Account Takeover Fraud

Don't wait until it's too late – take control of your account security with Watch Your Pocket's guidance and expertise. Contact us today to learn more about our account takeover fraud protection services and take the first step towards a safer and more secure financial future. With Watch Your Pocket, you can protect what matters most.

AI-Powered Account Takeovers: A Growing Threat to Online Security

In the ever-evolving landscape of cybercrime, account takeover (ATO) attacks have emerged as a significant threat to online security. These sophisticated attacks involve gaining unauthorized access to user accounts, often for the purpose of financial gain or identity theft. While traditional security measures like passwords and multi-factor authentication (MFA) still play a role in preventing…

View On WordPress

Beyond Passwords: Enhancing Security to Prevent Account Takeover Fraud

From banking and shopping to social media and email, we rely on online platforms that require user accounts. However, the increasing risk of account takeover fraud has brought to light the limitations of conventional password protection. Users and businesses alike are at risk when hackers are able to gain access to private accounts, a growing threat that can only be stopped by advanced security options beyond passwords.

The Rise of Account Takeover Fraud

Account takeover fraud occurs when unauthorized individuals gain access to user accounts and exploit them for malicious purposes. This type of fraud has become increasingly prevalent due to several factors, including weak passwords, phishing attacks, data breaches, and social engineering tactics.

The consequences of account takeover fraud can be severe, ranging from financial loss and identity theft to reputational damage for both individuals and businesses.

Limitations of Password-Based Security

Traditional password-based security measures have several inherent weaknesses that make them susceptible to account takeover fraud. Some of the key limitations include:

Password Reuse: Users often reuse passwords across multiple accounts, making it easier for attackers to gain access to multiple platforms if one account is compromised.

Weak Passwords: Many users choose weak passwords that are easy to guess or crack, providing attackers with an opportunity to exploit their accounts.

Phishing Attacks: Phishing attacks, where attackers impersonate legitimate entities to trick users into revealing their credentials, have become increasingly sophisticated and successful.

Data Breaches: Large-scale data breaches have exposed millions of user credentials, providing attackers with a vast collection of username and password combinations to exploit.

Multi-Factor Authentication (MFA)

Multi-factor authentication is a robust security measure that adds an extra layer of protection beyond passwords. MFA requires users to provide additional evidence of their identity, typically through something they know (a password), something they have (e.g., a smartphone or hardware token), or something they are (biometrics). By combining multiple factors, MFA significantly reduces the risk of account takeover fraud.

Adaptive Authentication

Adaptive authentication leverages machine learning algorithms to analyze various factors, including user behavior, device information, and location, to determine the risk level associated with a login attempt.

This approach allows for dynamic authentication policies that can trigger additional security measures, such as step-up authentication or blocking suspicious login attempts. By adapting to evolving risk factors, adaptive authentication provides an effective defense against account takeover fraud.

Behavioral Biometrics

Behavioral biometrics analyze unique patterns in user behavior, such as typing speed, mouse movements, and touchscreen gestures, to establish an individual's identity. This technology creates a biometric profile unique to each user, which is difficult for attackers to replicate. Behavioral biometrics can work silently in the background, continuously verifying a user's identity, and raising alerts if suspicious activity is detected.

Risk-Based Authentication

Risk-based authentication uses risk assessment algorithms to evaluate the likelihood of fraudulent activity based on various factors, such as login location, IP address, device information, and user behavior.

By assigning risk scores to login attempts, organizations can implement adaptive security measures. For example, if a login attempt exhibits a high-risk score, additional verification steps can be triggered to ensure the legitimacy of the user.

Conclusion

By embracing advanced security measures like multi-factor authentication, behavioral biometrics, and continuous authentication, we can fortify our defenses. It's time to move beyond passwords and pave the way for a safer and more secure digital future.

Bank Account Takeover Fraud: Key Tactics You Need to Know and How to Prevent it

Account Takeover (ATO) attacks are on the rise, affecting an estimated 24% of companies globally. In the United States, 22% of the adult population, equivalent to 24 million people, report falling victim to this type of incident. 

It is projected that ATO fraud will result in losses exceeding USD 343 billion globally between 2023 and 2027, according to research from the American Bank. The financial industry is a primary target for fraudsters, with 84% of financial institutions having already faced this digital threat, resulting in losses amounting to 8.3% of their annual revenues, as per the Aberdeen Group's study.

Now, delving into the matter, what exactly is account takeover, and how is this form of fraud evolving?

What is an account takeover attack?

Account takeover (ATO) is a form of fraud in which cybercriminals illicitly access and take control of users' bank accounts to perform unauthorized transactions, transfer funds, or engage in other malicious activities.

To execute this type of crime, fraudsters will typically need to be able to access or fake at least one of these three things:

Username and Password: The most prevalent method for breaching accounts involves using stolen or leaked combinations of usernames and passwords. The risk is heightened by weak or reused passwords, underscoring the importance of users employing robust, distinct passwords for each of their accounts.

Phone Number: This is exploited by fraudsters to gain access to the second factor for authentication (2FA). By compromising the victim's phone, cybercriminals can intercept authentication codes sent via messages, circumventing additional security layers. 

Phones can also be manipulated by fraudsters leveraging accessibility permissions, enabling control of the victim's device through malicious apps that monitor all displayed content and provide access to other installed apps.

