 So, we're happy that this happened. Fatali showed up, and we're going to enjoy our speech with him now. So let me just give a little introduction. Fatali's from Singapore. He's got 11 years experience in his field. Started off as a penetration tester, now as an intelligence and analyst. And the title of his talk is Advanced Social Engineering Techniques and the Rise of Cyber Scams Industrial Complex. So join me in welcoming Fatali. Hello everyone. I always get nervous whenever I speak on the big stage. So please bear with me for a while. So today I'm going to talk to you about Advanced Social Engineering and the Rise of Cyber Scams Industrial Complex. Just a little bit about myself. I'm from Singapore. How many of you have been there? I know some of you have been there. How many of you have been like, know how big or small Singapore is? So for those of you who don't know... So let's say this is Singapore. It's like... Okay, so this is Singapore. So you want to know how big Singapore is compared to America? So let's try to zoom out. Zoom out, zoom out, zoom out, zoom out, zoom out, zoom out, zoom out, zoom out, zoom out, zoom out. And there you go. So that's United States, and you can't see Singapore at all. So it's an island. So that's the reason why we call ourselves a tiny red dot. And despite this tiny red dot, we have a lot of cyber attacks and cyber crimes happening in Singapore. Probably because the average person owns at least three mobile phones and two laptops. So even I myself have about two phones. So that's the reason why we are always targeted from a lot of cyber crime, cyber actors, threats and stuff like that. So I'm going to share with you some of the things about Singapore and why scammers just love to attack people in Singapore or target Singapore. I'm currently working for UKWIS Company, my office in Singapore. And I'm working as a cyber threat intelligence analyst. Well, basically what I do is I analyze the geopolitical situation of a country or of a region. So let's say Philippines and China are having some territorial issues, right? So what we do as an analyst is we try to see and try to analyze what happens when there's a political tension. What happens in cyber domain? What happens in the cyberspace? Would there be a nation state attacks against one another in cyberspace? So for example, a few days ago, if you have the 1937 CN China team attack the Vietnam airports, right? So in cyberspace, there's already a cyber conflict going on between Vietnamese and Philippines going against China and China against them. So these are the things that we do and analyze. However, my talk has nothing to do with all this. In my previous career, I've been a pen tester. I've done security operations, analysts and engineering. So 11 years so far, so good. And I was actually in Vegas two years ago speaking about SCADA. And I spoke to a number of conferences. The big ones are just on the list. And yeah, it's nice to be back. So before I begin, I just want to share with you something. This was two years ago. I've never been to America before. So Vegas was my first state in America that I visited. So I don't get to see these kind of things. Like people wearing, I don't know, walking dead, bikini, top girls in Singapore industries, right? So it amazed me like, wow, this is like interesting thing about America. So I should get a picture with them. I didn't know that I should actually pay them. So it's kind of like the moment when they say, oh, you know, give me some tip. Like really? Oh, shit, I don't know. You know, when you go to Universal Studios, you don't actually pay them when you actually take pictures of Frankenstein or Winnie the Pooh. But here you have to pay. So it was like a cultural difference for me. So yeah, I had fun. So anyway, so in these three pictures, right, I want you to guess how much do I actually pay them to take a picture? So let's say the one with the two ladies. How much do you actually pay for them to take the picture with them? So five bucks. Good guess. The walking date. Three bucks. Three bucks. Four bucks. It's okay. The Star Wars. How much? Ten? Two? Thirty. Now, here's the thing, here's the thing. So what happened was when I was on top of the bridge between the Cosmopolitan bridge and the Walgreens down below, I want to take a picture with them. So I thought like, you know, I came out to them and said, here, here's five bucks. Let me take a picture with them and say, oh no, don't worry about it. We got you covered. Let's take a, we ask for the money. You can give us the money after you take the picture. So, you know, I didn't know what was happening. I, like, you know, I trust Michael. So pretty much believe what they say. And after taking the picture, they told me like, okay, we usually do 25 bucks. But if you want, you can just give us 15. So I was like, oh shit, just a lot of money, you know, I didn't expect that. But at that situation, I didn't want to spoil my mood. And I wasn't around with people that know me and pretty much I do not want to like cause any conflicts. So I paid them 15 bucks. And here's the thing, he said, oh, it's not just me. How about that Starship trooper over there? So I have to pay another 