Threats Without Borders - Issue 123
Matt's Cyber-Financial Crime Newsletter, Week ending March 26, 2023
I provide a training class titled “Social Engineering Through Messaging" (SETM) for employees of my organization. We examine all forms of manipulative communication but focus on the written form such as email, text messages, and even QR codes. Of course, we spend a great deal of time on Business Email Compromise.
The Internet Crime Complaint Center has released its analysis of 2022 victimization. Last week, I instructed a SETM class and we delved into the report spending a considerable amount of time looking at the amount of victimization initiated by an email.
The biggest difference between the 2021 and 2022 IC3 reports is that Investment fraud has now supplanted BEC as the largest category of crime based on dollar loss.
The significant change is due to the IC3 interpreting the new “Pig Butchering” scams to be investment fraud. The name does a horrible injustice to the victims of such fraud but unfortunately, the name has stuck and is quickly becoming part of the fraud lexicon.
The crime is nothing new, it’s just a impersonation scam initiated through some form of Internet communications. The change is the amount of effort the bad guys are putting into the scam to massage, or fatten up, the victim before they “head to the slaughter”. The scam comes in different flavors but the most personally devastating is the romance-based scam.
In the past, a typical romance scam was a rather short affair lasting only a few weeks to a few months. The fraudster would get some cash transfers, a few gift cards, and maybe a package re-shipment or two before the gig fell apart. The scammer didn’t put too much effort into it as they knew the sea was filled and the nets were heavy.
In this new variation, there is a significant effort to build and maintain the relationship with the victims. I heard one group has a dedicated person assigned to each romance victim so they will be available for 24/7 communication - it’s like a real relationship. The assigned fraudster essentially becomes the victim's online romantic partner, even though they are thousands of miles away and the entire relationship is fraudulent, literally.
Once they get the victim investing in their business venture or “start-up” they go as far as sending fake invoices, order requests, and profit/loss statements to convince the victim the business is doing well and will create a huge profit for all investors. A successful business means the loving couple can be together, forever, in paradise.
And that’s how they get they get the romantic partners to keep "investing" in their ventures. The amount of money lost to these scams has skyrocketed accordingly and the IC3 is viewing them as Investment fraud rather than Romance fraud.
https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf
Check yourself
Or your organization. This site is a collection of stupid password rules forced upon hapless employees who are just trying to get their work done. Password security is an easy cybersecurity win… so why do orgs make it so hard? https://dumbpasswordrules.com/
Nothing is safe
Proving again, that nothing is too sacred for these assholes to scam, is a story about a group selling counterfeit nursing diplomas and transcripts. Yeah nurses, the ones who might be saving (or attempting) to save your life someday. The group was involved in the distribution of more than 7,600 fake nursing diplomas issued by three South Florida-based nursing schools. Hopefully they track down these fake nurses before one of them tries to stick a PICC line in your arm. Kudos to FBI-Miami for this effort. https://www.justice.gov/usao-sdfl/pr/fraudulent-nursing-diploma-scheme-leads-federal-charges-against-25-defendants
Sharepoint Phishing
The continual efficiency of email security software is forcing the bad guys to become more creative with their attacks. Their ingenuity would be inspirational if we didn’t see the damage on a daily basis. Kaspersky discusses a new attack involving the takeover of Microsoft Sharepoint servers. https://www.kaspersky.com/blog/sharepoint-notification-scam/47593/
Thats BIG
Abnormal Intelligence discusses a recent Vendor Email Compromise attack they monitored where threat actors attempted to get 36 million dollars from a commercial realtor. That’s aggressive. Of note: the attackers utilized web domains using the [.cam] top level domain. Thats sneaky. https://intelligence.abnormalsecurity.com/blog/36-million-vendor-fraud
The Rest…
Lil’ Yachty is taking on water. The SEC charges several celebrities for a cryptocurrency promotion scheme. https://www.sec.gov/news/press-release/2023-59
Coinbase and the SEC go round and round. https://www.coinbase.com/blog/we-asked-the-sec-for-reasonable-crypto-rules-for-americans-we-got-legal
Cool Tools
Turn your favorite web content into an E-Book https://epub.press/
Comprehensive IP intel. https://www.infobyip.com/
Customize your terminal. https://tabby.sh/
Cool Jobs
Fraud Manager - Settle. https://boards.greenhouse.io/settle/jobs/4188838005
Irrelevant
I don’t own a Hyundai vehicle and never considered buying one, but I might now. I have a 2022 Ford Edge that is almost entirely touch controlled and it’s awful. #bringknobsback
Thank you for opening this week emails and even I am even more thankful for those who have switched their subscription email from Yahoo to something else. I have complained to both Yahoo and Substack, but neither seem to care. Of course, Yahoo isn’t going to care because dropping Substack newsletters must be intentional at this point.
Please consider sharing this dumpster fire with your colleagues.
Matt
“IF YOUR DAY WAS SHITTY, JUST REMEMBER, YOU WILL NEVER HAVE TO DO TODAY AGAIN.” - I seem to be saying this a lot lately.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space are my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.