I had a conversation with a really knowledgeable investigator who mentioned he stopped participating in a certain listserv because “it’s like groundhog day”, a reference to the famous Bill Murray movie where every morning he wakes up it’s February 2^nd. By this, my friend meant the questions asked are always the same. It’s like a merry-go-round of cell tower, Google geo-fence, and connected car questions.

And endless requests for search warrant templates.

This doesn’t only occur in cyber and fraud investigator communities. Pick any special interest group that meets online and you’ll find this same phenomenon. There are always new people coming into the field who have questions. Sometimes they get a legitimate answer and sometimes “use the search function”.

Unfortunately, those with the most knowledge and experience often stop participating, as it becomes exhausting to repeatedly answer the same question or cover the same ground. It truly does feel like Groundhog Day.

And that can be a big problem. Because, just like any medium, something will fill the void. In human communities, it’s usually those who know just enough to appear more knowledgeable than the person asking the question. They lack the ability to answer the questions completely and thoroughly, and sometimes, even worse, they provide outright incorrect information, but they’re eager to share the knowledge they do have.

I use a baseball analogy to explain the situation.

In every profession, newcomers are constantly entering the field. They are at-bat. Then there are relatively inexperienced individuals on first base, who have gained a bit of experience but are still learning. Those on second base are seasoned practitioners; they possess the knowledge and skills necessary to perform competently and serve as resources for others, yet they continue to grow and learn. The experts stand on third base, recognized as masters of their craft. Some choose to remain on third as long as possible, while others eventually stroll to home plate to score the final run – retirement.

So, how do you keep those on second and third base engaged?

It can be tiresome to answer the same question or some version of it repeatedly. I dislike the “use the search function” response, but I understand why it's so popular.

What makes it even more exhausting, especially for those on third base, is having our responses scrutinized or ridiculed. Crafting a thoughtful, reasoned reply takes valuable time from someone’s busy schedule. So why invest the time to engage if it only leads to judgment or derision from an anonymous user? It’s perfectly acceptable to ask follow-up questions to seek clarity or deepen understanding, but questioning someone’s knowledge solely to mock or undermine their credibility is not appropriate.

In most professional communities, users are not anonymous. There is usually some form of verification, and many openly share their identities. However, that doesn’t always prevent some individuals from throwing shade. Bravado is an affliction, even within a community of nerds.

Exchanging experience and knowledge is crucial for any profession's well-being. Even more essential is the FREE exchange of information. While paid education and training have their place, our community flourishes through the generous sharing of information and mentorship.

So, I will take my advice and work to be more involved in the online communities where I belong. I invite you to do the same, because newbies only get on base if we ol’ heads share our knowledge.

The News…

Ransomware payments declined in 2024, driven by increased law enforcement actions, improved international collaboration, and a growing refusal by victims to pay. However, ransomware operations have become faster and more adaptive, with new strains emerging and attackers shifting tactics. The team at Chainalysis found a 35% year-over-year decrease in completed payments. https://www.chainalysis.com/blog/crypto-crime-ransomware-victim-extortion-2025/

Coveware also commends international law enforcement for its aggressive action against ransomware actors. https://www.coveware.com/blog/2025/1/31/q4-report

Recorded Future published the 2024 Threat Analysis Report. https://www.recordedfuture.com/research/2024-annual-report

Researchers from ByteDance (err…TikTok) have demoed OmniHuman-1, a new AI system that can generate highly realistic deepfake videos. The system can create convincing videos from a single reference image and audio, and can even edit existing videos by modifying a person's movements. What a lovely piece of technology. I can’t wait to see all the good its used for…choke…cough. https://techcrunch.com/2025/02/04/deepfake-videos-are-getting-shockingly-good/

After 25 years in this business, here’s a defense I’ve never heard before: “pregnancy brain.” This woman forged over six thousand dollars in checks she stole from the family that hired her as a nanny, and when caught, claimed, "Oops, pregnancy brain." Ah, okay. https://www.abc27.com/gettysburg/adams-county-nanny-allegedly-stole-money-blamed-pregnancy-brain-during-interview/

