Tuesday, October 29, 2019

Stories of Romance Scam Victims: Ronayerin Ogolor

Ronayerin Ogolor has pled guilty to causing $900,000 in losses to at least 13 Romance Scam victims.  Ogolor, a 50 year old naturalized citizen from Nigeria, lived in Kansas City, Missouri when he committed the various fraud schemes.  After "falling in love" via ChristianMingle, Facebook, or Hangout.com, Ogolor would begin to string his victims on to being lured out of their finances, whether or not they were wealthy.

Ogolor maintained multiple bank accounts.  Two US Bank accounts in his own name (ending in 8969 and 1885), a Wells Fargo account ending in 6281 in the name "Ronayerin Ogolor Merchandise", and a Wells Fargo account ending in 2141 in the name Ovrichona - a business involved in "overseas auto sales." A Bank of America account ending in 6776 in the name "American Quarter Horse Association eBanking", as well as BofA accounts ending in 4957 and 1988 in the name "Ogolor Merchandise." A Bank Midwest acount in the name "Rons Solutions" which he claimed was a Beauty Salon originally, but told a Bank Midwest employee bought American goods from cars to diapers and resold them in Nigeria.

He paid for his online dating sites via "AlcudaBill"

We thought it would be illustrative to share some of his schemes found in the Criminal Complaint.

Victim 1 - Alabama
Met "Charles Zolt" on ChristianMingle.com.  He was an "oil rig worker".  Zolt convinced Victim 1 to sell her car and wire him $9,500.

Victim 2 - Ohio
Met "Bradley Majestic" on ChristianMingle.com.  He was also an "oil rig worker" who claimed to be from Belgium. Victim 2 sent him over $30,000 in paymets starting with $3,500 in March 2015.

Victim 3 - Indiana
Met "Lawrence Garrison" after receiving a Facebook friend request.  Garrison also was an oil rig worker.  He claimed to have been born in Denmark. He sent a photo of a $4 million check, claiming he would pay her back when he got home by cashing that check.  He needed help getting funding to tow a $500,000 drill head to Ohio.  Victim 3 "invested" $450,000 overall in the scam.

Victim 4 - Washington
Met Ogolor in a variety of aliases.  Repeatedly tricked into wiring money to help meet fees associated with money transfers of up to $1 million USD.

Victim 5 - Minnesota
Met "David Stasiak" on Facebook.  Stasiak claimed to be a general contractor for Baytex Energy who worked on an oil rig.  She sent money to pay taxes on a large amount of gold that Stasiak was bringing into the country.  She "paid taxes" moving the gold through Qatar and Turkey, eventually being told that a final $32,000 had to be paid to a customs officer at Hartfield Airport in Atlanta to get the gold delivered.  She did not send the final payment, but was out several thousand dollars by this time.

Victim 6 - Arizona
Met "Samantha Brown" from Australia.  Claimed she had received a $250,000 inheritance.  She deposited the money into Victim 6's account and sent $60,000 to Haxzades Auto, LLC; $80,000 to Ronnie Leon Hammers; and $70,000 to Wells Fargo account 2141 (Ronayerin Ogolor dba Ovrichona Company.)  The $250,000 was the proceeds of a BEC scam.

Victim 7 - Texas
Met "James Philip" a US Army General in Afghanistan and agreed to help him smuggle two cases with $5 million in cash back to the USA.  Victim 7 sent three wires totaling $68,000 to pay various fees to help get these cases through customs.

Victim 8 - Florida
Met "Gary Ross Rodney" on Facebook.  Communicated via Skype and Email.  Claimed he had a UK bank account worth $500,000 to pay taxes to get the funds to the United States.  Victim 8 SOLD HER HOUSE to get Rodney the needed money, wiring $56,000 and $65,000 to Ogolor Merchandise's Bank of America account (4957).

Victim 9 - Illinois
Met "Manuel Rigby" on Facebook.  Rigby worked on an oil rig.  Claimed he had been detained in Atlanta, Georgia for traveling with too much cash.    Sent a total of $60,000 to get her boyfriend out of prison.

