A quick program note for those of you who have created a Substack account; A new RSS feed reader has been released so you can pull all of your subscriptions, including Tw/oB, right into the desktop reader. This may be beneficial to those that use email accounts that keep kicking the newsletter to the spambox or dropping it entirely.
The editorial of Issue 96 spurred several comments. Another benefit of creating a Substack account is the ability to comment directly to the newsletter where others can reply. I like email responses as well, so whatever you prefer.
Reader comments through email:
"Your question "why isn't there a national law..." was answered later in the newsletter with the article that feds are just now creating a task force to address the covid fraud."
"Hi Matt, Just wanted to share that I had a similar case the first part of last year. Same scam – tech support installed remote access software and then proceeded to have the elderly couple wire transfer $500,000 in 30 days. The couple were told they were moving the money into a “private account” to protect their assets. The scammers pretended to be their bank and their investment firm. The banks should do more to protect elderly customers. They use so much AI, how about one that alerts the bank when an elderly client (they have the person’s DOB when they open the account) begins moving large sums of money via wire transfer (activity that is unusual for the account)."
"Matt, don't let those banks off the hooks. They can absolutely stop those wires from going if it looks like fraud. The employees that processed those transactions aren't trained or don't care."
Reason Labs claims to have uncovered a massive credit card fraud operation that has been operating continuously since 2019. If the documentation provided is all legitimate then it is one of the largest and most profitable cyber fraud operations of recent times. The group is operating a massive network of counterfeit dating and porn websites with functional customer support capabilities. The actors then connect credit card processing services to the websites and start running through card numbers obtained from darknet carding sites. The actors use several methods to escape detection of the card processor companies and avoid chargebacks -
Charge small amounts that are not suspicious to the individual.
Use generic names so individuals won’t be aware of what this charge is about.
Use a website where a user can request to cancel their subscription. The fraudsters will actually cancel and charge the customer back in order to minimize the issuer’s requests for chargeback, hence lowering the chargeback rate.
Offer a toll-free number for individuals to call and cancel the transaction, making the site seem more legitimate in comparison to other similar schemes that won’t use any customer-facing component.
This is a must read report. https://reasonlabs.com/research/credit-card-scam-report
Holla’back Y’all
This Avertium article introduced me to a new term to describe a specific phishing attack. I am well familiar with the attack, but it’s the first time I’ve heard it referred as “Callback Phishing”. And it makes perfect sense. The article explains “Callback phishing is a type of phishing attack that impersonates a business. The attack starts off as a phishing email, typically claiming that the victim needs to renew a subscription or pay a bill for a service that they did not purchase. The email contains a “customer service” phone number with direction to call if the victim has questions and concerns.” You call the bad guys back. Get it? https://www.avertium.com/resources/threat-reports/everything-you-need-to-know-about-callback-phishing
Insider threats are always bad
Employees who damage an organization aren’t always malicious. Sometimes they lack training. Sometimes they’re lazy or careless. And sometimes they’re just stupid. All are bad, no matter the flavor. Cisco Talos issued an informative report outlining the extent of which employees are being used to launch attacks against organizations. The report reminds us that a key component of the employee who turns malicious is financial distress. The current economic downturn is even more reason to be on the alert for employees who may look to better their financial situation through access, especially within highly targeted organizations (I’m looking at you Financial and Educational orgs). https://blog.talosintelligence.com/2022/09/insider-threats-increasing.html
DDOS This
Although Dedicated Denial of Service Attacks (DDOS) rarely make the headlines of national news agencies like ransomware attacks do, they are just as damaging and costly. Imagine having your website shut down on the busiest sales day of the year or on the day of your product launch. An attack can cripple a business. Imperva recently blocked an attack that directed over 25.3 billion requests to the target in 4 hours. Golly. Imperva explained “This specific attack was launched from a massive botnet of almost 170,000 different IPs, including routers, security cameras and compromised servers. This network includes compromised devices from over 180 countries, although most are based in the US, Indonesia, and Brazil.”. https://www.imperva.com/blog/record-25-3-billion-request-multiplexing-attack-mitigated-by-imperva/
Don’t Get Jugged
We’re learning all kinds of new words and terms this week. This headline exclaims a Houston man was arrested for “Bank Jugging”. The article explains “jugging occurs when a thief patiently observes customers inside or outside the bank, the thief follows the customer, then burglarizes the vehicle or victim directly”. A Google search of “jugging” reveals that it’s actually a well know term, especially in Texas. Know you now! https://www.fox26houston.com/news/houston-man-bank-jugging
The Rest…
Experts warned Congress that payment apps developed in China and Russia pose a national security threat. Duh. https://www.cyberscoop.com/alternative-payments-sanctions-cryptocurrency/
The Department of Justice announced charges against 47 defendants for their roles in a $250 million fraud scheme that exploited a federally-funded child nutrition program during the COVID-19 pandemic. https://www.justice.gov/opa/pr/us-attorney-announces-federal-charges-against-47-defendants-250-million-feeding-our-future
Woman faces felony charges after using another woman’s bank account to gamble online and take out a line of credit. https://triblive.com/local/valley-news-dispatch/arnold-woman-accused-of-stealing-bank-account-information-to-gamble-online-get-loan/
Cool Tool
Check for domain Typosquatting - https://haveibeensquatted.com/
Cool Job
Manager of Fraud - Fanatics Collectibles. https://jobs.lever.co/fanatics/55b30e24-745b-4480-947c-e43df5a1f478
Manager of Global Intelligence and Threat Analysis - NFL. https://hdmm.fa.us6.oraclecloud.com/hcmUI/CandidateExperience/en/sites/CX/requisitions/preview/220571?sid=27
Irrelevant
Twitter is not reality.
Thanks for finding the newsletter. With so much competition for your attention, I appreciate that I won a little bit of it.
Matt
“If you have any doubt at all about being able to carry a load in one trip, do yourself a huge favor and make two trips.” - someone smarter than me.