Threats Without Borders - Issue 169
Cybercrime Investigation Newsletter, Week ending February 11, 2024
The Federal Trade Commission released new data concerning the extent of consumer fraud losses.
Here are the key takeaways from the FTC's findings:
Record-High Fraud Losses: Consumers reported losing over $10 billion to fraud in 2023, marking the first time losses have reached this level and representing a 14% increase over the previous year.
Email emerged as the most commonly reported method of contact for scammers, signaling a shift from previous years. The FTC is actively addressing this trend through various measures, including crackdowns on illegal telemarketing, proposals to ban impersonator fraud, and initiatives to confront emerging forms of fraud facilitated by digital technology.
Among the various types of fraud, investment scams emerged as the most lucrative for scammers, with consumers losing more than $4.6 billion in 2023 alone. This marks a staggering 21% increase over losses reported in the previous year. Additionally, imposter scams, where fraudsters impersonate legitimate entities, accounted for nearly $2.7 billion in reported losses.
It’s important to remember that most victims never report their losses. The real numbers are significantly higher.
You can explore the data for yourself through the FTC’s online portal. https://www.ftc.gov/news-events/data-visualizations/explore-data
Some News…
For what it’s worth, the Federal Communications Commission (FCC) has officially outlawed AI-generated robocalls. I’m sure the International call centers making these phone calls will strictly adhere to the new regulations. Do-Not-Call lists are working, right? https://docs.fcc.gov/public/attachments/FCC-24-17A1.pdf
This guy got scammed buying a camera from a seller on Facebook Marketplace. The article highlights how attackers were able to manipulate PayPal, which is the main point of interest. He doesn’t understand how the attackers were able to alter the status of his PayPal account, and neither do I, but hopefully, someone at PayPal does so they can fix the vulnerability. https://ben.page/scammed
According to the blockchain intelligence firm Chainanalysis, the money paid as ransom for ransomware attacks exceeded one billion dollars in 2023. The company has reported that ransomware actors are now more likely to target large corporations instead of small and medium businesses, noting, “Overall, big game hunting has become the dominant strategy over the last few years, with a bigger and bigger share of all ransomware payment volume being made up of payments of $1 million or more.”. https://www.chainalysis.com/blog/ransomware-2024/
Ten individuals were arrested for involvement in a $9.5 million fraud scheme that included phony LLCs, shell companies, stolen identities, and international wire transfers. A whole bouquet of fraud! https://www.justice.gov/usao-md/pr/ten-defendants-arrested-federal-indictments-related-multi-million-dollar-fraud-scheme
The H1 2024 Threat Horizons Report has been published. The Google Cloud team authored the report, highlighting current threats to cloud computing and providing mitigation recommendations. The report notes that threat actors still exploit weak or nonexistent passwords to gain unauthorized access to cloud instances, resulting in credential abuse and cryptomining. Disappointing. https://services.google.com/fh/files/misc/threat_horizons_report_h12024.pdf
61% of U.S. adults have received a notice their information was involved in a data breach. https://www.usnews.com/press-room/consumer-insights-studies/2024-01-24/u-s-news-360-reviews-survey-reveals-americans-data-breach-experiences-cyber-attack-fears
Canada plans to outlaw the Flipper Zero to prevent car theft. I heard the device best described as a hacker Swiss Army knife disguised as a cute Tamagotchi. I own one and have used it for some hi-jinks, but I haven’t figured out how to steal a car! The parts to make the device are easily attainable, and the operating system is open-source and available for download. Outlawing this specific device is pointless. https://www.bleepingcomputer.com/news/security/canada-to-ban-the-flipper-zero-to-stop-surge-in-car-thefts/
The United States Secret Service (USSS) has re-established a “Cyber Investigations Advisory Board (CIAB)” to “prevent and disrupt criminal use of cyberspace.” Reestablished? Did anyone realize it was gone? https://www.federalregister.gov/documents/2024/01/26/2024-01565/us-secret-service-cyber-investigations-advisory-board
Cool Job
Manager of Fraud Investigations - WSFS Bank. https://wsfsbank.wd1.myworkdayjobs.com/en-US/wsfscareers/job/Wilmington-DE/Manager-of-Fraud-Investigations_R-101193-1
Cool Tool
Look up by vehicle registration plate - https://findbyplate.com/
Search by logo - https://seeklogo.com/
Irrelevant
Shrinking families means fewer cousins. Remember your cousins? Study shows that fewer cousins are reshaping childhood. https://www.cbc.ca/news/canada/cousins-decline-canada-1.7103338
Learning
Delaware Fraud Working Group - Fraud Summit 2024. Wednesday, March 27, 2024, at Bally’s in Dover, Delaware https://www.eventbrite.com/e/delaware-fraud-working-group-fraud-summit-2024-tickets-801811950127?aff=oddtdtcreator
BSidesHBG Cybersecurity Conference. Harrisburg, PA - Friday, April 12, 2024. https://www.bsideshbg.com/
BSidesCharm Cybersecurity Conference. Towson, MD - April 20-21, 2024. https://www.bsidescharm.org/
Keystone Connection 2024. May 13-15, 2024, at Seven Springs Mountain Resort. A two-day educational event for financial crime investigators jointly hosted by the Delaware Valley and Pittsburgh Metro chapters of the IAFCI. https://keystonekonnection.com/
Great numbers last week, unfortunately, didn’t translate into new subscribers. But I’m hopeful. Please consider sharing the newsletter with your colleagues. Or enemies.
Thank you for reading this week's issue. Don’t forget I’ll be on Risk Radar this afternoon at 3 P.M. EST to talk a bunch of BS. (You can also watch the recording for those of you who wait until the weekend to open the newsletter)
https://www.linkedin.com/events/barcode-riskradarep37160362260219969537/about/
Otherwise, see you next Tuesday.
Matt
Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinion and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.