Loading...

Follow IP-PI-BLOG on Feedspot

Continue with Google
Continue with Facebook
or

Valid

The following blog post is not about IP per se, however, it does address an alarming fraud scheme that organizations, brands, and IP support professionals need to to have an understanding and awareness of:

It’s called: Business E-Mail Compromise (BEC).

ALARMING TREND

There is an alarming scam-assault on businesses taking place in the U.S. and in Western Europe in which BEC is the weapon-of-choice.

And it demands the attention of management.

RECENT NOTABLE REPORTS

In June of this year, the U.S. Justice Department completed a six-month BEC investigation that resulted in the arrest of 74 individuals all over the U.S. and several other countries including Nigeria, Canada, Mauritius, and Poland, respectively.

“BEC…is a sophisticated scam that often targets employees with access to company finances and tricks them–using a variety of methods like social engineering and computer intrusions–into making wire transfers to bank account thought to belong to trusted partners but instead belong to accounts controlled by the criminals themselves.

And this month it was reported that a UK security group discovered a list of 50,000 executives that were targeted by BEC fraudsters.

“Moreover, The BEC attack emails…typically contain no malware; the group instead sends fraudulent payment requests to finance teams. As a result, the emails are difficult to detect by the range of counter-measures firms typically employ to block harmful material.

“In our analysis…we identified the working methods of a group that has taken the basic techniques of spear-phishing – using specific knowledge about a target’s relationships to send a fraudulent email – and turned it into massive BEC campaigns.

“Each attack email requesting a money transfer is customized to appear to be an order from a senior executive of the company.”

WHAT MAKES THIS ALARMING?

What makes this particularly alarming is that computer-protection technology cannot pick up on this type of fraud since it does not include malware.

It is essentially a person-to-person phishing campaign and flies under the malware-protection radar.

WHAT MUST THE FRAUDSTER DO TO BE EFFECTIVE?

The perpetual fundamentals of Nigerian-branded fraud schemes are simple: Impersonation.

In this scheme, the fraudster convinces you or your finance person that he/she is a senior representative of your company, (CEO, CFO, COO, etc.)

The fraud relies on human complacency, not technological proficiency.

HOW DOES IT WORK?

As explained above, although technologically unsophisticated, it’s still very effective.

The basic BEC modus operandi is:

  • Target finance employees
  • Impersonate a senior organization employee who directs the transfer of funds to a designated (fraudster) bank account

FRAUDSTER CREATIVITY

It never ceases to amaze me at the creativity of Nigerian-branded frauds.

I myself have investigated multi-million dollar Nigerian-branded fraud schemes (i.e., advanced fee, romance, black ink, etc.), and the talent and creativity of Nigerian-branded fraudsters are not to be underestimated.

They are absolute experts in the criminal art of psychological persuasion and impersonation.

And having discovered this new fraudulent scheme, the fraudsters will rake-in millions-and-millions until business awareness is raised enough to have a countering effect.

PREVENTION

This trend demands 3-fundamental actions of management:

  • Train (re-train) employees in email-communications discipline
  • Develop a communications protocol that requires employees to go through a step-by-step vetting of the sender before wire transfers are made
  • Institute an internal testing process that ensures employee compliance

FINAL THOUGHT

As the FBI reminds us, “BEC schemes continue to evolve as criminals come up with new and inventive ways to scam businesses.”

Disclaimer: IPPIBlog.com is offered as a service to the professional IP community. While every effort has been made to check information in this blog, we provide no guarantees or warranties, express or implied, with regard to content provided in IPPIBlog.com. We disclaim any and all liability and responsibility for the qualification or accuracy of representations made by the contributors or for any disputes that may arise. It is the responsibility of the readers to independently investigate and verify the credentials of such person and the accuracy and validity of the information provided by them. This blog is provided for general information purposes only and is not intended to provide legal or other professional advice.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

I was recently introduced to a FREE and extremely effective database platform for Amazon consumers who want to avoid unscrupulous third-party sellers.

It is called: ReconBob.

ReconBob is a platform that makes it possible for Amazon consumers to easily access customer reviews that gives a clearer picture of whether or not the third-party seller should be trusted.

Often the reviews–which are deep within Amazon review data–is just not easily accessible.

ReconBob makes those reviews accessible, and, as a result, provides a transparency that less than reputable 3rd party sellers hate.

SO HOW DOES ReconBob WORK?

If you go to the ReconBob website (below) you will see an icon to click “Add to Chrome” —- It’s a FREE extension to Google Chrome.

