Threats Without Borders - Issue 175
Cybercrime Investigation Newsletter, week ending March 24, 2024
A bank in Pennsylvania was experiencing significant financial losses due to treasury check fraud. However, they found a solution that eliminated the fraud. In fact, since implementing preventive procedures, they have prevented ten million dollars in fraud.
That’s impressive. Even more impressive is that they attended a chapter meeting of the International Association of Financial Crime Investigators (IAFCI) and outlined how they do it!
The presentation also shared threat intelligence and some method-of-operation intelligence that should interest every law enforcement investigator working treasury fraud cases. After the presentation, the attendees shared even more knowledge during open discussion.
And, of course, the networking was enjoyable and productive.
The IAFCI has chapters across the United States and the world. Please join a chapter and get involved.
And if your local chapter isn’t active – step up and make it active!
Official Business
I don't have any method to measure this, but I estimate that about 25% of my subscribers are not receiving the email containing the newsletter on a weekly basis. I use a few Yahoo accounts for testing purposes, and it seems completely arbitrary whether the email gets delivered to the inbox or not. For instance, one of my accounts has only received the newsletter once in the past four weeks.
And many business organizations are starting to block “newsletters” as spam.
So, in effort to overcome this adversity, I have connected the domain https://www.threatswithoutborders.com to the newsletter’s Substack site.
The newsletter has been published every Tuesday for 175 straight weeks. If you don’t find it in your inbox, check out the web version.
When you land on Substack's website without registering, you will see a splash page. Click "Let me read it first" to access the content.
Some News…
A federal jury has convicted the former CFO of National Air Cargo (and his wife) for stealing more than five million dollars from the company. The evidence showed the couple invested more than 2.4 million dollars in Bitcoin. That might have been a wise investment considering the current price of the cryptocurrency. In fact, that investment might have turned a more significant profit than actually shipping air cargo! I’m curious if the investigators were able to trace the bitcoin transactions. https://www.msn.com/en-us/news/crime/jury-in-colorado-convicts-former-corporate-cfo-and-wife-of-over-5-million-in-wire-fraud/ar-BB1iKhnH
A very prolific hacker offers access to 70 million AT&T accounts. “Those are our customer records, but they didn’t come from us”, claims AT&T. Wait, what? Troy Hunt breaks it down and explains how the data affects the HaveIBeenPwned service. https://www.troyhunt.com/inside-the-massive-alleged-att-data-breach/
Are new cars really the worst privacy offenders? https://www.cnbc.com/2024/03/23/how-to-stop-your-internet-connected-car-from-selling-your-driving-data.html
In action-movie style, three suspects attacked a van driver who was collecting the proceeds from video gambling machines. The brazen attack netted the robbers about $400K! Let’s not victim blame, but is a single person driving a regular Spinter van responsible for picking up nearly half-a-mil a good idea? https://www.pennlive.com/crime/2024/03/armed-robbers-nab-400k-from-pa-gambling-machines-in-brazen-heist.html
Malware Alert: Be aware of .ics attachments in unexpected emails. https://malware.news/t/malicious-email-ics-attachments/80016
Long-time readers know I’m a DDOS geek. CISA, the FBI, and MS-ISAC joined to produce this consumer-friendly guide titled “Understanding & Responding To Distributed Denial of Service Attacks.” Regardless of my enthusiasm for the topic, eyes glaze over when I discuss this cyber-attack in my cybersecurity for small businesses seminars. This brochure is well written, but I don’t suspect it will be any more successful in getting SMBs to care. https://www.cisa.gov/resources-tools/resources/understanding-and-responding-distributed-denial-service-attacks
Another school district was hit by Ransomware. I feel bad for the men and women working IT in the education sector—it is the epitome of a soft target.
Cool Tool
Verify those Treasury checks. https://tcvs.fiscal.treasury.gov/
You might need a temporary email address. https://vmail.dev/
Cool Job
Manager of Fraud and AML Compliance - Porsche Financial Services. https://jobs.porsche.com/index.php?ac=jobad&id=11086
Irrelevant
America has a problem with chronic absenteeism among schoolchildren. https://civicsearch.org/feature/absenteeism
Sign-Off
I’m speaking at the Delaware Fraud Summit in Dover, Delaware, on March 27, 2024—tomorrow for most of you reading this. Please come and introduce yourself to me if you're in attendance. I’ll look like I’m busy, but I’m not. Seriously.
Thank you for reading, and please consider sharing with your colleagues. Sharing is caring!
Matt
“THE MOST SUCCESSFUL PEOPLE ARE THOSE WHO ARE GOOD AT PLAN B.” - my whole life has been Plan B.
Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinion and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.