Look what I found:

Cybercriminals have been doing search engine poisoning attacks to launch tech support scams for several years now. They know when users run into a problem with a service like Netflix, Facebook, or Microsoft their first instinct is to Google a support number.

They create a fake website that imitates the official support page of a reputable company. These sites often use stolen logos, copied text, and recognizable colors to appear authentic. The site typically features a prominent, easily accessible phone number along with a message like “Call now for 24/7 support.”

But this number doesn’t lead to Netflix or Microsoft, it connects users directly to the scammer.

Once the fake website is ready, the scammers pay for online ads through platforms like Google. These ads are designed to show up at the top of search results when people search for things like “Netflix support number” or “how to contact Microsoft.”

When someone calls the number listed on the fake website, they’re connected to someone pretending to be a customer support agent. These scammers are often well-trained in sounding professional and trustworthy.

Once they have the victim on the line, they’ll claim there’s a problem—maybe with your account, your subscription, or your computer. They use fear and urgency to get your attention and gain control of the situation.

Next, the attacker typically tries to persuade the victim to download a tool or app that allows them remote access to the computer. They may claim it’s necessary to “fix the problem” or “run a check.”

Once they’re inside the computer, they can do a number of things:

• Steal saved passwords or personal information

• Plant malware or spyware

• Lock the computer and demand payment to unlock it

• Trick the person into paying for fake services or unnecessary repairs

Some scammers even leave backdoors open, allowing them to return later.

But this one I found is different. It’s search engine poisoning that launches a tech support scam, but its effort isn’t RDP; it’s to collect credit card information.

I played along with the chat bot, answering the prompts as if I had a legitimate issue with my Netflix account. Then, after assuring me that they could assist, I was prompted for a “one-time join fee.” Hey, it’s only a dollar, and of course, it’s “fully refundable.” Whatever that means.

And that’s the hook. The entire scam is designed to collect my credit card information. All of my credit card information.

A quick Internet search about the site reveals dozens of comments from people who submitted their credit card information to receive tech support, only to be grossly overcharged (not just 1 dollar) and eventually have their cards fully compromised.

The News

A former employee of the United States Postal Service has been indicted for mail fraud and money laundering. The man allegedly sent mass mailings with fake government letterhead to thousands of businesses and charities, resulting in victims sending over $395,000 in checks and money orders. He is charged with multiple counts of mail fraud and money laundering, punishable by up to 20 years in prison. https://www.justice.gov/usao-wdwa/pr/former-postal-worker-indicted-mail-fraud-aimed-duping-thousands-mass-mailings-0

Dammit, leave the pastries alone. Krispy Kreme has finally acknowledged a data breach that affected over 160,000 people, including employees and their families, with sensitive financial information compromised. The incident occurred in November 2024 and has resulted in an estimated $11m in lost revenue for the company. https://www.infosecurity-magazine.com/news/krispy-kreme-data-breach-financial/

Sharing this with your marketing team will ruin their lives day. Inky discusses malicious QR code phishing scams, where attackers utilize QR codes to deliver harmful payloads directly to the browsers. These scams bypass traditional security measures and execute malicious code without requiring a user to click on a link. https://www.inky.com/en/blog/fresh-phish-how-to-stay-a-step-ahead-of-the-latest-qr-code-phishing-scam

Not so much cyber, but the police did a good job investigating this case and getting the bad guy. Pennsylvania man arrested after hiding pen cameras in restrooms on Ocean City, MD boardwalk. https://www.pennlive.com/news/2025/06/philly-man-charged-with-hiding-cameras-in-ocean-city-public-bathrooms-on-the-boardwalk.html

The duck is investigating a cyber attack. https://www.reuters.com/business/insurer-aflac-discloses-cybersecurity-incident-2025-06-20/

Speaking os Quishing, or Qrishing, or whatever we’re calling it this week, this guy has had enough of it and demands we stop making up “ishings” for every new social engineering attack. https://shellsharks.com/no-more-ishings