Each time the consumer goes to the Amazon site and searches for a product, Recon Bob will appear with an announcement that it is either “Approved” or that the shopper should be “Cautious” before making a purchase.

If the consumer receives a “Cautious” notice for the product chosen, you can click “Why?” and the reviews that substantiate the warning are displayed.

WHAT SHOULD THE AMAZON CONSUMER LOOK FOR WHEN REVIEWING–REVIEWS?

ReconBob does an insightful job of presenting indicators of what could be a third-party counterfeit seller or, a substandard seller:

  • Price: Does the price come with a risk? The seller may be taking advantage of you.
  • Product Quality: Can you trust the seller to deliver a quality item? They could have a history of selling used, expired or counterfeit goods.
  • Shipping Dependability: Have other shoppers received packages on a timely basis? Delayed packages may indicate that a seller is operating from overseas.

FOUNDER OF ReconBob

The founder of ReconBob is 3PM Solutions, a software company in Chicago that provides database solutions to protect brands and their customers from infringement.

If you’re an Amazon shopper, or, brand owner, or an IP attorney representing a brand, I highly recommend you explore ReconBob and the additional services 3PM Solutions provides–especially during this holiday season.

https://www.cnbc.com/2018/03/09/reconbob-makes-researching-amazon-sellers-easier-for-buyers.html

Disclaimer: IPPIBlog.com is offered as a service to the professional IP community. While every effort has been made to check information in this blog, we provide no guarantees or warranties, express or implied, with regard to content provided in IPPIBlog.com. We disclaim any and all liability and responsibility for the qualification or accuracy of representations made by the contributors or for any disputes that may arise. It is the responsibility of the readers to independently investigate and verify the credentials of such person and the accuracy and validity of the information provided by them. This blog is provided for general information purposes only and is not intended to provide legal or other professional advice.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Last month the U.S. Attorney for the Eastern District of Pennsylvania announced the second guilty plea from one of five individuals charged with conspiracy to steal trade secrets from GlaxoSmithKline (GSK) a U.S. pharmaceutical company. According to the press release the theft occurred in order to benefit a Chinese company backed by the Chinese government.

This post is Part 3 of 5 in which we continue to examine the details of this trade secrets theft enterprise. Please see the following links to read the previous two Parts: Part 1Part 2

MANNER AND MEANS

The following is essentially the “Manner and Means” the five defendants used to carry out their crimes as described in the indictment:

The two GSK employees stole GSK trade secrets and would typically do the following:

  • Defendant #1 (GSK employee) would e-mail the trade secrets from her work e-mail account to her personal e-mail account
  • Defendant #1 then emailed the trade secrets from her personal e-mail account to the personal e-mail accounts of defendants #2, 3, and 4
  • Defendant #5 (GSK employee) emailed the stolen information to her husband Defendant #2

And the cycle would repeat itself, over and over again.

In one of many telling email exchanges Defendant #1 (a/k/a “Joyce”) had with her co-conspirator twin sister, the twin sister asked, “…is ok you sent this plan from your company email?” And “Joyce” assured her, “it is ok.”

STOLEN TRADE SECRETS SAMPLES

  • GSK powerpoint presentation
  • Research paper with GSK letterhead on each page
  • The document clearly identified as being GSK information and clearly marked, “CONFIDENTIAL”
  • GSK documents with the email instruction from one of the GSK employees, “Please do not spread.”
  • GSK powerpoint presentation and training lecture

DEFENDANTS CRIMINAL BUSINESS STRUCTURE

The following is the business structure of the trade secrets theft enterprise as described in the indictment:

Three of the five defendants formed three corporations (one in Delaware–the other two were off-shore entities) to market, sell, and ultimately profit from the stolen GSK information.

HOW WOULD THE DEFENDANTS PROFIT?

The defendants planned to profit in multiple ways:

  • They planned to sell the GSK trade secrets as their own research
  • They intended to use GSK trade secrets to secure lucrative consulting contracts
  • They intended to do additional research to finalize and perfect GSK products still in development
  • They intended to patent some GSK products
  • They intended to use GSK products to bolster their personal business entities reputation

MONEY LAUNDERING

To hide the profits, Defendant #1 titled her interest in her personal business entity and the proceeds of the crime in the names of family members and other associates.

Here’s a quote from the criminal complaint, “YU XUE (Defendant #1, a/k/a “Joyce”) instructed two of the other defendants to hide the proceeds of the fraud scheme in the name of her twin sister in an attempt to prevent the criminal conduct from being traced back to “Joyce.”