15 bucks to that guy. So I have to pay like 30 bucks. So that was two years ago. So this time, I didn't take any pictures with them at all. And they are still around though. So it was like, when I saw them, I was like, shit, these are the two buggers that actually take my 30 bucks for. Well, can I say that I was being scared at that time? Pretty much, right? So that's my experience in Vegas so far. So far, so good. And I love to travel. So I've been to a lot of countries for the past five years, over 20 countries. And so in this picture, I just concentrated on the Southeast Asia. So all these places that I visited, I have been faced with quite a number of scamming experience. So let's say in Hanoi, which is in Vietnam, the tuk-tuk scam. So if you do not know what's tuk-tuk, so tuk-tuk is like those famous in Thailand where they actually have a small taxi, those kind of van. So that's the tuk-tuk. So when I took the tuk-tuk, again, they say that don't worry about the payment. We'll do it later. So after taking about 15 minutes to the streets of Hanoi, when I told them, look, I wanted to pay like 15 bucks, he said that, no, you need to pay 25 US dollars. So I was like, wow, I mean, even in Vietnam, they actually recognize US dollars, you know. So 25 bucks, I know I was scammed. So when I read online, they said that, yeah, this is one of the problems you should actually settle for like seven to 10 bucks, that's the max. Anything more than that, you're probably being scammed. In Manila, in Philippines, when I reached Manila, I wanted to go to an airport hotel. So I didn't know where it is. It was my first time in Philippines. So the moment I hopped inside the taxi halfway through the journey, the taxi suddenly shut off the meter. And he said, the meter suddenly shut off. You need to pay about these pesos. Now I was like, what happened? You know, I said, oh, it's just shut down. So at that point of time, you know, you are in a different country and it's very hard to actually quarrel with these kind of people because you won't know that the next place that they actually send you, if you like, you know, score them out or what, they'll probably go to and dark alley and probably get raped or something. I don't know. So the best thing is I just paid the guy how much they actually wanted. Thailand, Bangkok is interesting. So there's the bar scam. So when me and my friends, my colleagues, actually, we went to a place in Thailand, Bangkok, we actually went to a bar. So this person says, okay, you need to pay 10 bucks for just the drinks. You don't have to actually enjoy the show or pay for the show. So 10 bucks is quite cheap. But when we went up to, it was quite a sleazy area. What do you expect? Bangkok, right? So when we went up to the second story, second level, we were introduced with a couple of girls. We weren't interested in it. We just want to have some drinks. And, you know, it was just 10 bucks. But after 15 minutes, we were quite uncomfortable. So what happened was when we wanted to leave, four of us just took out 40 bucks and they said, no, 40 bucks is just the drink. This entertainment, you need to pay 400 bucks each. And I was like, oh God, but luckily for me, my boss at that time, my director, sorry, my manager was, he's a Thai, he's an American Thai. So you know how to speak Thai. So the moment he came in and said, what's happening? Then I said, look, this guy is asking us to pay 400 bucks each. And we can only for like 10 bucks. And I said, no, no, no, no, then he spoke Thai. And that guy was, you know, the reset, he was, he was like, the moment my manager spoke in Thai, he just crushed the reset and said, just pay 10 bucks each. So just imagine how scary it was at that time, you know, and there were like a couple of bouncers around us asking us to pay, or forcing us to pay actually. In Malaysia, this is, this was actually my very first, when I was visiting Malaysia, my very first camping experience. So, so I went to Johor, you know, part of Malaysia to actually buy a ticket to Kuala Lumpur. So the ticket price was about 25 winged, very cheap, and the journey was about five hours. So my destination, I wanted to go to a place called Servamban, which is about two hours away from Kuala Lumpur. But so the ticket actually shows as Servamban, but when I actually ran up to the bus and after, you know, after five hours, I was like, I feel like this is further than the place that we are supposed to go. So I asked the bus driver and said, I'm supposed to go to this place called Servamban. I think you are heading to a highway to Kuala Lumpur. And I said, oh, you want to go to Servamban? Stop at the next toll. So I was actually forced to board down at the toll in the highway, and I have to walk about two hours just to make a phone call and ask my friend to pick me up. And the funny part is I had to call a taxi. So in the taxi, he told me that, you know, luckily it was during the day, if not you're going to get worse. So the place that where I was at to the nearest bus station was just about like five, 10 minutes, but he charged me about 50 winged. So I was came again there. So it was like a double army for me. In Indonesia, when I was visiting a place