Threats Without Borders - Issue 156
Cyber-Financial Crime Investigation Newsletter, Week ending November 12, 2023
Over the past few weeks, we’ve discussed the police and financial institution investigators' struggle to effectively deal with cyber fraud. We’ll get back to that next week.
Today, I ask you to consider the number 156. Why? This is the 156th issue of the newsletter.
I have hit the publish button every Tuesday - without fail - for the past 156 weeks. 52 weeks in a year. 156/52 = 3.
Today is the third anniversary of the newsletter. This thing that I started during the confines of the COVID-19 imprisonment has grown into a spectacular weekly discussion of all things cyber(ish). And some nonsense too!
The newsletter has grown to have readers in 41 U.S. states and 49 countries around the world.
So here’s the plan for Year 4. I’ll keep publishing the newsletter every Tuesday without a subscription fee or paid sponsorships, and you keep reading each week and sharing with colleagues so the newsletter keeps growing. Oh, and you also have to suspend your expectation of proper grammar because I don’t care much about it anymore.
Deal? Deal!
As I often close the email, I recognize the immense competition for your attention and I appreciate that you give me a few minutes of it each week. Thank you for being a reader!
And can someone please get me a subscriber in Vermont?
Some News…
“Experts” say to not mail checks through the U.S. Postal Service. How about the experts tell the courts to do their jobs so the USPIS can make the mail system safe again! https://www.pennlive.com/news/2023/11/you-shouldnt-mail-a-check-on-these-days-security-expert-says.html
Anyone who worked cyber or ICAC cases over the past ten years gets a twitch when they hear the world “Omegle”. Well, rejoice, and put your anxiety meds away…the service has shut down. For the non-informed, Omegle was a video-chat service where you would be randomly paired up with another user. Unfortunately, most of the times the other user was a naked male. The was actually a game the youths would play called “See a Penis in Three” or something like that, where you would click the new match button until you saw a penis. You lost if you didn’t see one within three clicks. Rarely did anyone ever lose. https://www.omegle.com/
The FBI published a Private Industry Notification concerning initial access trends of ransomware attacks. One of the highlighted trends is the use of “Call Back Phishing” where the attackers trick the victim into calling them by telephone and transferring the interaction to a computer where the victim allows a remote desktop protocol (RDP) tool to be installed. https://www.ic3.gov/Media/News/2023/231108.pdf
AT&T Cybersecurity looks at some indicators of compromise for a credit card skimmer embedded into a website. https://cybersecurity.att.com/blogs/security-essentials/dont-check-out-credit-card-skimming-activity-observed
This Michigan man netted over 180 Million Dollars through a check kiting scam. The illicit funds were used to buy planes, boats, and of course, a massive collection of cars. 280 cars to be exact. https://jalopnik.com/man-uses-180-million-check-fraud-scheme-to-fund-incred-1851009094
Who says crime doesn’t pay? This woman stole over a 500K from her employer over a nine year period and was sentenced to…one year. She utilized the Wegman’s Enterprise System to fraudulently process approximately 350 credit card refund requests in customers’ names with fictitious amounts. She then paid the refunds to herself by swiping her bank debit card in the point of sale system. Half-a-Mil for one year in prison. Why not. https://www.justice.gov/usao-wdny/pr/webster-woman-going-prison-stealing-hundreds-thousands-dollars-wegmans
Reader Mail
See Issue 151 - for reference - where a link was provided to an article discussing a warning by the Pennsylvania Realtors Association about property title theft:
I know this is a little tardy but this [real estate title theft] happens all the time in cities like Philadelphia. Typically, the fraudster will look for property whose owners are deceased, elderly, or otherwise not living on or near the property. The fraudster will then draw up a set of transfer paperwork, have the paperwork notarized by a corrupt or fraudulent notary, and register the transfer paperwork at the county courthouse. Most of the time, the paperwork isn’t verified for truth, so the clerk will file it without consideration. Once the transfer paperwork goes through, the fraudster now owns the property and can sell it, lease it, or whatever else he wants to do with it, and there is very little that can be done about it. Some counties are offering services to alert property owners if there are any documents that affect their property, and I’ve seen ads for commercial services that do the same thing. See https://www.fox43.com/article/money/consumer/fox43-finds-out/deed-theft-title-fraud-pennsylvania-counties-free-tool-fraud-protection/521-ccfd6644-9060-47ae-9611-71de9b59dd43. This kind of fraud works because most people aren’t going to check the status of their home deed; once it’s registered, it’s a done deal.
- Robin (intel analyst for a state law enforcement agency)
Cool Job
Fraud System Administrator - Jack Henry. (Remote) https://careers.jackhenry.com/job/allen/fraud-system-administrator/42859/56988679088
Cool Tool
My general rule is that a tool must be free to be included in Cool Tool section. This is an exception - the note taking application Stashpad now aggregates to-do items from all notes into a common note. So now you can add a to-do within any note and it will populate to the pinned To-Do note. Super Cool!
https://twitter.com/stashpadapp/status/1722307684458791109
Irrelevant
Writing cover letters suck. I once heard it’s the ultimate HR gatekeeper tool. No cover letter = not serious about the position because only applicants with intent take the time to write one. Adam Dietz has a pretty good grasp of the struggle. https://www.mcsweeneys.net/articles/its-the-job-of-my-dreams-but-id-have-to-write-a-cover-letter-so-never-mind
It’s National Fraud Awareness Week. Yea! So let’s be aware that fraud is happening for these seven days and then we can go back to being unaware of it for another 51 weeks.
Thank you for being a reader of the newsletter and celebrating this milestone with us. Here’s to three years and to three more!
Cheers.
Matt
“NEVER GIVE UP ON A DREAM BECAUSE OF THE TIME IT WILL TAKE TO ACCOMPLISH IT…TIME WILL PASS ANYWAYS”.
Be a friend and forward this newsletter to a friend. Or to a random person and make a new friend.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.