The last TW/OB newsletter of 2021. As the year comes to an end, I’d like to thank all of you who subscribe to the newsletter. Knowing I have dedicated readers that open the email each week motivates me to keep writing. I’ll keep writing as long as you keep opening the emails. Thank You!
I encourage you to focus on professional development in 2022. Two fantastic resources for you to consider:
Join your local chapter of the International Association of Financial Crime Investigators. The IAFCI is a very active organization that offers training and social networking opportunities to those professionally engaged in combating fraud and financial crimes. The organization is open to both financial industry security and law enforcement practitioners. Connecting with your local chapter is one of the best ways to better yourself as a professional in the new year.
The National White Collar Crime Center (NW3C) is a fantastic training resource for those of you affiliated with a law enforcement agency. Their cyber and financial crime training catalog is unrivaled. They offer both in-person and online courses and it’s free! The only catch is that you must be employed by a Federal, State, Local or Tribal government. I have received training from dozens of training providers including the FBI, Homeland Security, SANS Institute, hold a graduate degree in digital forensics, and I still consider the training I’ve received from NW3C to be some, if not, the best.
Calling them out
Meta, parent company of Facebook, has released a report that calls out several private security companies for “hacking and other offenses”. The report calls the companies “cyber mercenaries” and “purveyors of digital espionage”. Meta has suspended over 1500 Facebook accounts traced to the various companies. I’m not a fan of Facebook but this report is impressive. Both in its clarity and boldness. If you can only read one thing this week - make it this report. https://about.fb.com/wp-content/uploads/2021/12/Threat-Report-on-the-Surveillance-for-Hire-Industry.pdf
Job Security
The International Telecommunication Union estimates that 37% of the worlds population has never used the Internet. Um, that 37% equates to 2.9 BILLION people. Undoubtedly, a significant portion of those people will be coming online each year for years to come. And rest assured, the cybercriminal will be laying in wait to take advantage of their ignorance and inexperience. Internet security and policing professionals will need to increase in proportion. https://www.itu.int/hub/2021/11/facts-and-figures-2021-2-9-billion-people-still-offline/
Proof of what we know
T-Mobile released their 2021 Scam report and guess what - scam attempts using the T-Mobile network are up 116% from the numbers of 2020. Of course it is. The report also provides some unexpected findings such as the reduction in scam calls on the holidays of Easter and Christmas. I’d like to think it’s scammers respecting the sanctity of the holidays but I’m sure there is some other reason based on their prior experience. https://www.t-mobile.com/news/devices/t-mobile-releases-2021-scam-and-robocall-report
And more proof of what we know…
Government is rarely the answer and there is no better example than the administration of social welfare programs. The distribution of Covid-19 pandemic relief funds must be one of the greatest government blunders of all time. The Secret Service released a new report detailing that over 100 BILLION dollars of the disbursed funds was directed to criminals. This is not news to those of us who work the front lines as we dealt with the victimization everyday. Still, it’s shocking to see a government agency admit the failure and detail the true amount of lost dollars. It would be laughable if not so tragic. https://www.cnbc.com/2021/12/21/criminals-have-stolen-nearly-100-billion-in-covid-relief-funds-secret-service.html
The Rest…
Malware group executes a phishing campaign using “You’re Fired” emails. Obviously it’s effective. https://www.bleepingcomputer.com/news/security/dridex-malware-trolls-employees-with-fake-job-termination-emails/
Users of NFT marketplace Fractal get scammed through a Discord exploit. https://www.theverge.com/2021/12/21/22848840/scammers-steal-crypto-nft-project-fractal-discord-hack-solana
Phillipsburg, NJ truck lot was the epicenter of insurance fraud . https://www.pennlive.com/news/2021/12/nj-area-truck-stop-allegedly-at-center-of-multimillion-dollar-insurance-scheme.html
How safe is your password? Researchers discuss how secure a password can actually be. https://www.digitalinformationworld.com/2021/12/researchers-shared-insights-on-how.html
Cool Tool(s)
SingleFile - Save any webpage as a single html file. Saves directly to your download folder. https://chrome.google.com/webstore/detail/singlefile/mpiodijhokgodhhofbcjdecpffjipkle
(Advanced Users): MailCat - Validate email addresses from 60 different mail providers. https://github.com/sharsil/mailcat
Cool Job
Financial Crimes Emerging Risk Analyst - Cash App (remote)
Irrelevant
Confessions of a Loan Shark - City Journal. https://www.city-journal.org/john-maxie-shackelford-boston-gangland-war
“SUCCESSFUL PEOPLE ARE SIMPLY THOSE WITH SUCCESSFUL HABITS.” — — someone with better habits than me.
I trust that all of you had a merry Christmas. Now have a safe New Year holiday and I’ll see you in 2022!
Matt
I didn’t forget.
Homophones are hard.
Satire - A literary work in which human foolishness or vice is attacked through irony, derision, or wit.
Satyr - A woodland creature depicted as having the pointed ears, legs, and short horns of a goat and a fondness for unrestrained revelry.