We previously discussed the investigative importance of “browser fingerprinting," a method that websites and online services use to uniquely identify and monitor users. This technique gathers a distinctive set of details that browsers and devices share when visiting a site, including browser type and version, operating system, screen resolution, installed fonts and plugins, time zone, language preferences, and hardware specs like CPU or GPU types. By analyzing dozens or even hundreds of these variables, websites can create a “fingerprint”—a unique ID that stays consistent across browsing sessions, even if cookies are deleted or private browsing is enabled.

This article discusses browser fingerprinting from the opposite perspective, a privacy threat. The author explains that fingerprinting is extremely difficult to defeat—common countermeasures like disabling JavaScript or spoofing browser identity often make users *more* identifiable, and even aggressive privacy measures only reduce tracking probability from ~99% to ~50%.

The author notes that only about one in every thousand browsers shares the same canvas fingerprint. While that’s certainly not “proof beyond a reasonable doubt”, it’s an important investigative lead, and linking a specific browser profile to several different web events will get you very close.

Just a reminder to get browser information every time you can.

https://kevinboone.me/fingerprinting.html

Have a spare 1.5 billion USD?

You can own the Actimize fraud prevention software suite. https://www.calcalistech.com/ctechnews/article/syc7hf11zwx

The News…

The first time I heard about the most prolific currency counterfeiter in U.S. history was from a British newspaper. Typical for the U.S. media. Frank Bourassa, a Canadian businessman, became the most prolific counterfeiter in U.S. history by producing $250 million in fake $20 bills. After burning out from running a brake factory in 2004, Bourassa spent years perfecting the counterfeiting process, including sourcing specialized paper with watermarks and security strips from an overseas mill and setting up a sophisticated print shop on a farm in Quebec. He successfully sold about $50 million worth of forged notes (earning $15 million) before being caught by the Royal Canadian Mounted Police in 2012, but he negotiated his freedom by revealing the location of the remaining $200 million in counterfeit currency—serving only six weeks in prison. Only six months in prison—who says crime doesn’t pay? https://news.sky.com/story/money-for-nothing-the-story-of-the-biggest-counterfeiter-in-us-history-11942377

A phishing scam targeting X users through fake DMCA copyright infringement notices. The scammers are sending emails claiming copyright violations and pressure recipients to click a “Review Details” button within 24 hours to avoid account limitations. The button leads to a fake X login page designed to steal usernames and passwords. I guess we should all go back to Twitter. https://www.malwarebytes.com/blog/news/2025/11/scammers-are-sending-bogus-copyright-warnings-to-steal-your-x-login

The Tampa office of the U.S. Secret Service is putting in the work! A recent operation to combat skimmers inspected 4400 point-of-sale terminals. https://www.secretservice.gov/newsroom/releases/2025/11/credit-card-skimming-outreach-operation-tampa-nets-five-illegal-skimming

Interisle released a report titled Cybercrime Supply Chain 2025 which looks at where criminals are acquiring resources to launch cyber-attacks. https://static1.squarespace.com/static/63dbf2b9075aa2535887e365/t/691b6978b85fdf082b140926/1763404152769/cybercrimesupplychain2025.pdf

SitusAMC announced they were breached on November 12, and hackers stole corporate data related to its banking customers, including accounting records and legal agreements. The breach is reported to have affected major U.S. banks like JPMorgan Chase, Citigroup, and Morgan Stanley, though the full scope of the breach remains under investigation. SitusAMC claims the incident is now contained, and its systems are operational, with no evidence of encrypting malware used. The Bu is currently investigating the breach. https://techcrunch.com/2025/11/24/us-banks-scramble-to-assess-data-theft-after-hackers-breach-financial-tech-firm/

Send this to your marketing team to increase awareness, or further destroy your relationship. URL shorteners are dangerous and should be avoided. As Cofense explains, the bad guys are using them—a lot. https://cofense.com/blog/the-6-url-shorteners-you-didn-t-know-were-helping-hackers

The Office of the Comptroller of the Currency (OCC) announced several steps to ease regulatory burdens on community banks, which lend most to small businesses in the U.S. These include customizing Bank Secrecy Act/Anti-Money Laundering (BSA/AML) examination procedures to better reflect the low-risk nature of community banks, ending the Money Laundering Risk (MLR) data collection system, and seeking feedback on the challenges these banks face with third-party service providers. The OCC also plans to propose a reduction in the community bank leverage ratio requirement soon, part of ongoing efforts to support local economic growth and job creation. https://www.occ.treas.gov/news-issuances/news-releases/2025/nr-occ-2025-110.html

So 2000’s…

With the use of AI, phishing emails are generated at high speed and evolve in real time. It was refreshing to receive one that was so clean, simple, and low-tech. I almost responded out of nostalgia.

Cool Tool

AI attempts to identify vehicles from an uploaded image. https://vehicle-ai.vercel.app/

Cool Job

Global Financial Crimes, U.S. Investigations Vice President - Morgan Stanley. https://morganstanley.eightfold.ai/careers/job?domain=morganstanley.com&pid=549793745753&src=JB-10147

Sign Off

Thank you for reading another issue. Have a great week and enjoy your turkey and pie.

Matt

Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.

Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.