Email Account: Email accounts play a pivotal role in account recovery processes. Fraudsters who gain access to victims' emails can reset passwords for various accounts linked to the email address.

Such information is obtained through techniques such as:

Social Engineering Attacks: Fraudsters manipulate users to expose data, infect devices with malware, or gain access to restricted systems. Phishing or spear-phishing is an example of this type of threat and is the most common in ATO. In these attacks, criminals send messages or emails that appear to be from legitimate sources, such as banks or trusted organizations. These messages often contain links to fake websites/apps created to collect confidential information or to trick the user into installing malware. According to some estimates, more than 3.4 billion malicious emails are sent every day.

Brute Force Attack: fraudsters employ a trial-and-error method to uncover login information. Through relentless attempts, they systematically work through all conceivable combinations in the hopes of stumbling upon the correct credentials. They may also use tools to automate the attack.

Credential Stuffing: Fraudsters use bots to test combinations of usernames and passwords on various sites. For instance, they might test the credentials of an e-commerce account on a banking account, taking advantage of people often reusing passwords across different platforms. This implies that if one account is compromised, others are also at risk.

SIM Swap: Criminals deceive the victim's mobile carrier and convince them to transfer the mobile number to a new SIM card, to which only they have access. This allows them to receive authentication codes and control accounts linked to the victim's phone

Exploring a New and Alarming Tactic: Accessibility Permissions Exploit

As technology advances, the techniques employed by fraudsters to execute account takeover (ATO) attacks evolve into increasingly sophisticated forms. Fraudsters consistently alter their strategies to outwit security systems, posing a constant challenge for detection and prevention.

Beyond the methods mentioned above, there's a new and particularly alarming tactic at play: fraudsters now exploit accessibility permissions for Account Takeover (ATO). Unlike traditional tactics, where fraudsters need access to email accounts, usernames & passwords, or a phone number to execute the fraud, this new approach allows them to gain remote control access to users' devices. Scary, right? Before delving into the details of how this works, let's understand what it is.

Accessibility features are available on Android and iOS operating systems to assist users - such as individuals with disabilities and the elderly - in using their smartphones. The functionalities include screen readers, voice commands, keystroke capturing, and other assistive technologies.

In order to use these services, accessibility permissions must be granted which gives applications full access to the user's device. While enabling accessibility permissions is crucial in this case, users also risk compromising their data. This is because, if used by fraudsters, it can become a tool for malicious activities.

Fraudsters are increasingly abusing this feature to take control of smartphones and commit fraud. When this happens, users become unable to uninstall the app or even restart the device.

Here's how the abuse of accessibility permissions looks like in action:

1. A user installs malware through a phishing link received via email or SMS, disguised as a legitimate app.

2. The malicious app initiates push notifications, urging the user to grant accessibility permission.

3. The user grants permission, enabling the fraudster to take control of the device (monitoring everything on the screen, keystrokes, and all installed apps).

4. The cybercriminal accesses the list of installed apps, collecting data the user types or displays (login credentials, passwords, credit card numbers), and intercepts authentication codes.

5. Armed with this information, the fraudster infiltrates the victim's bank account, conducting fraudulent transactions and pilfering funds.

Throughout the attack, the malware exploits accessibility services to:

Spy on user activity

Prevent the removal of the malicious app, whether from the home page or settings

Evade suspension or shutdown of the process

Impact of Bank Account Takeover Attacks (ATO) 

In the world of digital banks, where all transactions happen online, account takeover (ATO) fraud is a big issue.

Here are the main impacts of this type of fraud:

Financial Losses: Account takeovers result in financial losses for both financial institutions and the customers whose accounts have been compromised.

Data Breach: A successful ATO often entails the breach of the user's confidential information. This may include login credentials, personal details, and financial data. The exposure of such information can lead to severe consequences for the affected individuals and erode trust in digital banking services.

Identity Theft: By gaining control of a user's account, fraudsters can impersonate the account holder, allowing them to commit various other identity-related crimes, such as applying for loans, credit cards, and other financial frauds in the victim's name.

User Trust Erosion: Customers expect their financial institutions to deliver reliable services, ensuring the security of their data and money. An account takeover incident can fracture trust and prompt users to close their accounts and migrate to competitors.

How to prevent ATO and ensure the security of users’ accounts?

Protecting your banking app and your customers' accounts from account takeover fraud is crucial, and this involves implementing fraud prevention software with a proactive approach to the constant and evolving problem.

SHIELD’s device-first risk intelligence solution is powered by cutting-edge device fingerprinting and the latest in AI & machine learning algorithms. It identifies fraud at its root and analyzes thousands of devices, network, and behavioral data points to provide actionable insights in real time. Our technology enables the detection of account takeover attempts through the combination of features:

SHIELD Device ID

Identifies each physical device used to access your banking application. It is extremely accurate and persistent, detecting when a fraudster attempts to mask the device fingerprint or reset the device to appear as new.

Our proprietary device fingerprinting technology is key to detecting and eliminating account takeover attacks. It flags suspicious devices and configurations that indicate someone is attempting to forge a device to access an account.

SHIELD Risk Intelligence

We continuously profile each device session, returning real-time risk signals to provide a comprehensive picture of user activity in your ecosystem. This involves detecting abuse of accessibility permissions and precisely identifying when a good user suddenly displays signs of fraudulent behavior. The tools utilized for such activities  can include autoclickers, screen sharing, and emulators — clear indicators of an accessibility permissions exploit.