called Batam, I was being stopped by a law enforcer and he told me to actually go inside their room. So what happened was they asked me to pay him, I can't remember, was it about $50 Singapore? And the reason was, now this is a funny reason, the reason was I went to the country with the shots and slippers and that's the reason and I was only 18 at that time. So I didn't know anything. That was my first time in that place and I had to pay and the worst part is I had to pay for the other law enforcer that was in their office. So there were about three of them. So I lost about $150 just to get my trip back to Singapore. So it was a bit, you know, very disappointed but what to do? So what I've learned basically is one way or another, we are all victims of social engineering. It depends on how you actually define social engineering. Some can be used in a good way, some can be used in a bad way and some can be used in a darker way. And it all depends on where you are at the moment. So it depends on the environment, the situation, your current mode, how well versed your attacker is, whether they are using authoritative techniques, you know, shout at you using law enforcer kind of rank and your experience, you know, especially when, you know, when I'm a virgin traveler and going out there and I didn't know this kind of things that's happening and that time there were no trip advisor to actually tell us all this. So yeah, so the more experience you actually gain, you know that this kind of scams always happen in every country that you actually visited. So, so those are physical scams. So now with the introduction of technology, the scam has now changed from physical to the cyber domain, all right, and that's why we call it cyber scams. So how we define cyber scams? By definition of social engineering, this is taken from web Wikipedia, if I'm not mistaken, an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. And if we define internet fraud, the use of internet services or software with internet access to default scam victims or otherwise to take advantage of them. So basically cyber scam is a combination of these two. So back to Singapore, you know, a lot of you who have heard of Singapore, we are like a low crime thing. So there are still crimes, but it's very low and we always have these motors saying that low crime doesn't mean no crime. And if you look at the statistics, right, we are actually very low and it's always decreasing by the year, but with the introduction of internet, our commercial crimes, our online crimes are getting higher. So we actually, so in 2014, in 2015, we actually increased by 4%, contributed just by online crimes. And the top 10 scams in Singapore, that's a lot, but I'll be focusing on several things like the first four things. Internet love scam, China official scam, online purchase scam and credit for set scam. And you're going to see how interesting these scams are, how creative they are using the art of deception or art of manipulation to actually steer away your mind and try to steal what they can. So if you look at the money loss towards scammers in Singapore alone, in 2014, it's about 8.8 million. In 2015, it increased almost double. And January to April this year, there's already 190 cases and about $7.5 million. We already lost to internet love scam and so on and so forth. It's like increasing. So this is the interesting part, how the scam works. So I'm going to show you some of the scams that we face in Singapore and how it works. And I'm going to share with you the findings and analysis. So we chat, how many of you uses WeChat here? Really? Okay, nice. One or two percent. So WeChat is actually an application from China. It's like WhatsApp or Kik. How many of you use Kik? So it's similar like Kik, but this is from the China version. So how the scam works is, you know, like Kik, random people who knows your ID or just randomly type your ID who actually gets to speak to you or talk to you, right? Like random chat, like chat relay or something like that. So this particular person or usually it's a woman would actually send a seductive picture by mistake or probably targeted. They will actually communicate with the victim. They will talk in a friendly tone, making friends. And the best part is they will ask for your number and they will actually call you guys, call them up and say, just to verify that the end of the call is actually a lady and it's not some fake dude. And they usually share their sad story, like they are from China in Singapore studying and they don't have the money to pay rent and they need extra money so they're actually willing to actually offer their body. So when they ask for the number and make an appointment. So what happens next is when the appointment has really been created, the victim will actually wait for her at a certain places, certain place and they will be given a call. See the reason why they ask for the number is because this number will actually be given to the pimp and this guy will actually call them up and they will say that look, you wanna meet this girl, she's this age, but in order for you to meet her you need to pay a certain amount of money. So they were forced to actually