IP PROTECTION OBSERVATION

There were a number of opportunities for a vigorous internal-integrity-monitoring program to pick up on this criminal conspiracy beyond emails traveling from a GSK computer to a personal computer, as we noted in Part 1, but, through the utilization of background screenings.

If annual background screenings were conducted of employees, (especially scientists with access to complex R & D information) an updated background screening would have uncovered the business entity GSK scientist-defendant “Joyce” registered in Delaware to facilitate the criminal enterprise.

IN THE NEXT POST…Part 4…

…we will explore what triggered the FBI investigation and the steps they took to investigate the allegations.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Last month the U.S. Attorney for the Eastern District of Pennsylvania announced the second guilty plea from one of five individuals charged with conspiracy to steal trade secrets from GlaxoSmithKline (GSK) a U.S. pharmaceutical company. According to the press release the theft occurred in order to benefit a Chinese company backed by the Chinese government.

This post is Part 2 of 5 in which we continue to examine the details of this trade secrets theft enterprise.

To read Part 1 please see the attached link:

In this post, we will take a look at the backgrounds of the five (5) defendants. In order to do this, we will continue to review public court documents–primarily the initial criminal complaint and the subsequent indictment.

EDUCATION

The key defendant (YU XUE a/k/a “Joyce”) is considered one of the top protein biochemists in the world.

All of the five defendants appear to have been born and raised in China, and at least four of the five received their undergraduate and graduate education in China.

Three of the five defendants received their PhDs at U.S. universities: two at the University of North Carolina (UNC) and the fourth at the University of Iowa, respectively.

Although another defendant received her PhD. in China, she did receive her Master’s Degree at the University of North Carolina, as well.

EMPLOYMENT

“Joyce” worked at GSK as a senior-level manager with two to three subordinates. She also worked at UNC as a research analyst for six years prior to her employment with GSK.

Another defendant worked as a scientist at GSK during the conspiracy.

FAMILY CRIMINAL CONSPIRACY

“Joyce’s” twin sister and Ph.D. (who resides in China) is one of the defendants.

The other GSK scientist-defendant (referenced above) is the wife of one of the other indicted co-conspirators.

IP PROTECTION OBSERVATION

So, here is the profile of an “International Trade Secrets Misappropriator” as detailed in Trade Secrets Asset Management 2016 by IP attorneys R. Mark Halligan and Richard F Weyland

  • Born in a foreign country
  • May be either naturalized U.S. citizen or foreign national on a work or student visa
  • May be male or female, married or single, with or without children, of almost any age
  • Often a group effort, such as a husband and wife team
  • Usually from China, France, Israel, India, Japan or Russia
  • Has close family remaining in the birth country, often parents
  • Retains close ties to the birth country, traveling there often
  • Intelligent
  • Highly educated, often with a PhD. in a technical field
  • The theft is sponsored by a government agency, university, or technology company in the birth country
  • Ultimately will return to the birth country and work for the sponsor
  • Steals primarily product technology
  • Theft may be through a front company, which shields the sponsor
  • Motive: Nationalism

*In the “Pretrial Detention Order” concerning defendant-“Joyce,” the U.S.  Attorney made the following point: “The defendant has substantial ties to China.”

IN THE NEXT POST…Part 3…

…we will examine the infrastructure of the trade secrets theft operation.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Last month the U.S. Attorney for the Eastern District of Pennsylvania announced the second guilty plea from one of five individuals charged with conspiracy to steal trade secrets from GlaxoSmithKline (GSK) a U.S. pharmaceutical company. According to the press release the theft occurred in order to benefit a Chinese company backed by the Chinese government.[1]

REASONS TO HIGHLIGHT THIS CASE

As an IP protection specialist, investigator and blogger, I am always interested in learning more about how different IP criminal conspiracies work. Uncovering the mechanics of these operations teaches us how to more effectively defend against it, and help minimize exposure. It reminds us all of the many faces of trade secrets theft.

HOW WILL I GO ABOUT IT?

I will dig into public court documents and extract information that will shed light on the overall operation. I will start with the initial criminal complaint filed by the FBI special agent assigned to the case against the defendants. In succeeding posts I will then follow-up with information about the structure of the conspiracy; the defendants professional and personal backgrounds; the roles each of the defendants played; significant findings uncovered during the investigation; and finally the current status of the defendants.

SERIAL INFORMATION – SHARING MODEL

I recognize that we all have only so much time in any given day to consume content, even when it’s useful, so, I will present the content in manageable segments on successive days. I will use this serial content sharing model and post on this topic daily not to exceed 500 words of content per post.