We enrich your data models with accurate device signals that identify the use of malicious tools and techniques employed in account takeover (ATO) attacks, such as emulators, app cloners, virtual OS, GPS spoofers, among others.

Our technology also ensures that your platform stays ahead of fraudsters with our Global Intelligence Network: a continuously updated library containing all fraud patterns we have encountered, as well as the latest malicious techniques. With over 7 billion devices and more than 1 billion user accounts analyzed worldwide, we leverage this intelligence to synchronize real-time attack patterns, ensuring a proactive approach to fraud prevention.

Bank Account Takeover Fraud: Key Tactics You Need to Know and How to Prevent it

cole (@ColeThereum) / Twitter hacked!

🎭 Account takeover alert!

✅ Real /pudgypenguins.com

❌ Fake /pudgypenguins.app ❌ Fake /pudgypenguins.center ❌ Fake /entertheigloo.com

⛔ Careful, scammers have hacked various famous people’s accounts on social media sites like Twitter and are promoting bogus “airdrops” by tagging users in the scammy threads to gain “traction” and lure users into opening malicious wallet drainer pages !

⚠ Those are all scams!

💸 Interacting with such sites will result in loss of all assets! Stay away from those scams!

http://brandefense.io/ - Devasa+ (2)

Our platform, which aims to protect your websites, offers you many detailed analyzes. Thanks to our attack surface management panel, it is possible to analyze all kinds of attacks. Fraud protection, which is used by thousands of people, makes it easier for you to follow internet attacks. Many people who do account takeover detection research are on our website.

Thanks to our analysis methods against different types of attacks, you can protect your sites and applications. Botnet intelligence is becoming the reason of choice because it predicts all kinds of attacks. Our platform, which offers protection to sites and applications, helps you monitor all leaks thanks to its data leak monitoring panel.

A small Kansas town is reeling after a baby-faced 23-year-old manipulated procedural technicalities to reinstall himself as mayor in one night, seemingly taking a page from the playbook used by former President Donald Trump after he was voted out of office.

Only, this time, it worked.

“People have said this reminds them of Germany in 1935,” Jeffery Jones, whose bid for a council seat in Goddard, Kansas, collapsed last week as Hunter Larkin abruptly took control, told The Daily Beast. “Like, ‘Hey, we don’t like you anymore and we’re gonna vote you out and put our own person in.’”

The convoluted machinations by which Larkin maneuvered his way back into power were described as “essentially, a coup” and reminiscent of a totalitarian regime, according to one recently departed council member. And while Goddard, a Wichita suburb with a population of just under 5,400, isn’t necessarily going to influence policy shifts on a national scale, the strategy used by Larkin—a right-winger who last year promoted an appearance in Goddard by accused sex pest and conservative kingmaker Matt Schlapp—could serve as a stark warning of what’s possible elsewhere.

“I have to hand it to Larkin,” Wichita Eagle columnist Dion Lefler wrote. “I’ve covered cities for a long time and have seldom seen a political takeover that was this sleazy, and yet this well-orchestrated.”

Larkin’s improbable ascent to office can be traced back to August 2020, when the then-mayor of Goddard stepped down amid a fraud charge for counterfeiting tickets to the local zoo’s “Zoobilee” charity fundraiser. Then-21-year-old City Council President Hunter Larkin was appointed to the job.

In November 2021, Larkin, who by day works as an accounting manager for a fiberglass oil field pipe manufacturer owned by a wealthy local family that has helped fund his political aspirations, was busted for DUI. He later pleaded guilty, receiving a sentence of probation and staying on as mayor until May 2022, when he resigned in the wake of a news report calling his ethics into question. Larkin said he was leaving office to focus on a statehouse run, but kept a seat on the city council.

“This campaign is about giving a voice to the people of our community and defending what so many of us hold dear, like voter integrity, the right to bear arms, protecting the unborn and keeping Critical Race Theory (CRT) out of schools,” Larkin’s campaign website thundered. “As your next Representative, I can promise that I will fight for just that!”

Vice-Mayor Larry Zimmerman was then appointed Goddard’s mayor, and has filled the position since—until last Tuesday night.

The agenda for that evening’s city council meeting didn’t appear particularly unique, at least on the surface; members would, among other things, consider a sign regulation amendment, discuss a road closure request for a Lions Club car show, and appoint a new city councilperson after a councilman named Michael Proctor relinquished his seat on Dec. 31.

Zimmerman nominated Jeffery Jones, who works as a hospice chaplain, for Proctor’s old job.

However, the vote ended in a tie. So Zimmerman instead nominated Aubrey Collins, a radio host and residential solar panel salesman who goes by “Cowboy Rip.” Collins’ candidacy was approved, and he was sworn in.

And, according to Jones, “That’s when everything kind of went haywire.”

As Collins was being seated, Larkin, who lost his bid for the Kansas legislature, immediately moved to amend the agenda and hold a non-public executive session to discuss “unelected personnel.” According to Lefler, the newspaper columnist, Larkin was eager to cast out City Administrator Brian Silcott, who has been critical of him in the past.

At this point, Jones left, thinking the meeting was over.

