Threats Without Borders - Issue 187
Cybercrime Investigation Newsletter, week ending June 16, 2024
Some News…
Let’s start with some news this week.
An officer from the Evansville, Indiana police department was forced to resign due to misconduct involving Clearview AI facial recognition technology misuse. The officer used the software for personal reasons, disguising searches with an actual case number and accessing social media images unrelated to investigations. An audit revealed the misuse, leading to an investigation and the officer's suspension. The officer resigned before the Police Merit Commission could make a final decision on termination. The EPD Chief has emphasized that the tool should only be used for official purposes and must adhere to the terms of service. This incident underscores the importance of proper use and internal guidelines for law enforcement technology. https://city-countyobserver.com/443846-2/
Scammers have created a fake Facebook account masquerading as the Pennsylvania Housing Finance Agency. The fraudulent page shares information about open housing choice voucher programs, but the Pennsylvania Housing Finance Agency does not administer housing choice vouchers. https://www.bradfordera.com/news/beware-of-scam-pa-housing-agency-issues-warning-about-fake-facebook-page/article_20b35dc2-29d8-11ef-85db-af3277ebb3c7.html
QR code phishing, also known as "Quishing," is a growing threat that has recently evolved to create QR codes using HTML and ASCII characters. This technique aims to evade OCR engines, making it challenging for security systems to detect. The campaign often involves deceptive re-authentication requests that contain malicious links. QR code phishing has progressed from simple MFA verification codes to more complex conditional routing attacks and manipulation campaigns. https://blog.checkpoint.com/harmony-email/the-evolution-of-qr-code-phishing-ascii-based-qr-codes/
You know you've made it when they start to impersonate you. The Cybersecurity and Infrastructure Security Agency (CISA) has warned about a phone scam in which a caller pretends to be a CISA representative. The scammer claims to know about the potential victim's questionable behavior and attempts to extort money. https://www.cisa.gov/news-events/alerts/2019/11/29/caller-poses-cisa-rep-extortion-scam
Why be skeptical at any cybersecurity plan the government touts? The White House has yet to implement 567 out of 1,610 cybersecurity-related recommendations the Government Accountability Office has issued since 2010. The issue spans three presidents - so it’s not a political party issue. https://cyberscoop.com/wp-content/uploads/sites/3/2024/06/GAO-24-107231-High-Risk-Series-Urgent-Action-Needed-to-Address-Critical-Cybersecurity-Challenges-Facing-the-Nation.pdf
Wells Fargo Bank fired a dozen employees for “simulated keyboard activity” - AKA using a mouse jigler. https://6abc.com/post/wells-fargo-fired-dozen-people-accused-faking-keyboard/14949871/
A fraud ring in North Philly is accused of stealing $200,000 by cashing checks taken from USPS drop boxes. The group, SaySlide, allegedly stole keys to USPS drop boxes, recruited individuals to launder the money, and used Instagram to find new members. Stolen checks were altered using whiteout or replaced with counterfeit ones. The group targeted USPS drop boxes in affluent areas. This scheme resulted in losses of over six figures and led to an increase in check fraud and mail theft, prompting USPS to change the locks on many of its drop boxes. Kudos to the investigators from the AG’s office and all assisting agencies! https://www.phillyvoice.com/philly-mail-theft-usps-drop-boxes-keys-stolen-checks/
And to no one’s surprise - a scam targeting SNAP benefits in Pennsylvania, New Jersey, Delaware, and New York is currently under investigation as part of a transnational organized crime ring. EBT cards used for SNAP benefits lack additional security features, making them attractive to scammers. The agency also noted that many scammers involved in EBT fraud are believed to come from Eastern Europe. https://6abc.com/post/wells-fargo-fired-dozen-people-accused-faking-keyboard/14949871/
Cool Tool
Identify any plant quickly using your mobile phone camera - https://apps.apple.com/us/app/plantidentify-plant-detector/id6504149002
Convert a PDF into a mindmap - https://mindmapai.vercel.app/
Cool Job
Anti-Money Laundering Subject Matter Expert - Capital One Bank. https://www.capitalonecareers.com/job/richmond/anti-money-laundering-subject-matter-expert-sme-special-investigations-unit-siu/1732/63470912288
Summer Reading
As promised, here's the Threats Without Borders summer reading list. (There are no links, so buy from your favorite bookstore.)
Social Engineering: The Science of Human Hacking by Christopher Hadnagy examines the art of manipulating human behavior to gain unauthorized access to information or systems. The book explores social engineers' psychological tactics and techniques, who exploit human vulnerabilities to bypass even the most robust security measures. The book also discusses the ethical implications of social engineering and the need for awareness and education to combat these attacks. Hadnagy stresses the importance of implementing robust security measures, such as multi-factor authentication, employee training, and fostering a culture of skepticism within organizations.
Start With Why by Simon Sinek delves into the idea that truly successful leaders and organizations inspire action not by emphasizing what they do, but by first communicating their fundamental purpose or "why" they exist. Sinek presents the "Golden Circle" framework, which includes three concentric circles: Why (the core purpose), How (the principles and methods), and What (the products or services). The concepts presented in this book have led to a complete overhaul of my classes and presentations.
The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age by David E. Sanger explores the rapidly evolving landscape of cyberwarfare and its implications for global security and geopolitics. Sanger looks at the emergence of cyberweapons as disruptive forces capable of inflicting widespread damage on critical infrastructure, stealing sensitive data, and undermining democratic processes. He highlights how these relatively inexpensive and difficult-to-attribute weapons have displaced terrorism and nuclear threats as the greatest security challenge of our time.
And the book that I’m currently reading:
Commanches: The History of a People by T.H. Ferenbach. Too early to tell. Maybe it will make it on the Winter reading list.
Three Men Make a Tiger: If enough people tell them it’s true, people will believe anything. It comes from a Chinese proverb that if one person tells you there’s a tiger roaming around your neighborhood, you can assume they’re lying. If two people tell you, you begin to wonder. If three say it’s true, you’re convinced there’s a tiger in your neighborhood and you panic.
Irrelevant
The winning photograph was disqualified from the AI image contest after it was determined to be an actual photo - taken with a camera by a human. https://petapixel.com/2024/06/12/photographer-disqualified-from-ai-image-contest-after-winning-with-real-photo/
Long technical read - that you should probably read
A new malware, WARMCOOKIE, has been discovered by Elastic Security Labs. It is being distributed through email campaigns disguised as recruiting offers. The campaign targets individuals with recruiting and job themes, leading them to a landing page where they download an obfuscated JavaScript file that runs PowerShell and downloads WARMCOOKIE. The threat actor quickly creates new landing pages and uses compromised infrastructure to host the initial phishing URL, often switching to new domains. https://www.elastic.co/security-labs/dipping-into-danger
Sign Off
The ballots for the International Board of the IAFCI have been sent out by email. Who do we vote for, Matt? Great question! Why are the candidates not campaigning? Why are they not addressing the local chapters at monthly meetings or through email? Why is everything so hush-hush, and we are expected to decide based on a flat two-paragraph profile distributed through email? Everyone looks great on paper! Or maybe it doesn’t really matter anyway?
Have a great week, and I’ll see you next Tuesday.
Matt
“The best teachers are your previous mistakes.” - Funny, I keep getting the same teacher
Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or preventing or investigating technology-enabled fraud, theft, or money laundering.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinion and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.