[Housekeeping] I have additional information on a BSA/AML topic to share, but it’s too extensive to include in this issue, so you’ll receive a special edition this week. I’m aiming for Thursday. I assume most people appreciate free content, but if you’re offended by the extra email, you can delete it, and we’ll connect next Tuesday.

Last week, I expressed skepticism about the widespread issue of deed theft and the necessity of “home title insurance." I pointed out an annoying commercial aimed at frightening older adults into buying insurance. I asked readers whether this insurance is truly necessary or if it is simply a scam.

And I got some answers!

D.M. wrote:

I personally have charged several different individuals with recording false deeds.  I have also charged about 6-7 notary publics with fraudulent notarizations, some involved in false deeds.  

The most notable deed fraud involved two sovereign citizens who were working together, one of which was a notary.  They recorded deeds against 3 properties, two of which were deceased individuals whose property was in probate. I think they saw the legal advertisements regarding debts of the deceased and followed up from there.  The third property was a vacant parcel of land, but it adjoined the property of the homeowner.  One of the two was tried and found guilt and was sentenced to 159 months.  He was also a habitual felon, so the sentencing was enhanced due to that.  The other defendant is the female notary.  We are to try her case in November.  Our Register of Deeds Office here has instituted a program to where you are notified if anyone files a deed transferring your property, but you must sign up for that.

Lasty, our Register of Deeds and Tax Office created a program in which real property, such as my residence, is held under a pseudo name, so individuals who try to file liens or transfer law enforcement officers property cannot pull up in public records our names to find the property we own.  We must sign up for that as well and many of us have.  We had issues there for a while where sovereign citizens were filing false liens against LEO’s and other public officials in the justice system.  This was one way of combatting that.

Robin emailed:

I haven’t investigated deed theft personally, but I have looked into it. Most of it happens in places like Philadelphia, where there are a lot of vacant properties whose owners are deceased or in a nursing home, and who don’t have heirs or guardians to look after the property. It’s a lot harder to steal properties that are occupied. It’s also popular among sovereign citizens, who will establish squatters’ rights as part of their process. It does happen, but the commercials overstate the incidence.

Sam wrote:

Matt, you're right—deed theft isn't usually done for profit since it's difficult to monetize. It's more often used for harassment or paper warfare, as sovereign citizens call it. Transferring deeds into the name of a synthetic identity is a common weapon they use. However, since it's a completely made-up ID, there's no one to hold accountable; yet, it still requires a lot of work to determine if the person is real or not. I'd say, if you're in a position where you might be the target of a sovereign citizen, then deed theft is a real concern. But for most people, it's not an issue.

Chris emailed:

I’ve worked the banking and mortgage industry a long time and this type of theft was possible in the past when we didn’t have electronic record keeping. I’m not sure how prevalent it is today. I’ve seen that commercial and also think about how they are scamming people who are trying to protect themselves from being scammed. That’s ironic.

And finally, Carrie offered the support:

Hi Matt,

Saw your post about title fraud. As a speaker, this too is the number one question I receive. My company has helped identity theft and fraud victims recover for more than 20 years. We've had only two of these over the years. Here in Florida, the fraud capital of the US, our open public records law makes it easy for criminals to get the information needed for deed/title fraud. In the past, it was extremely difficult to correct a public record due to fraud. I worked with our legislators to correct this. I'm happy to say that in 2015 a law was passed giving victims the right to correct a public record. Because of this, the recovery process is much easier.

Getting back to the question of does one need to purchase deed fraud protection? The answer is NO! Many counties across the nation offer a free service where if there is a change to an official land record, the property owner will receive an alert. As with any type of fraud, early detection leads to easier recovery. To sign up, contact the holder of the official land records where you own property. In most states, this is the Clerk of Courts or Property Assessor's office for the county. Some are offered through a state website where one then selects the county. Depending on the county, the service is called either a property alert, fraud risk alert, or property risk alert. There may be other variations, but you get the point.

Next time someone asks you about title/deed fraud protection, tell them to contact their county to see if the program is available, and if so, sign up. It's free and easy.

And indeed, the county where I live has a program like this, and it’s free. Most neighboring counties also offer similar services.

I also found several articles suggesting that the goal of, if not all, home title theft generally falls into two categories: 1. Harassment or “paper warfare' by sovereign citizens against individuals they believe have wronged them. 2. Using the property as collateral to facilitate loan and mortgage fraud. Regardless, older adults aren’t being put on the streets after their home ownership is transferred out from under them.