“Had I known what would happen next, I would have stayed,” he told The Daily Beast. “Because when they came back, that’s when Hunter asked for the election of a new mayor.”

When they returned, Larkin swiftly proposed removing Zimmerman as mayor, a motion which was approved by all except Zimmerman himself. Vice-Mayor Sarah Leland was then installed as mayor of Goddard—briefly. She immediately addressed the others, saying she felt she did not have “the capability to do these job duties… especially the current situation we are dealing with, so I would like to nominate Hunter, as I feel he can complete the steps that need taking.”

And with that, Larkin became mayor, switching seats with Leland, now his second-in-command. Larkin quickly moved to oust Silcott, who he considered a fly in the ointment, prompting now-ex-Mayor Zimmerman to quit his city council seat in protest.

“Before you get to that point, I’d like to tender my resignation from the city council, effective immediately,” he said, and walked out.

The council then filled Zimmerman’s empty council seat with resident Keaton Fish, a support staffer at a local special-ed school. As he took his position, Larkin introduced a motion to terminate Silcott’s employment. They then went to a second closed session to discuss Silcott’s firing, where the decision was consummated. (The next day, Assistant City Administrator Thatcher Moddie resigned.)

“The day and age where unelected bureaucrats ran this town is over,” Larkin later exulted. “This governing body is going to be more involved than ever before.”

This, Jones argued on Friday, is wholly disingenuous.

“Hunter said ‘we’re tired of being run by unelected bureaucrats,’ but I’m like, ‘Well, you’re kind of unelected.’ He was elected as a council member, no one voted him in as mayor [either time]. And right now, there’s a petition out for a recall.”

The recall campaign was started by Proctor, the councilman who quit office on Dec. 31. He called the situation in Goddard “a disaster.”

“He needs to go,” Proctor told The Daily Beast of Larkin, adding that he was baffled by the vice-mayor’s support for his mayoralty.

He said he will need roughly 168 signatures to move the proposal forward, and feels confident he’ll get them.

“Look, there’s complete outrage over this,” he told The Daily Beast. “Getting those votes won’t be difficult, there are plenty of willing participants.”

Proctor has also started a Facebook group called “For Goddard’s Sake,” where he is organizing and rallying support.

“This city is a joke!” one commenter wrote. “in who’s right mind is DUI kid a good choice for mayor after not being re-elected.”

“[H]unter has made it clear that he intends to turn the city into a rental community by helping his developer buddies build as many multi family dwellings as possible,” wrote another. “This is a very clear pattern all in the name of ‘growth’ and it is going to fundamentally change this town. He and his gang now make a majority and will be able to approve whatever Hunter’s little heart desires.”

“So where can concerned citizens file complaints?” wrote a third. “Surely we have a lawyer or three within reach who can help Goddard with its latest problem. Anyone?”

Proctor said he will be filing a report with the sheriff’s office, alleging campaign finance improprieties by Larkin which Proctor claims violate the Goddard city code.

“Somebody’s gotta do it,” he said. “Somebody’s gotta stand up. Otherwise, there’s a vacuum that’s going to be filled by somebody who shouldn’t be doing it.”

Replacing Silcott will also be a heavy lift, according to Proctor, who said Goddard last week “went from a city where up-and-coming city managers would love to come and work, to a bottom-of-the-rung situation, overnight. He’s delivered quite a mess.”

Fish did not respond to a request for comment on Friday. Zimmerman, for his part, told local outlet KWCH that Larkin’s maneuvering “wasn’t right.”

Brady Burdge, an assistant district attorney in Wichita who was in the running for a council seat but withdrew his name on Monday due to his heavy workload, said he found the Larkin situation “really unfortunate.”

“It is definitely troubling,” Burge told The Daily Beast. “The local level is where it all starts, and you definitely don’t like to see things like that happening in your own community… [Larkin] has had trouble in the past building trust with our community, and it looks like it happened again.”

Jones said he is not planning to fight the outcome of the election, and is “just going to let the chips fall where they may.” At the same time, he isn’t going anywhere, anytime soon.

“I feel honored that the mayor at the time selected me, but I’m not going to raise a fuss,” he conceded on Friday. “I told them at that meeting that I want to effect change within Goddard, and if I can't do it from the [city] council, I’ll do it from the community. And I’m going to be there at as many council meetings as I can, where I’ll be bringing up questions that the people want answered.”

For his part, Aubrey Collins said he is looking forward to his first experience serving in public office.

“I have no comment other than, we’re going to do the best we can for the city,” Collins told The Daily Beast. “I believe the steps that were taken will allow Goddard to win. Goddard is gonna win, based on what transpired.”

Before the council session concluded, Larkin remarked, “Today was a tough day. I know. Wasn’t fun, I don’t think anybody here enjoyed it. But I want you all to know it was done out of love.”

Larkin, who told local NBC affiliate KSN TV that he’s not concerned about any challenges to remove him, did not respond to multiple requests for comment by The Daily Beast.

Forty-one state attorneys general penned a letter to Meta’s top attorney on Wednesday saying complaints are skyrocketing across the United States about Facebook and Instagram user accounts being stolen, and declaring “immediate action” necessary to mitigate the rolling threat.

The coalition of top law enforcement officials, spearheaded by New York attorney general Letitia James, says the “dramatic and persistent spike” in complaints concerning account takeovers amounts to a “substantial drain” on governmental resources, as many stolen accounts are also tied to financial crimes—some of which allegedly profits Meta directly.