Victim 10 - Texas
met "Jonathan Lester" on either ChristianMingle or EHarmony.  Lester worked on an oil rig!  (Are  you surprised?)  Lester claimed to be from France.  He was importing a box with $2.75 million in cash, but needed to pay some fees to get it through Customs.  Via Hangouts, Victim 10 was instructed to send a $24,500 cashier's check to Ogolor Merchandise's BofA account 4957.  Altogether, she sent "Lester" $126,400.

Victim 11 - Florida
Met "Linda Stout" on Hangout.com.  Ogolor Sent him a $6,500 check and asked him to keep $1500 and send the other $5,000 to the Ogolor Merchandise BofA account.  (The check was fraudulent.)

Victim 12 - Italy
Met "Alexander McFelix" on Facebook.  McFelix was a U.S. Soldier serving in Afghanistan.  Wired money to help McFelix pay fees to retire early.  Over $13,600 in three payments to three different bank accounts controlled by Ogolor.

Victim 13 - California
Met "Robert Williams" on Facebook.  Williams worked for an oil company in Saudi Arabia, 'so his salary was paid in cash.'  Now needed help paying fees to bring his box of $2.6 million in cash through U.S. Customs.  Victim 13 sent more than $345,000 to pay various fees to import the money -- all to accounts controlled by Ogolor and associates, including a Citibank account in the name of Owurachanel LLC, an account in the name BJs Global Sales, and an account in the name Vinpep Services, LLC, and an account in the name TLA Technology & Consulting LLC.

For the dramatic conclusion ...

On October 19, 2018, the FBI learned that Ogolor had purchased a plane ticket to Frankfurt, Germany. He was arrested in the Kansas City International airport as he waited to board his plane.

Ogolor pled guilty on October 23, 2019, and signed a statement agreeing that he understood he may get 20 years in prison, a $250,000 fine, three years supervised release, an order to pay restitution to his victims, and possible deportation from the country after release.






Wednesday, October 16, 2019

"Welcome to Video" raid leads to 337 arrests due to Bitcoin Exchanges that use strong KYC

The darkweb child sexual exploitation video site, "Welcome to Video", first came onto Law Enforcement's attention as a result of a case in the UK, where a geophysicist Matthew Falder was arrested.  When the National Crime Agency was looking into his hard drive, they found he had been a member of "Welcome to Video" which at the time used the dark web address mt3plrzdiyqf6jim .onion.  Anyone visiting that website recently would have seen this banner instead:


Law enforcement actually got the website through a silly webmaster error.  One of the webpages on the website linked some of its component files by the server's IP address instead of its onion URL address.  The IP address, 121.185.153.45, was a Korea Telecom address.  They got the owner's address details and were able to confirm his identity.

After establishing undercover addresses, searches on the website for some common child sexual exploitation searches, and received indications that there were THOUSANDS of matching videos.  I don't know that we should share the terms with our readers, but some search terms resulted in more than 7,000 or even 10,000 matching videos.  Searches for videos involving children as young as four years old or even two years old yielded 4,000 matching videos each.

 Anyone could view "thumbnails" on the site, but to download or view the related videos, you had to have Points.  You could buy points for bitcoin, or you could "earn" points by uploading a unique video, or having a friend sign up and use your referral code.

 On multiple occasions, including September 28, 2017 and February 23, 2018, federal agents made payments on the website, and within 48 hours, the money had been moved to another Bitcoin wallet.  That wallet turned out to be a Coinbase wallet.  When they asked Coinbase who paid for that Bitcoin account, it was Jong Woo Son. To be able to buy Coinbase from a bank account, Jong was required to provide KYC (Know Your Customer) information, so he provided and confirmed an email address and telephone number, both of which were found to belong to Jong.

That gave law enforcement enough to raid Jong's residence, where they found the server in his bedroom, containing 8 TB of child sexual exploitation images, and log files indicating that MORE THAN A MILLION videos had been downloaded from the site.  The raid was conducted by US IRS-CI, US HSI, UK NCA, and the South Korean National Police.  By comparing the hashes of these videos to the collection at NCMEC (The National Center for Missing and Exploited Children), they found that 45% of these videos had never been seen before.

