The Women Catching The Real Life ‘Tinder Swindlers’ | #cybersecurity | #conferences | #education | #technology | #infosec


Cybersecurity has found itself firmly in the spotlight this year thanks to Netflix’s smash hit The Tinder Swindler.

The documentary on Shimon ‘Simon Leviev’ Hayut and his romance scams shocked viewers around the world, but it also elicited a wave of misogynistic trolling from a corner of the internet with some viewers convinced only “gold diggers” could fall for such a brazen scam.

Simon Leviev’s crimes left the world in shock. (Credit: Netflix)

To mark International Women’s Day 2022 and its theme of ‘breaking the bias’, Tyla spoke with two women about why representation in the industry is so important, and some of the mindblowing scams they’ve investigated.

Dr Kiri Addison, 34, Cambridgeshire, UK, head of data science for threat intelligence and overwatch at Mimecast

Kiri wants to see more women working in cybersecurity. (Credit: Kiri Addison)
Kiri wants to see more women working in cybersecurity. (Credit: Kiri Addison)

Kiri has always loved computers and technology. She got into gaming at a young age and even built her own PCs. “I didn’t always know I was going to work in cyber, I just followed the subjects I was good at and enjoyed which was a mix of math, science and electronics,” she tells Tyla.

After finishing university and a PhD in physical chemistry, she began searching for a job in the technology sector and was “drawn” to fraud and cybersecurity.

With such a large proportion of men working in cybersecurity, Kiri says she is often the only female speaker at the conferences she attends. When it comes to day-to-day work, she rarely gets the opportunity to work with other women directly.

One case Kiri remembers well involved a cyber attacker impersonating a CEO to force employees to send gift cards.

Kiri has always loved technology. (Credit: Kiri Addison)
Kiri has always loved technology. (Credit: Kiri Addison)

Leviev famously pressured his victims into sending huge sums of cash through bank loans and pawn schemes, but Kiri says this is not always the case. Requesting gift cards “in the low thousands” is much more manageable for attackers because “in comparison to a massive wire transfer request, they are relatively easy to get hold of, have less chance of raising suspicion and are harder to trace”.

In this case, the attacker did just that. They impersonated the CEO and sent employees at the company, which Kiri cannot name, asking them to complete an urgent task through email.

The attacker made the CEO’s name appear as the email sender and included a signature from the CEO. “This is a very common tactic,” Kiri explains. “As this occurred pre-pandemic, everyone was still in the office. In order to minimise suspicion, the attacker wrote in the email that they were stuck in a meeting so were unable to discuss the request face to face. This would have blown the attacker’s cover.”

Kiri said she's often the only woman at the conferences she attends. (Credit: Kiri Addison)
Kiri said she’s often the only woman at the conferences she attends. (Credit: Kiri Addison)

After the employees realised something was amiss and contacted Kiri to get involved, an investigation took place in which she looked for “general indicators and tactics” the attacker used. 

“On this particular day of the cyberattack, the employees were busy and covering for absent staff members which meant that they were preoccupied. This attack involved a lot of social engineering as there was the CEO impersonation, the time pressure and the added sense of urgency that was conveyed by the language the attacker used.”

These three markers of social engineering were also used by Leviev on his victims too. “Another point to highlight is the victim shaming element. We tend to forget that these scammers are professionals, and anyone can fall victim to it. It is worrying that despite the financial loss and psychological trauma caused by these scams, a lot of the victims are reluctant to come forward and speak out because they fear they will be blamed or accused of being too naïve for being targeted by such fraudsters.”

Kiri wants to see more women working in cybersecurity and believes there is an unconscious bias running through the recruitment process, in which men tend to hire people who represent them – other men. 

The best way to break the bias, Kiri says, is to start at school and encourage more girls to follow careers in tech. “The problem can’t be fixed solely by the industry, it starts much earlier at home and at school where gender stereotypes are enforced, and women are discouraged from pursuing a path that could lead to a career in cyber.”

Jane Lee, 33, San Francisco, USA, researcher at fraud prevention company Sift

Jane has discovered a new type of romance scam. (Credit: Jane Lee)
Jane has discovered a new type of romance scam. (Credit: Jane Lee)

Jane went through phases of aspiring to be a doctor, lawyer or princess as a child but cybersecurity is ultimately what she ended up doing. “Secretly I’ve always wanted to be a detective,” she tells Tyla. “As a child, I watched every single crime show on television, and was fascinated at how investigators were able to piece different pieces of information together to bring criminals to justice.”

A lot of the same principles go into Jane’s job working in cybersecurity. “I am deeply passionate about protecting people and businesses from crime, and I get to do that everyday in my current role helping online businesses fight back against bad actors trying to steal from them and their customers. The work is challenging because we are in an adversarial space, but also incredibly rewarding when you know that you’re helping others.”

Jane recently found a new type of romance scam called “pig butchering”. The term itself was coined by scammers and translated from Chinese.

Jane explains: “They refer to their victims as pigs which they are plumping up and preparing for slaughter. It is completely morbid.”

It combines romance scams with cryptocurrency and has “surged” in popularity in recent years. “In the same way we insist people understand financial instruments like credit cards and the stock market before they jump in, we should be doing the same with cryptocurrencies,” Jane warns.

Jane considered becoming a princess before deciding to work in cybersecurity. (Credit: Jane Lee)
Jane considered becoming a princess before deciding to work in cybersecurity. (Credit: Jane Lee)

The criminals behind this con spend months gaining online daters’ trust, using romance and the potential of cash windfalls to swindle victims out of their savings by asking them to buy cryptocurrency on legitimate websites like Coinbase or before the scammer ultimately takes their money.

Part of Jane’s job is to research new and emerging types of scams and fraud attacks. “As a dating app user, I quickly recognised what I was seeing, and realised that it was an incredibly prevalent problem. I rolled up my sleeves and went undercover to understand the inner workings of what was going on.”

While Jane cannot go into specifics on any particular case, she has seen victims losing up to $300,000 USD (£225,646.50) to pig butchering. She’s still investigating the people behind this emerging scam.

“From my research, it seems that women have been the primary targets, however, I have also started hearing stories of men who have fallen victim. 

Jane is investigating 'pig butchering'. (Credit: Jane Lee)
Jane is investigating ‘pig butchering’. (Credit: Jane Lee)

Like Kiri, Jane says women are “definitely underrepresented” in the industry and there’s still “a lot of work to be done”. With the theme being ‘breaking the bias’ this year, Jane hopes that the industry will do more to avoid women becoming “tokenized”.

She said: “The industry should be more intentional about involving women in a meaningful way; not just to check a box for a diversity metric. Women are smart, strong and empathetic, and deserve chances because they are capable.

“A few ways I overcome gender biases is by pointing it out when I see them, using effective communication tools I’ve learned, and challenging others to think of tangible actions they can take to confront their own biases” 


Source link