift works.

Grandsons and nephews...

Think "the grandma scam" in that the origins of social engineering could well be the young supposed grandson, great grandson, nephew, etc. who appears at an elderly woman's home and convinces his victim that 1) he is bona-fide and 2) that he needs money. Traditionally, such convincing could lead to outright robbery or worse, but present day nephew-scams often focus on gaining credit card information, bank account numbers or even selling cheap knock-offs for prime cash (such as water pumps, washing machines, etc.) to the old and unwary.

So what does this have to do with the CEO scam? It all goes back to social engineering--i.e. faking a relationship and then quickly taking advantage of said relationship. Thus when pro-scammers target a company, they do all that is necessary to convince a hurried CEO that a business deal is on the up-and-up. This may mean there is an insider whom they have planted or paid off to gain valuable knowledge re business partners, the structure of orders and invoices, as well as the actual names of bona-fide buyers or sellers who work with the company.

In other words, they do their research. Company X will contact the victim using mail, standard orders or sometimes even paid impersonators who imitate voices during direct calls. (Yes, this actually does happen). They will hack into email trains, spoofing communication and billing to the finest detail. [Ed. note--a variant of this is the "representative" of a real estate or investment fund, who typically did work in the sector and who works a scam with falsified documents, reports and even bank information showing ongoing gains.]

Scammers have also shown the ability to time fake orders for goods just before long weekends, contacting CEOs directly in an effort to get victims to override standard protocols in order to send the good now on the promise that the payment or down payment will arrive after a long weekend.

A real time example of spoofing...

As might be imagined, the above also has a key IT element. This includes (as mentioned) breaking into email communications in order to spoof the identity of a bona-fide business partners--which invariably means a spoofed website to back up said mails.

This in the past was a weakness that could often be quickly exposed. In short, check the email address itself or use the website listed in the mail and see if it matches. Often the first page or two of a website would indeed add up, but dig a little deeper and such websites would fall apart. There would be misspellings, poor grammar, erroneous information and two clicks in the site simply would not work.

Yet social engineering scams pay well, and gangs now have sizeable budgets to hire real help. And there is AI, which enables quick programming faster than ever. Which means that the common CEO Joe--who in his defense is just trying to run a business--can indeed be fooled even if diligent.

And below is exactly such an example.

The scam that almost had me hooked...

Again, CEOs get scammed. They are not by-and-large dumb guys. Successful CEOs tend to be smart, driven, in a hurry and always out for a good deal.

Good grifters, however, are also smart. And they know their target market.

Quite well.

And they also put the work into websites, as I once again discovered this very week. Take a look at the site below. This is a spook of Thomann.de or Thomann. pl, whichever you like It appeared on my personal Facebook feed, which does constantly hit me with guitar ads, guitar-effect ads and gear ads in general. (Yes, one day we'll talk about that, but let's just say... cookies and Facebook. They know what we want).

Now here is the first hook. The Facebook advertisement noted a sale. Great. Like even the billionaire CEOS, I'm always on the lookout for a good deal. Ok, I'm hardly a billionaire CEO, but you get the picture. One click and I was at a Thomann Sale site. Which was complete with a security lock on top and looked EXACTLY like the standard Thomann site--apart from the address. Here I typed in "firebird," as I'm always on the lookout for that type of guitar.

The  following appeared:

 

Now here is a bit of back story. This is an interesting guitar in that Epiphone came out last year with an admirable copy of the legendary Gibson Firebird. Yet there is a hook. This version of the guitar has a laurel fretboard. Now this may not mean much to non-guitar types, but had it come with rosewood, Yours Truly, might well have snatched it up for PLN 8,000 last year.

Yet only months ago Epiphone came out with an improved rosewood edition--which theoretically could mean that stores such as Thomann would decide to purge last year's edition, as the new version is about the same price.

Yet... alarm bells immediately went to ringing. Nobody cuts prices like this (see below):

So I scrolled through the pics, and--unlike most scam sites--they were all there.

