Let’s discuss the cloud hanging over the entire series on stylometry. The elephant in the room. More and more, suspects are using AI tools like ChatGPT, Claude, or other language models to generate text. This changes stylometric analysis because you’re no longer analyzing human writing, you’re analyzing machine output prompted by a person.

AI-generated content has some telltale signs you can spot on your own. Language models produce text that’s grammatically polished, often with fancy vocabulary, and consistently good quality. Human writing tends to vary more as we make typos, have awkward phrases, and our tone can shift mid-sentence.

While AI is getting better at sounding human, look out for these AI signs:

Unnatural consistency: If a long piece maintains the same tone, sentence complexity, and vocabulary without any variation, it’s suspicious. Human writing has rhythm that can and will change. Sometimes I’m energized and excited while writing, and other times it’s out of necessity, and I might get tired or bored. My tone can shift. AI maintains a steady style.

Lack of personality quirks: Humans have habits such as repeated phrases, favorite expressions, style quirks. Long-time readers of Tw/oB know mine, like starting sentences with “So” or my love of run-on sentences. AI writing feels generic and polished but is missing these personal touches. If the text is professional but lacks the quirks you recognize, it might be AI.

Too uniform structure: AI often produces paragraphs of similar length and sentence count. Humans are messier writing long and short paragraphs, random breaks, no pattern. This regularity is a giveaway.

No informal stuff: Casual human writing can have typos, abbreviations, sentence fragments, and informal punctuation. AI tends to stick to proper grammar and complete sentences, even when trying to sound casual.

In one Tw/oB issue, I wrote that AI is making me a worse writer, as I feel the need to leave some grammar errors in my text so people know it wasn’t AI-generated.

Most people don’t just copy AI output word-for-word; they edit, add personal touches, and personalize. These edits leave clues.

Check the document for inconsistencies. If most of it seems polished and generic, but some parts have a personal tone, those might be human insertions. Look at those parts separately and compare them to known writing styles. Watch for personal references like “in my experience” or personal anecdotes, which are unlikely to be AI.

AI-generated content changes the game but doesn’t necessarily break stylometry. You just need to look for the human fingerprints, how it’s prompted, edited, and used. The core method stays the same: observe closely, think critically, document carefully, and let the evidence direct you.

The internet isn’t as anonymous as people think. Even when using technology designed to mask their identity. Their words give them away, if you know what to look for.

The News…

Wow, imagine this, investigative reporters actually doing investigative reporting! And this expose by Reuters is a good one. The investigation reveals that Meta (Facebook’s parent company) is profiting significantly from fraudulent advertising on its platforms. According to internal documents, Meta projected that 10% of its 2024 revenue would come from ads promoting scams and banned goods, and the company estimates it shows users approximately 15 billion scam ads daily. Meta’s internal responses include charging suspected fraudulent advertisers premium rates (called “penalty bids”) and maintaining a “Scammiest Scammers” list. Wait, what? https://www.reuters.com/investigations/meta-is-earning-fortune-deluge-fraudulent-ads-documents-show-2025-11-06/

Anthropic’s latest report details the first publicly documented AI-led cyber espionage campaign, identified in September 2025. It highlights that while the attack employed familiar techniques, it introduced a new operational model where AI autonomously managed actions at unprecedented speed and scale, rather than merely assisting with individual tasks. The report notes that this results in a “flood of low-fidelity alerts” that can overwhelm traditional security operations. This Intezer article suggests that organizations should adapt their offensive security strategies by having red teams use agentic AI frameworks to simulate these AI-driven attacks. https://intezer.com/blog/what-the-anthropic-report-on-ai-espionage-means-for-security-leaders/

The amount of content the Chinese government creates is unimaginable. The Google Threat Analysis Group (TAG) released its Q3 Threat Bulletin.