pay things like iTunes card or Apple card or something like that in the mall for $100 to $650 and so they will give a lot of multiple reasons, multiple transactions. So for instance, they will actually ask you to pay first is for deposit, we will pay you back, second time they will ask you again we just wanna make sure that you are not from the police. So we put down the deposit of $400 and then we will send you the girl. Then the money, the moment you give more and more they will ask for more and more and eventually you don't see any girls. I'm sorry, I was about to say something else. So yeah, you eventually don't get to see girls, the girls there. So yeah, sometimes they resort to threats and if this is one example, so pretty girl on we chat and let me to the library and then a gangster called by about $106 worth of Alipay credit and eventually he has to pay another top of $623 and all these people actually paid for it and eventually they get nothing out of it. So that's the sad part about the big things for this credit for sex scam. So there's a lot of warnings and awareness being done in Singapore for this, you know, like they put posters they put this kind of things just to make sure that people know that these are these kind of scams are happening but sadly people don't really like, like they don't really take heat. They actually just, it just happens, you know, I'm not so sure why they simply fed for this kind of tricks. So it doesn't happen for Asians only. So it happens in Australia. I think it also happens to some part of the US initially and even even in Canada. So, yeah, these are the things that, you know, happen against men usually because, you know, we tend to think with our dicks rather than our brains. So, yeah, that's the sad part. So our findings is most of the time this platform were used in WeChat. Targeted gender are always male, victims are always in the 30s, 50s and the language used are Chinese, is Chinese and the most of the change are usually Alipay and between January to April, we've really lost about $422,000 which is about $210,000 USD and I think it's going to grow by the end of the year. I'm not so sure why we are following tricks to this kind of scams. Now, internet love scam is very interesting. I'm pretty sure you have heard a lot of internet scams like from the Nigerian, from Nigeria especially, right? So what they do is they usually target lonely women, widow, divorced and they actually, you know, use Facebook as a medium. So they actually make friends with you. Then after that, they use this cat fishing techniques. How many of you know about this cat fishing techniques? All right, only a couple. So basically what cat fishing is is, you know, we have fishing, we have fishing, we have so many kinds of shing. But cat fishing is basically a technique used to actually act as another person. So let's say if I'm on Twitter and I want to cat fish somebody and what I do is I'll just take a picture from a handsome model and use it on Twitter and try to like lure girls into, you know, getting to know me and they believe, they actually believe. So that's cat fishing basically. Imposting or imposting. I'm sorry, impostor. Okay, what? So after making friends with them in Facebook, they actually continue the conversation by emails. They sweet talk with the victims. They made the victim formula, you know, and once they gain the trust and sympathy, that's where they actually take advantage. And eventually the goal is always money. And if you look, for every most of the cases here, they actually pay through Western Union. So if you look at, okay, this is the Singapore, there's Malaysia and there's Florida, and Florida is US, right? Florida, right? So just the love scam itself actually costs one person to pay up to $1.2 million. So if you think about it, right, who needs zero days when you can actually scam someone for $1.2 million, right? So a lot of these people, they actually believe in these kind of things. And one of the reasons is, you know, it depends on the kind of gender, it depends on the kind of people. So usually men tends to, you know, if somebody wants, if a girl were to ask a man straightforward and say, look, can I have sex with you tonight? So definitely it would say yes, right? And but if you ask a girl the same question, you probably get a slap, right? But so the thing is for women, they don't actually, you know, they don't actually try to seduce by saying such a thing. They will actually try to say sweet talk, you know, give some sympathy, telling her how beautiful they are, earn their trust, and eventually, you know, the goal is to siphon money. And if you look at the mode of transaction, it's always Western Union. So if you look at Nigerian scam, why are they actually using Moneygram or Western Union is because if you look at the city of Lagos, for example, this is where most of the scammers are. Lagos is basically a city where they are still a cage-based society. They are still progressing or developing their payment or the digital payment or those credit cards kind of thing. So eventually whatever, they don't have things like PayPal or Amazon gift cards and stuff like that. So they still prefer cash. And