MANY of the users of the site were "creating" videos by abusing children they had access to. The United States has indicted Jong Woo Son, but he is already serving time for charges brought in South Korea.  The indictment does provide a great deal of information about the case that helps us understand what happened:


(from the Jong Woo Son indictment)
We know from other sources that the "exchanger in the United States" is Coinbase (see below).  Every time Welcome To Video presented an opportunity for payment to a visitor, it generated a new potential Bitcoin wallet address.  Until someone makes a payment, however, it is more like a "potential" wallet.  If the visitor wasn't sure how to get Bitcoin, Jong's website recommended that an easy way was to set up a Coinbase account!
By tracing other addresses that also moved small payments to the same wallet that the undercover payments were moved to, they were able to identify a "cluster" of 221 frequently used bitcoin addresses that had been used to receive payments that were then sent to the website owner, Jong Woo Son.  Later, they asked Coinbase, and two other major Bitcoin Exchanges, to identify accounts that had sent payments to any of that pool of 221 bitcoin addresses.  Why so many?  To make sure which payment belongs to which user, when a user indicates they are about to make a payment, they are assigned a bitcoin address to use for their transaction.  This is fairly common practice on darkweb markets. To avoid conflicts, Jong had many such addresses that would receive the payment from a specific user, probably created at transaction time. Jong would consolidate these bitcoin "wallets" by moving the funds to his primary account, from which he sometimes withdrew funds directly to his bank account. Because transacting against a bitcoin address creates new addresses, those at least 7,300 small payments were paid to different addresses controlled by Jong over time.
This was really spelled out in detail as the prosecutor, and then the FBI agent, tried to explain bitcoin to the judge in the Gratowski case.   That was the Texas case involving former HSI Agent Richard Nikolai Gratowski.  Same thing.  He used his own USAA Credit card to pay Coinbase to buy his bitcoin.  I have the 100 page transcript of his court hearing, which was fascinating to read.  He was sentenced to 70 months (and has already appealed to the 5th circuit.)  Most of the court documents referred to "Bitcoin Exchange 1" -- but the transcript names Coinbase 84 times!  I think they deserve a lot of the credit for making this case possible through their strict KYC implementation!


Subpoenas asking for "who has been sending money to these 221 bitcoin wallets?" is where they got their hitlist of 337 site users who were arrested.  They including pedophiles residing in Alabama, Arkansas, California, Connecticut, Florida, Georgia, Kansas, Louisiana, Maryland, Massachusetts, Nebraska, New Jersey, New York, North Carolina, Ohio, Oregon, Pennsylvania, Rhode Island, South Carolina, Texas, Utah, Virginia, Washington State and Washington, D.C. as well as the United Kingdom, South Korea, Germany, Saudi Arabia, the United Arab Emirates, the Czech Republic, Canada, Ireland, Spain, Brazil and Australia.  MOST of those users were identified because of the strict "Know Your Customer" rules that reputable bitcoin exchanges are now requiring of their customers. 

As a result of all of the investigations so far, at least 23 underage children were rescued in the US, UK, and Spain!

In ALL of the US cases I pulled court records for, that was the process.  Find a username on the seized server, prove that they had transacted bitcoin from a KYC-friendly exchange, such as Coinbase, then subpoena the bitcoin exchange to see who owned the account.  Coinbase and other reputable Bitcoin Exchanges, requires "strong Know Your Customer" as a means of reducing fraudulent or criminal behavior.  For Coinbase, that includes a drivers license scan, and a response to both an email and an SMS message to confirm that they know your real email and real telephone number.  For the accounts found, they could then check the Korean server to see which user had made a payment at that time and date, and how much activity they had on the server.  Then law enforcement would either confront the pedophile or conduct a search warrant to get confirmation of the evidence from the customer.  Priority was placed on anyone who seemed to be CREATING the content, or who had previous related charges.

