Threats Without Borders - Issue 194
Cybercrime Investigation Newsletter, week ending August 4, 2024
A tracking pixel is a tiny 1x1 pixel graphic that loads when a user visits a webpage or opens an email. It's usually designed to be transparent or blend into the background, making it invisible to the user. The pixel contains an HTML code snippet that sends data back to a server when loaded. A tracking pixel embedded into a webpage or email includes a link to a server. When a user opens the email or visits the webpage, the browser processes the HTML code, loads the pixel, and sends a request to the server.
This request includes various pieces of information about the user, such as:
IP Address, which can provide information about the user's location and Internet Service Provider.
Operating System and Browser Type that can determine the user's device and software.
Time of Access indicates when the email was read or the webpage was visited.
User Activities such as clicks, form submissions, and page views
One of the most common tracking pixels is the email tracking pixel, which is embedded in emails and tracks actions such as opens, clicks, and forwards. It provides data on the effectiveness of email marketing strategies.
I don’t want to provide backlinks to any of these services so search something like “email tracking pixel service” to find additional information and organizations that provide this service.
Facebook, X , and other social media platforms provide accounts a dedicated Pixel that content creators can embed in their content to track when it’s shared on the platform. Companies like Parsely and PastePixel offer third-party content tracking and analytics solutions.
Obviously, Tracking pixels is often criticized for privacy reasons. They collect user data without explicit consent, raising concerns about user privacy and data protection. According to regulations like the GDPR, users must be informed about data collection practices and given the option to opt out. Additionally, spammers can use tracking pixels to verify email addresses, leading to an increase in spam emails.
To the topic that started this entire conversation: tracking pixels can be used to reveal the identity of users who are trying to remain anonymous. By embedding a tracking pixel into an email or image and getting your target to open it, you might be able to uncover their identity. However, if the target is doing it right and using a virtual machine and a proxy, it might not be effective. Nonetheless, everyone makes mistakes from time to time, and you might just catch your target slippin’.
PS. – I’m not an attorney, so consult legal counsel before utilizing any network investigative technique.
Some News…
The Securities and Exchange Commission (SEC) has charged Abraham Shafi, founder of social media company "IRL," with a $170 million fraud. Shafi is accused of making false statements about IRL's growth and concealing personal use of company credit cards. The real fraud is boasting this platform has 12 million users. https://www.sec.gov/newsroom/press-releases/2024-92
A Pennsylvania man was sentenced to 22 months in prison for hacking into social media accounts and stealing private photographs of at least 20 female victims, mostly from high school, by tricking them into providing account security codes. He located private sexually explicit photographs in the "My Eyes Only" section of the accounts and shared them with the victims' contacts. He also posted the victims' private photos on public websites, causing victims to receive unsolicited messages from unknown individuals. Kudos to the agents of the FBI’s Philadelphia field office for tracking this asshole down. https://www.justice.gov/usao-edpa/pr/chambersburg-man-sentenced-22-months-prison-hacking-social-media-accounts-and-stealing
Don’t buy a car warranty on the advice of rapper Ice-T. CarShield, a company that sells vehicle service contracts, has agreed to a $10 million settlement with the Federal Trade Commission (FTC) over allegations of deceptive marketing practices. The FTC accused CarShield of misleading customers with promises of repair coverage that were often not honored, leading many to face financial difficulties. https://www.nbcnews.com/business/consumer/carshield-must-pay-10-million-federal-settlement-deceptive-ads-rcna164540
Proofpoint researchers have discovered a concerning trend of cybercriminals exploiting Cloudflare Tunnels to spread malware. This activity, first detected in February 2024 and escalating between May and July, primarily aims to deliver Remote Access Trojans (RATs) like Xworm to victims' devices. The attackers deceive users with emails disguised as invoices, document requests, or package deliveries, leading them to download malicious files that ultimately install the malware. https://www.proofpoint.com/us/blog/threat-insight/threat-actor-abuses-cloudflare-tunnels-deliver-rats
Crowdstrike does not think Clownstrike is funny. https://clownstrike.lol/crowdmad/
The Department of Justice's Criminal Division has launched a Corporate Whistleblower Awards Pilot Program to uncover and prosecute corporate misconduct. Whistleblowers who provide original, truthful information that leads to a successful forfeiture may be eligible for an award. The program covers four areas: financial institution crimes, foreign and domestic corruption, and health care fraud involving private insurance plans. However, the program does not currently have a plan for ensuring the whistleblower's stay alive after said whistle blow. https://www.justice.gov/criminal/criminal-division-corporate-whistleblower-awards-pilot-program
Wells Fargo faces AML inquisition. https://finance.yahoo.com/news/wells-fargo-faces-aml-sanctions-093228538.html
Update your Mac. You should have already. https://www.macworld.com/article/2412437/macos-sonoma-14-6-ventura-13-6-8-monterey-12-7-6-security-updates.html
Cool Tool
Online video downloader - https://viodeo.com/
Cool Job
No job this week. Keep your head down and stay where you are until this storm blows over.
Irrelevant
Speaking of a different storm, Hurricane Debbie blows 1 million dollars of cocaine onto a Florida beach. https://www.wavy.com/news/national/hurricane-debby-blew-1-million-worth-of-cocaine-onto-florida-beach/
Disappointing
Only 19.13% of eligible IAFCI members voted in the most recent election.
The people get the government they deserve!
Sign Off
Getting older is funny. I feel as good as I ever was, but when I look around, I’m the old guy. I recently dropped Chesterton’s Fence on a much younger person - “Never tear down a fence until you first know why it was built.” In other words, if there was a reason someone took the time to build a process, you should find out why before you remove it. And old guys like me built the processes…if we can just remember why.
Thanks for reading. See you next Tuesday.
Matt
“ONE MOMENT OF PATIENCE, IN A MOMENT OF ANGER, CAN SAVE A THOUSAND MOMENTS OF REGRET” - someone who’s dealt with me
Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.