Threats Without Borders - Issue 189
Cybercrime Investigation Newsletter, week ending June 30, 2024
Someone in big-time law enforcement finally realized that a lot of fraud occurs through “arrangement” services and websites, also known as “Suga sites.”
No. Really? Who would have thought fraud would occur through an industry completely built on a criminal predicate?
Let’s start from the beginning: What is “Sugaring”?
Sugar dating is a relationship arrangement where one person, often referred to as a “sugar daddy” or “sugar mommy”, provides financial support, gifts, or other benefits to another person, known as a “sugar baby,” in exchange for companionship, which can range from casual dating to single instances of sex. These arrangements are often facilitated through specialized websites and apps designed to connect potential sugar daddies/mommies with sugar babies.
Sounds like prostitution to me. Let's check: Prostitution – “The act of exchanging sex or intimate companionship for financial compensation.”
Checks out.
So yeah, there are many morally oppressed people on these sites, which creates the perfect environment for fraud.
Scammers take advantage of the sugar dating model by preying on individuals seeking financial support or companionship. It all starts with fake personas, where scammers create fake profiles using attractive photos and appealing bios to lure in potential sugar babies or daddies. They often claim to be wealthy and generous, offering substantial financial support.
Here are some common tactics used by scammers in the sugar-dating world:
Advance Fee Fraud: the scammer promises to send money or gifts but will first ask the victim to pay a fee, such as a processing fee, customs fee, or a payment to verify their identity. Once the fee is paid, the scammer disappears. Yes, gift cards are the preferred currency.
Phishing for Personal Information: Scammers will ask for personal information, including banking details, social security numbers, or personal data, under the guise of setting up direct deposits or verifying identity. This information is then used for identity theft or sold in criminal markets.
Money Laundering: Scammers ask sugar babies to receive funds and then transfer them to another account, making the sugar baby an unwitting participant in money laundering activities. AKA Money Mule!
Romance Scams: Scammers exploit the emotional aspect of sugar dating by faking a romantic interest to gain trust. Once trust is established, they concoct stories about financial emergencies, asking for money to cover medical bills, legal fees, or travel expenses.
This goes both ways… scammers impersonate the daddies and mommies to scam the babies, and scammers impersonate the babies to scam the daddies.
It’s surprising that any of these crimes get reported to law enforcement. At All! How do you explain why you were meeting people through one of these websites? Oh, that’s right, they were seeking a “personal assistant” job.
Some News…
An international law enforcement operation, Operation First Light, has successfully dismantled numerous online scam networks. The operation resulted in the arrest of nearly 4,000 suspects and the seizure of $257 million in illegally obtained assets. Additionally, law enforcement authorities were able to seize assets such as real estate, high-end vehicles, and expensive jewelry. Furthermore, 6,745 bank accounts used for transferring illegal funds were frozen due to the operation. Police from 61 countries collaborated to target various scams, including phishing, investment fraud, romance scams, and impersonation scams. https://therecord.media/4000-arrested-in-global-cybercrime-scam-crackdown-interpol
Mac users are targeted by a new malware campaign that spreads through malicious Google Ads disguised as legitimate Arc browser downloads. The malware, identified as Poseidon, is a stealer designed to steal sensitive information such as passwords, cryptocurrency wallets, and browser data. This incident highlights the increasing sophistication of malware distributors who exploit trusted platforms like Google Ads to deceive users. https://www.malwarebytes.com/blog/news/2024/06/poseidon-mac-stealer-distributed-via-google-ads
The Financial Crimes Enforcement Network (FinCEN) has issued a proposed rule to strengthen and modernize Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) programs for financial institutions. The proposed rule aims to make these programs more effective and risk-based, enabling institutions to focus resources on the highest-priority threats. Key changes include requiring institutions to adopt risk-based programs, incorporate government-wide AML/CFT priorities, and modernize their programs to combat evolving threats like cybercrime. https://www.fincen.gov/news/news-releases/fincen-issues-proposed-rule-strengthen-and-modernize-financial-institutions
Bloomberg recognizes that cybercriminals' tactics are becoming more aggressive. Say what? Yes, cybercrime is evolving, with hackers employing increasingly aggressive tactics to extort higher ransoms. These tactics include double-hacks, data leaks, and harassment of researchers. The healthcare sector is a prime target, with hospitals and insurers facing crippling attacks and extortion demands. While law enforcement agencies are stepping up efforts, the ease of access to hacking tools and the global nature of cybercrime pose significant challenges. https://www.bloomberg.com/news/newsletters/2024-06-26/cybercrime-tactics-and-demands-are-getting-more-aggressive
The Federal Trade Commission (FTC) has taken action against three individuals who organized a large-scale sweepstakes scam that defrauded consumers of millions of dollars. The scam involved sending personalized letters falsely informing recipients that they had won substantial cash prizes, often exceeding $2 million. This operation deceived consumers across the United States and internationally, amassing over $28 million. The individuals involved have agreed to settlements that permanently prohibit them from operating sweepstakes or making any claims about prizes to consumers. https://www.ftc.gov/news-events/news/press-releases/2024/06/ftc-action-leads-sweepstakes-ban-three-individuals-who-ran-massive-scheme-cost-consumers-millions
New report from Sophos - The State of Ransomware 2024. https://assets.sophos.com/X24WTUEQ/at/9brgj5n44hqvgsp5f5bqcps/sophos-state-of-ransomware-2024-wp.pdf
Esentire reveals a cyberattack in which a fake IT support website is used to spread the Vidar Stealer malware. The attackers exploit common Windows Update errors to lure users to the malicious site, which then delivers an obfuscated PowerShell script that leads to the infection. This incident highlights the increasing sophistication of cybercriminals in using social engineering tactics and leveraging platforms like YouTube to spread malware. https://www.esentire.com/blog/fake-it-support-website-leading-to-vidar-infection
This is the stupidest news of the week
Geisinger Health Systems has issued a notice informing patients of a data security incident involving its vendor, Nuance Communications. A former Nuance employee accessed and potentially stole the personal information of over one million Geisinger patients, including names, dates of birth, addresses, medical record numbers, and more.
“Geisinger discovered and immediately notified Nuance that a former Nuance employee had accessed certain Geisinger patient information two days after the employee had been terminated”.
Wait, how did they still have access to the network two days after they were terminated???
Cool Job
Director of Information Security, Milton Hershey School. https://www.mhskids.org/jobs/director-information-security/
Manager of Fraud Intelligence, USAA. https://www.usaajobs.com/job/san-antonio/manager-fraud-intelligence/1207/66785037104
Cool Tool
Investigate suspicious URL’s - https://www.tiny-scan.com/
Irrelevant
Become a Humble Star. https://www.psychologytoday.com/us/blog/social-instincts/202407/7-ways-to-become-your-workplaces-humble-star
Relevant
How to properly display the flag. https://nationalflagfoundation.org/etiquette/how-to-display-the-flag/
Sign Off
Happy Independence Day
“Then join hand in hand, brave Americans all! By uniting we stand, by dividing we fall.” - John Dickinson
Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or preventing or investigating technology-enabled fraud, theft, or money laundering.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinion and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.