because of that, that's the reason why they actually use Western Union. And if you look at the money lost, it has like $5.5 million, which is like just this quarter. So it's going to be interesting to see at the end of the year how much we actually lost to internet love scam. Cyber extortion scam. So this is where girls will actually pray on the victim. They actually made friends with people on Facebook. And what they do is they will use Skype and say, let's do things together. And without the guy realising it, they are actually being videotaped or recorded. And once they actually show themself, the person at the end of the caller will actually quickly screen grab or record it and actually post the links to YouTube. And the links will actually be shown to them and say that check out this link. This is you on YouTube. And they will say that if you want me to remove this link, this is how much money that you need to pay. So eventually you got blackmail for it. And this is always increasing and majority of the scam actually happened from the Philippines. So the perpetrators actually are from Philippines and the target are always the Singaporean lonely men or horny men in Singapore. So they are easily succumbed to this kind of things. Probably because we are always busy and we don't really have time for, I don't know to get a proper intimate relationship or we do have like a low self-esteem to actually ask a girl out. So these are the kind of things or reasons why they actually prefer straight forward. Let's do it now. And yeah. So this is one of the case. I got on Facebook and a girl got on named Vanessa and she wants to video call her on Skype. She was fully naked across the bed and she was like sending messages, trying to get into the mood and show he gave in and he showed himself and then she actually threatened him to say, to send them to his school friends and families. And eventually she asked to pay 1,000 euros. So yeah. So this is very scary because it happens a lot in Singapore and we actually have a 30-minute documentary in Singapore about simply scams and this is just one of the topics that will actually being shown. So for our findings is, Facebook is still the medium that they are used to actually start the initiation. The country origin of scams are Philippines and the mode of sensor is still Western Union. I'm not so sure why because I think Philippines should have their digital payment advance a bit developed. But again, most of the most of our findings is that they actually were forced to pay by Western Union. And the total money made is about USD $42,000 so far for about this is last year. So I don't have the statistics for this year. All right. Okay. I think of all the scams I'm going to talk about, this is going to be the most interesting thing because it actually combines half of phishing and human interaction via digital and online. So Kaewisa is basically an application where you can actually buy stuff. It's like Amazon. It's like eBay. It's just that this is a Singaporean main application and it doesn't have a digital payment things like PayPal and stuff like that. You have to pay like you meet a person, you pay or you have to provide a bank account number and you actually transfer the money via bank accounts. So how the scam work is they will ask for your number and the conversation continues. I think I'm just going to go straight to the screenshots. So what it does is after speaking to the seller, so usually buyer are always the one who gets scammed. But in this case, the targets are at the sellers instead, not the buyers. So the buyer will actually tell the seller that I'm interested in this product. All right. Can you give me a phone number and I will WhatsApp you. So they will ask, but this is pretty standard. They will ask for the seller information such as bank accounts, bank name so they can actually transfer the money to actually get the stuff. So they will ask for the money. They will ask for the bank account, the email address and stuff. And eventually, you know, they will start to convince that, you know, that he's serious, that he's really want to buy. So he, you know, you get the attention that he wants to give. And he actually knows that Singapore uses what kind of post he learns. And once he got the details from the seller, he will say that claims that, he will claim that payment has been sent and he will require the seller to check his email now. This is how the scam works. If you look at the third big circle, claims that he accidentally overcharged. So even, so how it works is, let's say I'm the seller, I'm the buyer and you are the seller. What I would do is I would say that, okay, after getting the information, I would say that how much does this item cost? So let's say if you put it like $1,200, okay, then I will say, okay, payment has been made, but I actually accidentally pay you $1,600 a state. Now, the reason why he said that is that, is because they want to actually take that $400 of your legit money to their account. So once he said that the payment has been sent, but it has been stalled because you cannot receive it yet until you actually pay the $400. Now, this is where the interesting thing comes