Threats Without Borders - Issue 163
Cybercrime Investigation Newsletter, Week ending December 31, 2023
In the first issue of 2023 (Issue 111), I fell in line with the super cool kids and made my top ten predictions for the forthcoming year. Those who read the issue recall it was a bit tongue-in-cheek.
Let’s see how my predictions held up:
Hackers are going to keep hacking
Phishing will increase in scope and size
Business Compromise Attacks will become more sophisticated
Damage from insider threats will increase dollar loss
Paper check fraud will be huge as fraudsters exploit mobile banking
Ransomware will continue to wreak havoc
Small and medium businesses will continue to suffer devastating losses due to cybercrime
Cryptocurrency will continue to be used for money laundering
People will continue to use weak passwords
Gift cards will continue to be the cybercrime currency.
Wow. 10 for 10. I’m pretty damn brilliant.
I made an 11th prediction in that editorial. Well, it was more of a hope than a prediction.
Small and medium businesses will increase their cybersecurity awareness and prevention efforts to reduce their threat surface and potential for victimization.
That was the only challenging prediction on the list and I was way off the mark. Many organizations did increase awareness of their risk, but only because it’s damn hard to ignore it at this point. Very few actually made an effort to increase the effort of mitigation.
Law enforcement knows this because they get to deal with the aftermath and wreckage. Financial Institutions know this because it’s hammering their fraud investigation teams and, more importantly, their bottom line.
What are my predictions for 2024? Wash, rinse, repeat. The ten from above will hold for another year.
I’ll take a risk on number 11 again and continue my work to make it a reality.
Happy New Year 2024!
Some News…
It was a slow news week due to the holidays, which is a shame because I had a lot of time off to read. Some things I found interesting:
A newly published book examines how financial crime is wreaking havoc in Canada. From the promo: “Numerous investigations that ultimately went nowhere have revealed weak legislation and an under-resourced enforcement regime that is manifestly not fit for purpose. Chances of getting caught are almost nil, civil and criminal asset forfeiture is weak, and penalties are negligible,” Sound familiar America? https://globalnews.ca/news/10182919/dirty-money-new-book-fintrac-rcmp-financial-crimes-canada/
Do you know the difference between a “topical scam” and a “technical scam”? Malwarebytes explains them and provides examples of both. https://www.malwarebytes.com/blog/personal/2023/12/4-sneaky-scams-from-2023
The First State Depository Co. LLC, a precious metals storage facility in Wilmington, Delaware, is at the center of a major fraud case. The company stored physical gold and silver for individual retirement accounts and 401(k) account holders, and has been accused of misappropriating millions of dollars' worth of precious metals. Many of the victims were elderly investors who had been persuaded to include precious metals in their retirement accounts for tax reasons. Investigators believe there is at least 75 million dollars worth of gold and silver missing. https://www.inquirer.com/business/first-state-robert-leroy-higgins-gold-silver-precious-metals-fraud-depository-cftc-20231228.html
The Federal Trade Commission has filed a lawsuit against Grand Canyon Education Inc., AKA Grand Canyon University, accusing it of deceiving prospective students about program costs and lying about the schools non-profit status. The lawsuits also accuses the school of “abusive telemarketing calls”. https://www.marketwatch.com/story/ftc-sues-grand-canyon-education-alleging-deceiving-and-abusive-marketing-practices-3b67f8a4
The infamous founder of the ICOMTECH Ponzi scheme, David Carmona, has pled guilty to federal charges brought by the U.S. Attorneys Office for the Southern District of New York. Carmona presented the business as a cryptocurrency mining and trading company and promised investors profits in exchange for purchasing cryptocurrency-related investment products. In an effort to promote the company, Carmona hosted events all around the world. The lavish shows painted the tale of a luxury including expensive cars, homes, and vacations for those who invested in the business. Unfortunately, the only ones living that lifestyle was Carmona and his co-conspirators. https://www.justice.gov/usao-sdny/pr/founder-cryptocurrency-ponzi-scheme-icomtech-pleads-guilty
Reader Hater Mail
"Bro, the spelling errors!" - LK (who I can only assume is emailing from the Wolf’s Lair).
Bro, start paying me a $9.99 per month subscription fee and I’ll hire an editor. Seriously, the newsletter is anywhere between 1000 to 1500 words per week, and it has gone over 2000. I use the Substack editor and Grammarly to catch most of the mistakes, but I just don’t have the time, or desire, to obsess over spelling and grammar.
Cool Job
If you are into photography and cybersecurity - this is a dream job (other than it being located in New York City). Chief Information Security Officer - B&H. https://jobs.dayforcehcm.com/en-US/bav/CANDIDATEPORTAL/jobs/2038
Cool Tool
WEBP format is becoming the new standard in web publishing, so you’ll need a tool like this if you like to rip images from websites - https://webptojpgonline.com/
Irrelevant
117 Fascinating Finds of 2023 according to the Smithsonian https://www.smithsonianmag.com/history/117-fascinating-finds-revealed-in-2023-180983491/
Learning
LetsDefend released a six lesson course on USB Device Forensics. And it’s FREE. From the course description: “The curriculum covers forensic imaging, the identification of key artifacts, providing essential skills for conducting effective investigations. Whether you're a seasoned professional or new to the field, this course ensures you are well-prepared to navigate the challenges of USB forensics, including legal considerations and ethical best practices.” https://app.letsdefend.io/training/lessons/usb-forensics
Thank you making 2023 such a great year for the newsletter. Let’s grow even more in 2024!
Matt
“REAL SUCCESS IS FINDING YOUR LIFEWORK IN THE WORK THAT YOU LOVE” - or finding love in your life’s work.
Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter is of interest to everyone who is tasked with cybersecurity or is involved in the prevention or investigation of technology-enabled fraud, theft, or money laundering.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.