The internet has connected nearly everybody on the planet to a global network of information and influence, enabling humanity's best and brightest minds unparalleled collaborative capabilities. At least that was the idea, more often than not these days, it serves as a popular medium for scamming your more terminally-online relatives out of large sums of money. Just ask Brett Johnson, a reformed scam artist who at his rube-bilking pinnacle, was good at separating fools from their cash that he founded an entire online learning forum to train a new generation of digital scam artist.

Johnson's cautionary tale in one of many in the new book, Fool Me Once: Scams, Stories, and Secrets from the Trillion-Dollar Fraud Industry, from Harvard Business Review Press. In it, Professor of Forensic Accounting at DePaul University, Dr. Kelly Richmond Pope, chronicles some of the 20th and 21st century's most heinous financial misdeeds — from Bernie Madoff's pyramid schemes to Enron and VW, and all the Nigerian Princes in between — exploring how the grifts worked and why they often left their marks none the wiser.

Harvard Business Review Press

Reprinted by permission of Harvard Business Review Press. Excerpted from Fool Me Once: Scams, Stories, and Secrets from the Trillion-Dollar Fraud Industry by Kelly Richmond Pope. Copyright 2023 Kelly Richmond Pope. All rights reserved.

Cyber Monday

I was doing my morning reading before class, and a story about a reformed cybercriminal caught my attention. I always wanted to learn more about cybercrime, but I’d never interacted with a convicted cyber offender. Here was my chance.

I did a quick Google search and found his personal website. I reached out, explained my interest in his story, and waited. By evening, I had an email from gollum@anglerphish.com. I was immediately suspicious, but it was a legit address of Brett Johnson, the man from the article.

After a few email exchanges, we got on a call. He was super friendly and had the voice of a radio DJ. I invited him to come speak to my class at DePaul.

“I teach on Monday nights for the next eight weeks, so whatever works for you will work for me,” I said.

“How about I hop in my car and come visit your class this coming Monday?” he said.

I was a little shocked—Birmingham, Alabama was a long drive— but I immediately took him up on his offer.

Brett was born and raised in Hazard, Kentucky, “one of these areas like the Florida Panhandle and parts of Louisiana, where if you’re not fortunate enough to have a job, you may be involved in some sort of scam, hustle, fraud, whatever you want to call it,” he said.

Maybe there was something in the water because his entire family engaged in fraud. Insurance fraud, document forgery, drug trafficking, mining illegal coal. You name it, Brett’s family did it.

Young Brett was a natural liar. As he grew up, he participated in the family scams.

Eventually, he branched out on his own. His first scam: in 1994, he faked his own car accident. Second scam: eBay fraud.

He reached his peak in the mid-’90s, during the Beanie Baby heyday. The Royal Blue Peanut, essentially a cobalt stuffed elephant toy, sold for as much as $1,700. Only five hundred of the dolls were manufactured, making it one of the most valuable Beanie Babies.

Brett was trying to earn some extra money. A Beanie Baby scam seemed easy and quick.

He advertised on eBay that he was selling Royal Blue Peanut for $1,500. Except he was actually selling a gray Beanie Baby that he dipped in blue dye to look like Royal Blue Peanut for $1,500.

He accepted a bid and instructed the winner to send a US postal money order. “It protects us both,” he said via email. “As soon as I get that and it clears, I’ll send you your elephant.”

The bidder sent Brett the money order; Brett cashed it and sent her his version of the blue Beanie Baby. The phone rang almost immediately.

“This is not what I ordered!” yelled a voice on the other line.

Brett’s response was swift. “Lady, you ordered a blue elephant. I sent you a blue-ish elephant.”

Brett gave her the runaround for a few weeks until she finally disappeared.

This experience taught Brett two very important lessons about cybercrime:

• Delay the victim as long as possible.

• Victims rarely report the crime and eventually go away.