Michael Ezeagbor was found to have used the identity "mikeexp1" on the site.  He had earned points by uploading 10 videos, and had downloaded 42 videos.  He paid 0.1 BTC on Jan 29, 2016 (which at the time was only $38.)  The Bitcoin exchange he used provided his DOB, SSN, address, and a Yahoo email account.  He had bought the bitcoin on the exchange using his A+ FCU account.

Eric Wagner paid 0.06 BTC on November 5, 2016 (about $43 at the time).  He had downloaded 40 videos and uploaded 84 videos.  His bitcoin exchange revealed his email was "wagnered@comcast.net" and he was using a DFCU debit card which matched the name, address, and SSN on file with the bitcoin exchange.

Brian James LaPrath was identified in the same way.  Because he had NOT uploaded, choosing just to pay, and had downloaded very little, he was allowed to plea to money laundering, although he is doing probation with sex offender style limitations in place.


The most troubling case I reviewed was that of Nicholas Stengel who had PREVIOUSLY been arrested for possession of child pornography and had served 41 months, followed by 36 months supervised release.  His supervised release included all of the above, and more.  He relapsed during that time, refusing to take his court ordered polygraph, and was charged with using a computer in violation of his parole to seek child pornography and with public masturbation.  In his first case he was charged with possessing 79,335 images and 230 videos.  When an HSI Cybercrime Special Agent hit his door with a warrant, Stengel's wife stalled the agents at the door while Stengel got into his bathtub with a knife and slit his own wrists and throat!  He was given emergency medical care, but now found to possess 805,457 images and 6,884 videos!
Stengel attempts suicide during his search warrant

Several others who were charged with PRODUCING child sexual exploitation imagery to upload to the site were listed in The Daily Mail's story on the case:

Paul Casey Whipple, 35, of Hondo, Texas, a U.S. Border Patrol Agent, was arrested in the Western District of Texas, on charges of sexual exploitation of children/minors, production, distribution, and possession of child pornography. Whipple remains in custody awaiting trial in San Antonio

Michael Lawson, 36, of Midland, Georgia, was arrested in the Middle District of Georgia on charges of attempted sexual exploitation of children and possession of child pornography. He was sentenced to serve 121 months in prison followed by 10 years of supervised release following his plea to a superseding information charging him with one count of receipt of child pornography

Nader Hamdi Ahmed, 29 of Jersey City, New Jersey, was arrested in the District of New Jersey, for sexual exploitation or other abuse of children. Ahmed pleaded guilty to an information charging him with one count of distribution of child pornography. He is scheduled to be sentenced Oct. 1, 2019

Jeffrey Lee Harris, 32, of Pickens, South Carolina, pleaded guilty in the District of South Carolina for producing, distributing, and possessing child pornography

Nikolas Bennion Bradshaw, 24, of Bountiful, Utah, was arrested in the State of Utah, and charged with five counts of sexual exploitation of a minor, and was sentenced to time served with 91 days in jail followed by probation;



Tuesday, October 15, 2019

18 Members of ATM Skimmer Gang Arrested -- Mostly Romanian

DOJ Press Release: 18 Members of International Fraud and Money Laundering Conspiracy
The Southern District of New York brought charges on 18 people for their involvement in an ATM Skimming ring that planted hundreds of skimming devices in at least 17 states and stole more than $20 Million dollars.  Those charged, from the DOJ Press Release about the ATM Skimming organization, are listed below.  The operation involved many cooperating agencies, including the FBI, Customs and Border Protection, the NYPD, the US Postal Inspection Service, INTERPOL-Rome, INTERPOL-Mexico City, and Mexico's Agencia de Investigación Criminal and Instituto Nacional de Migración.

What the press release does NOT make clear is the ties to Intercash, the largest Romanian ATM Skimming ring in history, and the primary reason that when you see "Skimming arrests" in the United States, they will almost always involve Romanians.

LIMBERATOS, COSTEA, LYMBERATOS, ELIOPOULOS, SAMOLIS, LAM, and MIHAILESCU were arrested in and around Manhattan on October 10, 2019.