“We have received a number of complaints of threat actors fraudulently charging thousands of dollars to stored credit cards,” says the letter addressed to Meta’s chief legal officer, Jennifer Newstead. “Furthermore, we have received reports of threat actors buying advertisements to run on Meta.”

“We refuse to operate as the customer service representatives of your company,” the officials add. “Proper investment in response and mitigation is mandatory.”

In addition to New York, the letter is signed by attorneys general from Alabama, Alaska, Arizona, California, Colorado, Connecticut, Delaware, Florida, Georgia, Hawaii, Illinois, Iowa, Kentucky, Louisiana, Maryland, Massachusetts, Michigan, Minnesota, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, North Carolina, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Utah, Vermont, Virginia, Washington, West Virginia, Wisconsin, Wyoming, and the District of Columbia.

“Scammers use every platform available to them and constantly adapt to evade enforcement. We invest heavily in our trained enforcement and review teams and have specialized detection tools to identify compromised accounts and other fraudulent activity,” Meta says in a statement provided by spokesperson Erin McPike. “We regularly share tips and tools people can use to protect themselves, provide a means to report potential violations, work with law enforcement and take legal action.”

Account takeovers can occur as a result of phishing as well as other more sophisticated and targeted techniques. Once an attacker gains access to an account, the owner can be easily locked out by changing passwords and contact information. Private messages and personal information are left up for grabs for a variety of nefarious purposes, from impersonation and fraud to pushing misinformation.

“It's basically a case of identity theft and Facebook is doing nothing about it,” said one user whose complaint was cited in the letter to Meta's Newstead.

The state officials said the accounts that were stolen to run ads on Facebook often run afoul of its rules while doing so, leading them to be permanently suspended, punishing the victims—often small business owners—twice over.

“Having your social media account taken over by a scammer can feel like having someone sneak into your home and change all of the locks,” New York's James said in a statement. “Social media is how millions of Americans connect with family, friends, and people throughout their communities and the world. To have Meta fail to properly protect users from scammers trying to hijack accounts and lock rightful owners out is unacceptable.”

Other complaints forwarded to Newstead show hacking victims expressing frustration over Meta’s lack of response. In many cases, users report no action being taken by the company. Some say the company encourages users to report such problems but never responds, leaving them unable to salvage their accounts or the businesses they built around them.

After being hacked and defrauded of $500, one user complained that their ability to communicate with their own customer base had been “completely disrupted,” and that Meta had never responded to the report they filed, though the user had followed the instructions the company provided them to obtain help.

“I can't get any help from Meta. There is no one to talk to and meanwhile all my personal pictures are being used. My contacts are receiving false information from the hacker,” one user wrote.

Wrote another: “This is my business account, which is important to me and my life. I have invested my life, time, money and soul in this account. All attempts to contact and get a response from the Meta company, including Instagram and Facebook, were crowned with complete failure, since the company categorically does not respond to letters.”

Figures provided by James’ office in New York show a tenfold increase in complaints between 2019 and 2023—from 73 complaints to more than 780 last year. In January alone, more than 128 complaints were received, James’ office says. Other states saw similar spikes in complaints during that period, according to the letter, with Pennsylvania recording a 270 percent increase, a 330 percent jump in North Carolina, and a 740 percent surge in Vermont.

The letter notes that, while the officials cannot be “certain of any connection,” the drastic increase in complaints occurred “around the same time” as layoffs at Meta affecting roughly 11,000 employees in November 2022, around 13 percent of its staff at the time.

KE AUPUNI UPDATE - MAY 2024

Hawaiʻi’s Lands… Hawaiʻi’s monarchs understood international law. Which is why Kamehameha III saw that the way to protect his Kingdom’s sovereignty was to be recognized as a sovereign country. This was accomplished in 1843 when two of the most powerful colonizer nations in the world, Great Britain and France recognized the Hawaiian Kingdom as a sovereign state. Even with that in place, just in case… King Kamehameha III wanted to further safeguard the lands of the Kingdom from foreign take-over. As the Monarch, he was not only the ruler, he “owned” all the lands of the Hawaiian Kingdom. But he realized that in the event Hawaiʻi got conquered by another country (or an internal regime change) the monarch’s lands, i.e. government lands, would be susceptible to takeover by conquest. Under international law, the lands owned by the government would become the lands of the conqueror as spoils of war. But, privately owned lands would remain in the hands of the private owner. Aha! Learning of this, King Kamehameha III initiated the Great Mahele, the major land redistribution, to move the vast majority of Hawaii’s land out of harm’s way. He converted most of the monarchial/government lands of Hawaii into private ownership, leaving only those lands necessary for government operations as government lands. Private titles to lands were given to chiefs and commoners, with the largest portion to the King. Furthermore, much of the lands came with allodial titles to ensure these private lands would only be passed down to the person’s designated heirs, in totality and in perpetuity. These lands could not ever be sold or alienated from the heirs. Unfortunately, when the puppet governments of the US took over in 1893, they began to help themselves to Hawaiian lands, carving them up and selling off pieces in complete disregard for Hawaiian Kingdom laws and international laws concerning private land titles. It got worse over the years. Using their crooked judges, the US occupation and its local business and political collaborators wantonly plundered the lands of the Hawaiian people — even the allodial-titled lands of heirs of Kamehameha III and other Aliʻi (chiefs) — by ignoring the continuity and inviolability of private, allodial-titled lands. The land fraud in Hawaiʻi is massive, pervasive and ongoing. Deprived of their inheritance, Hawaiians have been impoverished and driven off the islands by greedy foreigners, their corrupt judges and US puppet governments. The good news is that is about to change. Along with the campaign to rescind UNGA Resolution 1469 at the UN, questions about the Lāhainā fire, Hawaiians who have been injured by these ongoing land thefts have been raising international challenges and seeking remedy for those abuses.  