Brett continued to perfect his skills and graduated to selling pirated software. From pirated software, he moved to install mod chips (a small electronic device used to disable artificial restrictions of computers or entertainment devices) into gaming systems so owners could play the pirated games. Then he began installing mod chips in the cable boxes that would turn on all the pay-per-view on clients’ TV channels for free. Then it was programming satellite DSS cards (the satellite DSS card allows access to tv channels).

He was getting requests for his cable boxes from customers all over the United States and Canada. He was on a roll. Finally, it occurred to him: Why even fulfill the cable box order? Just take the money and run. He knew that no customer would complain about losing money in an illegal transaction. He stole even more money with this updated version of his cable box scam but soon worried that he’d get flagged for money laundering. He decided he needed a fake driver’s license so he could open up a bank account and launder the money through cash taken out of the ATM.

He found a person online who sold fake licenses. He sent a picture, $200, and waited. He waited and waited. Then reality punched him in the face: He’d been scammed. The nerve.

No one hates being deceived more than someone who deceives for a living. Brett was so frustrated he started ShadowCrew.com, an online forum where people could learn the ins and outs of cybercrime. Forbes called it “a one-stop marketplace for identity theft.” The ShadowCrew operated from August 2002 through November 2004, attracting as many as four thousand criminals or aspiring criminals. It’s considered the forerunner of today’s cybercrime forums and marketplaces; Brett is known as the Godfather of Cybercrime.

“Before ShadowCrew, the only avenue you had to commit online crime was a rolling chat board,” he told my students. “It’s called a IRC chat session and stands for Internet Relay Chat.” The problem with these rolling chat screens was that you had no idea if you were talking to a cop or a crook. Either was possible.

ShadowCrew gave criminals a trust mechanism. It was a large communication channel where people in different time zones could reference conversations. “By looking at someone’s screen name, you could tell if you could trust that person, if you could network with that person, or if you could learn from that person,” he said. The screen name on the dark web became the criminal’s brand name. They keep this brand name throughout their entire criminal tenure and it helps establish trust with others, so the screen name matters.

When Brett was in class, he showed my students how information ended up on the dark web. “You can find social security numbers, home addresses, driver’s license numbers, credit card numbers on the dark web for $3,” he explained. All the information is there, practically begging to be taken.

In 2004, authorities arrested twenty-eight men in six countries, claiming they had swapped 1.7 million stolen card numbers and caused $4.3 million in losses. But Brett escaped. He was placed on the Secret Service’s Most Wanted list. After four months on the run, he was arrested.

Brett has been in and out of prison five times and spent 7.5 years in federal prison. Today he considers himself a reformed white-collar offender.

The Securities and Exchange Commission has cracked down on the businesses of crypto entrepreneur Justin Sun and has charged him for the unregistered offer and sale of the tokens Tronix and BitTorrent. If those tokens sound familiar even to non-hardcore crypto enthusiasts, it's because several celebrities had promoted them on social media — and now they're also being charged by the agency. According to the SEC, eight celebrities, including Lindsay Lohan, Jake Paul, Soulja Boy, Ne-Yo and Akon, illegally promoted the tokens online without disclosing that they were paid to do so. 

"...Sun paid celebrities with millions of social media followers to tout the unregistered offerings, while specifically directing that they not disclose their compensation. This is the very conduct that the federal securities laws were designed to protect against regardless of the labels Sun and others used," Gurbir S. Grewal, Director of the SEC's Division of Enforcement, said in a statement. 

All celebrities charged, with the exception of Soulja Boy and musician Austin Mahone, have agreed to pay a collective amount of $400,000 in penalties to settle the charges. It's not the first time the SEC went after celebrities shilling crypto on social media — it previously charged Kim Kardashian and NBA Hall of Famer Paul Pierce for posting about EthereumMax's EMAX tokens without revealing that they had been paid for the promotion. Kardashian paid $1.26 million to settle the charges against her, while Pierce paid $1.4 million. 

As for Sun himself, the SEC accused him of violating antifraud and market manipulation provisions of the federal securities laws. The agency said he offered the tokens as investments through unregistered bounty programs that prompted participants to promote the tokens on social media and to recruit others. In addition, the SEC also accused Sun of directing employees to artificially inflate the value of Tronix by simultaneously selling and purchasing the token to make it appear actively traded. 