M. CONSTANTINESCU, CALUGARU, I. CONSTANTINESCU, and SERBAN were arrested in Miami on October 10, 2019.

MARTIN (Pictured here as "Florian M") was arrested in Cabo San Lucas, Mexico.  Although he was the only one charged in the SDNY case, he was actually arrested as the leader of a group of 7 Romanians all arrested together in Mexico.  In Romanian news, he is described as "the brother of Rechinu".  Rechinu, which means "shark" in Romanian, is believed by the Romanians to be the big boss of an international skimmer ring, named Florian Tudor.  Brian Krebs, the world's leading investigative  security journalist, shared many more details about Rechinu's gang in April 2019, in a follow-up to his three part series about Instacash - a Romanian crime syndicate that dominates the skimming world. That KrebsOnSecurity story, "Alleged Chief of Romanian ATM Skimming Gang Arrested in Mexico" includes many details learned by interviewing the brother of a bodyguard that was assassinated by Tudor.

Romanian press says that Rechinu was also a human smuggler, helping "hundreds of Romanians" migrate to Mexico using counterfeit documents and then cross the border into the United States to participate in criminal activity.  Not only did Rechinu run an enormous international crime ring, but through shell companies, he was the owner of a company in Mexico that installed and maintained ATM machines for banks in Mexico!  Using the knowledge and access his employees gained by having "legitimate" access to such equipment, it is no wonder that InterCash dominated the skimming market!

Tudor Florian has managed his network, most of the time, in Mexico, under the screen of some companies that set up ATMs and ensure their maintenance! On the legally installed ATMs, skimming devices were mounted, which copied the cards of the people who were making money. 

"After fraudulently obtaining the computer data, teams were made up of other members of the group who traveled to other states such as USA, India, Paraguay, Indonesia, etc., from which they withdrew the existing amounts of money in the bank accounts related to electronic payment instruments. copied ”, claims DIICOT.  -- Translated from the Libertatea.ro story "DIICOT Release: The Shark Clan in Craiova had companies that legally set up ATMs in Mexico, where they later cloned the cards!"

(Libertatea - "Freedom!" - ran a month-long series of investigative reports about this crime family that they dub "the Shark Clan", including their long involvement with another Romanian crime family that sold them underage girls for sex trafficking)



VIDRASAN was arrested in Perugia, Italy.

PETRESCU, DIACONU, ANCA, and ULMANU were already in custody on other charges and will be later transferred to New York.

The charges were brought in three separate indictments.  Mircea CONSTANTINESCU, Nikolaos LIMBERATOS, Cristian COSTEA, Alin Hanes CALUGARU, Ionela CONSTANTINESCU, Theofrastos LYMBERATOS, Andrew ELIOPOULOS, Valentin PETRESCU, Peter SAMOLIS, Kelly Karki LAM, George SERBAN, Dragos DIACONU, Madlin Alexandru ANCA, Cristian ULMANU, and Iuliana MIHAILESCU were charged in the first indictment with:

  • 18 USC Sections 1029(a)(1), (a)(2), (a)(3), (a)(4), and (a)(5) - access device fraud 
  • 18 USC Section 1029(a)(1) producing and trafficking in counterfeit access devices
  • 18 USC Section 1029(a)(2) using a counterfeit access device to obtain a thing of value
  • 18 USC Section 1029(a)(3) aggravated identity theft (possessing with intent to obtain a thing of value more than 15 counterfeit access devices
  • 18 USC Section 1029(a)(4) producing, trafficking in, having custody and control of and possessing counterfeit access device-making equipment
  • 18 USC Section 1029(a)(5) conducting transactions with access devices issued to another person to receive payment exceeding $1,000 in a single year.  (Yep, $20M > $1,000)
  • 18 USC Section 1343  Bank Fraud , Wire Fraud, 
  • 18 USC Section 1349  obtaining money from FDIC insured institutions by means of false and fraudulent pretenses 
  • 18 USC Sections 1028(a)(1), (b), and 2.
  • 18 USC 1956(a)(1)(A)(i) conspiracy to commit wire fraud and bank fraud 
  • 18 USC  1956(a)(1)(B)(i)  conspiracy to commit access device fraud 
  • 18 USC  1957(a) conspiracy to commit wire fraud 
CONSTANTINESCU shipped a credit card point of sale terminal from Mt. Pocono, Pennsylvania to Veracruz, Mexico for the purpose of having a custom skimmer created for the terminal. SERBAN shipped skimmers from Miami to Tobyhanna, Pennsylvania.

