So far, 2022 has been the year of the scammer—for streaming services. From deception in romance to fake identities and hustling investors, three of the most high-profile cases of fraud have captured audiences for their shocking yet entertaining storylines, as depicted by The Tinder Swindler (a Netflix movie) The Dropout (Hulu series), and Inventing Anna (Netflix series).
These bingeable programs depict a unique type of fraud—each of them masterminded and executed by a threat actor who exploits their victims for profit (and now, notoriety).
Though their entertainment value is high, so too are the risks these smash hits depict: romance fraud, fraud against investors, synthetic identity fraud.
The Tinder Swindler: Romance and love fraud
Simon Leviev, a conman from Israel, aptly earned himself the nickname “Tinder Swindler” after using Tinder to find victims for his schemes. Pretending to be the wealthy son of a Russian-Israeli diamond mogul, he connected with women that he would initially spend time wooing with a lavish lifestyle (funded by his previous victims), including luxurious gifts and trips on private jets.
After a sufficient amount of time emotionally manipulating his victims and faking a deep romantic connection with them, Leviev would send messages and images indicating that he had been physically attacked and was being targeted by his “enemies.” As a result of the attack, he would claim he could not use his credit cards or access his bank accounts, and would request for the women to send him money to help get him out of danger with promises to pay them back.
Leviev’s ploy essentially operated as a Ponzi scheme, wherein he would use the money he received to bring in new victims. He forged bank documents indicating that he had paid them back the money they gave him before totally cutting contact with them. It is estimated that he received around $10 million from the women he scammed.
Leveraging love for financial gain is not a new occurrence. Romance scams have been around since long before the Internet, although that has made it easier to “connect” with people you don’t know and give you access—or make you accessible—to a larger group of strangers.
Once a lovestruck victim bites, there are plenty of ways a threat actor can take advantage. From stealing personal data to asking for money to be transferred directly to them, this unprotected information invites fraud and leaves victims vulnerable to long-lasting harm. Here are some of the most common tactics, techniques, and procedures (TTPs) threat actors use to profit off of love, which landed romance and confidence scams in the top ten most recorded complaint types by the FBI’s Internet Crime Complaint Center.
The Dropout: Fraud against investors, wire fraud
Elizabeth Holmes is a former biotechnology entrepreneur who founded and acted as CEO for Theranos, a now-defunct health tech company that claimed to have invented a way to perform blood testing with only a fingerprick’s worth of blood. Unfortunately, the tests were inaccurate and ultimately useless, prompting Holmes and other Theranos executives to demo fake results in order to generate more interest from investors.
Love may be blind, but threat actors always have their eyes open for the next opportunity to strike.
While she initially gained fame for being the world’s youngest self-made billionaire and an overall success story, when it was revealed that the company had lied about the success of its product, numerous lawsuits were taken against the organization. This has led to Holmes’s prosecution and banning from being in an officer or director role for a public company for 10 years, along with copious fines and an unceremonious stripping of her accolades as a tech wunderkind.
There are many types of business fraud that target both the organizations themselves and adjacent parties, like individual employees and investors. While Holmes and her conspirators most closely align with insiders, who work from within an organization to leverage known information either for profit or to act on some personal grievance, external threat actors are also capable of bringing harm to your assets and infrastructure.
Without a proper threat intelligence process that includes procedures for monitoring, detecting, and responding to the risks that may target your organization, the door is left open for open for threat actors to successfully exploit any risk apertures and vulnerabilities that may be present, be they technical or personnel-related, and do damage that harms your users, your investors, your reputation, and your business.
Inventing Anna: Identity fraud and theft of services
Anna Sorokin is a Russian-born German fraudster and con artist who, upon her relocation to New York City, created a new identity for herself. To the new friends she made, she was Anna Delvey, an up-and-coming socialite and heiress worth millions. She used her assumed status to make connections with more of the city’s elite and receive financial favors from friends with promises to reimburse them for the things they paid for her, like plane tickets and hotel accommodations.
She used fake bank statements to substantiate claims of her high net worth to her friends, and later applied for loans of up to $22 million using the falsified documents. She lived lavishly despite the myriad of financial issues she was dealing with behind the scenes, and eventually ran out of money, leading her to deposit fake checks in an attempt to recover more funds.
Her scamming came to an end when she was caught in a sting operation, which involved NYPD and the Manhattan District Attorney’s office, as well as help from one of her ex-friends to facilitate the plan. It’s estimated that she profited roughly $275,000 by defrauding financial institutions, banks, hotels, and the individuals she had met and befriended.
Sorokin’s schemes targeted both individuals and higher-profile organizations through synthetic identity fraud, which fabricates a totally new fake identity, as opposed to stealing someone else’s real identity. By taking advantage of weak points in companies’ security processes, like KYC processes that verify an individual’s personal information before serving them as a customer, it’s possible to profit before the organization realizes the attack.
Sorokin is notable in part because of how far she was able to take her fraud, spending significant amounts of time building up “credit” with organizations using her fake identity. This enabled her to move to more serious offenses, like applying for and taking out loans under her forged name.
Detect fraud and protect your assets with Flashpoint
Whether for love or business, fraudsters will use whatever they can to cash out and take advantage of unsuspecting parties that don’t properly protect themselves and their assets from scams. Start your free trial to see how Flashpoint can help you leverage intelligence to protect your organization from threats like romance, business, and identity fraud.