Threats Without Borders - Issue 127
Matt's Cyber Financial Crime Newsletter - Week ending April 23, 2023
I assisted (or at least tried to) a law enforcement investigator with case where he was attempting to identify someone who made a purchase at a business using Apple Pay. I was able to point him in the right direction and thought it’s a good time to issue a reminder:
The merchant is not provided the actual credit card number when completing a transaction using Apple Pay or Samsung Pay. They are provided a representation of the number called a Token. The token may look like a credit card number, but it isn’t and is initially worthless to identify a card holder. The process is much the same as hashing a file with a MD5 or SHA256 algorithm – it’s a one-way process. The token can’t be reversed engineered to determine the initial account number so it’s useless to anyone (criminal) who gets the token. The translation is done by the merchant’s payment brand/processor who communicates with Apple though secure gateways.
So who gets the search warrant? Apple doesn’t have the data you want. The merchant should be able to tell what card service charged their account - Visa, Mastercard, AmEx, or Discover. Start with them as they can link the token to an actual PAN – Primary Account Number.
Honestly, just hope you don’t get the investigation!
Linked is the original Apple Pay documentation from Apple and some helpful articles from FreeCodeCamp and Advantio.
https://support.apple.com/en-us/HT203027
https://www.advantio.com/blog/heres-how-google-pay-apple-pay-samsung-pay-protect-your-card-details
https://www.freecodecamp.org/news/how-apple-pay-works-under-the-hood-8c3978238324/
AI - What could go wrong?
Should your employees be allowed to access ChatGPT from company resources? That is question that many IT security departments are working to find the best answer. It seems that you have two different opinions…those that are completely on-board with AI and those that still wake up in the middle of the night thinking about Skynet.
I’m somewhere in the middle, but I know this for sure…AI is going to be an absolute game changer for fraud - and not in a positive direction.
This report from Palo Alto Networks Unit42 group is showing that to be true. From the report: “Between November 2022 through early April 2023, we noticed a 910% increase in monthly registrations for domains related to ChatGPT. In this same time frame, we observed a 17,818% growth of related squatting domains from DNS Security logs. We also saw up to 118 daily detections of ChatGPT-related malicious URLs captured from the traffic seen in our Advanced URL Filtering system.”
Read this report and then get your hat ‘cause it’s gonna get bumpy. https://unit42.paloaltonetworks.com/chatgpt-scam-attacks-increasing/
Kudo’s to Macy’s
The current trend is for retail stores to turn a blind eye to retail crime. Losing the merchandise is the least expensive option considering the costs of a “wrongful accusation” lawsuit or having an employee injured while trying to stop the in-progress crime. It’s good to see a retailer fight back. Three New York residents were arrested at a Massachusetts Macy’s store when alert employees called the police as the trio attempted to use fake ID cards to open line-of-credit accounts. Police recovered 80 identification cards containing the PII of residents from Texas, Washington, New Jersey, and Pennsylvania. Kudo’s to the employees of the Macy’s in Auburn, Mass and the officers of Auburn PD for their quick response. https://www.masslive.com/news/2023/04/police-find-80-fake-ids-after-stopping-suspects-at-auburn-macys.html
Social media users targeted
Avanan has been killing it lately with the threat intelligence they’ve been sharing. This is another great report explaining how attackers are exploiting Linktree to direct social media users to malicious web links. https://www.avanan.com/blog/phishing-links-via-linktree
Are there any left?
Long-time readers may remember when my off-handed slight of lawyers resulted in several barristers unsubscribing from the newsletter. Seriously, I think there were four unsubscribes in one day and two the next. I honestly don’t even remember what the comment was at this point but I used the incident as comedic fodder for weeks afterwards.
Well, if there are any attorneys left to read this… I have bad news for you. The American Bar Association got clipped and lost the credentials of 1.4 Million members. The group claims it only affects those who were utilizing the ABA career center “since 2018”. https://www.bleepingcomputer.com/news/security/american-bar-association-data-breach-hits-14-million-members/
The Rest…
The NCC Group released their monthly Cyber Threat Intelligence Report. https://www.nccgroup.com/media/l2anvmij/ncc-group-monthly-threat-pulse-march-2023-v20.pdf
Manager of a Pennsylvania McDonalds steals 50K from the restaurant in six months. https://www.pennlive.com/crime/2023/04/manager-of-pa-mcdonalds-arrested-charged-with-stealing-nearly-50000-from-restaurant.html
Logpoint published a comprehensive report on the Redline information stealer. https://www.logpoint.com/wp-content/uploads/2023/04/etpr-redline-stealer-malware-outbreak.pdf
Cool Job
Director of Fraud Operations - Stash. https://ats.comparably.com/api/v2/stash/post/4997079:?gh_jid=4997079
Cool Tool
That website isn’t what it was? Go back in time and bit and see what changed. https://cachedviews.com/
Monitor your stocks with this super handy browser extension. https://stockglance.boomla.net/
Irrelevant
Victory - at what cost? Be aware of the Pyrrhic Victory. https://sketchplanations.com/pyrrhic-victory
Thank you for opening this weeks email. The newsletter had it’s best view-rate in a few months last week and I attribute that to a few readers taking the effort to share it with others. Please consider forwarding the email to others in your organization to help it grow.
Matt
“AS A CURE FOR WORRYING, WORK IS BETTER THAN WHISKEY” - Debatable.
As a bonus for reading this far in the email - here is the direct link to the 2023 Mandiant M-Trends Report. I gave away my personal information so you don’t have too. :)
https://mandiant.widen.net/s/dlzgn6w26n/m-trends-2023
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.