Welcome to Issue 85 of the Threats Without Borders newsletter!
Well things change quickly. I had originally wrote a nice piece about our privilege to celebrate Independence Day, but it just didn’t seem appropriate for publishing after hearing of the Highland Park parade shooting.
Please keep the victims, their families, and the entire community of Highland Park in your thoughts and prayers.
Matt
OK…Keep Going
The Federal Trade Commission filed a lawsuit against Wal-Mart alleging the company willingly allowed criminals to use its money transfer services to facilitate fraud. The narrative laid out by the FTC is absolutely blistering. The suit claims the company “turned a blind eye” to the fraud while making millions of dollars in service fees. A FTC spokesperson stated “Consumers have lost hundreds of millions, and the Commission is holding Walmart accountable for letting fraudsters fleece its customers.”
Kudos FTC! Now don’t stop. Keep going. There are dozens of other companies that should be next! In fact, just open the app store, search “money transfer service” and pick one.
But can they do the job…
The FBI issued an advisory notice warning that stolen personal identifiable information (PII) is being by criminals used to apply for remote jobs with American businesses. Obviously the main concern is that threat actors will get hired by technology companies and then have access to internal networks. I can’t help to think that some of this activity is from those who legitimately want the job but don’t have any other way to access it, or are legally barred from obtaining it. If you can’t legally work in the United States then using the identity of an American citizen might be a viable option, albeit illegal. Setting up a bank account for payroll purposes would be easy enough once hired. And would anyone know the employee is actually in India, or Ukraine, or Vietnam, if the job is completely remote?
https://www.ic3.gov/Media/Y2022/PSA220628
Crypto-Royalty
A german woman known as “CryptoQueen” who was indicted for running one of the “largest Ponzi schemes in history” has been added to the FBI’s Ten Most Wanted list. The queen is the mastermind behind the OneCoin cryptocurrency pyramid scheme. The indictment alleges she exited the pyramid with at least 400 million dollars…so the bureau is offering a 100,000 dollar reward. Ahh, won’t the tipster just extort her for 101,000 dollars not to tell?
P2P payment apps are REALLY popular
A new survey by Lending Tree has found that peer-to-peer payment transfer apps are popular. Very popular in fact. 84% of all consumers say they have used a payment service application. That number jumps to 90% for those between age of 18-25 years old. This is a really well researched report and nicely written. Take a few minutes to read it.
https://www.lendingtree.com/personal/peer-to-peer-services-survey/
The Rest…
NFT marketplace OpenSea issued a breach notice after pwnd by a third-party vendor. https://opensea.io/blog/safety-security/important-update-on-email-vendor-security-incident/
The Ukrainian National Police dismantled an organization running a phishing scheme targeting Ukrainians seeking financial assistance. The bad guys obviously forgot Rule 1: Don’t target your own. https://www.bleepingcomputer.com/news/security/ukraine-arrests-cybercrime-gang-operating-over-400-phishing-sites/
Cisco Talos explains how it investigates ransomware domains being hosted on TOR. https://blog.talosintelligence.com/2022/06/de-anonymizing-ransomware-domains-on.html
Introducing “Smash and Grab” ransomware attacks - https://duo.com/decipher/astralocker-ransomware-proliferates-in-smash-and-grab-attacks
Cool Tool
Extract all of the images from any publicly accessible website.
Cool Job
Fraud Prevention Manager - Early Warning (Zelle)
Irrelevant
You can’t listen to AM radio in electric vehicles. Who knew? (other than owners of EV’s). https://blog.consumerguide.com/end-terrestrial-radio-electric-cars-radio/
Thank You for opening this weeks email and reading down to this section. I appreciate your time - feel free to let me know how I can do better to not waste it.
Matt
Brandolini’s Law - "The amount of energy needed to refute bullshit is an order of magnitude larger than to produce it."