Threats Without Borders - Issue 119
Matt's Cyber-Financial Crime Newsletter, Week ending February 26, 2023
A relative of mine (Hi Mom) was attempting to sell an item on Facebook Marketplace and was quickly contacted by an eager buyer. But first, the buyer needed to confirm she was a real person and not a bot. What? As the buyer told, he had been scammed before and wanted to make sure he wasn’t going to be scammed again. How would this verification happen? Google of course.
The buyer scammer told her she would get a Google verification code sent to her cell phone. She only needed to provide him with the code to verify she was a real person. Wait, what?
Yep, the Google Code Scam. Fraudsters need Voice-Over-IP phone numbers to run their scams. And they need a lot of them. VOIP services like Google Voice are getting better at identifying scammers and are making it harder for one person to link dozens of numbers to one (pre-paid) cell phone.
So the bad guys create a Gmail and GoogleVoice account using the Facebook/OfferUP/Craigslist sellers mobile phone number. However, they need the verification code to confirm the subscription and start using the VOIP service through the web app. The seller provides the scammer with the code, the scammer validates the account, and the seller's phone is now used to victimize others.
Post your ratty buffalo wing sauce stained couch on Marketplace and see.
Better than CyFi
NO apologies for starting the newsletter with an article that has absolutely nothing to do with cybercrime, or financial crime, or really anything of interest to this newsletter. Its’s even better. Napping. Yes, an occasional mid-afternoon nap is one of the better things in life. This Psyche article provides the instructions to do it right! https://psyche.co/guides/how-to-nap-to-recover-lost-sleep-or-boost-learning-abilities
A little prevention, please.
This article celebrates that Massachusetts investigators uncovered 2.7 Million dollars of welfare fraud in the second quarter of the Commonwealth’s fiscal year. Of course, they also make note that in the previous (full) fiscal year they discovered 13.5 Millions dollars in welfare related fraud. Rooting out fraud is good, but you know whats even better? Prevention. How about they do a better job at stopping the fraud before disbursement instead of chasing the restitution after the fact. Crazy. https://www.eagletribune.com/news/boston/state-uncovers-2-7m-in-welfare-fraud/article_66cd2096-b13d-11ed-b016-7b67fddb96ae.html
Coinbase tells all
Whether its their blatantly anti-activist corporate culture (according to some) or the fact they peddle pixie-dust (according to some), Coinbase gets a lot of shade thrown their way. One thing they have been doing better lately is openly discussing security. Last week they published a blog post detailing a social engineering attack that targeted their employees - and how they dealt with it after an employee gave the attackers a legitimate username and password to exploit. https://www.coinbase.com/blog/social-engineering-a-coinbase-case-study
Colorado victim, Pennsylvania mule?
Last fall, Boulder County, Colorado, fell victim to a Business Email Compromise attack after a county employee was tricked by a phishing email and wired away $237,241 dollars. Ouch. The good news is the funds were frozen before they exited the country and the money was recovered. The Boulder County Sheriff’s Office issued a press release explaining, “a detective with the sheriff's office assigned to the Boulder County Digital Forensics Lab was able to trace the funds to a U.S. bank account.Investigators were able to freeze the funds in the account, and on Dec. 7, the full amount of the check was returned to Boulder County”.
Kudos to the law enforcement and bank investigators who worked the case. Great Work. But that’s not why the story made the newsletter. The press release mentions a Pennsylvania police department, Penn Township, assisted with the investigation. Unfortunately, there are 13 Penn Townships in Pennsylvania. Will the real Penn Township please stand up? Anyways, it sounds like the mule was in Pennsylvania and I’d like to hear more about it if any readers have additional insight. https://bouldercounty.gov/news/almost-238000-recovered-after-phishing-scam-targeting-boulder-county/
Ticket Fraud
This write-up comes from UK based security investigator Andy Gill. One of his friends got scammed trying to buy concert tickets so he went on the hunt to see what, or who, he could find. He didn’t really uncover much but it’s an interesting read. Of course, I think the true scam is Chris Brown still doing shows. Is that for real? https://blog.zsec.uk/an-investigation-into-ticketscams/
The Rest…
Lehigh Valley Health Network gets ransomed by BlackCat (Alphv) https://www.bankinfosecurity.com/pennsylvania-health-system-ceo-confirms-blackcat-attack-a-21279
Queens, NY man arrested for a 4.4 million dollar fake invoice scheme. https://www.justice.gov/usao-sdny/pr/queens-man-arrested-defrauding-former-employer-44-million-fake-invoice-scheme
EMT charged with theft for falsifying his time cards to the tune of $30,000. No worries, he wants to “make it right”. https://www.wpxi.com/news/local/monroeville-emt-facing-theft-charges-allegedly-being-paid-shifts-he-didnt-work
Cool Job
Criminal Investigator - NASA. https://www.usajobs.gov/job/709108300
Senior Manager, Fraud and Risk Investigations. Appfolio. https://www.appfolioinc.com/open-roles?p=job%2FoCvxmfwK&__jvst
Cool Tools
Regular readers know that I’m a dork(er). Google Dorking that is. I’ve often been asked to design a class on advanced Google searching, but I just can’t see how to make the technique compelling enough for a full day class. Maybe a conference talk, but that might even be pushing it. Anyways, this is one of the best dorking cheat sheets I’ve seen. https://usersearch.org/updates/2023/02/05/the-ultimate-google-dorking-cheatsheet-2023/
I guess it says something about the state of our economy when someone built a reporting tool with a full dashboard to monitor the price of eggs. Here you are: https://eggspensive.net/
Irrelevant
You don’t mess with a persons biscuits and this Popeye’s restaurant in Georgia learned the hard way. https://nypost.com/2023/02/25/georgia-woman-belinda-miller-crashes-suv-into-popeyes-over-missing-biscuits/
Super long technical geeky read
Stuart Ashenbrenner of Huntress Labs does a deep dive into the security tools built into MacOS. Best line of the article, “I like to think of Apple’s security tools as like polar bears in a snow storm - although you can’t see it, they’re still there.” https://www.huntress.com/blog/built-in-macos-security-tools
Thank you for opening this weeks email. Welcome new subscribers! Although some just bookmark the webpage and stop in every Tuesday to read the new edition, the newsletter grows through subscribers. Thank you for making the commitment and for sharing with others.
Matt
“IF SOMEONE DOES SOMETHING ONCE, THEY WILL DO IT TWICE” - someone who watched me do a second shot of fireball
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinion and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.