“Love of country is deep-seated in the breast of every Hawaiian, whatever his station.” — Queen Liliʻuokalani ---------- Ua mau ke ea o ka ʻāina i ka pono. The sovereignty of the land is perpetuated in righteousness. ------ For the latest news and developments about our progress at the United Nations in both New York and Geneva, tune in to Free Hawaii News at 6 PM the first Friday of each month on ʻŌlelo Television, Channel 53. ------ "And remember, for the latest updates and information about the Hawaiian Kingdom check out the twice-a-month Ke Aupuni Updates published online on Facebook and other social media." PLEASE KŌKUA… Your kōkua, large or small, is vital to this effort... To contribute, go to:   • GoFundMe – CAMPAIGN TO FREE HAWAII • PayPal – use account email: [email protected] • Other – To contribute in other ways (airline miles, travel vouchers, volunteer services, etc...) email us at: [email protected] All proceeds are used to help the cause. MAHALO! Malama Pono,

Leon Siu

Hawaiian National

In the 1970s and 80s there was a chain of electronics stores in the New York media market that became quite famous for its over-the-top commercials. They hadn't invented that style of ad (which, as far as I can tell, rose and fell with the independent or small chain retail market), consisting of a very excited "insane" guy with a catchphrase about prices (His Prices Are INSAAAAANE!), but they flooded the Tri-State area airwaves with it.

I'm not really talking about this company because of their advertising, except in the sense that I am familiar with this company because my father told me the story of the ads once, while mentioning that he got some suspiciously cheap but good electronics there. You see, Crazy Eddie, named after primary ringleader Eddie Antar, was also a criminal enterprise and a fraud. According to one of the participants, Sam E. "Sammy" Antar, whose detailed and presumably highly misleading account of the case is available on his amazingly-named website White Collar Fraud, it had always been engaging in fraudulent accounting.

From its humble beginnings as a private company, profits were skimmed and employees were paid under the table, allowing the Antar family to, ah, manage their tax obligations. My understanding is that neither of these practices is or was particularly uncommon in the world of brick-and-mortar retail.

Now, as Crazy Eddie expanded, it became less and less reasonable to engage in petty fraud at that scale. What they had to do next was stop committing tax fraud. Not only would that allow them to avoid getting caught doing tax fraud, by progressively skimming less of the profit they would be able to appear to achieve an impressive rate of growth. This was all in preparation for the smart bit of the scheme, going public.

This is how it works. Stocks trade speculatively at a significant multiple of earnings. This means that if you control and own most of a company, if you can dump your own money into your company and then sell a significant amount of your stock, you can still easily come out well ahead. Soon, the Antars were painstakingly laundering money they had sucked out of Crazy Eddie while it was privately held back into the company past the not particularly vigilant auditors in order to look good to the financial markets.

Eventually the scheme started falling apart socially and financially, and the company suffered a hostile takeover from a competitor who subsequently found that there was $40 million less inventory than advertised. Caveat Emptor, I guess. Eddie Antar tried to flee to Israel but was extradited, upon later getting out of prison he tried to start another electronics retailer called Crazy Eddie, which surprisingly didn't work. Sammy Antar turned state's evidence and is now a fed-lite.

Why am I saying all this, why am I pointing out this particular case? Well, obviously it's because I think there are a lot of modern-day Antars running around making a lot of money, and presumably a lot of their CFOs are also going to flip and reinvent themselves as forensic auditors once they get caught. I assume most startups are somewhat more legal than anything Crazy Eddie did, but many of the market principles remain the same. In fact, corporate lawyers have developed more and more ways to do the same things the Antars did legitimately.

It is ironic that stealing from their own company was worthwhile for the Antars so long as the company was a serious business for them, albeit one that they were operating in a criminal manner, while pumping money into their company was only the correct thing to do once they were divesting themselves of ownership. Obviously this is just how tax evasion and pump and dumps work, but I find it contrasts interestingly with the capitalist dogma that ownership makes for better stewards of the property, still used as the primary political argument for privatization even though capitalist firms are also run managerially.

Ultimately, my takeaway is that the Antars were basically your regular shady retail guys, until they spotted an opportunity to get in on the ground floor of Shareholder Value Maximization. My other takeaway is if you get something cheap because someone is fucking the shareholders, mind your own business probably.

Don't wait until it's too late – join Watch Your Pocket today and take the first step towards a safer, more secure financial future. Protect yourself against account takeover fraud and keep your money where it belongs – in your pocket!"