As always, send feedback to matt [@] threatswithoutborders.com

The News…

Task scams are a type of false employment opportunity that promise compensation for completing simple tasks, such as liking videos or submitting product reviews. These scams often begin with unsolicited messages via social media or SMS, claiming to represent reputable companies and require potential employees to complete a series of tasks to earn rewards. However, scammers demand deposits to complete tasks, and victims eventually lose money due to the scam's gamification and psychological manipulation. Trend Micro examines the mechanics of the attack. https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/unmasking-task-scams-to-prevent-financial-fallout-from-fraud

Moonlock Labs has identified a new infostealer designed to attack macOS systems. https://moonlock.com/new-mac-stealer-spreading

Readers of the newsletter know how sensitive I am to victim-shaming, but honestly, there's only so much I can do. This guy was scammed by an AI avatar of Jelly Roll. Yes, the singer. Yes, he sent gift cards. https://petapixel.com/2025/08/19/ohio-man-scammed-by-ai-avatar-of-jelly-roll/

Speaking of AI-facilitated fraud, a new study by Deloitte found most businesses are not prepared to deal with the problem. Deloitte’s Center for Financial Services estimated that AI-generated fraud could reach around $40 billion in losses in the US by 2027, a 32% annual rate of increase from $12.3 billion in 2023. https://www.fm-magazine.com/issues/2025/aug/how-accountants-can-combat-the-rising-threat-of-deepfake-fraud/

I’m so tired of hearing the term Quishing! However, the attackers won’t let up and continue to find new ways to exploit the marketing department’s favorite crutch. Attackers are using new techniques to evade detection, including **split QR codes**, where the QR code is split into two separate images, and **nested QR codes**, where a malicious QR code is embedded within a legitimate one. These techniques can bypass traditional security measures and take users out of the company's security perimeter. https://blog.barracuda.com/2025/08/20/threat-spotlight-split-nested-qr-codes-quishing-attacks

A Crypto influencer using the moniker "CP3O," has been sentenced to one year and one day in prison for operating a large-scale "cryptojacking" operation. The guy defrauded two cloud computing services out of over $3.5 million worth of computing resources to mine nearly $1 million in cryptocurrency. He used the ill-gotten funds to make extravagant purchases and boasted about his profits on social media to earn credibility as a crypto influencer. https://www.justice.gov/usao-edny/pr/crypto-influencer-sentenced-prison-multi-million-dollar-cryptojacking-scheme

Malicious insiders can be malicious even when no longer inside. A developer has been sentenced to 4 years in prison for sabotaging his former employer's network by creating a "kill switch" that locked out thousands of users the minute his name was removed from the companies active directory. The man fired from Eaton Corp. in 2018, planted malicious code, including a "kill switch" named after himself, to cause system crashes and prevent legitimate logins. The DOJ stated that Lu's actions caused the company to lose hundreds of thousands of dollars. https://arstechnica.com/tech-policy/2025/08/developer-gets-4-years-for-activating-network-kill-switch-to-avenge-his-firing/

DFIR

Digital forensic examiners from Cellebrite discuss what they found on the phone and laptop of Bryan Kohberger. https://www.foxnews.com/video/6377047090112

Cool Tool

One-click profile scraper (free tier available) https://profilespider.com/

Cool Job

Director of Financial Crimes, American Express. https://aexp.eightfold.ai/careers?query=financial%20crimes&pid=30786328&domain=aexp.com&sort_by=relevance&hl=en

Head of Team and Arena Security, National Basketball Association. https://careers.nba.com/job/NBANBAUS11919EXTERNALENUS/Head-of-Team-Arena-Security

The sun sets on CAT

For those under the jurisdiction of the Federal Financial Institutions Examination Council (FFEIC), remember that the Cyber Assessment Tool (CAT) has been discontinued and will no longer be valid after August 31, 2025. You should have already transitioned to either NIST’s Cybersecurity Framework 2.0, the Cyber Profile assessment tool from the Cyber Risk Institute, or the Center for Internet Security’s Critical Security Controls. https://www.ffiec.gov/sites/default/files/media/press-releases/2024/cat-sunset-statement-ffiec-letterhead.pdf

Irrelevant

Americans are drinking less alcohol than ever before. This is great for us as a country, but kinda makes me sad also. https://news.gallup.com/poll/693362/drinking-rate-new-low-alcohol-concerns-surge.aspx

Sign Off

I really enjoy podcasting. I wish that I had time to start my own, but I just can’t right now. So I’m relegated to being a guest of other people’s shows. If you have a podcast and need someone to come on and run his mouth - I’m your guy. Reach out to connect.

Don’t forget, sharing is caring.

Share Threats Without Borders

Thanks, and have a great week.

Matt

“PEOPLE AREN’T AGAINST YOU; THEY ARE JUST FOR THEMSELVES.”

Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.

Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.

fraud cybercrime financial crime investigations cybersecurity osint aml