We terminated 6,484 YouTube channels as part of our ongoing investigation into coordinated influence operations linked to the People’s Republic of China (PRC). The coordinated inauthentic network uploaded content in Chinese and English about China and US foreign affairs. These findings are consistent with our previous reports.

https://blog.google/threat-analysis-group/tag-bulletin-q3-2025/

Google has filed a lawsuit aimed at shutting down “Lighthouse,” a Chinese-operated platform that offers phishing services, impacting over 1 million victims in 120 countries through SMS attacks impersonating the USPS and toll services like E-ZPass. Developed by threat actor “Wang Duo Yu,” the platform provided phishing templates and infrastructure to cybercriminals, leading to the theft of credit card details and personal data. An estimated 115 million payment cards were compromised in the U.S. from July 2023 to October 2024. The lawsuit cites federal racketeering and fraud laws, noting at least 107 phishing templates using Google’s branding illegally to appear authentic. The platform was a commercial service with subscription fees from $88 weekly to $1,588 yearly, offering customizable templates to steal login credentials and 2FA codes, often evading spam filters via iMessage and RCS messaging. https://www.axios.com/2025/11/12/google-lighthouse-lawsuit-china-scam-texts

Recorded Future explores the difference between threat intelligence and threat hunting. Your organization should engage in both, but they are separate tasks. https://www.recordedfuture.com/blog/threat-hunting-vs-threat-intelligence

Caesars Entertainment and Caesars Palace agreed to pay a $7.8 million settlement to Nevada gaming regulators over money laundering violations involving an illegal bookmaker. The Nevada Gaming Control Board alleged the bookie made nine “cash front” deposits totaling nearly $4.5 million at Caesars properties between 2017 and 2021, despite the company being unable to determine his source of funds. https://www.gaming.nv.gov/contentassets/b6eecac8a5ec44b78ff9f90c55b9588f/filed---caesars-complaint-fully-executed.pdf

The former executive director of the Cambria County Bar Association, pleaded guilty to stealing over $300,000 from the organization. I know - where were the controls? https://www.attorneygeneral.gov/taking-action/ex-leader-of-cambria-co-bar-association-pleads-guilty-to-stealing-300k-for-cosmetic-procedures-vacations-donations-to-family-run-charity/

NO REALLY… WHERE WERE THE CONTROLS? A Pennsylvania woman has been charged with stealing over $1 million from her employer, where she was responsible for managing the finances. According to police, she endorsed and deposited 91 checks meant for the company into her personal bank account between September 2020 and September 2025, totaling $1,034,776.73. No one else at the business noticed they were missing over a million dollars? How does that much money goes missing over five years? It’s around $ 200,000 per year. https://www.wtaj.com/crime/bellefonte-woman-charged-after-allegedly-stealing-over-1m-in-checks-from-employer/

DFIR

Kevin Pagano has compiled a repository of publicly available DFIR evidence images. https://www.stark4n6.com/2025/11/the-evidence-locker-dfir-image.html

Cool Job

Student Readers - Alert! IT Security Intern - Hershey Entertainment and Resorts. Awesome company, awesome people. https://hersheypa.rec.pro.ukg.net/HER1020HERS/JobBoard/035cdc57-c54b-48c9-8c4d-f30e022675e5/OpportunityDetail?opportunityId=e658fd74-7c6d-4c81-b8ba-655684e36cf6

Cool Tool

Browser History Capture (Foxton Forensics) - https://www.foxtonforensics.com/browser-history-capturer/

Unified explorer that covers 78 different blockchains. https://routescan.io/

Feedback: matt (at) threatswithoutborders.com

Irrelevant

This researcher attempted to learn why people don’t return their shopping carts. Well, why don’t you? https://behavioralscientist.org/why-dont-people-return-their-shopping-carts-a-somewhat-scientific-investigation/

Sign Off

Thank you to everyone who read last week's issue of Tw/oB newsletter. I kinda thought Issue 260 was a big deal, but obviously, it wasn’t, since it had the lowest open rate any issue has had in a long time.

So, truly, I appreciate all of you who show up each week and read my writing.

Matt

Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.

Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.