Happy Valentines Day. With perfect timing, the Federal Trade Commission (FTC) published a "Data Spotlight" report examining the current state of Romance Fraud.
The data is mostly as expected, but there are some interesting nuggets that make it worth taking a few minutes to read the report.
I was particularly surprised to find that most of the victims reported not being victimized through a dating app or website but traditional social media. 40% of the claimants reported the initial contact with their victimizer started as a direct message on a social media application. I would have thought the primary driver of romance fraud would be services dedicated to creating romance.
Of no surprise, while cryptocurrency transfers resulted in the largest loss of money, gift cards were the most frequently used source of money transfers. Luckily gift cards have loadable balance limits else they would have been the leader in both categories.
I have written before about the scourge of sextortion scams targeting teens and young adults, particularly young males. This report bares out my anecdotal musings, as people between the ages of 18-29 years old are six times more likely to report sextortion victimization than those who are over 30 years old.
For those of you looking for romance this Valentines Day, some pick-up lines to avoid:
Tough Choice
It seems that MoneyGram has a hard choice to make: Keep paying restitution and fines assessed by regulatory agencies or just go out of business. In an effort to settle complaints filed by the U.S. Department of Justice and the FTC, the company has agreed to pay 115 million in restitution to users of its service who were victims of various scams and fraud. The same as it did on 2012 and 2009. I’m certainly not a fan of the company, and I’ll walk a fine-line to not victim-blame here, but how is Moneygram, or any financial service for that matter, supposed to police every poor decision made by its customers? https://www.ftc.gov/news-events/news/press-releases/2023/02/more-115-million-refunds-sent-consumers-result-ftc-doj-charges-moneygram-failed-crack-down-scams
Blow your Whistle
Did you know the Financial Crime Enforcement Network (FinCEN) had a whistleblower program that pays out monetary rewards? No? Don’t worry, no one else did either. In fact, not one reward has been paid out since the program started. The organization is hoping to get more traction and is offering to pay up to 30% of any imposed sanctions back to the snitch. https://news.bloomberglaw.com/us-law-week/fincens-whistleblower-program-sharpens-focus-on-money-launderers
Phishing not HIPAA
I wonder about the imbalance between the training topics of social engineering and HIPAA compliance for employees of health insurer Highmark. The insurance company has admitted that an employee “fell victim to a malicious email request” resulting in a security incident. The personal information of 300,000 customers was lost in the breach, including “names, medical claims- and treatment-related information, driver’s license numbers, financial information and social security numbers.”. https://www.pennlive.com/health/2023/02/highmark-data-breach-gives-access-to-private-information-of-about-300000-customers.html
In order
And right in order, Barracudo Networks released their “2023 Email Security Trends” report. Too late for Highmark, unfortunately. The results are to be expected…75% of organizations experienced a successful attack in 2022. The big claim of the report is that the cost of a successful attack now costs the victim business, on average, one million dollars. An ounce of prevention or a pound of cure. https://assets.barracuda.com/assets/docs/dms/2023-email-security-trends.pdf
The Rest…
Former CEO of the New Orleans based “First NBC Bank” found guilty of 46 counts of fraud in federal court. https://www.justice.gov/usao-edla/pr/ashton-j-ryan-jr-found-guilty-fraud-resulting-failure-first-nbc-bank
The University of Pennsylvania conducted a study concerning Americans ability to consent to the use of their private data. It’s seems they can’t - or wont. https://www.asc.upenn.edu/sites/default/files/2023-02/Americans_Can't_Consent.pdf
Cool Job
Senior Manager, Security - The National Hockey League. https://www.teamworkonline.com/hockey-jobs/hockeyjobs/nhl-league-office/senior-manager-security-security-planning-and-assessment-2035051
Cool Tool
Download videos from TikTok - https://tiktake.org/
Irrelevant
“Legal weed” is losing. Government gets everything wrong, always. https://www.city-journal.org/illegal-pot-market-crowding-out-legal-one
Upcoming Events
B-Sides Harrisburg - Security Conference. March 11, 2023 - Harrisburg, PA https://bsideshbg.com/
Keystone Konnection 2023. May 1-3, 2023 - Valley Force Casino and Resort (PA). Don’t let the name turn you off from this fantastic training conference hosted by the Delaware Valley and Pittsburgh Metro chapters of the International Association of Financial Crime Investigators (IAFCI). https://keystonekonnection.com/
Thanks to Mr. Lenderman the newsletter acquired several new subscribers over the week. And even a few from West Virginia. Finally. Welcome to the party everyone. Of course, those who registered with a Yahoo email address probably won’t read this. Yahoo regularly drops Substack newsletters. It’s a known problem.
Threats Without Borders is published every Tuesday and has been for the past 116 weeks, without fail. If you don’t see the delivery email by noon, your email service dropped it. Or I’m in some serious condition, send help.
Matt
“FIGURE OUT WHO IS SMARTER THAN YOU AND LISTEN TO THEM.”
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space are my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.