"As alleged in the complaint," Grewal said, "Sun and others used an age-old playbook to mislead and harm investors by first offering securities without complying with registration and disclosure requirements and then manipulating the market for those very securities."

US law enforcement authorities this week arrested the person allegedly responsible for hacking the Federal Bureau of Investigation (FBI) in 2021. As reported by Krebs on Security (via The Verge), FBI agents on Wednesday arrested Conor Brian Fitzpatrick on suspicion of running BreachForums. As Brian Krebs notes, the website’s administrator, “Pompompurin,” is responsible for or connected to some of the most high-profile hacks in recent memory, including multiple incidents involving the FBI.

In 2021, Pompompurin took credit for compromising the agency’s email servers and sending thousands of fake cybersecurity warnings. Pompompurin is also linked to the 2022 breach of the FBI’s InfraGard network, an incident that saw the contact information of its more than 80,000 members go on sale. Separately, Pompompurin is connected to the 2021 Robinhood hack that saw the data of 7 million users compromised, and the 2022 Twitter data leak.

In a sworn affidavit, one of the FBI agents involved in the arrest claims Fitzpatrick identified himself as Pompompurin and admitted to being the owner of BreachForums. The forum rose from the ashes of RaidForums, which the FBI raided and shut down last year. For the moment, BreachForums is still up and running. "I think it's safe to assume [Pompompurin] won't be coming back, so I'll be taking ownership of the forum," said a user named Baphomet. "I have most, if not all the access necessary to protect BF infrastructure and users." Fitzpatrick will appear before a federal court on March 24th.

Bandcamp has always been known as an artist-friendly alternative to streaming services like Spotify, where you can buy music directly from the musicians themselves. Now, workers at the Epic-owned online audio distributor want to ensure that they're treated as well as its creators by forming a union called Bandcamp United. According to Rolling Stone and TechCrunch, a majority of workers are in favor of unionizing, and all 62 of its non-managerial and non-supervisory personnel in the US will make up its bargaining unit. Those 62 workers are composed of support staff, designers, engineers, writers and other roles within the platform. 

Apparently, Bandcamp's personnel have been quietly working on their organizing efforts since last summer. They ultimately decided to join Tech Workers Union Local 1010 of the Office and Professional Employees International Union, which is the same group that helped full-time Kickstarter employees organize back in 2020. Based on the mission statement written on Bandcamp United's website, the group aims to fix pay disparities and promote "equitable conditions and economic stability." They want to make sure workers have access to paid time off and that their salaries "will grow to meet economic necessity."

Rolling Stone says they're also looking to address management's lack of transparency after Epic's takeover last year. Workers were reportedly asked to sign new employment contracts when the Fortnite developer acquired the platform, and they were given a limited amount of time to review its terms with no room for negotiations. 

Ethan Diamond, Bandcamp's CEO, told the publications that management is "aware that some... employees are seeking to organize a union and [is] reviewing the petition to understand their concerns." Bandcamp United has already filed for a petition with the National Labor Relations Board (NLRB) to administer a union election and will hold one to make things official once it gets approved. 

In December, ByteDance confirmed that it fired four employees who had used TikTok to spy on the locations of two journalists. Now, Forbesreports that the FBI and the Department of Justice have been investigating the incident.

News of the investigation comes at a moment when ByteDance is facing mounting pressure to sell its stake in TikTok. The company confirmed that US officials have said that TikTok will face a possible ban in the United States if ByteDance doesn’t separate itself from the video app.

TikTok critics in Congress have previously raised questions about the app’s surveillance tactics, particularly in light of ByteDance’s acknowledgement that employees had inappropriately accessed the data of US users.The full extent of law enforcement’s investigation into the incident is unclear but, according to Forbes, ByteDance has received subpoenas from the DoJ. The FBI has also conducted interviews related to the matter, though it’s not clear if the two are part of the same investigation.

