Threats Without Borders - Issue 209
Cybercrime Investigation Newsletter, week ending November 17, 2024
Several people at my organization have mentioned a significant increase in non-election spam and scam calls in the past week or two. Is it possible that those call lists used by political parties, pollsters, and special interest groups during the 2024 Elections have found their way into the hands of criminals? The calls and text messages I received during the campaign indicated that the caller or sender not only knew my name and phone number, but also my political party. I assume this information could only have come from voter rolls. Is the government responsible for giving out the contact information for every voter in America, which criminals are now using to target every voter in America? Surely, I’m just jaded and delusional.
Recently, I have encountered the term “keyboard robbers” used in several news articles to describe digital fraudsters, which I find problematic. No, it’s just wrong. Traditionally, robbery is defined in nearly all jurisdictions in America as “theft conducted through the use of force.” Some jurisdictions elaborate this definition to include phrases like “or threat of force” and “force however slight.” The critical element differentiating robbery from theft—also known as larceny in certain states—is the presence or threat of force.
Being scammed on the Internet can involve threats of physical force, but in most cases, it’s achieved through manipulation, trickery, or social engineering. In the instances where I found the term being used, it was just that: social engineering. The victims were tricked into becoming victims, not through a threat of physical force. Or even “however slight.”
The News…
Analysts at EclecticIQ have identified a Chinese threat actor, SilkSpecter, who is targeting Internet shoppers in Europe and the USA with phishing campaigns disguised as Black Friday discounts. The threat actor uses fake discounted products to lure victims into providing their sensitive financial and personal information, exploiting legitimate payment processors like Stripe to enhance the credibility of their phishing sites. https://blog.eclecticiq.com/inside-intelligence-center-financially-motivated-chinese-threat-actor-silkspecter-targeting-black-friday-shoppers
A 17-year-old boy has been arrested and charged with second-degree and third-degree criminal possession of stolen property after being caught with 24 stolen US Treasury checks worth $91,396.38. https://dailyvoice.com/new-york/newrochelle/teen-caught-with-over-90k-in-stolen-us-treasury-checks-in-new-rochelle-police/
Nice try, Wired. This article claims, “Donald Trump has vowed to deport millions and jail his enemies. To carry out that agenda, his administration will exploit America’s digital surveillance machine. Here are some steps you can take to evade it.”. Sorry folks, if you must rely on an article written in a magazine like Wired to secure your privacy, you're already beaten. https://www.wired.com/story/the-wired-guide-to-protecting-yourself-from-government-surveillance/
FinCEN (Financial Crimes Enforcement Network) has released a report regarding fraud schemes that involve deepfake artificial intelligence. The alert outlines the typologies related to these schemes and provides red flag indicators to help identify and report suspicious activities. It also reminds financial institutions of their reporting obligations under the Bank Secrecy Act (BSA). Additionally, this alert is part of the U.S. Department of the Treasury's broader initiative to inform financial institutions about the opportunities and challenges associated with the use of AI. https://www.fincen.gov/sites/default/files/shared/FinCEN-Alert-DeepFakes-Alert508FINAL.pdf
A priest based in Washington County has pleaded guilty to felony theft for misappropriating hundreds of church donation checks, which he signed and deposited through ATM transactions for personal use. Kudos to the Attorney General’s agents for bringing this case to a successful outcome. https://www.attorneygeneral.gov/taking-action/washington-county-priest-pleads-guilty-to-stealing-church-donations-pays-155k-in-restitution/
More bad news for the United States Post Service, literally. You probably couldn’t write a more damning opening paragraph than this one written by NBC News: “Criminals are infiltrating the United States Postal Service. They’re punching clocks on the way in and robbing the USPS blind on the way out. Some are connected to organized crime and drug trafficking. But most are likely rank-and-file employees pocketing credit cards, checks, gift cards, medication, and other valuables.” https://www.nbcsandiego.com/news/investigations/postal-worker-mail-theft-stolen/3674589/
Speaking of mail systems, a recently identified malicious campaign uses physical letters with QR codes to deliver a banking Trojan called Coper. The letters are disguised as official communications from MeteoSwiss, a Swiss weather agency, and encourage recipients to download a fake "severe weather app." Scanning the QR code leads to installing Coper, which can steal banking credentials and remotely control devices. It’s only a matter of time before this attack is adapted for an American audience and delivered by the U.S.P.S. https://www.malwarebytes.com/blog/news/2024/11/malicious-qr-codes-sent-in-the-mail-deliver-malware
This story gets its own section
Every so often, you hear of a criminal scheme that is so unbelievable that it makes you smile and appreciate that someone tried to pull it off. Well…
This brilliant quartet claimed that a bear entered their 2010 Rolls Royce Ghost while they were in Lake Arrowhead (CA) and caused interior damage. They provided video footage to their insurance company, which showed the alleged bear in the vehicle.
“Upon further scrutiny of the video, the investigation determined the bear was actually a person in a bear costume.”
The detectives executed a search warrant and found the bear costume in one of the suspect’s homes.
https://www.insurance.ca.gov/0400-news/0100-press-releases/2024/release056-2024.cfm
Cool Tool
Expand a short link to see where you’re going before you click it. https://www.expandurl.net/
Hindsight - FOSS python tool to parse web artifacts from any chromium-browser (obviously, you must have access to the browser files) https://github.com/obsidianforensics/hindsight
Check those BIN codes - https://www.bincodes.com/bin-checker/
Cool Job
Director of Fraud - Citadel Credit Union. https://recruiting.ultipro.com/CIT1012CITAD/JobBoard/69156559-163e-4102-92c8-43771e19e8e5/OpportunityDetail?opportunityId=ae493c59-2863-4b08-8383-a783bb037e78
DFIR
Alex Brignoni invited Chris Vance from Magnet Forensics to the Digital Forensics Now Podcast to discuss the recent complications caused by iPhones running iOS 18 rebooting after specific periods of inactivity.
Relevant
Someone’s having one hell of a pool party, and Fieri and Hagar are paying the tab. Guy Fieri and Sammy Hagar are partners in producing Santo Tequila. Someone swiped their entire stock. https://www.thedrinksbusiness.com/2024/11/more-than-24000-bottles-of-tequila-missing-after-trucks-hijacked/
Irrelevant
This is, seriously, hands down, one of the best writings on careers and management I’ve ever read. It also perfectly covers the topic from the view of the employee and employer. If you are an employee…read this. If you are an employer…read this. https://charity.wtf/2024/10/11/how-hard-should-your-employer-work-to-retain-you/
Sign Off
It’s “International Fraud Awareness Week”. Meh. Fraud is happening; we’re all aware of it. And let’s try to prevent it all 52 weeks of the year, not just the one.
What motivates us to work? I found a fantastic TED Talk from 2012 by psychologist Dan Ariely, who determined that we are encouraged to do our best work by 1) making constant progress and 2) feeling a sense of purpose. This is certainly true for me. Watch Ariely’s talk: https://www.ted.com/talks/dan_ariely_what_makes_us_feel_good_about_our_work?subtitle=en
Thanks for giving another issue a chance. See you next Tuesday!
Matt
Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or preventing or investigating technology-enabled fraud, theft, or money laundering.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.
cybercrime cybersecurity cyficrime cyber aml fraud investigation osint dfir