AI-Powered Account Takeovers: A Growing Threat to Online Security

In the ever-evolving landscape of cybercrime, account takeover (ATO) attacks have emerged as a significant threat to online security. These sophisticated attacks involve gaining unauthorized access to user accounts, often for the purpose of financial gain or identity theft. While traditional security measures like passwords and multi-factor authentication (MFA) still play a role in preventing…

View On WordPress

Account Takeover Fraud Prevention Measures for Your Clients

According to data from the Aite Group, financial institutions are experiencing a 64% increase in account takeover attacks compared to before the epidemic. This amount is expected to increase as the digital ecosystem grows, increasing the attackable surface area.

Institutions should anticipate account takeover (ATO) fraud, one of the most prevalent types of fraud. An account takeover occurs when hackers steal login information to access a victim's account. Fraudsters use various strategies in this assault to obtain unauthorized access to user credentials.

Fraudsters’ methods have evolved from relatively straightforward credential stuffing and phishing schemes to considerably more subtle spear phishing and man-in-the-middle attacks. The most frequently targeted sector for ATO is the banking sector, followed by other financial organizations. Some hackers use account takeover as another way to access accounts that may have banking information.

What Actions Can You Take to Safeguard Your Customers?

Enable Multi-Factor Authentication

 Because of sophisticated social engineering frauds and phishing assaults, strong passwords are no longer effective. When you consider that 69% of people acknowledged sharing their passwords with coworkers, this problem worsens.

Organizations should consider using multi-factor authentication (MFA) to add a second layer of security to their consumer accounts. MFA can deliver a seamless yet secure customer experience when implemented as a scalable customer Identity and access management (CIAM) component.

Install A Web Application Firewall

 An additional layer of security, called a web application firewall (WAF), is placed around web applications to prevent harmful traffic from entering. By monitoring, detecting, and mitigating potential ATO assaults, the firewall filters HTTP traffic in several ways:

● It recognizes and denies access requests coming from known intruders.

● It recognizes harmful bot activity used in ATO assaults.

● It recognizes and prevents credential-stuffing attacks.

● By identifying sessions with an abnormally high number of login attempts, it can identify and stop brute force assaults.

● To prevent attacks, it supports MFA or third-party authentication.

● It looks for any signs of credential stuffing tools in the traffic.

Manage Customers’ Login Information and Attempts

 83% of organizations reported phishing attacks in the workplace. In 2022, security experts estimated more than six billion attacks took place. Therefore, controlling customer login data correctly is essential to protect them against ATO assaults since hackers have disclosed billions of credentials online.

Monitor Online Activity Continuously

 Organizations can continuously monitor client activity on their portals thanks to advances in AI and ML. ML algorithms create a normative customer profile by continually observing and studying a user's typical online behavior across devices and accounts.

CAPTCHA Usage

Finally, businesses can limit the number of portal login attempts to a manageable level. This limit can be determined from customer analytics data and operational business requirements. Even proxies can be restricted to precisely address the account takeover problem.

 If imposing a limit seems to create an unwanted barrier for the consumer, organizations can present an authentication test after several tries. The most widely used authentication method is CAPTCHA, a logic game created to prevent ATO bots from accessing accounts.

Conclusion

 While user security is crucial, it's also vital to keep the customer experience as frictionless as possible to prevent customers from switching to your competition. This requires implementing a complex account takeover fraud protection solution, which employs URL scanning and threat intelligence to stop real-time ATO attacks. Such a solution not only recognizes compromised users and notifies them, but it also quickly and automatically detects and disables phishing websites. Its seamless interaction with underlying systems and its zero-touch takedown process make it a top option for alert, proactive enterprises.

My twitter was permanently suspended. Here's (probably) why.

oh hey!

so, my last tweets were on november 9th, where i said these things:

and thats. it. 100% of my twitter experience. other than this, its tweets from back in august when i was complaining that some nft bro hacked my account and performed a full takeover, which i fixed myself and reported the user involved (which went nowhere btw), and some tweets from when i made my account and tried to use it in 2019.

guess it was too much anyway! weird

to be honest? i personally cant find a single thing here that actually breaks any of the twitter rules. but just to be sure, lets check together, and you can be the judge of that:

The following is a complete list of Twitters 16 listed rules. Breaking any of the following rules can and likely will result in a temporary or permanent suspension, or even a ban. According to Elon Musk and Twitter, my account sometime around November 9th broke one of these 16 rules.

Important note: I have already sent in an appeal to Twitter, and assuming they still actually have "Support", they should have already seen it. The appeal has been in for a few days (i found out i was banned between the 29th and the 2nd) and remained completely ignored, as I havent had a reply even once. At this point, I'm posting this here to pose the question to you. Do you think that ive broken a single one of these rules? do you think that anything ive done is worth a permanent suspension? I dont actually care about getting my twitter back, since as you can clearly see i really dont use it. im posting this here because its 100% the clearest cut example of Elons Twitter banning someone for what can literally ONLY be a set, cut criteria that has otherwise only been speculated as suspendable, which is at the bottom of the post.

Violence

were any of these tweets violent? threatening violence? glorifying violence in any way?

Terrorism or Violent Extremism

did any of these tweets indicate a promotion of terrorism? were any of them indicative of extremist views? did i threaten any large groups of people based on their protected class while treating that class as a monolith?

Child Sexual Exploitation

did any of these tweets contain child sexual exploitation material?

Abuse/Harassment

were my tweets harassing or targeting anyone? were any of them wishing or hoping that someone experiences harm, violence, or death?

