Welcome to Issue 87 of the Threats Without Borders newsletter.
It’s been a while since I reminded you of my Start.me page where I maintain a curated list of Open Source Intelligence (OSINT) tools. These are the web resources that I utilize everyday while conducting my own investigations. Feel free to pin it to your bookmark bar for easy access.
https://start.me/p/jjo29z/matt-s-osint-page
Can anyone tell me where all the corn went? Not the crappy ethanol-gas making corn, the salty-buttery delicious corn. Corn-on-the-Cob seems to have gone the way of baby formula and computer chips. I live in Pennsylvania, it’s mid-July, and there isn’t a damn ear of bi-color sweet corn to buy. What is going on? You can’t blame this on covid or Putin.
There’s a joke in there
The Pennsylvania Department of Revenue has issued a warning about businesses receiving scam letters seeking sensitive information. The letter informs the business it is under investigation by the department and needs to release information to a “Resolution Officer”. The scammers then use the information to obtain financial records to facilitate additional fraud. https://www.pennlive.com/news/2022/07/threatening-scam-letters-have-pa-revenue-name-logo-be-on-high-alert.html
Quickbooks - Quickscam
Researchers at INKY have uncovered a group abusing the small business accounting software Quickbooks. The attack takes advantage of the 30-day free trial offered by the software publisher. The attackers use the free trial to send out phony business invoices. As described by INKY, the victim business is presented with an invoice or order confirmation noting their credit card had been charged. To dispute the charge, they needed to contact the phone number in the email. Once the victim called, a scammer attempted to obtain login credentials, credit card info, and other personally identifiable information. https://www.inky.com/en/blog/abused-quickbooks-site-sends-phone-scam-emails
Stealing Paypal Via Wordpress
Attackers showed their hand when they inserted the malicious code into a Wordpress honeypot operated by Akamia researchers. The attack simulates the Paypal payment portal and collects all of the users credentials as they are entered into the form. There are 400 million Paypal users and over 455 million websites that run the Wordpress platform. That’s A LOT of potential victimization! https://www.bleepingcomputer.com/news/security/paypal-phishing-kit-added-to-hacked-wordpress-sites-for-full-id-theft/
Two apologies
First, for suggesting an article in the Washington Post. And second, it’s behind a paywall. But…if you happen to have a subscription, or know how to bypass the paywall, this is a great article exploring mental aspects of the “non-stop scam economy”. The article explores the victimization of both those that actually fall for a scam and those that live with daily scam attempts - or the rest of us. https://www.washingtonpost.com/technology/2022/07/13/scam-fraud-fatigue/
The Rest…
If you have an extra £3750 (4400 USD) laying around, then you can purchase the recently released report “Online Payment Fraud” from Juniper Research. It seems like an excellent research - but I’ll never afford to read it. https://www.juniperresearch.com/researchstore/fintech-payments/online-payment-fraud-research-report
Nigerian Man Extradited For Multimillion Dollar Fraud Scheme where he impersonated procurement officials of state, local government, and educational institutions. https://www.justice.gov/usao-sdny/pr/nigerian-man-extradited-multimillion-dollar-fraud-scheme-which-he-impersonated
New Jersey man pleads guilty to stealing 2.3 million dollars from his employer. (Again) how did it get to that point? https://www.justice.gov/usao-nj/pr/middlesex-county-man-admits-embezzling-237-million-his-employer-while-controller-company
WhatsApp users are getting tricked into using a fake version of the app. https://blog.malwarebytes.com/cybercrime/2022/07/whatsapp-warns-users-fake-versions-of-whatsapp-are-trying-to-steal-your-personal-info/
Cool Tool
Browser extension for blocking those damn annoying chatbot pop-ups.
Convert web articles to plain-text (or maybe bypass a paywall)
Cool Job
Financial Crimes Training Manager (Remote) https://www.infinity-cs.com/jobs/compliance-legal-jobs/financial-crimes-training-manager-remote1/FL
Irrelevant
Awesome weather maps - https://www.ventusky.com/
Thank you for opening the email. Please consider giving the issue a like and a share.
Matt
Danth’s Law – “If you have to insist that you’ve won an internet argument, you’ve probably lost badly.”