Threats Without Borders - Issue 159
Cybercrime Investigation Newsletter, Week ending December 3, 2023
This email from a reader:
Enjoy the newsletter and this series has been great. I need to stand up for law enforcement. We are hesitant to invest too much time into fraud because of the continuous ghosting of the banks. The card holder gets their money bank and don’t want to be involved after that and the banks then disappear. We have a pretty good relationship with our local banks and credit unions but any case involving a big national bank is usually cleared - investigation declined
John (Florida) is upset about a phenomenon known as “Victim Transfer” or sometimes called “Victim Switching”. This occurs after a financial institution refunds the account holder's funds lost from an incident of verified fraud. The legal concept of “victim” transfers from the account holder to the financial institution upon restitution. The account holder (original victim) loses interest in a criminal investigation because they have their money back. The financial institution (transfer victim) may not have an incentive because, well, “that's the cost of doing business”. Sometimes the cost of cooperating with the investigation, considering personnel, legal, and processing costs, will add up to more than the original monetary loss.
The police find themselves on the outside. The original victim who initially reported the crime has been made whole and no longer wants to be bothered. The financial institution writes off the loss and similarly doesn’t want to be bothered.
Criminal investigations cannot proceed without FI cooperation and they certainly don't proceed without a victim willing to show up in court.
Law enforcement investigators are quickly jaded and come to see the entire effort as futile. “I’ve already been down this road, and I know where it leads” many will say.
As John mentions, the large regional and national banks are more prone to engage in this behavior. Even when there is a branch within your jurisdiction, requests for help are often directed to a “fraud department” concealed behind an 800 number or generic email address. Community Banks and Credit Unions do much better. Many have financial crime units that maintain good relationships with their law enforcement partners, but management and legal directives prevail, and not always to the benefit of the police.
To be fair, sometimes the roles are reversed and FIs get no assistance from law enforcement. Review the newsletter editorials of the last few weeks! I think we covered that side of the coin fairly well.
Some News…
60 credit unions are offline after their data processing provider was stricken with ransomware. The third-party service, Ongoing Operations, claims it has experienced an “isolated security incident”. Unfortunately for their customers, the operations are not ongoing. This incident is just the latest example of organizations taken down by an attack on their third-party vendor. https://www.tripwire.com/state-of-security/supply-chain-ransomware-attack-causes-outages-over-60-credit-unions
I’m glad they caught up to him…but too little, to late. The money is gone. This Maryland man submitted 120 fraudulent applications for Paycheck Protection Program (PPP). 42 were approved and paid out to his bank accounts to a tune of 11.5 million dollars. Are we laying odds if he spends more than a year in prison? https://www.pennlive.com/crime/2023/11/central-pa-business-owner-fraudulently-received-over-11m-in-covid-relief-funds-doj.html
Awesome police work by the Manheim Township Police (Lancaster County, PA) and the United States Postal Inspection Service led to charging a postal facility worker with the theft of (at least) 70 cell phones. The guy is on the run but at least he’s not still stealing our mail. https://lancaster.crimewatchpa.com/manheimtwppd/53783/warrants/wilson-lamar-darius-1-count-theft-unlawful-taking
The leader of a Philadelphia labor union is accused of stealing “hundreds of thousands of dollars” from…the union. Of Course he did. https://www.washingtonexaminer.com/policy/courts/philly-union-boss-accused-stealing-hundreds-thousands-from-union
If you are using an iPhone that is still running any iOS older that 17 - you probably need to update due to this Webkit exploit. Your Mac and iPad might be vulnerable too. https://www.macworld.com/article/2160361/apple-devices-zero-day-ios-ipados-macos.html
Cool Job
Fraud Risk Lead - Silo. https://jobs.lever.co/silo/89e79e44-afe9-48c2-bf3d-0b217909810f/apply?
Cool Tool(s)
Convert your handwritten To-Do list to digital. https://papper.co/
Python tool to convert PDF documents into a Markdown document. https://github.com/VikParuchuri/marker
Happy 10th Birthday!
Ten years ago, a Microsoft security researcher named Troy Hunt announced a side project of his to the world. It’s now one of the greatest security tools we have! Thank you Troy, and here’s to Ten more years of “have i been pwned”. https://www.troyhunt.com/a-decade-of-have-i-been-pwned/
Irrelevant
“Rizz” has been named “Word of the Year” by Oxford University Press. And hopefully, you don’t have any “beige flags”. Good grief, the giant flaming meteor can’t come soon enough. https://www.bbc.com/news/entertainment-arts-67602699
Thank you for opening the email and reading another issue of the newsletter. Please consider sharing it with your professional colleagues. We only grow through referrals.
See you next Tuesday! - Matt
BTW - 18,000 people every year require medical treatment due to “Christmas decor incidents”. Be safe out there! https://usafacts.org/data-projects/christmas-decorating-injuries
>Thoughts< = Comment below or reply back to the email that delivered the newsletter
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.