Last week I spoke to a group of older adults at the local senior center to discuss the current fraud schemes that target senior citizens and how they can avoid victimization. The last question of the day was, "what is the one thing anyone can do to help protect themselves from online fraud?" Inevitably, the same question is asked when I speak to younger adults about the responsible use of technology and avoiding victimization. Although the schemes come in different flavors, members of both age groups end up as victims for two primary reasons: lack of experience and a failure to apply sound reasoning.
Everyone needs a trusted counselor in their life. It should be someone other than a person that lives in the same house. I give the example that my wife and I have been together for so long that we generally see the world through the same lens. While we have different views on my cars, the value of good bourbon, or who should empty the dishwasher, we are absolutely in sync on the majority of important topics. I'm certain we would give near exact answers if you surveyed us on finances, politics, or raising children. This is where fraud victims go astray so many times. They seek advice about a questionable financial transaction from a spouse or someone else they spend the majority of their time with. The chances are this person will see the problem through lenses shaped by similar lived experiences. And they are probably just as inexperienced with modern technology and how it is used to facilitate fraud.
Talking to a trusted person who doesn't live in your house and has a different worldview is one of the best ways to prevent financial victimization. In many cases, older adults fear seeking advice from grown children as they don't want to appear vulnerable or incapable of taking care of themselves. Alternatively, they should speak with a trusted neighbor, a life-long friend, someone at the senior center, or even call the local police.
Most of the current fraud schemes require the victim to make hasty decisions. Inexperience, lack of information, and FEAR are what the fraudsters prey upon. Slow the game down to get a better view and allow time to consider alternative options. Seeking counsel from a trusted person who sees the world through a different viewfinder usually reveals that the immediate opportunity really is too good to be true.
Myth Busters
I recently heard a speaker attempt to dispel several “myths” about the pre-paid card industry. One of the myths he attempted to bust was that “Gift cards are the preferred currency of fraud”. Or something along those lines, attempting to negate the impact gift cards have on international fraud and victimization. Clearly all of the empirical evidence, observed everyday by actual fraud investigators, show his “busted myth” to be, busted. Gift cards are absolutely one of the main drivers of fraud. Maybe second only to digital currency.
Case in point; A Virginia man pled guilting to federal wire fraud charges in the Middle District of Georgia for his part in a large scale Wal-Mart gift card scheme that victimized hundreds across the country. The man is connected to 1,649 transactions using 1,271 different Walmart gift cards between Feb. 19 - March 29, 2021, totaling $533,341.75. The associated Walmart gift cards were purchased by over 370 different victims located in all 50 United States and Puerto Rico.
This is anecdotal, but there is no shortage of similar stories to support the fact that gift cards drive fraud and to say different is just card industry propaganda.
Watching NOD’s
Akamai researchers instituted a new approach to monitor NOD’s - newly observed domains - and determined 20% per month are malicious. In fact, in the first half of 2022 they marked 79 million new domains as fraudulent. Think about that for minute. This is a very real measure of the current cyber threat landscape. https://www.akamai.com/blog/security-research/newly-observed-domains-discovered-8-million-malicious-domains
IRS issues warning
The Internal Revenue Service warned of an increase in IRS themed smishing messages targeting American tax payers. Smishing is the same as phishing but the deliver method is SMS text message rather than standard email. IRS Commissioner Chuck Rettig warned, "This is phishing on an industrial scale so thousands of people can be at risk of receiving these scam messages.” The warning notice invited anyone received an IRS themed text message to report it to “phishing@IRS (dot) gov”. https://www.irs.gov/newsroom/irs-reports-significant-increase-in-texting-scams-warns-taxpayers-to-remain-vigilant
Preventable
Arctic Wolf released their 1st Half 2022 Incident Response Report and most of the findings are as expected. The one metric that never fails to make me sad is the amount of incidents that should have been prevented. Arctic Wolf believes that 80% of the incidents they handled were driven by the exploitation of unpatched vulnerabilities or unsecured RDP (remote desktop protocol) ports. This is such a common theme and organizations never seem to learn - patching software and actively monitoring for vulnerabilities - will significantly reduce the chance of a security incident. And it’s so easy to do. https://arcticwolf.com/resources/blog-uk/1h-2022-incident-response-insights/
Where do the fines go…
The Security and Exchange Commission (SEC) seems to be one of the few federal agencies that consistently carries out its mandate. The agency secured concessions from sixteen financial firms for the failure to keep adequate, and legally mandated, communication records. The violations came from allowing key employees to communicate through their personal computer devices and not corporate devices which result in long term text records. The firms agreed to collectively pay over 1.1 billion dollars in penalties and fines. OK, maybe the next investigation should be where all that money ends up?? https://www.sec.gov/news/press-release/2022-174
The Rest…
TrustedSec gives some solid advice on how to harden your backups to protect against ransomware. https://www.trustedsec.com/blog/hardening-backups-against-ransomware/
Duo details how threat actors are targeting Microsoft products to launch Cobalt Strike. https://duo.com/decipher/phishing-attack-targets-microsoft-office-rce-flaw-to-deliver-cobalt-strike
Cool Job
Slow week. The job market is cooling or I’m just bored.
Cool Tool(s)
Keyboard shortcuts for every program - https://usethekeyboard.com/
All of the map tools - https://www.freemaptools.com/
Irrelevant
Traffic fatalities are up in New York City. Is the reduction of enforcement by the NYPD to blame? https://www.city-journal.org/nyc-traffic-deaths-up-as-enforcement-is-down
Thank you for all of the support - and I especially appreciate those that share the newsletter each week. Thank You!
Matt
“BEES DON’T WASTE TIME TELLING FLIES THAT HONEY IS BETTER THAN SHIT.” - I suspect this means - just do the work and ignore the competition!