I’m not a fan of the Edge browser because of all the junk Microsoft includes in it, but damn, this feature is really impressive. Microsoft Edge version 133 introduces a new AI-powered scareware blocker that helps protect users from tech support scams. Many older adults fall for pop-ups that appear to be Defender, indicating that their computer is infected with malware, when in reality it’s just a maliciously altered JavaScript pop-up. This new tool will prevent this type of attack. https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-update-adds-ai-powered-scareware-blocker/

Securi details a recent case where a Magento-based eCommerce website was compromised by a credit card skimmer disguised as a Google Tag Manager script. The malware, hidden within the website's database, stole sensitive customer data and sent it to a remote server controlled by the attackers. Is any web store really secure at this point? https://blog.sucuri.net/2025/02/google-tag-manager-skimmer-steals-credit-card-info-from-magento-site.html

A BBC reporter found himself in Shwe Kokko, a city in Myanmar built on fraud, money laundering, and human trafficking. Investigations have revealed that the city houses a multi-billion dollar scam operation involving thousands of workers from around the globe, who are confined in walled-off compounds and defraud people from foreign nations. This is nation-state fraud, literally. https://www.bbc.com/news/articles/c04nx1vnw17o

A 22-year-old man from Indiana was sentenced to 20 years in prison for stealing $37 million in cryptocurrency from over 600 victims from his “mother’s basement.” Really, the USAO press release notes he was living in his mother’s basement. https://www.justice.gov/usao-sd/pr/indiana-man-sentenced-20-years-federal-prison-conspiracies-involving-cyber-intrusion-and

Ethernet, it’s more than just a cable

Ethernet is a wire-based technology that connects devices such as computers and printers within a local area network (LAN), enabling fast and secure communication and data sharing. It relies on physical cables to send data between devices while adhering to a standardized set of rules called the Ethernet Protocol. Ethernet is still preferred for its reliability, security, and speed, making it ideal for homes and businesses,

Cool Job

Manager, Fraud Quality Operations - Underdog. https://boards.greenhouse.io/underdogfantasy/jobs/4519648005

Financial Crimes Governance Manager - Cadence Bank. https://cadencebank.rec.pro.ukg.net/CAD1500CBANK/JobBoard/5293c883-4669-4992-a556-a74121488950/OpportunityDetail?opportunityId=e098a615-3be2-4ef2-bac2-9a5899499e86

Cool Tool

Picarta uses AI to geolocate images. https://picarta.ai/

Throw a party - Apple introduces Invites. https://www.apple.com/newsroom/2025/02/introducing-apple-invites-a-new-app-that-brings-people-together/

DFIR

Picking where your commercial mobile forensic tool falls short, James McGee of Metadata Forensics, shows how to manually parse out if multiple participants were on a group or Facetime call. https://metadataperspective.com/2025/02/05/hello-who-is-on-the-line/

HTCIA Rebrands

The High Technology Crime Investigations Association has rebranded as the High Technology Cyber Investigations Association. Got that? Crime has become Cyber. Anyway, I was a member years ago but dropped out due to the inactivity of my local chapter. However, it looks like things are turning around, and I’ll keep an eye on it to see if it’s worth a $140 dues payment. https://www.prnewswire.com/news-releases/htcia-rebrands-as-high-technology-cyber-investigation-association-302361658.html

Irrelevant

The author politely asks Vice-President J.D. Vance to stop wearing an Apple Watch because of the potential security risks. It’s a good article. However, even more impressive is the whole website. They have built a very active site and community around the watches used by the intelligence community. Who knew this was a thing? https://www.watchesofespionage.com/blogs/woe-dispatch/vice-president-jd-vance-apple-watch-smartwatch-intelligence-risks

Sign Off

Well, the Eagles flew and the city of Philadelphia is still standing. I saw several Internet memes mentioning that the city would burn regardless whether the Eagles won or lost. I’m glad they won, and there was no excessive burning.

Now it’s on to baseball. I’m a Pirates fan (yes, I know) so I never get too excited about the upcoming season. Unlike Phillies fans who get their souls crushed yearly, P-Rats fans live by the Gin Blossom lyrics “don’t expect too much of me and you might not be let down”.

Thanks for hanging out another week!

Matt

Captcha’s be like

Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.

Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.

cybercrime cyficrime cybersecurity osint financial crime investigations aml