in. So yeah, so this is what I mentioned just now, claims that the payment cannot be canceled and needs the seller to check email. So this particular scammer is very persistent. He wants you to actually check your email for some reason. And the reason is this, if you look at how the email being created or being sent to you, it looks legitimate. It looks real. Properly formatted and sadly a lot of people actually fall into this. So when they were told that once you pay the $400, you will get the $1,600, right? And they actually believe it. They actually pay for it. And what I love about this is how they actually send the email into making you believe. You know, this is a phishing email basically and try to make you believe that the email is actually real. So if you look at the email, it's properly organized, properly formatted, and it gives you like a, you know, replace a temporary host on the transfer, give it about 12 hours. Once you pay the $400, we'll pay you the $1,600. So that's how the scam works. So again, eventually how we know that this is a Nigerian scam because of this. Eventually they want you to actually pay using Western Union. So once you pay it, then you will not hear about him anymore. So that's how the scam works. It's pretty interesting because a lot of people actually fall for this and they keep on waiting and waiting and waiting and the person just went silent. So yeah, so this is one of the few incidents where sellers are being targeted instead of buyers. So yeah, platform use or Kavuzel WhatsApp email to actually exchange the communication and the total money made for them within the first quarter is about $395,000. So ouch. Now, this is not really in Singapore, but I saw this communication on the Internet so I thought it could be a good use case to actually share. So kick, similar like WeChat, you can actually send random messages to people, right? So some people just send you like sexy messages, you know, and you actually believe it and you interact with it but you do not know who's the person behind it. So this is how it looks like. A lady called Kunkel Glitterish, you know by the name, it's not really a real person, right? And yeah, they try to get you a conversation and they actually learn via keywords. So if you look at on the right hand side, you know what it says, right? In a green color that is covered. So they will ask for a particular pick and because of the word, they actually reply back based on the keyword. And if you put in show me, then they will say, okay, love to show off and so on and so forth. You know, and the interesting part about this is that it looks real because you know, whenever you use K, whenever you type something, they actually show you like typing. So you think like somebody is actually typing and they can actually send you pictures. They can actually read your messages. So the letter R there, every time when somebody reads the message, they actually show us in red, right? So this particular person or board actually shows you that they actually read the message. And of course, eventually what they want is actually this. So if you are weak enough to believe that, you know, such a board really want to talk to you and want to show you pictures or want to come with you, just verify yourself via credit card number and that's it, the type of your information from there. So yeah, and you know, people down here, I'm pretty sure that you guys are, when you see such a thing, you know that this is a scam, you know? But if this thing is keep on going on, it means that there's always a success rate and that's why it continues to develop to increase. So basically, the boards are getting smarter. They actually analyze your keywords, even though, you know, it could be scripted, but actually to understand what you type and reply based on your keywords is quite amazing if you ask me. And for those folks here, I'm pretty sure that, you know, it's easy for us to spot such a scam, but those people who are desperate probably fall into entrapment and then if you give your credit card, that's it. And yeah, just a matter of time when we have to wage against the machine. Yeah. Kidnap foam scam. How many of you have heard of this kidnap foam scam? One, two, three, a few. Now, this is pretty scary. Although it's a virtual kidnap scam, it's not really a physical scam. So what it does is usually the kidnap will actually dial random numbers and based on who the person answered, if it's an old lady or an old man, you know, sound like an old lady or an old man, the chances are they could actually scam you. So they will use a sound of a crying child at a background and they will say that, I have your child, I have your grandchild and I want you to send me this money. If you call the police, I'm gonna hurt this child or even kill him. You know, this happened in Singapore before. And most of the victims here are actually in the 40s to 60s. And the scary part is people actually pay for it and some of them who are smart enough to actually call their child or in one incident, in one incident in Singapore, the auntie would actually quickly drive to the school and check whether her grandchild is there. So yeah, it's pretty scary because