"We have strongly condemned the actions of the individuals found to have been involved, and they are no longer employed at ByteDance,” a ByteDance spokesperson said in a statement. “Our internal investigation is still ongoing, and we will cooperate with any official investigations when brought to us."

TCGplayer, the eBay-owned trading card marketplace, is facing its fourth unfair labor charge in the space of two months. The Communications Workers of America (CWA) claimed that, one business day after TCGplayer employees voted to form eBay's first union last Friday, the company fired a worker for engaging in union activity.

The CWA called the firing of worker Iris St. Lucy “retaliatory” in the wake of the election. The union claims that TCGplayer “management has escalated its anti-union war against workers” as a result of the vote. All non-supervisory workers at TCGplayer's authentication center in Syracuse, New York (who numbered 272 as of Friday) are now represented by the union.

Since TCGplayer workers announced their second unionization attempt in January, the CWA has filed three other unfair labor charges with the National Labor Relations Board. Among other things, the CWA has accused the company of requiring employees to attend anti-union meetings, interrogating workers and monitoring those who wore clothing or badges that identified them as supporters of TCGunion-CWA, the union they eventually formed under the CWA.

“Not only are eBay and TCGplayer violating labor law, the company is undermining its workers’ rights to union representation, fair wages, dignity on the job and the ability to support their families," CWA secretary-treasurer Sara Steffens said in a statement. "TCGplayer needs to stop these attacks and commit to bargaining a contract in good faith.”

Engadget has contacted TCGplayer for comment.

The workers at eBay-owned TCGPlayer, a marketplace for trading card games such as Magic: The Gathering, have voted in favor of joining a union. eBay purchased the company in 2022 for a deal valued up to $295 million, but the website continues to operate independently. Now that all 272 non-supervisory workers at the company's authentication center in Syracuse, New York are represented by the Communications Workers of America, they've become the first group to form a union at eBay in the US. 

The organized workers, who are responsible for ensuring the accuracy and quality of all shipments in and out of the company, filed for a union election with the National Labor Relations Board back in January. They wanted to unionize in a bid to have a voice within the company, and they were also seeking pay raises to account for inflation, a fair and comprehensive sick leave and absence policy, as well as inclusive career advancement opportunities, fair and transparent hiring practices, and clearly defined job roles and expectations.

In the CWA's announcement of the union victory, it said TCGPlayer workers first tried to unionize in 2020. However, the company hired a union buster to "spread disinformation," and the workers ultimately withdrew their petition for a vote due to the pandemic. While they were successful this time around, their employer reportedly tried to get them to back down again. CWA filed an unfair labor practice charge against the company in January for illegally surveilling union activity. It filed more charges just last week, accusing the company of threatening workers for supporting unionization efforts and forcing them to attend anti-union meetings, as well. The unionized workers are still waiting for the NLRB's decision on those complaints.

FTX founder and former CEO Sam Bankman-Fried may be stuck using a dumb phone for the foreseeable future. In a letter seen by Bloomberg, prosecutors involved in his criminal case said Friday that Bankman-Fried’s lawyers had agreed to modify the terms of his bail agreement. Provided the judge overseeing the case agrees to the changes, SBF will be restricted to using a “non-smartphone” without internet connectivity. Unless a lawyer is present, he will also be forbidden from contacting current or former FTX and Alameda Research employees. Additionally, SBF won’t be able to use encrypted messaging apps, including Signal.

The proposed restrictions come after Bankman-Fried allegedly attempted to contact the general counsel of FTX’s US subsidiary over Signal at the start of the year. “I would really love to reconnect and see if there’s a way for us to have a constructive relationship, use each other as resources when possible, or at least vet things with each other,” he said in one message, according to the Justice Department.

Earlier in the week, Nishad Singh, FTX’s former director of engineering, pleaded guilty to federal fraud and conspiracy charges. Singh is the third of Bankman-Fried’s inner circle to cooperate with prosecutors in the case against him. At the end of last year, former Alameda Research CEO Caroline Ellison and FTX co-founder Zixiao "Gary" Wang pleaded guilty to fraud charges and said they would cooperate with investigators.