Others installed skimmers in at least Babylon, NY (N. LIMBERATOS); Canterbury, CT (CALUGARU); Manchester, NH (T. LYMBERATOS); Glen Cover, Westbury, and Whitestone (ELIOPOULOS), NY; Boston, MA (PETRESCU); Queens, NY (SAMOLIS); Somerville, MA (ULMANU); Boston, Brookline, Sturbridge, Brighton, and Natick, MA (MIHAILESCU).

Others used cards to withdraw funds using counterfeit ATM cards coded with the magnetic stripes stolen by the gang's skimmers in at least New York City, NY (CONSTANTINESCU), Chattanooga and Ooltewah, TN (DIACONU,  ANCA); 

Others arranged the cash deposits and withdrawals to launder the funds (LAM)

A second indictment separately charges Raul Ionut VIDRASAN with many of the same charges.

A third indictment separately charges Florian Claudia MARTIN (and his host of aliases) and Alex DONATI. Specifically MARTIN is charged with installing a skimming device on an ATM in a hotel in Manhattan.  DONATI is charged with shipping a package containing two skimmers to Manhattan. 


Defendant
Age
Place of Residence
Nationality
FLORIAN CLAUDIU MARTIN,
a/k/a “Florin Claudiu,”
a/k/a “Johnny Ion,”
a/k/a “Jane Hotul,”
a/k/a “Petru Andrioaie,”
a/k/a “Petru Andrioane,”
44
Cabo San Lucas, Mexico
Romania
ALEX DONATI
51
Cabo San Lucas, Mexico
Romania
RAUL IONUT VIDRASAN,
a/k/a “Michu,” a/k/a “The Boy”
27
Perugia, Italy
Romania
MIRCEA CONSTANTINESCU, a/k/a “Sobo”
44
Cooper City, Florida
Romania
NIKOLAOS LIMBERATOS, a/k/a “Nicu Limberto”
53
Deer Park, New York
Greece
CRISTIAN COSTEA, a/k/a “Momo”
44
Queens, New York
Romania
ALIN HANES CALUGARU
39
Sunny Isles, Florida
Romania
IONELA CONSTANTINESCU, a/k/a “Pitica”
35
Cooper City, Florida
Romania
THEOFRASTOS LYMBERATOS
36
Queens, New York
United States
ANDREW ELIOPOULOS
34
Queens, New York
United States
VALENTIN PETRESCU, a/k/a “Gico Cosmin Giscan,” a/k/a “Zoltan Pruma”
32
Russellville, Arkansas
Romania
PETER SAMOLIS
30
Queens, New York
United States
KELLY KARKI LAM
42
New York, New York
United States
GEORGE SERBAN
32
Miami, Florida
Romania
DRAGOS DIACONU
41
Nashville, Tennessee
Romania
MADLIN ALEXANDRU ANCA, a/k/a “Mateo Fernandez Alejandro”
22
Nashville, Tennessee
Romania
CRISTIAN ULMANU, a/k/a “Boris Moravec”
54
Russellville, Arkansas
Romania
IULIANA MIHAILESCU
42
Queens, New York
Romania


Thursday, October 03, 2019

FBI Fraud Arrests by Field Office, 2018


Each year, crime data geeks look forward to the publication of the CJIS "Crime in the United States" report.  On September 30th, the FBI was able to share the Uniform Crime Report information for 2018, describing information about Violent Crime, Property Crime, Homicides, and Arrests gathered from most of the law enforcement agencies in the United States.  UCR is old news though.  Many short-comings in the system have led to changes which are adopted in the new NIBRS system, the National Incident-Based Reporting System.  For people like me, who care about cybercrime, hacking, malware, and fraud, this is great news!  Many budget decisions have been made over the years about how to allocate police resources based on UCR data, and NONE OF THE CATEGORIES I CARE ABOUT WERE PART of UCR!   But NIBRS has many of those things, rolled up under the category "fraud."

