Threats Without Borders - Issue 207
Cybercrime Investigation Newsletter, week ending November 3, 2024
I did several educational events in October, including two where the audience was entirely older adults. I discussed the current fraud schemes that target senior citizens and how they can avoid victimization. The last question of the day was, "What is the “one thing” everyone can do to help protect themselves from online fraud?" Coincidentally, the same question is asked when I speak to younger adults about the responsible use of technology and avoiding victimization. Although the schemes come in different flavors, members of both age groups become victims for two primary reasons: lack of experience and a failure to apply sound reasoning.
While there are actually many ways to answer the “one thing” question adequately, here is one that always seems to satisfy the audience.
Everyone needs a trusted counselor in their life. Someone other than a person who lives in the same house. I give the example of my wife and me being together for so long that we generally see the world through the same lens. While we have different views on my cars, the value of good bourbon, or who should empty the dishwasher, we are absolutely in sync on most important topics. I'm certain we would give near-exact answers if you surveyed us on finances, politics, or raising children. This is where older adults go astray so many times. They seek advice about a questionable financial transaction from a spouse or someone else they spend the majority of their time with. The chances are this person will see the problem through lenses shaped by similar lived experiences. And they are probably just as inexperienced with modern technology and how it is used to facilitate fraud.
Talking to a trusted person who doesn't live in your house and has a different worldview is one of the best ways to prevent financial victimization. In many cases, older adults fear seeking advice from their grown children as they don't want to appear vulnerable or incapable of taking care of themselves. Alternatively, they should speak with a trusted neighbor, someone at the senior center, their banker, or even call the local police.
Most of the current fraud schemes require the victim to make hasty decisions. Inexperience, lack of information, and fear are what the fraudsters prey upon. Explain the need to slow the game down to get a better view and allow time to consider alternative options. Evaluate the issue and what you're being asked to do. Seeking counsel from a trusted person who sees the world from a different perspective usually reveals that the offer is indeed too good to be true.
And that is the one thing that will certainly reduce the victimization of older adults.
Some News…
A former Disney World manager has been charged for allegedly hacking Disney’s proprietary “Menu Creator” system following his contentious termination in June 2024. The FBI’s criminal complaint details a series of cyberattacks over three months, from mid-June until September 2024, that disrupted Disney’s restaurant operations. The suspect reportedly exploited his insider knowledge to alter menu data, making unauthorized changes to fonts, prices, and even adding profanity. Disney claims the attacks caused over $150,000 in damages and required it to suspend its menu operations temporarily. An FBI investigation traced the cyberattacks back to the man’s computer. https://www.documentcloud.org/documents/25260103-govuscourtsflmd43363910?ref=dysruptionhub.zba.bz
A widespread shopping scam, "Phish 'n' Ships," has reportedly bilked millions of dollars from consumers over the past five years. This scam, active since at least 2019, involves hacking legitimate shopping websites and redirecting unsuspecting consumers to fake online shops. These fake shops sell hard-to-find items but never deliver the products. The scam works by using malicious code that creates fake product listings and adds metadata, causing these fake listings to appear near the top of search engine rankings. When a consumer clicks on one of these links, they are sent to another website controlled by the cybercriminals, where one of four targeted third-party payment processors collects credit card information, confirming a 'purchase' but never delivering the product. The scammers have infected more than 1,000 websites to create and promote these fake product listings and have built 121 fake web stores. https://therecord.media/shopping-scam-thousands-sites-phishing
Is it Quishing or QRishing? I’ve heard it both ways. QRishing seems more appropriate but the super-popular kids on Linkedin like to say Quishing. Anyways, QR codes are dangerous. https://securityintelligence.com/articles/quishing-growing-threat-hiding-plain-sight/
The Federal Trade Commission (FTC) has taken legal action to stop a fraudulent scheme that has swindled over $12 million from consumers since 2022, by promising high returns through selling products on Amazon and Walmart. The scheme has made false claims that consumers could earn substantial income by paying tens of thousands of dollars to establish online e-commerce businesses. https://www.ftc.gov/news-events/news/press-releases/2024/10/ftc-takes-action-stop-online-business-opportunity-scam-has-cost-consumers-millions
Researchers at Zimperium discuss the evolving functionality of “FakeCall malware,” a sophisticated Vishing attack that leverages malware to take control of Android devices and deceive users into divulging sensitive information. https://www.zimperium.com/blog/mishing-in-motion-uncovering-the-evolving-functionality-of-fakecall-malware/
Reader Mail
Matt, at some point, you posted a todo list for new financial crime investigators. I’m making a resource guide for my agency and would love to add it. Can you send that to me?
