Threats Without Borders - Issue 178
Cybercrime Investigation Newsletter, Week ending April 14, 2024
Whoever said there is “no such thing as a stupid question” never attended a professional conference.
Since it’s conference season, let me remind you of the most terrible conference attendee – Conference Question Guy. (And it’s always a guy).
Gotcha Guy attempts to put the speaker in a bad spot by asking a question about some obscure or little-known technical aspect of the speaker’s topic. The question's intent isn’t to elicit more knowledge or spur conversation but to trick the speaker and make them look poor in front of the audience.
Test the Speaker's Knowledge Guy, much like Gotcha Guy, this question asker is already knowledgeable about the topic and asks a question that he already knows the answer to. He’s a more benign version of Gotcha guy.
You can immediately spot Look How Smart I Am Guy as he’s on the edge of his seat the whole talk, and only an ounce of self-restraint is keeping him from stepping up on stage. His head is nodding or shaking the entire talk, and he will usually make statements to those around him. His hand will be the first one up after the talk. His proposed question is usually a softball but will be constructed to allow him to follow up with a more detailed and technical retort to demonstrate his mastery of the speaker's topic.
While Mask Guy's commitment to public health is admirable, no one can hear the question, including the speaker. The easy solution is just slightly to pull the mask down when asking the question, but since they don’t, they just come across as a virtue-signaling asshole.
Political Statement Guy is usually wearing the prerequisite t-shirt or some slogan buttons on his jacket. “How will this be interpreted by the Biden government considering their failure to…”, “Don’t you think this will all be irrelevant under a Trump presidency considering his past statements about… “, “What effect will this have on DEI….”, “Have you seen any evidence that this might lead to the loss of the arctic ice shelf…”, AHHHHHH – Please just stop.
Complain About My Employer Guy uses their question to passive-aggressively criticize their employer or supervisor and constructs the question to get the speaker to agree with their assertion.
Mansplaining Guy is a particularly dreadful species; the Mansplaining Guy targets female speakers and uses their questions as a way to lecture about a particular topic point he feels the speaker didn’t thoroughly explain or doesn’t completely understand.
Don’t me wrong, speakers crave questions. There’s nothing worse than finishing your conference talk with “and know I’ll take any questions!” but the only response is blank stares and silence. Questions from your audience show they were listening to your words, and your ideas resonated or at least got them thinking.
Please question your conference speakers, but do it for the right reasons.
Don’t be Conference Question Guy. Everyone hates that guy.
Some News…
A recent U.S. Chamber of Commerce survey found that 60% of small business owners say cybersecurity threats are a top concern. Conversely, the survey revealed that 40% of small business owners are stupid. While it’s good that most SMB owners recognize the dangers of cyber attacks, awareness and action are completely different. Hopefully, someday, there will be a survey that says 60% of small business owners are actively working to build their cybersecurity posture. https://www.uschamber.com/sbindex/quarterly-spotlight
The affiliate model being adopted by ransomware groups has created a “script-kiddie” culture within the ecosystem. This article is well worth your five minutes of time. https://www.guidepointsecurity.com/blog/awkward-adolescence-increased-risks-among-immature-ransomware-operators/
A new study co-sponsored by AARP concludes that American adults lost 43 Billion Dollars to identify fraud in 2023. The authors of the study correctly point out the numbers is artificially low since many victims do not report their victimization to authorities. https://www.aarp.org/money/scams-fraud/info-2024/identity-fraud-report.html
This article rhetorically asks, “Why would anyone steal $300,000 worth of Legos?” Ah, because they’re worth Three Hundred Thousand Dollars. Duh! These aholes will steal $300K worth of potatoes if they can. https://www.pennlive.com/crime/2024/04/why-would-anyone-steal-300000-worth-of-legos.html
Password manager application LastPass has had its share of security issues in recent years, but hopefully, it has turned the corner. The company recently revealed that an employee was targeted by attackers using deep-fake technology to impersonate the organization's CEO. The company explained that the employee received “calls, texts, and at least one voicemail”. https://www.securityweek.com/lastpass-employee-targeted-with-deepfake-calls/
140 BMO customers who lost money in various scams filed a class action lawsuit. Bless their hearts. https://www.cbc.ca/news/canada/toronto/bmo-customers-transfer-theft-cybercrime-1.7169622
A Delaware woman has been indicted for her role in an international sextortion scheme. The scheme attempted to extort $6 million from thousands of individuals and successfully extorted about $1.7 million using CashApp and ApplePay. https://www.justice.gov/opa/pr/delaware-woman-arrested-international-sextortion-and-money-laundering-scheme
Cool Tool
Wait, what’s that logo? https://seeklogo.com/
Cool Job
Head of Digital Forensics Incident Response - Apple. https://jobs.apple.com/en-us/details/200541873/head-of-digital-forensic-incident-response?team=SFTWR
Irrelevant
Jung’s five pillars to living a good life. Your mileage may vary. https://archive.ph/DyaUX (archived to get over the paywall; you’ll have to trust the short link)
Brandolini’s Law - "The amount of energy needed to refute bullshit is an order of magnitude larger than to produce it."
Sign Off
Thank you for reading another issue of the newsletter. I realize your time and attention are at a premium, and I appreciate that you gave me a few minutes of it.
Please consider sharing the newsletter with others to help it grow.
Matt
“IT’S NEVER TOO LATE TO GET YOUR SHIT TOGETHER” - someone watching my life
Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinion and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.