40: Spies, Lies, and Cybercrime

Spies, Lies & Cybercrime by Eric O'Neill

Happy Tuesday, Readers—Big News!

For the past few years, I’ve been burning the midnight oil, tapping away at a book that dives deep into the dark corners of the digital world. Today, I finally get to share the news:

Spies, Lies, and Cybercrime: Cybersecurity Tactics to Outsmart Hackers and Disarm Scammers

is complete, polished, and launching October 7—wherever books are sold (or downloaded).

Can’t wait? You can preorder it today. Spies, Lies, and Cybercrime is available now and is already an Amazon #1 Bestseller in very good company.

In a few weeks, I’ll be heading into the recording studio soon to narrate the audiobook myself, so you’ll hear every tactic, story, and strategy straight from me.

I began writing this book when the world hit pause. The pandemic sent everyone home. IT teams scrambled. Cybersecurity pros went to war from their kitchen tables. Meanwhile, cybercriminals sensed blood in the water.

They didn’t hesitate.

They formed syndicates. They copied spies. They manipulated, impersonated, and infiltrated with precision. The Dark Web ballooned. Trust became a rare and risky bet. Deepfakes blurred truth. Generative AI became the new weapon of choice. And the era of the cybercriminal officially began.

That’s why I wrote this book.

Spies, Lies, and Cybercrime is your field guide for this cyber war. It will teach you to see threats before they strike, to dig through the digital dirt like an email archaeologist, and to think like a spy so you can defend your data—and maybe your dignity.

Because if we all learn to fight back, one data point at a time, we just might turn the tide.

This is how it starts. I can’t wait for you to read it.

Keep reading for an exclusive first-look excerpt from Spies, Lies, and Cybercrime—just for you, my newsletter readers.

Title Story: Love, Chloe

A Deepfake, Signed Sealed and Delivered

Sebastian worked for an innovation lab headquartered in Palo Alto, California. He wasn’t a scientist or cutting-edge programmer who dreamt up new technologies that would change the world but a finance controller who earned an honest living. He processed the invoices, paid the vendors, and made certain that all the financials were accurate, down to the penny. Meanwhile, the company’s CEO, Chloe, was young, vibrant, and precocious. Her revolutionary ideas fed the 24-hour news cycle that catapulted her into social influencer status. Sebastian followed her social media accounts, subscribed to her YouTube videos and podcast, and just might have had a small crush on her. Despite his infatuation, they’d never met. Sebastian worked remotely from his flat in Berlin, Germany while Chloe jet-set around the world.

Late one evening, Sebastian’s dream of interacting with his influencer boss came true when he received a text from her asking to FaceTime. They’d never communicated, but he determined that it was reasonable that she’d have access to his cell number. She was the CEO after all. He eagerly clicked to agree to the chat, and within seconds Chloe’s smiling face appeared. The warm and congenial conversation was everything Sebastian had hoped for. She asked after him and shared some common anecdotes about life in Berlin, such as her favorite biergarten and what she saw during the long walks she took along the Spree River. Maybe one day they could walk together?

When she got to the point of the call—an immediate transfer of €5 million Euro to a subcontractor he’d never heard of—Sebastian never questioned the request. Chloe was on screen personally requesting the transfer. Her smile assured him of this. 

 Later investigation would reveal that Chloe never contacted Sebastian. Not once. When asked, she did not know his name, the fact that he worked in Berlin, or that the company employed a German finance controller. It turned out that a sophisticated cybercrime syndicate hidden within the Dark Web’s countless anonymous servers datamined all of Chloe’s many media interviews, social media posts, and YouTube videos and cloned her voice using a subscription-based online AI model. After spending a few weeks surveilling the company through LinkedIn and Twitter, the criminals identified all the personnel in finance and discovered a Chloe super-fan in Sebastian. They located Sebastian’s personal cell phone number and called using the AI avatar. Sebastian thought he’d spoken to the woman of his dreams. Instead, he’d spoken to Artyom, a twenty-two-year-old Belarussian computer engineer. Artyom typed what he wanted Chloe to say in his AI chat function and the avatar mimicked Chloe’s voice and face with near precision. Within hours of the deposit, the €5 million disappeared from the “subcontractor’s” bank account and melted away into untraceable cryptocurrency wallets owned by Artyom’s Dark Web cybercriminal friends.

This Black Mirror­-like scenario is a real-life example of our current cybersecurity crisis. It isn’t an example of what could happen in some distant future if we’re not careful; it’s an example of what’s occurring every day, all around the world. Soon, we will not be able to trust everyday mediums like texts, FaceTime, Google Meet, Teams, and other social-and-work platforms.

In a month’s time, these attacks will replace the most common spear phishing email threats. In a year, AI will be indistinguishable from real life. All because of the unchecked, innovative rise of cybercrime.

By 2026, 90% of the Internet will be synthetically generated. Trust has become an uncommon commodity.

Our progression into a global society that relies on technology to learn, experience, communicate, collaborate, work and play—a tele-everything world—where all interactions of every sort occur online, rocketed forward the Dark Web’s train. This train has no brakes. Global cybercrime syndicates adopted the espionage tradecrafts of impersonation, bullying, greed, and the human propensity to trust to launch cyberattacks against us. They research our social media, befriend us when we are lonely, trick us with investment opportunities by exploiting our heart strings, cloak themselves in our identities, ransom sensitive information and exploit our most critical data. Cybercrime has become a business with growth verticals to rival the largest corporate juggernauts, its grandiosity protected by the anonymity of the Dark Web, the deepest and most secret layer of the Internet. We are all future customers—ready or not.