most of the time it was reported in the news in Singapore that most of these child-like sounds really like their grandson or their grandchild. So that's why they actually fell for the scam. So if you think about it, why does it sound like their child? Because imagine if you wrap your mouth with a piece of cloth and try to make a sound, the sound looks similar to every other sound. That's the kind of thing. So it's very hard to actually make out who actually is screaming or trying to, you know, it's just that you think that this is a sound of a child and it belongs to him or her. So how does virtual kidnappers know your child is away? This is one of the problems that we face. We love to accept strangers on Facebook. So what strangers would do is they would actually look at your profile. They would actually learn from your profile. They see where you checked in. And you know, because of your profile, you actually share your pictures. They know what you look like. So if a kid in Apple wants to describe to your relative, they know how you look like based on the pictures that you posted. And before that, they would actually look for leaked information. I've seen a lot of people posting their home addresses, their credit card numbers, which is pretty... I'm not so sure why, but I think, you know, people think that this is harmless, that Facebook is within their own domain and strangers will not do anything about it. But the problem is a lot of strangers love to actually add you for fun and learn from you. Some even catfish their way in. So if you look at other relatives, if they look at your friend's list or suggested friends, what they do is they will look at that profile and if the profile is public, they will actually take all the pictures, recreate the profile and add you as a friend. And without realizing or not, you think that this is actually a friend that is trying to add you, but it's not. It's just a stranger trying to learn as much as they can from you. So it's pretty scary how these scammers or virtual kidnappers try to learn more from you. So these are some of the cases that I've seen. The first one is in Singapore. I think the second and the third one is actually in America. So it's real. It's happening. So please be careful, because even law enforcers or the police is very hard to actually categorize virtual kidnapping as a real or unreal case because it could be real. That's the thing. No, it's very hard to actually make out. So it's very tough for the law enforcers to actually decide whether this is real or this is not. So try to be careful. So yeah, for the country of origin, the reason why I put it possibly China is because in Singapore, most of the victims are actually Chinese. One of the Malay or Indians who actually received such a call when they actually spoke in their own native language, for example, me, I spoke in Malay language and they couldn't understand. So they clearly put down the call. But from the person that listened to the call, they did hear a crying sound of a child. So they know that this is a scam. But because of the language barrier, the kidnapper couldn't understand. They quickly put down the phone. So yeah, that's the reason why I would say it's possibly from China because of the language. Impersonation scam, this is interesting. I have a video for this. So basically they will use all authoritative figures and actually put you in a situation that you are actually a criminal or someone that involves in a criminal activity. And basically they just want you to pay fines and some techniques involve even downloading apps. So this happened in Singapore. So I have a video here. Let me see if I can. Let's play. Let me see. In the past three months, the Singapore Police has reported over $4 million worth of money has been collected. And we've been wanting to do a video about this for a long time because it is an urgent problem. Just so happens that last Thursday, we actually got a call from one of these cameras. Now it's in Chinese, but Terrence here speaks Chinese. Not the best Chinese, but some Chinese. So he's going to walk through what they actually said. He thinks that I'm working and who else is in here? He's just going to keep eating right? Who else is in here? He thinks that I'm working and who else is in here? I think there are very few operations in Singapore that speak only Chinese. Why would anybody be calling me of all people in Chinese? You're setting it up for like a huge loss in translation moment. It doesn't help that he's a cynical asshole. But the thing is, if you hear DHL, it sounds kind of legit and they actually mask their actual number and they actually use a number that has a plus six five environment to make you think it's a local number. Hello. What's your name? I just said that there's a package that I have. I don't know if you heard the words phone call and package there because I don't know how to say them in Chinese. Yeah, think whatever translation comes with a pinch of soul. Because like we said, his Chinese sucks. If you've got any corrections, just leave a comment below. So immediately, you know, he's like, yeah, I'm totally DHL because I'm asking for your password number, you know? I'm