Holy DDOS! Cloudflare blocked an attack that delivered 7.3 terabytes per second to the victim for 45 seconds. It’s impressive that they can do that, but consider the flip side: someone is out there with a botnet capable of harnessing that power. https://blog.cloudflare.com/defending-the-internet-how-cloudflare-blocked-a-monumental-7-3-tbps-ddos/

I’m not sure I understand the trend of creating a business to “consult” banks and credit unions on how to deal with fraud. Non-financial institution SMBs, sure. However, banks and credit unions are in the business of fraud; it’s an everyday occurrence—a fact of existence. Based on my experience, the security and fraud teams at these organizations are well-educated as to the problems and know exactly how to address them. What do you tell them? "You know, allowing a member to immediately withdraw the full amount of a mobile deposit check through the ATM is risky.” Yeah, I’m pretty sure the fraud team knows that!

The bureaucracy is the hang-up. And people who use terms like “frictionless”.

So, is that what they do? Have these consultants created some secret language or magic dust that causes middle managers to adopt an anti-fraud mindset and act on it? Because that’s what the fraud teams really need – support from management. Even better if you can get the C-Suite on board.

I’m not hating. I wish them all the best of luck. Seriously. However, I don’t see the potential for a successful business because I can’t envision banks and CU’s paying for knowledge they already possess or can obtain for the cost of membership to groups like the IAFCI.

Of course, I never thought people would pay three times the price of a Whopper to have someone drive it to their house.

Really long technical write-up that you won’t read but should read

This malware, delivered through phishing emails, uses Cloudflare Tunnels and Python loaders to deliver memory-injected payloads via shortcut files and obfuscated scripts. https://www.securonix.com/blog/analyzing_serpentinecloud-threat-actors-abuse-cloudflare-tunnels-threat-research/

Cool Tool

All you dorks in one spot. https://dorkking.blindf.com/

Cool Job

Director of Physical Security and Executive Protection - Vanguard. https://www.vanguardjobs.com/job/21995070/director-corporate-physical-security-executive-protection-program-malvern-pa/

Feedback

Matt, I’ve done a lot of experimenting with checks and ink myself and have found that the quality of the check paper is more of a variable than the ink. The higher-priced checks with a glossy finish are much easier to wash ink from than the cheaper ones, which are essentially soft paper. The finish on the higher end checks blocks the ink from being absorbed into the fibers of the paper. It sounds counterintuitive, but the lower quality checks are more secure. -Sean

Makes sense, Sean. The checks I used did have a smoother, glossier feel to them. (Issue 239 for reference)

How about some Op Sec?

If you are an “intelligence analyst” for a law enforcement agency and discuss your tools and methods in an unsecured, unvetted email forum, then you probably shouldn’t be an “intelligence analyst” anymore.

In the email thread, crime analysts from several local police departments and the FBI introduced themselves to each other and made lists of surveillance tools and tactics they have access to and felt comfortable using, and in some cases offered to perform surveillance for their colleagues in other departments. The thread also includes a member of ICE’s Homeland Security Investigations (HSI) and members of Oregon’s State Police. In the thread, called the “Southern Oregon Analyst Group,” some members talked about making fake social media profiles to surveil people, and others discussed being excited to learn and try new surveillance techniques.

https://www.404media.co/emails-reveal-the-casual-surveillance-alliance-between-ice-and-local-police/

Irrelevant

A heat dome is not a heat wave. Not that we care about semantics right now. https://wxguys.ssec.wisc.edu/2024/07/01/heat-dome/

Sign Off

Welcome new subscribers! I’m so happy that you’ve joined us. You’ve missed a lot - 239 weeks, to be exact. However, you can catch up by reading the previous issues at www.threatswithoutborders.com. Yahoo email often drops newsletters, and many corporate mail systems also filter them out due to content filtering. So, if you don’t see it in your Inbox on Tuesday morning, visit the website to read the new issue.

And send feedback to matt@threatswithoutborders.com

See you all next Tuesday!

Matt

“PRACTICE DOESN’T MAKE PERFECT IF YOU’RE DOING IT WRONG” - - someone who’s watched me write 239 previous newsletters.

Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.

Share Threats Without Borders

Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.

cybercrime cybersecurity osint financial fraud investigations aml cyficrime