Fraud Offenses are called "26" offenses and have the following breakdown:
  • 26A = False Pretense / Swindle / Confidence Game 
  • 26B = Credit Card / ATM Fraud 
  • 26C = Impersonation 
  • 26D = Welfare Fraud
  • 26E = Wire Fraud
  • 26F = Identity Theft
  • 26G = Hacking / Computer Invasion
(The NIBRS User Manual has the complete list of codes for other offenses.)

Last year, students in my Criminal Justice 502 - Computer Forensics class at UAB (the University of Alabama at Birmingham) - attempted to study fraud statistics from the 2017 NIBRS data, and sadly, their conclusion was that they were dramatically under-reported, and if used at all, used only in a "rolled-up" capacity.  NIBRS is currently receiving data from 6,600 of 18,000 potential law enforcement agencies.  By 2021, all agencies should be using NIBRS instead of UCR.

With shame, I mention that Alabama is one of the states boycotting NIBRS, calling it an "unfunded mandate" and refusing to participate.  In the 2017 data, only the city of Hoover shared NIBRS-formatted crime statistics with the Department of Justice.  (Hopefully we will see an improvement in this process as Alabama is now one of the states receiving federal funding to improve their NIBRS participation in the form of an NCS-X Initiative Grant.  In October 2018, an additional $49 Million was released to encourage greater participation.   A sampling study was conducted by BJS to determine that if 400 additional agencies were added, it would have a marked improvement of the accuracy and usefulness of NIBRS data, and these agencies and their states are now targeted, for the fourth year in a row, with Federal funding to assist in implementation.  Eleven Alabama Law Enforcement agencies were among the 400 on the "List of NCS-X Sample Agencies as of August 2018" making them eligible to apply for funding.  Only four states have not received any funding to date - AK, AZ, MS, and NM. Sixteen states have fully implemented NIBRS, and four more have >80% participation.)

We are still looking forward to seeing the 2018 NIBRS data, which would normally have been released by now, but did get one early present from CJIS, in the form of FBI NIBRS data from each field office.

https://ucr.fbi.gov/ucr-statistics-their-proper-use

A caution before reading on, despite the FBI's repeated warning to not use crime data to rank jurisdictions, journalists repeatedly put out reports called things like "The Top Worst Cities for Murder" each year after the UCR is released.  In the table below, we have extracted the FBI data for Fraud Arrests for each of their 56 field offices.  This is intended to show how fraud arrests (including all of the categories above) are still a MINOR focus of law enforcement by proportion of arrests, so PLEASE don't use this data to rank.  (More reasons not to rank in the link above, which is labeled "Caution Against Ranking" on the Crime in the United States page.

As part of that caution, consider a couple numbers from the table below.  While the average for all field offices was that 10.9% of all FBI arrest in 2018 were for "Fraud" categories, the Los Angeles Field Office number was more than double that amount, at 27.6%.  Why?  Is it because there is more fraud in LA than most places?  Not really.  Their "Fraud Arrests per 100,000 population" is 1.4, nearly double the national average of 0.8. Los Angeles serves the largest population of any field office -- 19.5 million people -- allowing their office composition to contain specialized squads not found in smaller offices. One such squad includes agents dedicated to working "Business Email Compromise" and they have been doing an amazing job at that task.  Because of the STRATEGIC FOCUS of the Los Angeles office, many criminals are arrested and charged there even when the victims may come from across the United States and the World.

