Threats Without Borders - Issue 170
Cybercrime Investigation Newsletter, Week ending February 18, 2024
I spoke to a victim who had their Wal-Mart gift card drained by using a bogus “balance checking” website. My immediate question was, “You didn’t just call the number on the back of the card?”
The person had multiple partially used gift cards for various stores and wanted to check the balance through one source and not have to move through multiple websites. They suspected a $100 Wal-Mart gift card had never been used, and a balance check confirmed that the full amount was still available.
Unfortunately, when they tried to pay with the card at Wal-Mart, they found out it had a zero balance. The funds had been used between the time they checked the balance and attempted to present it at the Wal-Mart store.
The victim couldn't recall the website's name but had found it through a Google search. Thinking, well, there can’t be that many, I conducted my own search. Wow, I was mistaken! There are dozens and dozens of these sites.
Search “gift card balance check” through Google and see for yourself. While there are likely many legitimate sites, it's certainly possible for a malicious site to appear in search results and steal gift card information. It would only take a small amount of effort to set up a look-a-like balance check website with a pass-through web-form and get it ranked within the top search results.
It’s actually so simple…it’s brilliant.
Those who do fraud prevention outreach should include this attack in your messaging. I certainly will be.
Some News…
This TechCrunch article rhetorically asks, “Why are ransomware gangs making so much money?”. The author does a sufficient job of outlining the problem and answering her own question. It’s all superficial, though, because it fails to address the real reason why ransomware gangs are making so much money…because businesses continuously fail at security. And many, particularly small and medium businesses, don’t really care about getting better at it. Or at least they don’t care enough to do the hard work and commit financially to becoming secure organizations. (Yes, that is flippant, but this is where we are). https://techcrunch.com/2024/02/17/why-ransomware-makes-so-much-money/
Man steals Lego sets and flees from police in vehicle. It's too bad he wasn’t aware that shoplifting isn’t a crime in San Francisco anymore, but fleeing the cops still is. At least for now. https://www.sfgate.com/bayarea/article/bay-area-police-pursuit-stealing-legos-18663476.php
A burglar in Minnesota is disabling security cameras using a Wi-Fi jamming device before breaking into homes. Unfortunately, these devices are easily attainable from online marketplaces and are legal. They don’t become illegal until they are put into use. Crowbars and ski masks are also legal, but they become “instruments of crime” when possessed by someone wearing all black while behind a business at 2 AM. Time and setting are certainly important, and anyone caught with one of these devices who can’t produce proof of employment as a penetration tester should be put to task. https://www.tomshardware.com/networking/wi-fi-jamming-to-knock-out-cameras-suspected-in-nine-minnesota-burglaries-smart-security-systems-vulnerable-as-tech-becomes-cheaper-and-easier-to-acquire
Who goes through the effort to create and process a fake will to steal $12,000? A lady in Harrisburg, PA. https://www.abc27.com/local-news/harrisburg/harrisburg-woman-accused-of-creating-fake-will-of-dead-relative-stealing-over-12k-ags-office-says/
Amazon’s efforts to stop organized retail crime. https://www.aboutamazon.com/news/policy-news-views/amazons-approach-to-global-organized-retail-crime
You’ll have to give up an email address and register for a 404Media account to access this article, but it’s really well-written. The article details an in-depth police investigation of a series of deep-fake nude images that destroyed a school community in Washington State. There is a lack of clarity regarding the legality of AI-generated images, leaving parents, schools, and law enforcement struggling to deal with the technology and how to punish the creators of deep faked photos. https://www.404media.co/what-was-she-supposed-to-report-police-report-shows-how-a-high-school-deepfake-nightmare-unfolded/
I hate Discord and its convoluted, jumbled, chaotic interface. The mangled intersection of “servers” and “roles” also causes stress. I realize it’s very popular in gaming and has become a necessary component of the “hacker” community. In this article, the team at Intel471 does a deep-dive into how the service is being abused to commit cybercrime. https://intel471.com/blog/how-discord-is-abused-for-cybercrime
Pennsylvania man sentenced to 97 months in prison for defrauding desperate owners out of one million dollars. This Ahole orchestrated a fraudulent scheme by establishing multiple companies like "Canine Care," "ACGT," and "CAGT," claiming to develop cancer treatment drugs for dogs. Starting in 2012, he promoted these medications, named "Tumexal" and "Naturasone," via deceptive websites targeting desperate pet owners. The sites falsely touted the drugs' effectiveness in treating various cancers and restoring ailing dogs' vitality. However, investigations revealed that these drugs were merely blends of bulk ingredients sourced from different places, concocted by Nyce at a facility in Collegeville. https://www.justice.gov/usao-edpa/pr/collegeville-man-sentenced-97-months-prison-scheme-sell-fraudulent-canine-cancer-drugs
Cool Job
Director of Information Security - Arc’Teryx. https://jobs.lever.co/arcteryx.com/b313c289-cac3-4f13-b223-99f657075197
Senior Manager of Trust and Safety - Twitch. https://boards.greenhouse.io/twitch/jobs/7220236002?gh_src=0c4ebc182
Cool Tool
Previously listed, but so good - Photopea image editor. https://www.photopea.com/
Irrelevant
Why Your Security Program Is Shit
https://crankysec.com/blog/shite/
Late-Breaking News
Capital One meet Discover…Discover, meet Capital One. Good luck to Tw/oB readers on both teams. https://www.cnbc.com/2024/02/19/capital-one-acquiring-discover-financial-services-report-says.html
Cunningham’s Law – The best way to get a correct answer to a posed question is to post the wrong answer and wait for someone to correct you.
I had a great time on the Risk Radar Podcast. There’s something different about the podcast format that causes me stress. Maybe it’s the pre-knowledge that everything you say will be recorded for everyone to Monday morning quarterback? I can deliver a talk in a room of 500 and never lose a breath, but the podcast's intimate nature causes me a bit of tension. Chris was a great host, and I think it went well, regardless of some of my quirks. If you have spare 30 -
https://www.linkedin.com/events/barcode-riskradarep37160362260219969537/theater/
Matt
Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinion and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.