Threats Without Borders - Issue 202
Cybercrime Investigation Newsletter, week ending September 29, 2024
Longtime Tw/oB supporter Dr. Yumi Suzuki has co-authored an article published in the most recent FBI Law Enforcement Bulletin. The article explores the rising issue of money mule operations, particularly in the context of cybercrime. It highlights the challenges investigators face, including the increasing use of cryptocurrency and the difficulty in proving intent. Dr. Suzuki and her co-author, Detective Eric Tapper, argue for the widespread adoption of “mule letters”. Yes!
https://leb.fbi.gov/articles/featured-articles/insights-on-money-mule-cases
Speaking of mules, how about Smurfs?
Smurfing is a method used by criminals to launder illicit funds. It involves breaking down large amounts of cash money into smaller, seemingly harmless transactions. This technique allows money launderers to evade the scrutiny of bank investigators by staying under the reporting thresholds set by federal law. Criminals achieve this by spreading these smaller deposits across multiple accounts, often through a network of accomplices called "smurfs."
The name "Smurfing" originates from the concept of numerous small creatures, like the blue cartoon characters, collaborating to achieve a larger objective.
This is how it usually works: A criminal with a large amount of illegal cash will enlist a team of "smurfs." These people are assigned to make many small deposits into different bank accounts, often at various banks. By keeping these transactions below reporting thresholds, they aim to avoid regulatory scrutiny.
Smurfs differ from mules because they understand their part of an illegal enterprise and anticipate a commission based on the money they process through the financial system.
It's simple work. Someone arrives and gives you $1800 or maybe $2500 in cash. You go to the bank and deposit it into your account. A few days later, you transfer it out, keeping a small commission for yourself. I've heard of individuals with valid accounts at ten or more banks making over a thousand dollars weekly.
Smurfing is attractive to criminals due to its simplicity and effectiveness. Banks and financial institutions must report large cash transactions, but by dividing the money into smaller amounts, smurfers can evade these controls. Once the funds are in the banking system, they can be further laundered through intricate transactions, making their origin increasingly difficult to trace.
Please help
As we witness the aftermath of Hurricane Helene in the Southeast, our hearts go out to those affected by this devastating natural disaster. We understand the immense challenges and hardships faced by many of our readers as they cope with the catastrophic losses and work to clean up and rebuild their lives.
Please consider making a donation the the American Red Cross or Mennonite Disaster Services to assist in the recovery.
https://www.redcross.org/donate/dr/hurricane-helene.html/
https://mds.org/story/mds-is-monitoring-the-destruction-from-hurricane-helene/
Some News…
The Delaware Association of Bank Security (DABS) has launched a new website. Pretty nice. Join DABS if you’re within a stone’s throw of the first state. https://dabs.org/
Inspired by Moses, the National Institute of Standards and Technology has finally released new guidelines for organizations. Your humble editor has long been advocating for these changes to bring them more in line with the rest of the industry. Why does it matter what NIST says? Because those of us who work in heavily regulated industries live and die by the beliefs of our auditors, and unfortunately, they believe what NIST and CISA tell them to believe. https://pages.nist.gov/800-63-4/sp800-63b/authenticators/#passwordver
Malwarebytes conducted a survey and found, are you sitting down for this, romance scams are a significant issue, with 66% of survey respondents targeted and 10% losing $10,000 or more. The majority of targets are over 55 and male, but 26% of victims are between 18 and 54 years old. In most cases, contact with victims occurs on social media and online dating apps, with social media scams resulting in the highest financial losses. Even more depressing, despite awareness efforts, 22.5% of those targeted by a romance scam lose $1000 or more. https://www.malwarebytes.com/blog/news/2024/09/romance-scams-costlier-than-ever-10-percent-of-victims-lose-10000-or-more
Do you know what an immutable blob is? Yeah, most of us don’t. Trustwave attempts to enlighten us all by explaining the concept and warning how attackers are using blobs to launch phishing attacks. https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/html-smuggling-how-blob-urls-are-abused-to-deliver-phishing-content/
Check fraud is booming, they say. Banks are running scared, they say. https://www.marketwatch.com/story/check-fraud-is-booming-fidelity-and-other-major-banks-are-playing-defense-heres-what-you-should-know-c639589e
The Electronic Frontier Foundation took the time to warn us that images of our homes are "everywhere on the Internet." Just because a scammer includes a picture of your house in a sextortion scam, it doesn't mean they've been sitting outside the home watching your everyday activities. You’re not that interesting. Really. https://www.eff.org/deeplinks/2024/09/new-email-scam-includes-pictures-your-house-dont-fall-it
This SANS Internet Storm Center post explains why you don’t click on a URL link that contains an @ sign. https://isc.sans.edu/diary/rss/31288
Cool Tool
Find email addresses for a specific domain. https://emailspy.aisprint.dev/
Cool Job
Investigator, Fraud Risk Management - Fulton Bank. https://careers-fult.icims.com/jobs/21116/job
Busy training month
In October, the International Association of Financial Crimes Investigators (IAFCI) has a busy schedule with multiple chapters holding training conferences and events. It's a great opportunity for professionals to gain insights, network, and stay updated on the latest developments in financial crime investigations. I highly recommend finding a conference or event near your location and attending to take advantage of this valuable opportunity.
Reader Mail
Re: Issue 201
“I have a lot of thoughts about your VPN scenario but all I’ll say is it’s only private until the Govt says it isn’t.” - Brian
You're absolutely right, Brian. That's the main point I was trying to make. Look at Telegram. They boasted about being completely private and never cooperating with any government. Now, the owner is in a French prison, and Telegram has agreed to work with government investigators.
It's funny how that happens.
Irrelevant
RIP Pete Rose. https://www.espn.com/mlb/story/_/id/41538454/pete-rose-all-mlb-hits-leader-dies-83
Sign Off
Welcome to October, AKA National Cybersecurity Awareness Month. How about we be cybersecurity aware every month, not just in October?
New subscribers are awesome - thank you for taking a chance and coughing up your email address. I promise never to spam you or use it for marketing purposes. I can’t say what Substack will do with it, but so far, it hasn’t been a problem!
Have a great week and see you next Tuesday.
Matt
Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinion and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.
cybercrime cybersecurity financial crime cyber fraud investigations AML cyficrime