Similarly, the Miami, District of Columbia, and New York offices have significantly higher fraud arrest rates per 100,000 populations than other offices. This also reflects the composition of their offices. New York City FBI arrested 1,466 total people in 2018 -- nearly 500 more than any other office, and triple the number of the arrests in only slightly smaller Dallas, Boston, Atlanta, or Charlotte. As a global super power in the banking world, New York City has one of the largest cybercrime offices in the country, including many New York Police Department personnel who serve as Task Force Officers within the FBI's Cybercrime and Financial Crime Task Forces. In offices like NYC, many cases where a local prosecution may have been brought elsewhere by the police have been elevated to a federal level, taking advantage of the unique concentration of banks AND FEDERAL RESOURCES, to make possible their 268 fraud arrests in a field office serving 13.4 million people. Similar combined state/local/federal task forces raise their arrest rate in other categories, partly as a result of the unique partnerships found in New York as a result of the restructuring of the FBI following the terrorist attacks there on 9/11.
Other office numbers may be skewed by the presence of an extremely gifted or well-funded state or local law enforcement agencies, which may work many cases at the state/local level that in other offices may have become federal cases.  
So again, please don't use these numbers for "head-to-head rankings," but do enjoy seeing what is going on in YOUR FBI office!  We look forward to seeing the full NIBRS data soon, but in the meantime, found the data below a fascinating representation of how fraud is fought by the Federal Bureau of Investigation.
(Full FBI Arrestees by NIBRS Offense Code by FBI Field Office, 2018 available here)
(Crime rate per 100,000 is ((Arrests / Population) x 100,000), for example, in NYC, (268/13,464,042 = 0.000019904 * 100,000 = 1.99 (rounded to 2.0) per 100,000 population.)
Field OfficeFraud ArrestsTotal ArrestsPopulation% Fraud ArrestsFraud arrests per 100k population
Grand Total All Offices2,64524,174330,611,01610.9%0.8
Albany191933,959,1429.84%0.5
Albuquerque113682,095,4282.99%0.5
Anchorage3110737,4382.73%0.4
Atlanta 8663510,519,47513.54%0.8
Baltimore203977,009,8895.04%0.3
Birmingham 161532,885,67910.46%0.6
Boston 7851510,654,32615.15%0.7
Buffalo283182,745,3248.81%1.0
Charlotte 2254810,383,6204.01%0.2
Chicago723999,299,34218.05%0.8
Cincinnati 232575,973,0038.95%0.4
Cleveland 404265,716,4399.39%0.7
Columbia253135,084,1277.99%0.5
Dallas 4255610,937,8927.55%0.4
Denver 554006,273,30113.75%0.9
Detroit 1327629,995,91517.32%1.3
El Paso 132171,280,4005.99%1.0
Honolulu19921,420,49120.661.3
Houston 453488,739,89012.93%0.5
Indianapolis 635416,691,87811.65%0.9
Jackson 192302,986,5308.26%0.6
Jacksonville 421295,292,49132.56%0.8
Kansas City215726,107,8123.67%0.3
Knoxville 164132,634,7463.87%0.6
Las Vegas 132943,034,3924.42%0.4
Little Rock 112093,013,8255.26%0.4
Los Angeles 27097819,503,77827.61%1.4
Louisville 171774,468,4020.96%0.4
Memphis 352924,135,26411.99%0.8
Miami 24110487,101,5800.23%3.4
Milwaukee281805,813,56815.56%0.5
Minneapolis 356207,253,4915.65%0.5
Mobile141962,002,1927.14%0.7
New Haven243153,572,6657.62%0.7
New Orleans 132344,659,9785.56%0.3
New York 268146613,464,04218.28%2.0
Newark555338,055,34210.32%0.7
Norfolk 151081,759,48413.89%0.9
Oklahoma City 202523,943,0797.94%0.5
Omaha102945,085,4130.34%0.2
Philadelphia1067239,948,74514.66%1.1
Phoenix 347737,171,6460.44%0.5
Pittsburgh 405435,517,3257.37%0.7
Portland323034,190,71310.56%0.8
Richmond 101104,153,7059.09%0.2
Sacramento 332988,099,06811.07%0.4
Salt Lake City 536065,977,6188.75%0.9
St. Louis 264222,930,1456.16%0.9
San Antonio 368797,743,6630.41%0.5
San Diego 333843,529,0648.59%0.9
San Francisco713428,425,13520.76%0.8
San Juan1407163,443,5825.59%1.2
Seattle 343597,535,5919.47%0.5
Springfield121573,441,7387.64%0.3
Tampa 308008,905,2543.75%0.3
Washington, Dc766713,306,95111.33%2.3