As I am writing this newsletter, the world, or at least a significant portion of it, is learning that their email is compromised. If your organization is administering it’s email service through a Microsoft “on-premises” Exchange server then it has probably been breached. In fact, it is estimated that 30,000 organizations in the United States and 100,000 worldwide are currently operating compromised email systems and the number is increasing everyday. Two great articles to bring you up to speed are from ARS Technica and Brian Krebs.
And a technical deep-dive for those doing incident response: FireEye Threat Research Blog
BEC actors pivot…backwards
Email security company Agari released their H1 2021 Email Fraud and Identity Deception Trends Report. Of note, is the finding that Business Email Compromise actors have returned to payroll diversion attacks. No matter what security features businesses implement, the motivated attacker will adapt and re-engage.
Get shot - Go to Jail
This is an absolutely crazy story and kudos to the law enforcement investigators that figured it all out. A man and woman were shot (like with a gun) by their daughter’s crazy ex-boyfriend, but they end up going to jail. Of course, while investigating the shooting the police found trash bags filled with cash in the pool house. That’s probably a sign that something else is going on. Yep, tax evasion.
More Pandemic Fraud
FinCEN issued an updated advisory alerting financial institutions to new concerns of Economic Impact Payment fraud (EIP Fraud). There is nothing really new in the warning but it’s a robust summary of what we’ve seen so far. And a good primer for the less informed.
So stupid. So maddening.
The Office of Inspector General for the Social Security Administration issued a warning about a new fraud tactic being used in phone scams. The scammers are sending images of government employee identification badges in an effort to prove they are “legitimate”. These scams are so stupid, it’s easy to quickly dismiss the victims. Why would you owe social security money? Why would you pay the government with a iTunes gift card? But it’s important to remember who is targeted and eventually victimized by these scams - many times the elderly and disabled. The people who actually take their social security account seriously and the thought of losing it is devastating. These frauds should be given more attention by federal law enforcement.
The Rest…
A hacker group released an updated jailbreak tool that is effective on most iPhones. This is mostly hype. Yes, it may render your phone less secure - but not really. It takes an advanced user to administer it and they must physically have your phone. And Apple has already released a patch. Keep your iPhone updated, secured with a strong PIN, and in YOUR possession.
Employee (insider) steals $98,914 from her employer, weather forecasting firm AccuWeather. She created fictitious flexible spending accounts for herself, husband and others. Controls. Control. Controls. If anyone from AccuWeather happens to read this… you’re my favorite weather service - I’ll consult for a windbreaker and an umbrella.
Crowdstrike warned of the threats to academia and gave a brief synopsis of what threat groups are targeting the educational institutions.
The SEC charged seven persons for a fraudulent attempt to gain control of business, promote it’s stock and then defraud the investors. Typical pump and dump scam but you own ALL of the stock to begin with.
John McAfee has been indicted, again. This time for a fraud scheme involving cryptocurrency. How is this guy still free? Or even alive?
Cool Tool
All in one video search tool PeteyVid searches over 70 different web platforms for video files.
“LONG-TERM THINKING IS SIMPLY SHORT-TERM THINKING WITH SET PRINCIPLES” - someone smarter than me.
To the new subscribers who signed up over the past week - Welcome and thank you for giving me a few minutes of your attention.
Epilogue: That second Covid-19 vaccine shot is legit. Don’t plan anything important for the day after.