Threats Without Borders - Issue 161
Cybercrime Investigation Newsletter, Week ending December 17, 2023
Last week, I spoke to a group of older adults about common scams that target their age group and community. One of the attendees mentioned “almost” falling for a scam where the attacker pretended to be a distant relative. The speaker was confused about how the caller “knew everything about my family, even some of our relatives that passed away a long time ago”. She surmised the person was coached by another relative who had ill intent.
I quickly responded…You are correct, they are being coached by other relatives, and probably even you! My explanation of how these attacks are researched had a visibly startling effect on the audience. You could see it in their faces as they realized the complicity.
How many of you have used an online genealogy tool to research or map your family tree?
Hands go up.
Well, you just participated in the effort to give the scammers all of the information they need to attack you.
For the bargain price of 24.95 per month, or even better… a free trial subscription, I will quickly know everything about your past…including a complete family map. All I need to start is your name, date of birth, and city of birth.
The inevitable follow-up question: “Should we stop using these services?”.
No. Just like you can’t pick your family, you can’t pull that map off the wall. It’s there forever and hundreds of others, outside of your control, will keep adding to it.
Just don’t trust any caller who says they are your long-lost Aunt Edna.
Some News…
Google is killing the Geo-Fence Warrant and and law enforcement is having a collective melt-down. Ohhh, the horror. How did we every solve crime before Google tracking cell phones? By the stressed responses declared on various email and Internet message forums you would think the future of law enforcement investigations is doomed and everyone should start looking for other work. https://www.forbes.com/sites/cyrusfarivar/2023/12/14/google-just-killed-geofence-warrants-police-location-data/?sh=252efd752c86
City loses 1.2 million dollars in a phishing attack but gets 500K back for a paltry loss of $700,000. The city counsel and mayor determine the city manager is at fault and show him the door. Maybe it’s his fault, maybe not…but it’s interesting to see someone held accountable for a security incident. https://www.fox5atlanta.com/news/east-point-city-manager-fired-phishing-scam
Recorded Future released their Ransomware Tracker report for December which reports on November’s numbers. It’s no surprise that ransomware attacks are up from the previous month, but still aren’t at the highs of summer. The groups proposes an interesting theory that October’s suppressed numbers might have been caused by law enforcement actions. Maybe. https://therecord.media/ransomware-tracker-the-latest-figures
The Microsoft Digital Crime Unit (DCU) gives a peek of how it gets work done. https://www.wired.com/story/microsoft-digital-crime-unit-2023/
Publicly traded companies are now required to disclose “material” cybersecurity incidents, per Securities and Exchange Commission rules. Companies must report to the SEC within four business days if a “material” breach occurs, and must also create annual reports disclosing how they manage cybersecurity. Now if they will just define “material”. https://cyberscoop.com/sec-cybersecurity-incidents-disclosure-rule/
Termination means terminated…both from the job and access to the network. Once again, we have an employee who was terminated from a job, but didn’t have their access also terminated. No big deal - he only logged back in and deleted everyones Apple ID’s. What? Firing an employee is a two pronged-affair. One person delivering the message to the booted employee, and a second person eliminated all access rights. And this needs to happen simultaneously. https://www.justice.gov/usao-ma/pr/former-public-school-information-technology-manager-pleads-guilty-damaging-schools
hi Jack.
Cool Job
Security Operations Manager (Remote) - Harley Davidson Motorcylcles. https://jobs.harley-davidson.com/job/Remote-Security-Operations-Manager-Remote-WI-54742/1108125800/
Cool Tool
Report phone spam - more importantly, a comprehensive list of carrier contacts. https://reportphonespam.org/
Super-Geeky-Long-Read
A deep dive on using SMTP Smuggling to deliver phishing emails. https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
Irrelevant
Americans love trucks but don’t really need them. This article has some excellent graphics showing the the transformation of bed space Vs. cab space over time. https://www.axios.com/ford-pickup-trucks-history
Thanks for taking a few minutes to read the newsletter. We didn’t add a single subscriber over the past week so I’ve added “a dozen new subs” to my list for Santa. It’s already a lengthy list though, so we’ll see what the big guy brings. The new GT RS3 in Shark Blue is a really big ask - but I’m hopeful.
If you’re feeling the Christmas spirit, share the newsletter with a friend and colleague. After all, sharing is caring!
And if you don’t already subscribe…
Merry Christmas!
Matt
Published every Tuesday, Threats Without Borders Newsletter offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter is of interest to everyone who is tasked with cybersecurity or is involved in the prevention or investigation of technology-enabled fraud, theft, or money laundering.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space are my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.