Discover more from Threats Without Borders
Threats Without Borders - Issue 144
Cyber-Financial Crime Investigation Newsletter, week ending August 20, 2023
An associate told me about her relative that got sucked into a “Cash Flipping Scam”. Hello, old friend it’s been a while! It’s been a bit since I heard of a good flipping scam making its rounds.
In this particular scam, the victim was asked to “invest” 100 dollars for a 100 dollars return (100-dollar investment, 200 dollars back). In most of these scams, the victim sends the 100 bucks and never hears back…it’s a straight-up loss of 100 dollars. But in this event, the victim sent the $100 through Cash App and one week later, the scammer sent him back $50 with a note explaining this was the first profit-sharing payment and that he would receive 50 dollars per week for the next three weeks. This would equate to the original 100 invested and a nice 100 dollars profit.
BUT… and here’s the hook…if the victim would be willing to invest an additional 500 dollars the payback would would be $1500 for an easy 1000 dollar profit.
Give a little back to earn trust and then hook them for a larger “investment”. Smart.
I suspect this is a new twist to the classic pyramid scam. Use the money of new investors to make a small payment to the older investors to keep them hooked and invest more money. And when you have collected a few thousand dollars or tens-of-thousands of dollars…just cash out and disappear.
Social media, money transfer apps, a never-ending supply of willing victims, and prosecutors' unwillingness to extradite for lower dollar losses - the perfect recipe for these types of cash-flipping scams.
For more on cash flipping scams - https://www.verified.org/articles/scams/cash-app-flips
Longtime Tw/oB readers know I’ve long railed against QR codes. Yes, they are sometimes useful, but woe betide the waiter that tries to make me scan one to see the beer list. Cofense has reported on a large scale phishing campaign targeting users with malicious QR codes. Victims think they using the codes to set-up Multi Factor Authentication on their Microsoft account, but instead are lured into a credential harvesting scheme. Let us QRush QR codes. For good. https://cofense.com/blog/major-energy-company-targeted-in-large-qr-code-campaign/
Pennsylvania swimming pool contractor collects over 1.5 Million dollars for pools he never built. I installed a pool a few years ago, so I understand the process and pre-build emotions these victims went through. BUT, I can’t fathom how this guy was able to collect so much money, from so many people, without the house of cards collapsing sooner. Wow. https://www.pennlive.com/news/2023/08/angry-victims-ask-crooked-pa-pool-contractor-where-their-15m-went.html
And speaking of lengthy criminal schemes…two New York men were sentenced today for participating in a 12-year scheme to mail fraudulent prize notices that tricked elderly and vulnerable victims into paying fees for falsely promised cash prizes. One of the main points I make when speaking to senior citizens…it’s not a prize if you have to put yourself in debt to pay fees. Over the 12 years of the scam, the men stole more than $90 million from thousands of victims. Wow. Again! https://www.justice.gov/opa/pr/two-new-york-men-sentenced-operating-mass-mailing-fraud-scheme-targeting-elderly-and
The Internet Crime Complaint Center issued a warning that criminals are embedding malicious code in mobile beta-testing applications (apps). The FBI warns the malicious apps enable theft of personally identifiable information (PII), financial account access, or device takeover. https://www.ic3.gov/Media/Y2023/PSA230814
The anti-law enforcement lobby has been losing their collective minds about this Cellebrite training video where the instructor advises the students to keep details of the tool’s technology on the down-low. First, Cellebrite isn’t a law enforcement exclusive tool. There are plenty of private organizations using the tools for a variety of reasons that don’t include criminal prosecutions. In fact, I know for sure that defense attorneys and their contracted digital forensic investigators are using the tool to counter law enforcement findings. So to say this is law enforcement using dark technology to violate peoples rights is way off-base. Second, I suspect the reason for the secrecy is an an effort to keep the company from having to send engineers to testify in courts. It’s better for the user to speak in general terms than to testify about specific technical components of the tool that would require clarifications. Sending their engineers all over the country is expensive and could provide details to others on how to defeat the tools. https://techcrunch.com/2023/08/19/cellebrite-asks-cops-to-keep-its-phone-hacking-tech-hush-hush/
Great company, better people. Pretty nice place to live too. https://careers.hersheyjobs.com/job/18929212/sr-it-security-analyst-hershey-pa/
Free online photo enhancer and enlarger https://photofix.dev/
Apple killed my favorite weather app - and don’t even try to convince me the weather app = DarkSky. This looks promising. https://www.windy.com
Is that photographer a journalist or an activist? https://petapixel.com/2023/08/19/journalism-versus-activism-with-a-camera/
I was asked to speak at two different events this week but had conflicts with both event dates. I love getting to as many events as I can…but please invite me with some time in advance as my calendar fills up rather quickly. I’m also working on cybercrime investigation class - from the perspective of “how the Internet works” - that will be specifically for law enforcement. I know all of those “Dark web investigation” classes are super-cool, but what good are they if you can’t explain to the jury how a device is assigned an IP address? Please contact me if your interested in that. I’ll probably run it for free a few times as a trial run for any agency willing to host it (in the Mid Atlantic region).
Thanks for making it this far in the newsletter. See you next week.
“Choose consistency over intensity, because consistency compounds.” - except for when publishing a weekly newsletter.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.