Sure thing, Chris!
Review and understand your state's financial and cyber-associated criminal statutes. What’s the difference between identity theft and identity fraud? How is hacking defined? Familiarize yourself with the pertinent case law as well. Do you know important legal concepts like Carpenter v. United States' restrictions on the government seeking data from third parties? Have you read the Van Buren ruling to see how computer trespass is applied under the Computer Fraud and Abuse Act?
What are your agency's policies concerning what cases get assigned for investigation and what don’t? You can’t investigate every theft and fraud that gets reported. If you don’t have loss limits written in the policy - ask to create some. Be able to explain to victims why you aren’t investigating their case and have the policy to back it up so you aren’t accused of favoritism or prejudice. “Yes, sir, I understand your credit card was used to purchase a case of beer in Texas while you were in Pennsylvania. And I agree that it’s absolutely a crime, but we won’t be conducting an investigation. AND HERE IS WHY….
Contact your prosecutor’s office of get clarification on what cases they will accept. There is no use investing effort into a case where the suspect is on the other coast if your prosecutor won’t extradite. When will they approve extradition? Is it based on the grading of the violated statute or the amount of financial loss?
Identify the financial institutions in your jurisdiction and make some new friends. Introduce yourself to the security and fraud teams. Explain your agency's policies and learn theirs. Host a meeting and bring everyone into your house for a meet-and-greet. A box of donuts and an hour of your time will pay 10X dividends. Building and maintaining relationships is critical to being a successful cyber-financial crime investigator.
Learn how money flows through national and worldwide financial systems. Understand the difference between an ACH and a Wire. How does a bank recall these transfers, and when is it too late? What is Swift? How about FedNow?
Master the basics of computer networking. Understanding how digital devices talk to each other is essential. You must be able to explain these concepts to others, specifically in search and arrest warrant affidavits. Additionally, it will help you know when a suspect is bullshitting you.
Learn how to use a spreadsheet. Everything is coming to you in CSV - Comma Separated Value. Your life will be so much easier if you are proficient with Excel and/or Google Sheets.
Develop a note-taking method and document everything. If someone shares contact information for an attorney at Google, save it. If someone shares a search warrant for an Internet Service Provider, copy out the affidavit language and save it. Read an insightful article about examining evidence from a mobile phone, save it.
Dress the part. You may be a cop, but you’ll spend significant time in business. Your polo shirt, BDU pants, and 5.11 tactical shoes aren’t going to cut it. Neither will a pastel-colored shirt, matching paisley tie, and non-altered pants. Buy a nice dark-colored suit or two, along with some fashionable “business casual' attire.
And finally, NEVER STOP LEARNING. Continuous education and training is essential. The technology is ever-changing. The bad guys are changing their TTP’s (tactics, techniques, and procedures) daily to remain a step ahead. Be intentional in your learning. Read every day. Watch videos every day. Ask questions of those more experienced than you every day.
Cool Tool
What marketing tools is a company using? https://www.glimpsehq.io/
Old, old, tip, but still very applicable. Get more out of your Gmail address. https://gmail.googleblog.com/2008/03/2-hidden-ways-to-get-more-from-your.html
Maigret collects a dossier on a person by username only, checking for accounts on a huge number of sites and gathering all the available information from web pages. https://github.com/soxoj/maigret
Cool Job
Halloween is over, but we still are aware of ghost jobs. Ghost jobs, or job postings for positions that aren't actually open, are becoming increasingly common in the tech industry, particularly for recently laid-off workers. These fake listings, often posted on platforms like LinkedIn, can serve multiple purposes, some potentially harmful to job seekers and current employees alike. https://www.cultofmac.com/news/ghost-jobs
Head of Fraud - Varo Bank. https://jobs.lever.co/varomoney/40316b2b-42bd-4383-96c6-de12fd711e5b
Irrelevant
Toronto has a car theft problem. Who knew? https://toronto.ctvnews.ca/auto-theft-probe-leads-to-arrest-of-59-suspects-recovery-of-more-than-300-stolen-vehicles-toronto-police-1.7095328
Learning
CyberSocialCon - December 10-12. Free and online.
Sign Off
You came back. Great! Come back next week for Issue 208 (208/52=4) and bring a bunch of your friends!
Matt
Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.
cybercrime cybersecurity osint cyber financial fraud investigations cyficrime