Threats Without Borders - Issue 129
Matt's Cyber Financial Crime Newsletter, week ending May 7, 2023
There is no rest for the weary...or organizers of a multi-day training conference. I'm going to humble brag and declare that the Keystone Konnection 2023 was a complete success and congratulate my fellow organizers for running such a stellar conference. The annual event brings together the Delaware Valley and Pittsburgh Metro chapters of the International Association of Financial Crime Investigators for three (ish) days of training.
I would be remiss if I didn't mention the presenters who gave such high-quality talks. I’m unsure how some would feel about being mentioned by name in an online resource, so I won't, but they were all fantastic. The topics spanned from organized retail theft to dark web check fraud trends to tackling Russian money laundering. There was even a talk about AI and Deep Fake fraud.
As good as the education was, the networking was even better. We had two evening networking events and you were a flat-out fool if you didn't come away with a Rolodex of new contacts.
Grading breakdown:
Venue: B-
Food and Drink: B
Training and Education: A
Networking: A+
Overall: A-
I've been attending this event for years and this was the best one in a long time. Kudos to conference chair Steve Lenderman for pulling it all together!
Please consider joining your local IAFCI chapter to help build a world-class conference in your area. And you're always welcomed at ours!
The 2024 conference will be located on the western side of Pennsylvania since it's hosted by the Pittsburgh Metro chapter. Stay tuned for details.
Stick a fork in ‘em
T-Mobile disclosed they have suffered a security incident - again. It’s their second incident of 2023. In fact, they have had SEVEN other data breaches since 2018. Good grief. If you are still using this company for mobile cellular service - why? https://www.bleepingcomputer.com/news/security/t-mobile-discloses-second-data-breach-since-the-start-of-2023/#.ZFEN4Um2P_U.reddit
Close to home
How about some home cooking? Or home smishing as it is. The victim received a text message which appeared to be a fraud alert from their bank. They called the phone number included in the text message and ended up losing $6300. Kudo’s to the detectives at Manheim Township PD for following the breadcrumbs back to a Harrisburg, PA woman. https://www.pennlive.com/news/2023/05/harrisburg-woman-posed-as-bank-employee-to-steal-financial-information-police.html
Impressed by both
I’m not sure what is more impressive, the length to which these malicious actors went to run this scam or the effort eSentire went to investigate and report on it. Quickbook scams have been around for a while but this one uses all the tricks including fake Google ads, malicious downloads, counterfeit websites, and stand-up call centers. It’s an enterprise level operation and eSentire does an excellent job breaking it down. https://www.esentire.com/blog/threat-actors-using-fake-quickbooks-software-to-scam-organizations
Maybe just search
This article is titled “Five Things Scammers Hope You Google” and discusses how fraudsters lay traps for those looking for information online. The title should probably be more generic like “Five Things Scammers Hope You SEARCH”. I don’t think Google is the only search engine susceptible to this abuse and some of the lesser search tools like Duck Duck Go, Yahoo, and the new Brave search, are probably even more affected than Google. Regardless, the article is a good reminder to not blindly trust search results. https://lifehacker.com/five-things-scammers-are-hoping-you-google-1850405964
Hopefully not a trend
Most churches in America, regardless the denomination, are run by one or two paid staffers and a whole bunch of volunteers. None of them are properly trained in cybersecurity or cybercrime prevention. Churches are an easy target and The Record wonders if ransomware groups have picked up on this since there has been an increase in attacks on religious institutions. Hopefully this is just coincidence and not a trend. https://therecord.media/cybercrime-groups-find-new-target-churches
Don’t hold your breath
Google claims their move to Passkeys is the “beginning of the end of passwords”. Well, it should be, but the “beginning” can be a really long time. How about the beginning of the end of IPV4? Or the beginning of the end of Facebook? I appreciate the effort Google is making, but I won’t be holding my breath. https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/
The Rest…
Magecart is back and researchers from Malwarebytes almost got fooled by a payment form that is as good as the original. https://www.malwarebytes.com/blog/threat-intelligence/2023/04/kritec-art
Hopefully AMOS does not become famous. Unfortunately, we have an unwanted guest in the Atomic MacOS Stealer. https://nakedsecurity.sophos.com/2023/04/30/mac-malware-for-hire-steals-passwords-and-cryptocoins-sends-crime-logs-via-telegram/
Hospital system gets ransomware and refuses to pay ransom payment. Patients demand they make the payment. https://www.wsj.com/articles/patient-drops-request-to-compel-hospital-group-to-pay-ransom-539c9e06
A case of cat napping…literally. https://www.ydr.com/story/news/crime/2023/05/08/west-york-man-wanted-after-threatening-ex-girlfriend-stealing-cat-police/70194048007/
Cool Tool
Let AI generate Google Dorks for you - https://www.dorkgpt.com/
Cool Jobs
VP of Fraud Risk Management - Early Warning Systems (Zelle) https://earlywarning.wd5.myworkdayjobs.com/earlywarningcareers/job/Remote/VP--Fraud-Risk-Management---Bank-Wallet_REQ2023162
Senior Financial Crime Operations Program Manager - Etsy https://jobs.smartrecruiters.com/Etsy2/743999904017383-senior-program-manager-financial-crime-operations
Irrelevant
Improve your interactions with everyone - Introduction to the Alexander Technique https://www.lulie.co.uk/alexander-technique/
Last weeks edition had the most reads in the history of the newsletter. It also generated the least amount of new subscribers. That doesn’t match, but I’ll take what I can get. I recognize that your attention is a premium and I sincerely appreciate that you gave me a bit of it today.
Cheers,
Matt
“BE CAREFUL WHO YOU TRUST. SUGAR AND SALT LOOK THE SAME” - I lost my sense of taste a long time ago.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.