The FBI’s Internet Crime Complaint Center calculated the 2021 loss from Business Email Compromise attacks in excess of 2.3 billion dollars. In fact, BEC ranks first in terms of monetary loss of all Internet enabled crimes.
The 2022 numbers haven’t been released yet, but included in the numbers will be $690,000 of lost money from the reelection campaign of U.S. Senator Jerry Moran from Kansas. His staffers transacted two fraudulent wire transfers according the federal election documents filed by the campaign. Both wire transfers were for $3450,000 but sent 16 days apart.
Good grief.
https://docquery.fec.gov/pdf/091/202212089548022091/202212089548022091.pdf
https://www.rawstory.com/raw-investigates/jerry-moran/
https://12ft.io/ (crawl over a paywall)
Do this
Recorded Future released their “Annual Payment Fraud Intelligence Report” for 2022. If you do nothing else today…take 10 minutes to read this report. Well, finish this issue of Tw/oB and then read the report. Seriously.
https://go.recordedfuture.com/hubfs/reports/cta-2023-0117.pdf
Insult to Injury
There have been more tech-industry layoffs in the first three weeks of 2023 than the entire first half of 2022. And it appears the unfortunate trend will continue as organizations adapt to the economic downturn. One thing that is not in a downturn is unemployment related scams. ZeroFox Intelligence looks at the unfortunate trend that kicks people who are already down. https://www.zerofox.com/blog/flash-report-layoffs-fuel-uptick-in-employment-scams/
They’ll be back
Analysis of cryptocurrency wallets controlled by ransomware groups reveals that business is declining. Or at least there is a decline in payments. What’s the reason for that? Chainanalysis believes it because organizations are getting better at restoring from backups and refusing to pay-up. Law enforcement hopes their “never pay” message is starting to take hold. Regardless of the true reason, it won’t last long. If the hackers have proven anything…they’ll regroup and come back stronger. https://www.bleepingcomputer.com/news/security/ransomware-profits-drop-40-percent-in-2022-as-victims-refuse-to-pay/
How do they know that?
A Pennsylvania police department issued a warning that someone has been spoofing their main phone number in effort to scare the call recipients into making a payment. Thats not unusually. Law enforcement agencies are spoofed all the time by scammers hoping to scare someone into paying a fine they were never actually assessed. The strange fact presented in this article is the claim “[phone number] has been spoofed by scammers calling out of Texas or southern state areas”. How do they know the callers are in Texas? Surely [the bad guys] are using some Voice-Over-IP (VOIP) service that would allow to call from anywhere in the world. Do the police just think the callers are in Texas because they chose a Texas VOIP number? Or where they able to trace the VOIP service to an actual wireless subscriber? https://www.pennlive.com/news/2023/01/central-pa-police-department-says-scammers-are-spoofing-its-phone-number-again.html
Continuously evolving
The bad guys continuously evolve to stay ahead of security. This is especially true with those that launch attacks through phishing emails. The attack vectors must stay one-step ahead of the email security companies in a constant cat-n-mouse game. The newest development is concealing the payload inside of a blank image file to bypass email security scanning systems. Always one step ahead. https://www.avanan.com/blog/the-blank-image-attack
The Rest…
T-Mobile customers are not having an episode of Deja Vu. Yes, they lost your information again. https://www.securityweek.com/t-mobile-says-hackers-used-api-steal-data-37-million-accounts
Phishers weaponize OneNote attachments. https://www.bleepingcomputer.com/news/security/hackers-now-use-microsoft-onenote-attachments-to-spread-malware/
Texas man admits his part in a scheme that stole 1.6 million dollars through a seniors romance scam. https://www.justice.gov/usao-ri/pr/texas-man-admits-role-scamming-seniors-rhode-island-and-elsewhere-online-romance-scams
Cool Job
Senior Director, Cybersecurity Investigations - FINRA https://finra.wd1.myworkdayjobs.com/FINRA/job/Washington-DC-Job-Posting/Senior-Director--Cyber-Security-Investigations---Any-FINRA-Location_R-005701?
Cool Tool
This might be the largest collection of free web tools ever assembled. For real. https://www.kodytools.com/
Irrelevant
Harness the wisdom of Solomon’s Paradox. https://bigthink.com/smart-skills/solomons-paradox-psychology/
Homophones are hard:
Staid - Characterized by sedateness and often a strait-laced sense of propriety; serious and conventional. Fixed; permanent. Sober; grave;
Stayed - Simple past tense and past participle of stay; to remain in place.
Thank for reading. How about about helping me get a new subscriber? It was a struggle last week. Hoping for a better turn out this week.
Matt
“FIND YOUR PASSION AND FIGURE OUT HOW TO GET PAID FOR THAT SHIT” - someone giving legit advice
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinion and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.