Hateful Conduct

did any of my tweets attack someone based on their protected class?

Perpetrator of Violent Attacks

did any of my tweets contain plans to commit an attack, or disseminate a violent manifesto?

Suicide or Self Harm

did i post anything, either towards myself or others, that seemed to glorify or encourage self harm or suicide?

Sensitive Media

did any of my tweets contain graphic violence or adult content?

Illegal or certain Regulated Goods or Services

were any of my tweets in reference to, containing, or attempting to advertise drugs or prostitution in or towards states or countries that regulate or criminalize that type of content?

Private Information

did i tweet out anyones private address, phone numbers, or other personal identifiable information without authorization? did my tweets incentivize others to do so?

Non Consensual Nudity

did i post adult content of someone without their permission?

Platform Manipulation and Spam

did i attempt to use twitter to advertise scams or phishing software? did i attempt to either amplify or silence information in a way that disrupted the twitter experience?

Civic Integrity

did i commit, or allege to, or spread misinformation about, election fraud?

Misleading and Deceptive Identity

does my twitter handle and twitter profile content reflect who i am? am i trying to impersonate anyone important in an attempt to mislead, confuse, or get a rise out of others?

Synthetic and Manipulated Media

do any of my tweets contain fake screenshots or altered photos in an attempt to cause reputational harm, such as in defamation?

Copyright and Trademark

do any of my tweets steal trademarked content or intellectual property?

...So, with that out of the way, heres the meat of my point. If you got this far and said no, i didnt actually break a single one of those rules, then it might interest you to know what i think i might have been banned for. I had "queer" in my bio, i had Elon Musk blocked, and i mentioned Elon Musk in a tweet. i also said in one tweet that i "wasnt a very big fan of twitters overall site layout as a new user". These are genuinely the only things in this entire account i can put close to something Elon would suspend me for. I want to highlight them, since again, there is genuinely not one single other thing to highlight here. Its the only options, until twitter support actually finds something suspendable in my account and tells me what it is directly via email. Until then, do with that what you will.

Some Great Benefits Of Online Sms Verification Service

It is easy and quick to validate the authenticity of an individual by using SMS. This is a powerful security device that can help to prevent fraudulent transactions and increase customer satisfaction.

However, it's not an absolute method of authentication on its own. It could be utilized together with other methods to prevent fraud, and also methods of buyer verification.

Authentication

SMS authentication is an effective method of two-factor authentication because it's readily available for all mobile devices, and the majority of consumers are comfortable to the method. It also costs relatively little and doesn't require any extra hardware or software to implement.

The site is also extremely accessible, which allows customers to log in even if they're not on the internet. This helps reduce the possibility of a help desk call and gives users the confidence that their account is secure.

This adds a bit of friction when you the checkout. If they have to enter the code required to finish their purchase, customers may be annoyed and abandon their purchases. This could be an issue for merchants who need to balance the risk of fraud with the desire to create a seamless purchase experience to their customers. It is important to be aware that, by utilizing their fraud prevention methods, businesses can limit the amount and frequently SMS authentication is required.

Fraud Prevention

The constant war between fraudsters and prevention methods, hackers constantly come up with new ways to defeat two-factor authentication. Cybercriminals who attack famous sites for stealing passwords from databases are particularly vulnerable. The stolen passwords are extremely useful on the black market, and often utilized to access the accounts of customers across other websites that are logged in with the same password.

SMS verification is one way to stop these types account takeovers. It requires that users enter a code that is that is sent to their phone prior to logging in or make purchases. The use of this type of verification may also reduce the possibility of chargebacks resulting from stolen credit card details. However, SMS verification does provide another level of difficulty on the process of checkout and could discourage some customers from making purchases at all or even cause them abandon their cart. This is why merchants should carefully balance their need for security with the need to make their customers satisfied.

Efficiency

SMS verification might be the most popular form of two-factor authentication, because it doesn't require downloads of apps as well as QR codes. It's also a breeze to operate, and people from all ages are able to make use of their mobile phones. It's also affordable, and users don't need to purchase additional hardware or software as they do with other methods of verification.

But there are a few disadvantages to the use of phone number verification service. One is that it adds a layer of friction in the process of signing-in that could deter customers from making purchases or creating accounts. If they decide to utilize or not this method, merchants should weigh the advantages of fraud prevention over the benefits of keeping customers.

Certain websites, like provide free services that enable users to skip SMS confirmation. It's not the best idea. This doesn't make sense and could lead to security concerns for customers of other services.

The Security of Your Own Home

Authentication is an essential part of every fraud prevention plan. This is because it helps to make it more difficult for fraudsters to impersonate you, take your accounts if they are compromised, or create fake tickets that are linked to the identity of your. SMS verification is a very popular method for securing your identity, and is easy to incorporate into the checkout process. It's a simple and cheap method.

The phone number verification works by sending an encrypted code to the user's mobile number. A user has to enter the code received in order to be able to log into their account or make a purchase online. This means that only someone that has access to the phone of the user's phone can use it for fraudulent purposes.

The method, however, is not as secured than other methods of authentication like authentication apps and security keys. Additionally, it depends on the network of the phone for its operation, which means it may fail in the event that the internet goes down. Therefore, it's best to use this method in conjunction with other tools to prevent fraud as well as buyer verification methods.