To exploit our vulnerability, criminals have flocked into the Dark Web’s hidden depths to launch ransomware attacks, line their pockets with billions of dollars in criminal fraud, upset and weaken critical infrastructure, and share tips and tools to train the next generation of bandits. The cost of cybercrime is exploding and increases by an average of 15% year over year. In 2023, global cybercrime exceeded $12 trillion. At current growth, the cybercrime industry will exceed $20 trillion annually by 2026 and potentially $30 trillion by 2028! Measured as gross domestic product, the Dark Web generates enough cybercrime to make it the third largest economy on earth, exceeding both Germany and Japan together. This represents the greatest transfer of wealth in world history, exceeds the global damage costs from natural disasters in a year, and is more profitable than global gains from the trade of all major illegal drugs combined. Let that sink in for a moment.   

Threat actors of all stripes and colors—from nation state spies to new criminal syndicates—have invested in new business ventures to steal the data that moves, shapes, and informs humanity. Like spies, they use our data to improve rival economies, steal technology, undermine democracy, and prepare for future warfare. Espionage has evolved from the cloak-and-dagger dead drops of the past to a relentless series of cyber-attacks that confound security and defy counterintelligence. To prevent spies and criminals from igniting a data doomsday, cybersecurity demands spy hunters.

In recent years, cybercrime has grown so bloated that law enforcement is impotent to stop it. This means that cybersecurity must continue to evolve to compete in an arms race with attackers. Individuals, businesses, and organizations can protect themselves from cyberattacks by opening their eyes, understanding the threat, and preparing for the worst before an attacker strikes.

To protect against this future, we must change the way we think about cyberattacks. We must divorce ourselves from a defensive mindset and become threat hunters instead. We must become as tireless as the cybercriminals, but for the purposes of a good, safer, more favorable world. We must take back the tactics that cybercriminals have exploited and learn to beat them at their own game. Only then can we make the world safe from cyberattacks.

Cybersecurity Tip of the Week

A Call from the “FBI”? Think Again.

Imagine this: You’re sipping your morning coffee when your phone buzzes. The caller ID flashes “FBI Headquarters.” Heart racing, you answer. A stern voice claims your Social Security number is linked to criminal activity. They demand immediate payment to avoid arrest.

This isn’t a scene from a thriller—it’s a real scam tactic. Fraudsters spoof legitimate numbers, impersonating FBI agents or other officials to intimidate victims into handing over money or personal information. They might even use fake credentials or video calls to appear authentic.

FBI’s Warning

The FBI has issued multiple alerts about such scams:

  • Impersonation Tactics: Scammers pose as FBI agents, using spoofed phone numbers to appear legitimate. 

  • Threats and Intimidation: Victims are told they face arrest or deportation unless they pay fines immediately, often via wire transfers, gift cards, or cryptocurrency. 

  • Sophisticated Deception: Some scammers use video calls, counterfeit ID cards, and fake backdrops to convince victims of their authenticity. 

Think Like a Spy Hunter: The FBI does not call or email individuals to demand payment or threaten arrest. 

Protect Yourself

  1. Stay Skeptical: Be wary of unsolicited calls, especially those demanding immediate action or payment.

  2. Verify Independently: If contacted by someone claiming to be from the FBI or another agency, hang up and call the official number listed on the agency’s website.

  3. Never Share Personal Information: Do not provide personal or financial information to unknown callers.

  4. Report Scams: If you receive a suspicious call, report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov.

Scammers rely on fear and urgency to trick victims. By staying informed and cautious, you can protect yourself and others from falling prey to these schemes.

Like What You're Reading?

Don’t miss a newsletter! Subscribe to Spies, Lies & Cybercrime for our top espionage, cybercrime and security stories delivered right to your inbox. Share with a friend. Always weekly, never intrusive, totally secure.

NO NEWSLETTER Next Week!

I will be on the road next week speaking in Las Vegas a week after getting surgery on my right hand. I write these newsletters myself and the thought of doing so one-handed is beyond me.

We will be back with Issue #41 on June 1.

What do YOU want to learn about in my next newsletter? Reply to this email or comment on the web version, and I’ll include your question in next month’s issue!

Thank you for subscribing to Spies, Lies & Cybercrime. Please comment and share the newsletter. I look forward to helping you stay safe in the digital world.

Best,
Eric

Let's make sure my emails land straight in your inbox.

Gmail users: Move this email to your primary inbox

On your phone? Hit the 3 dots at top right corner, click "Move to" then "Primary."

On desktop? Close this email then drag and drop this email into the "Primary" tab near the top left of your screen

Apple mail users: Tap on our email address at the top of this email (next to "From:" on mobile) and click “Add to VIPs”

For everyone else: follow these instructions

Partner Disclosure: Please note that some of the links in this post are affiliate links, which means if you click on them and make a purchase, I may receive a small commission at no extra cost to you. This helps support my work and allows me to continue to provide valuable content. I only recommend products that I use and love. Thank you for your support!

Reply

or to participate.