not asking for your credit card number yet. I'm totally legit. This is the point in my head where I was thinking, should I provide him my real name? Daosong. Chen Daosong. Chen Daosong. So that's a completely fake name. It sounds like a Chinese table tennis player, but it just looks like a Chen Daosong. The fake name is so fake that even I don't know what words there are in it. You can tell by a terrorist's expression when he gives the name. You know, it would be funny if I said like Rajamu, two sons of children, but I still speak Chinese. I don't know what they come back with after that. Addressed to Chen Daosong. Yes to Chen Daosong. And it took him 28 seconds to just do nothing. He just gave him a purely fictional name and he came back with some bullshit saying there's a letter addressed to this fictional name. How the f**k up is that? We received a call from a foreign official from Shanghai. He said that on May 25th, 2017, when we were on our way to China, Shanghai International Airport, there was a huge bank card inside. This has already violated the international law. Do you know what that means? Wait, he's accusing, he's accusing you of sending bank cards through the mail. He's saying that my name, my name is on the package. Yeah, tied to this parcel. He's mentioned, you know, Shanghai customs and DHR parcels. And so these are all big entities and all this is part of it. I guess I'm supposed to be scared. Someone is now using my name, Chen Daosong, to commit this act of international financial conspiracy. Brilliant. Suddenly I go from USM to Singapore. The Interpolis and the Interpolis. Okay, so, it's longer actually, it's on YouTube, you just type in DHR scam in Singapore and you actually see the whole story. But that's the main thing. So the idea behind that video is to show that they actually use, you know, like authoritative figures and calling from legit companies and you see the number that they mask is actually from a Singapore number despite the original color is actually from a different country. So it's very interesting how they actually do it. And this scamming industry in this, for example, DHR is pretty huge because what they do is they have an operations by itself. So when you call up, they will have operators to actually, you know, they have a customer service hotline basically to actually tell you that this is what you have done, this is what you need to do and they will make you believe that you have did something wrong. And a lot of people fall for it and sadly they actually pay for some such a thing and most of them of course are Chinese, sadly. So yeah, total money made, $4 million, we did the first quarter of this year. So yeah, it's going to be interesting at the end of the year how much money they actually made from scamming. So, two more minutes, good. Preventing ourselves, if you look at the talk, if you look at the findings analysis, one of the most common thing that I actually notice is that they are using platforms such as Facebook to begin the initiation. So try not to like, share your details to strangers. We need to try to practice compartmentalization of information. I believe Facebook has these settings where you can actually put friends in groups and show them what you want to show. So make use of that setting so that, you know, you only show to a group of people that you know what they are supposed to see rather than everybody gets to see everything. So yeah, I'm pretty paranoid when it comes to this. So I have a lot of people in my restricted list so they can only see my header and my public posts. The rest are all being compartmentalized. So my friends, my family can see different things. Again, education and awareness, this very hard to, you know, you can't have a social engineering toolkit to actually help you learn about this. You need to be educated and you need to be aware. So it's good to actually learn from people's experiences. You may not be a victim of this scam but perhaps some other might or you probably have to talk to them and say, you know, learn from them basically. Yeah, learn not to be easily met by smooth seduction perspective, right? And yeah, the last part is pretty straightforward. So yeah, future of cyber scams. It's no longer human to human. You know, social engineering, we usually practice our techniques against another human but now because of the increased use of technology, computers, laptops, you know, cyber stuff, we actually use this platform to actually conduct our social engineering techniques to attack another person or to target another person using social engineering via cyber technology. So yeah, human learning getting smarter and smarter if you can see from the kick. And yeah, now they are trying to go towards mobile. So for example, the DHL scam, one of the victims in Singapore actually was asked to download a mobile app. So what it does is once you download this mobile app from Android, what it does is you need to key in your credentials. So the moment you download your key in your credentials, I'm sure they actually steal everything from you. So yeah, that's the mobile app scam. So yeah, thank you so much for having me here. If you have any questions, let me know.