According to Bloomberg, District Judge Lewis Kaplan threatened to revoke Bankman-Fried’s bail and send him to jail before the start of his trial after learning that the disgraced entrepreneur may have influenced potential witnesses. Last month, Kaplan also banned Bankman-Fried from using a virtual private network (VPN) after his lawyers said he used one to watch a football game. According to Reuters, Kaplan said he did not want SBF "loose in this garden of electronic devices.”

Under the modified bail agreement, SBF would be allowed to use a laptop to surf the web, but his access would be filtered through a VPN that would limit him to two categories of websites. One category would include resources his defense team says are critical to his case. The other features a list of 23 websites SBF could use to order food, read the news and watch streaming content. No word yet if the proposed restrictions would limit him from playing League of Legends. 

Dozens of Google Japan employees have organized under the Tokyo Managers' Union. It's the first labor union at Google Japan, according to Meiji University Assistant Professor Ken Yamazaki, who also posted a copy of the group's statements from a press conference. Apparently, the employees chose to organize out of fear that they could be abruptly laid off, especially since some of them are in Japan on work visas. 

Their concerns stemmed from the tech giant's announcement back in January that it's cutting 12,000 jobs — that's six percent of the company's overall workforce — around the world. They said their counterparts in the US were terminated with just an email sent in the middle of the night, and that the Japanese office's employees were left anxiously awaiting for the ax to fall over the past few weeks. The workers said they joined a labor union in response to that announcement and to news about the fate of the company's employees in other countries. 

For a dismissal to be legal in Japan, a company has to prove that it has reasonable grounds to terminate an employee. However, some companies terminate employees without good reason by claiming to have problems with the worker. The group is hoping that joining a union would protect them from sudden termination. In the US, one of the divisions most affected by the job cuts was the company's Area 120 in-house incubator, which works on experimental apps and products. The division used to develop 20 projects simultaneously, but that's now down to three after most people in the team lost their jobs.

When Google announced it was going to let 12,000 workers go, Chief Executive Sundar Pichai said he was "deeply sorry" and that he takes "full responsibility for the decisions that led [the company] here." He admitted that the tech giant went on a hiring spree over the last few years, but that Google "hired for a different economic reality than the one we face today." According to the company's latest earnings report, its revenue for the fourth quarter of 2022 grew one percent from the year before, but its quarterly net income was down 34 percent year-over-year. 

Activision Blizzard's return-to-office plans are prompting another labor dispute. The Communications Workers of America (CWA) union has filed an unfair labor practice charge with the National Labor Relations Board (NLRB) against Activision for the allegedly illegal firings of two quality assurance testers who objected to a hybrid plan that required them to be in the office three days a week by April 10th. Management ostensibly fired the pair for using "strong language" in their opposition, the CWA says, but union Secretary-Treasurer Sara Steffens characterized the move as "retaliation" against staff who joined co-workers in protected labor activity.

Many employees are balking at the office strategy, the CWA claims. They're reportedly concerned the end to purely remote work will raise the cost of living and force some employees out of their jobs. The NLRB expressly protected the use of harsh language until 2020, when the government loosened standards for firing people over their statements.

In a statement to Engadget, an Activision spokesperson doesn't address the return-to-office effort and maintains that it fired the testers for violating company policy with their language. The game publisher insists that the CWA is "advocating for this type of behavior." We've asked the NLRB for comment.

There's no certainty the charge will succeed. However, it comes after successes for the CWA's fight against Activision. Last May, the NLRB determined there was merit to claims the company illegally threatened staff and stifled social media posts. In October, the board found that Activision withheld raises from testers at Raven Software over their unionization efforts. An in-progress charge asserts the firm surveilled protesters and cut off chat channels used to discuss labor issues. Activision has routinely denied these allegations, arguing that it's honoring the law and internal policy.

Regardless of the claims' validity, the pressure has led to changes for some employees. Activision converted all its contract and part-time testers to full-time status last July, granting them improved pay and benefits. Some teams have also managed to unionize.