I’ve been thinking a lot about crime control in regards to cyber-financial crime. Traditionally, crime control was strictly the business of the police, and any non-law enforcement or private agency that attempted to assist or interject, was looked upon with suspicion, contempt, and most times viewed as wholly incompetent. Rent-a-Cops, Wanna-be’s. Blarts. But the script has completely flipped with cybercrime. While law enforcement agencies are necessary and serve a definitive purpose, the real work is being done on the private side with law enforcement being viewed as an after-thought. An inconvenience. So much so, that legislation is being planned that requires entities to notify law enforcement of security breaches.
Has anyone seen my segway?
DeFi . Defy what?
If you work financial crime and fraud investigations you better get up to speed on DeFi - Decentralized Finance, and quickly. This explanatory article published on the CoinDesk site is a good place to start. It’s from September of last year but is still on point. Check out this piece on Ethereum.org also. https://ethereum.org/en/defi/#what-is-defi https://www.coindesk.com/tech/2020/09/18/what-is-defi/
The Perfect Getaway
In this article, John Hammond describes cryptocurrency as the “perfect getaway car” for those committing financial crime. He’s right. It’s almost as if digital currency was designed for….hey wait a minute! https://threatpost.com/financial-cybercrime-cryptocurrency/169327/
Out of the nest…
This Mimecast article about threat actors recruiting new college students as money mules is pretty vanilla. But it brings up an important point that we should be discussing…particularly if you have a new college student in your family. Criminals are going to target you, young fledgling. Criminals know that for many college students this is the first time they have lived on their own, out from under the protection of their parents, and they are hesitant to seek wise counsel - out of fear of looking incapable of making it on their own. Unfortunately, many prove just that… they are incapable of making it on their own. https://www.mimecast.com/blog/money-mule-recruitment-scam-targets-higher-education/
Flag these words
Use this information from email security vendor Expel to fine-tune your phishing protection mechanisms. The post details the top keywords from over 10,000 phishing emails they analyzed. If an email contains one of these keywords in the subject line - flag it! Better yet…train your employees to recognize the keywords! https://expel.io/blog/top-phishing-keywords/
The Rest…
In total, 91% of IT pro’s surveyed said that they have felt "pressured" to compromise security due to the need for business continuity during the COVID-19 pandemic. https://www.zdnet.com/article/91-of-it-teams-have-felt-forced-to-trade-security-for-business-operations/
Man pretends he is a U.S. Navy SEAL (he never even served) to defraud the Veterans Affairs health system of over $300,000 in care and benefits and gets sentenced to over three years on prison. https://www.justice.gov/usao-edpa/pr/bucks-county-man-sentenced-over-three-years-faking-military-hero-status-and-stealing
Intel471 expose of the Groove ransomware group, also maybe the former Babuk group. https://intel471.com/blog/groove-gang-ransomware-babuk-revil-blackmatter
Comparitech researchers find that US$197 is the average price of a hacked PayPal account or balance transfer, or 9.2 cents per dollar in the account balance. On the bright side, the price for card numbers is down. https://www.comparitech.com/blog/vpn-privacy/dark-web-prices/
The iPhone 13 will offer a 1TB storage option - reportedly. All of you mobile forensic examiners better start bulking up on the hardware. https://9to5mac.com/2021/02/28/report-iphone-13-to-offer-1-tb-storage-option/
The US Federal Trade Commission (FTC) warns of extortion scammers targeting the LGBTQ+ community via online dating apps such as Grindr and Feeld. https://www.bleepingcomputer.com/news/security/ftc-warns-of-extortionists-targeting-lgbtq-plus-community-on-dating-apps/
Cool Tools
Reverse phone number look-up - Spydialer.com
Cool Job
Manager of Security - Minor League Baseball
“IT’S OKAY TO SAY, “I DON’T KNOW ENOUGH ABOUT THIS TO HAVE AN OPINION.” - someone smarter than me.
I was recently asked if there is a difference between those that work in federal law enforcement and those in local law enforcement. I responded, the local investigator usually focuses on catching the bad guy. The federal investigator will be focused on how we catch the bad guy. Neither is right and neither is wrong, but each could use a little more of the other.
Thanks for opening the email. See you next Tuesday.
Matt