Love letter from Hollywood

Blog Cybersecurity
Blog Headet

It is a curious case. Katja L., a Berlin entrepreneur from the entertainment industry, was ensnared for weeks by Vin Diesel, the Hollywood star best known for the Fast & Furious film series – or so she thought. As it turned out, however, it was not the actor with whom Katja L. first wrote messages and later even made video calls, but a scammer. She became the victim of a cyber attack.

The case aroused the interest of the investigative magazine “T├Ąter, Opfer, Polizei” (RBB). Here, Katja L. describes the case and the perpetrator’s modus operandi. Perseus supports the reporting as an expert on cybercrime and provides insights and background information that help the viewer to correctly classify and understand the events.

The perpetrator contacted the victim via the social media platform Instagram. However, the fraudster quickly shifted the dialogue to the Google platform “Hangouts”. The use of this platform offers some advantages for the perpetrator. On the one hand, he can register relatively anonymously or by using a fake e-mail address. On the other hand, he can adjust chat settings so that conversation histories are automatically deleted as soon as the chat is closed. This removes all traces and the other party is left without evidence – as in this case.

First, the supposed Vin Diesel and Katja L. exchanged messages on the platform, followed later by video calls. During these, Katja L. could actually see the Hollywood star Vin Diesel, talk to him and interact with him. How can this be?

Julian Krautwald, Head of Incident Management at Perseus, explains the incident as follows: “With the Faceswap technology, it is relatively easy to digitally exchange one’s own face for that of any other person – even or especially with that of a celebrity. Afterwards, one can credibly appear as this person. The facial expressions are also taken over, so that a deception is relatively uncomplicated and at the same time looks very believable.”

At first glance, this technology seems elaborate and indeed like something out of a Hollywood movie. Nevertheless, everyday examples can be found where this so-called face masking or face swapping technology is used. For example, this type of technology is already used by online opticians when selecting glasses. The filter settings of social networks such as Instagram or Snapchat are also based on this principle.

Katja L. fell for the perpetrator due to the manipulated video calls that she paid for first-class airline tickets, driving services and digital voucher cards. The damage amounts to approximately 5.000 Euro.

“Digital gift cards are popular means used by online fraudsters to obtain money from their victims. Crypto-currencies such as Bitcoins would cause too much suspicion. Said cards appear comparatively inconspicuous, especially because dealing with online orders and vouchers is commonplace. For the perpetrators, the digital gift cards are perfect. They can use them worldwide and exchange or resell them and thus turn them into money. At the same time, no traces are left behind, because even if the card numbers are tracked, investigators end up with the buyer – and thus with the victim of the fraud,” says Julian Krautwald.

Even though this case seems very unusual, this type of cyber attack can happen to anyone. To protect yourself, Perseus’ cyber experts advise you to be generally attentive. If a situation seems strange, trust your gut feeling. Question what is being said or written. Get a second opinion. Often it helps to talk to a friend, colleague or family member to properly assess an incident or event. Under no circumstances transfer money or make advance payments to people you do not know personally or have never met.