Threats Without Borders - Issue 72
Matt's Newsletter - Week ending April 3, 2022
Internet-enabled crime is largely underreported. Those affected by cybercrime may not know how or where to report their victimization. Some are too embarrassed to report it while many others don't even know they've been victimized. Regardless of the reason, the majority of persons victimized by cybercriminals fail to report it to law enforcement. A 2020 crime survey of England and Wales suggested that only 16.6% of frauds are being reported and only 1.7% of those victimized by "computer misuse offenses" are self-reporting their victimization.
Businesses aren't much better at reporting their victimization. This 2019 report by global IT and cybersecurity association ISACA found that enterprise and other business entities are vastly under-reporting cybercrime victimization, even when legally mandated to notify law enforcement and regulatory agencies.
The underreporting of cybercrimes makes the 2021 Internet Crime Report from the Internet Crime Complaint Center even more remarkable.
Continue to read my thoughts on the 2021 report…
We’ll fund you alright, while you spend two years in federal prison! This guy was sentenced to more than two years in prison for conspiring with a homeless man to commit “feel-good story” fraud. The group raised over $400K on GoFundMe after a social media campaign that highlighted the plight of the homeless guy and his good deed made him worthy of a “did the right thing” reward. As always, the money was spent on a luxury car and casino trips. https://www.pennlive.com/crime/2022/04/gofundme-scammer-gets-federal-prison-time-for-lies-involving-pa-homeless-veteran.html
Calendly is phishing friendly
Dammit, another service I use, and have promoted, gets abused. Researchers at INKY have found the scheduling and calendar integration application Calendly is being used to launched phishing attacks. Calendly responded with an acknowledgment and promise to review the issue. Hopefully they do because I really like the service. Request to meet with me and I’ll send you my link. Or maybe it won’t be my link. https://www.bleepingcomputer.com/news/security/calendly-actively-abused-in-microsoft-credentials-phishing/
Scammed through Zelle
She was just trying to sell some novelties at a flea market but ended up getting socially engineered and losing $3500 through a Zelle transfer. "I said to the guy, 'How do I know you're really the bank?' He goes, 'Check the caller ID, isn't that the number on the back of your debit card?' It was, it matched. So I kept talking to this person," she said. Unfortunately, it really is this simple. https://abc7news.com/wells-fargo-zelle-scam-calls-bank-imposters-of-america/11691011/
Targeting new graduates
Fraudulent employment classified ads are nothing new and specifically targeting recent college graduates is a tried and true tactic. A mountain of student loan debt and the fear of moving back home have recent grads desperate to find stable employment. Proofpoint wrote this excellent threat report detailing the problem. If you know a soon-to-be graduate, or anyone actively searching for a job, do a favor and send them this link. https://www.proofpoint.com/us/blog/threat-insight/school-hard-knocks-job-fraud-threats-target-university-students
New York City schools loose control of the personal data of 820,000 students through a third party compromise. https://therecord.media/nyc-officials-call-for-investigation-after-data-of-820000-students-compromised-in-hack/
The Security and Exchange Commission charged three Twilio engineers with insider trading. Their activities netted them about one million dollars. Anyone want to guess how much the fine is going to be? https://www.sec.gov/news/press-release/2022-55
A former grocery store manager admitted that he stole over $20,000 in cash and product from his store. BUT, he feels “horrible” about it, so off to diversionary program he goes. https://www.pennlive.com/crime/2022/03/ex-weis-grocery-manager-feels-terrible-about-stealing-for-7-years-from-a-pa-store.html
The author of this article believes that current anti-money laundering and know-your-customer regulations are insufficient, BUT cryptocurrency will fix it all. https://www.coindesk.com/layer2/2022/03/31/crypto-should-disrupt-current-anti-money-laundering-practices-not-adopt-them/
Threat Intelligence - Major League Baseball
Have an iPhone? Yeah, HEIC files are a pain. Convert them here:
Know where your click is taking you: URL redirect checker -
50 Productivity tips that will make you more successful. (Or just exhaust you even further from the effort to be more productive). https://www.theemotionmachine.com/50-productivity-tips-to-take-your-success-to-the-next-level/
Thank You for opening this weeks email. I hope to look again next week.
“Ignore the noise, people will criticize you no matter what you do” - someone who has better ignoring skills than me.