Threats Without Borders - Issue 124
Matt's Cyber-Financial Crime Newsletter, Week ending 4/2/2023
The newsletter has added a bucketful of new subscribers over the past few weeks so I figured this would be a good time to level-set and get everyone up to speed - especially since Substack snuck one of those damn “pledge” links into the newsletter last week.
First and foremost, Substack wants newsletters to transition to a paid model so they can collect a percentage of the subscription fee. I get it. It’s good for them and the writers, but financial gain isn’t why the Threats Without Borders Newsletter exists. Writing this newsletter each week is a creative outlet for me and offers a way for me to give back to the community that has given me so much over the past twenty(+) years. Threats Without Borders will NEVER be a fee-based newsletter, even if Substack starts charging me a fee to publish it. Sharing the newsletter with professional colleagues is the best way to express your appreciation. Of course, I’ll never turn down a free drink if we cross paths at a conference!
For the first 24 weeks the newsletter was published as “Matt’s Newsletter” because, well, I just wasn’t witty enough to come up with anything else. One summer evening, while enjoying a well-crafted Old Fashioned, the phrase “Threats Without Borders” came to me as an apt descriptive for cybercrime. The Internet allows criminal threat actors to victimize others anywhere in the world, regardless of physical location or geo-political nationality. Your country's physical border is benign and irrelevant! The newsletter was renamed in Issue 25 and here we are 99 weeks later.
A frequent question from readers is, “why do you write out the entire URL of every linked article?” Well, I can’t tell people to never click a link without first knowing the destination if I expect them to blindly follow hot-links in my publication. I test every link before it is included in the newsletter but as a matter of security – know what you're clicking!
I try every "Cool Tool" but it doesn't mean it will become one of my regularly used tools. Any tool that requires installation gets loaded to a virtual machine to ensure it isn't overt malware. Sometimes I like it, sometimes I don't, but it doesn't mean someone else won't see value in it. I have never received compensation for including a product in the newsletter.
I also get inquiries about publishing a guest writer. I would love to but, unfortunately, all of the requests I have received want to low-key promote the author's consulting business, fee-based software, or podcast. Contact me if you have something to offer the community – for the benefit of the community – not just your benefit.
And with that said, let’s get back to business. Thank You for reading issue 124 of the Threats Without Borders Newsletter.
The broken record spins…
The city manager of a northwestern Pennsylvania city has been charged with the theft of over 600K dollars from the city and city associated groups including the fire department and United Way. Court documents say the former DuBois city manager stole $3,000 from the City's General Fund, $21,293.30 from the United Way’s checking account, $99,108.40 from the fire departments parade committee account, $95,000 from the fire departments community fund account, and $46,243.54 from the department’s checking account. All of this was in addition to the $356,170 he stole directly from the city. Say it all with me….Where were the controls?!?! https://wjactv.com/news/local/court-documents-give-more-details-on-dubois-city-managers-alleged-crimes
Tis the season
No, not for spring showers. April is tax month and Flashpoint looked at the colossal amount of tax fraud uncovered by the IRS in 2022. The IRS identified $5.7 billion in tax fraud schemes last year, over twice the amount reported in 2021. The Flashpoint article is a good read but they pull most of there data from the 2022 IRS:CI report. https://flashpoint.io/blog/the-cost-of-tax-season/ See the IRS report at: https://www.irs.gov/pub/irs-pdf/p3583.pdf
See above
In even more tax fraud analysis, the SpiderLabs group examined a few tax-related trends and scams they have observed in the 1st quarter of 2023. Supporting the findings of other threat intelligence groups, the most common file extensions they have observed in tax scam emails are .htm and .html. Web Pages! It seems so common sense - why is someone sending you a web page to open? In reality though, the vast majority of people have no idea what an .html file actually is. I should do man-in-the-street video asking people is they know what certain file extensions are used for. https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/2023-tax-scam-emails-exposed-unmasking-deceptive-trends/
Give me a break!
Debt buying service NCB Management Services acknowledged a security lapse resulting in leak of person information for 500,000 customers. In it’s regulatory report the company claimed it has “obtained assurances that the third party no longer has any of the information on its systems”. Well thats reassuring. So they paid the ransom and the threat group “promised” to delete the stolen customer data. Yeah right. How stupid are these people? https://therecord.media/debt-buyer-cyberattack-data-breach
The Rest…
FinCEN released an analysis of Business Email Compromise attacks (BEC) targeting the real estate market. https://fincen.gov/news/news-releases/fincen-analysis-business-email-compromise-real-estate-sector-reveals-threat
Yes, MacOS does get attacked. https://www.jamf.com/blog/macstealer-malware-macos-threat/
More than 12 million Wordpress websites have a plugin installed that contains a vulnerability with a 8.8/10 severity rating. https://arstechnica.com/information-technology/2023/03/hackers-exploit-wordpress-plugin-flaw-that-gives-full-control-of-millions-of-sites/
Cool Tools
Real-time URL inspector and website sandbox - CheckPhish https://checkphish.ai/
Bank BIN list search - https://www.bankbinlist.com/
Cool Job
I have no interest in moving to Washington D.C, so I’ll let someone else have a shot at this job :) Director - Financial Crimes Enforcement Network (FinCEN) https://www.usajobs.gov/job/716683300
Irrelevant
I read this once and then read it some more. Although I comprehend it, I don’t think I could explain it to anyone else, and we should all recognize it when we see it. So here, read about the Safe Uncertainty Fallacy.
Serious Business…
Someone stole the giant red spoon from the DQ Chill & Grill in Phoenix, AZ. It’s not just any big spoon - it’s 15 feet long! Pray for justice. https://www.theblaze.com/news/giant-spoon-sculpture-stolen-from-dairy-queen
Thank you for reading this weeks issue. Please consider sharing with your colleagues to help the newsletter grow. I understand there is a constant battle for your attention and I appreciate that I won a little bit of it.
Matt
“IF YOU LIGHT A LAMP FOR SOMEBODY, IT WILL ALSO BRIGHTEN YOUR PATH”
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.