At this point, I also checked the specs. And, surprisingly, they all matched, although slight spelling errors began to appear.

But still, there was further background information working on my psyche. Recently, a very well-known giant in the industry in the UK went belly up. And the US President Donald Trump tariffs have wreaked havoc in the industry.

So could this be a real sell-off? An act of desperation by legitimate seller caught off guard? And a chance for Yours Truly to pick up a cool guitar extremely cheap.

Well, here, I admit, I wanted it. I needed it. Much like a CEO hit with the social engineering scam who quickly checks a website to make sure a last-minute order is for real.

But hey, I am actually a licensed detective. Which means that by definition I believe absolutely nothing on the internet.

So I went still deeper. After all, if an Epiphone was so cheap, maybe they had deals on real Gibsons.

At this point, the following appeared:

And then I checked a Gibson that I am quite familiar with... a 50s Goldtop with P90s.

Now there are a few things to pick up on here. Notice that 1) the price is stupidly cheap (and this is a guitar that can be sold for real money on the used market--as even the most naive, thieving heroin addict would ask for more than that.

But also note the psychological pressure that has kicked in. That red bar with the timer was running like a stopwatch. An even more impressive effect was the number of "people watching" the sale, and that number was also changing.

And no matter how deep I drilled, the website held up in terms of information and functionality. I even tested the "basket" (although no, I did not put any personal information in the blanks, such as credit card numbers), and nothing truly seemed amiss... apart from the low price, of course.

Now I was generally curious. By this time I was 300 percent convinced this was a scam. But the thoroughness and depth was (let's say, morbidly) a marvel. So I ran Gibson Firebird V non-reversed--a dream guitar for a meager detective type such as yours truly.

And yes, there it was. But this time the scammers got it wrong. Below is a bona-fide non-reverse with accurate information and an accurate original list price.

Yet the scam site listed an original price as far too low. And the new "it's a steal" price was a joke.

So I finally took the step that a CEO scam victim often cannot (simply because manufacturing, for example, is not retail--but that's an explanation for another time). But put more simply, I checked for scam notices indicating that Thomann has been targeted. Rather quickly, guitar forum comments said to double-check the websites, and also on Instagram the following appeared.

So there you have it. Thomann was being target, and it even warned about Facebook fraud.

So let that be a lesson to me.

Yet the deeper lesson goes back to the CEO scam I've been (in very long-winded fashion) attempting to hammer home.

First, the grift is an art, and the true grifters put the work in. They will prey upon you, and they definitely can fool you even if you are an expert in a sector.

Second, they spend real money. Perhaps this was AI fueled and enabled (almost certainly this was the case), but this example honestly took a spoofed website to completely new levels.

Third, there often is a second modus operandi. As payment could possibly be traced, I seriously doubt a "transaction" worth only a few hundred Polish zlotys would go through (although there are methods to pull this off). More likely, the scam's first or secondary goal (and I did see still other versions of the fake site) is to scoop up credit card information in order to conduct widespread illegal product buys en-masse or even to simply sell said information to other crime groups.

This is not unlike a social engineering scam in Central Europe. We have seen these used to divert goods, hack accounts, divert payments--but stolen goods have also then been used in VAT carousel scams.

Which is very, very bad news for a victim.

But what can I say... This was/is ugly, but it was/is all but a work of art.

Which means... be smart. Keep your guard up.

Don't be fooled.

And don't be quick to judge either.

I can't say it almost happened to me. But had this been a younger, less-experienced version of me...

It could have.

Preston Smith is a licensed investigator based in Gdansk, Poland. He can be reached at query@cddi.pl.

Photo credit: still from the American drama film Sherlock Holmes (1922) with John Barrymore, on page 41 of the May 13, 1922 Exhibitors Herald.Goldwyn Pictures, Public domain, via Wikimedia Commons.

 

 

Leave a Comment

Your email address will not be published.

Start typing and press Enter to search