FORMAT OF THE NEXT SEVERAL POSTS

So, over the course of the next several consecutive posts, I will focus on this case and briefly highlight different elements of the case and make some IP protection observations.

LET’S BEGIN…

WHO WAS CHARGED?

In December 2015 the following five (5) defendants were charged with trade secrets theft:

  • YUE XUE;
  • TAO LI;
  • YAN MEI;
  • TIAN XUE; and
  • LUCY XI, respectively

The key figure in this conspiracy is YU XUE, a/k/a “Joyce.”

Here is a quote from the complaint,

“YU XUE (“Joyce”) e-mailed … from her GSK e-mail account to her personal account and then forwarded that intellectual property to her conspirators … also used her GSK computer to download a substantial amount of intellectual property from GSK’s network, apparently onto a thumb drive or other portable storage device, to send this information to her conspirators.”

IP PROTECTION OBSERVATION

  • Leaping from the above complaint quote is that “Joyce” used a GSK e-mail account to transfer proprietary information to her personal account
  • It reinforces the fundamental protection strategy for companies to have robust internal email monitoring systems in place to pick up these types of transfers
  • Particularly the transfer of information from a company controlled email account to a personal account
  • And her downloading of information to a thumb drive should make any trade secrets owner shiver over how easy that is to do
  • From a protection perspective, we are getting to a point in which what an employee is permitted to bring into a work site—and leave with—will need to be strictly regulated (see my October 2017 post titled, “Trade Secrets Protection – Mindfulness”)[2]

IN THE NEXT POST…Part 2…

…we will briefly survey the defendants backgrounds (to the extent information is available) concerning their duties and responsibilities in their mainstream jobs during the conspiracy (in addition to “Joyce”), as well as their education, location of their education, family situation, current country of residence, education and government affiliations, etc.

Were there any other trade secrets theft warning signs?

[1] https://www.justice.gov/usao-edpa/pr/second-former-glaxosmithkline-scientist-pleads-guilty-stealing-trade-secrets-benefit

[2] https://ippiblog.com/2017/10/31/trade-secrets-protection-mindfulness/

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

In the current issue of The Brand Protection Professional: A Practioner’s Journal (BPP), several of my IP protection colleagues including myself were given the opportunity to make a contribution to this journal’s, “BP Forum” column.

We were all asked to respond to the following question: “Reflecting on your career in law enforcement and specifically your work in enforcement, before or after, what do you think the most important lessons you learned are important for brand owners to learn?”

My fellow contributors were Michael Lemieux and Brett Millar, (FBI retired), respectively, as well as William Ryan who is retired from the NYPD, as I am.

See our comments in the attached link:

BP Forum VOL3N3

The following description of BPP’s objective was extracted from this current issue:

“The Brand Protection Professional: A Practioner’s Journal (BPP) is a quarterly resource dedicated to reporting on brand protection issues, research and professional information for in-house brand protection practitioners. The BPP aims to advance brand protection through the establishment of an accessible, comprehensive forum containing essential information for the brand protection community.”

The Brand Protection Professional: A Practioner’s Journal (BPP), is a Michigan State University (MSU) Anti-Counterfeiting and Product Protection (A-CAPP) Center initiative.

Here is a brief summary of what you will find in the current issue as presented on the MSU A-CAPP, LinkedIn page:

Other articles include…
…Jak Cluness with Professional Pointers on Building Collaborative Brand Protection Strategy with Licensors
…how the Automotive Anti-Counterfeiting Council Taps the Power of Collaboration
…how the new IPR Center Director Seeks to Expand the Center’s Footprint Through New Capabilities and Partnerships
Junqi Hang and Yu Zhang on how new legislation in China Allows for Broader and Deeper Trade-Secret Protection
John Zacharia on how The Supreme Court Made Restitution Harder for Brand Owners—and What Brand Owners Can Do About It
Ron Alvarez, Michael LeMieux, CFE, Brett Millar, and William Ryan in the BP Forum on lessons they learned in law enforcement for brand owners
Andrew Love with A View from the Field on burning questions for brand protection professionals
…In the Headlines / What to Watch on recent stories in brand protection
…our Temperature Test on 3D printing
…our Bulletin on events and resources Many thanks to all our contributors!

This article was first published in the Ninth Edition, Volume 3, Number 3 of  The Brand Protection Professional (BPP) on 20 September 2018.

I highly recommend all my readers subscribe to BPP. It is a resource that IP protection professionals will no doubt benefit from.
Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview