Happy New Year - It’s gonna be the same

It’s that time when every blogger, YouTuber, LinkedIn warrior, and yes, even an itinerant newsletter writer, feels the need to guess what’s coming in the new year.

I look to the past. In fact, I could probably just recycle what I wrote last year, and the year before that, and the year before that.

Because when it comes to cyber and financial crime, the old is always news again.

This past year, my organization was targeted with intensive email bomb attacks. Didn’t have that on my bingo card, I mean, when were those last popular? Mid 2000’s?

And you know what else was crushing? Social engineering attacks by telephone. Email phishing. Card cracking...oh, that’s so 2015.

Facebook Marketplace scams? Believe it or not, over 3 billion people still use Facebook every day.

And as David Maimon so directly highlights just about every week on LinkedIn, check fraud. Yeah, paper check fraud.

Sure, technology has been used to enhance these old-school attacks to make them more effective, but for the most part, the bad guys don’t stray too far from the playbook.

But Matt, what about DDoS and ransomware? Just extortion. Same ‘ol crime, new technology. There are practical solutions to prevent both.

And as far as AI, it’s a real danger for sure... but not because it’s going to be used to launch some complex and elaborate attack against our network infrastructure. It’s because employees are loading corporate secrets into it while writing a product brief, or giving away their customer database while formatting a spreadsheet.

Don’t hear what I’m not saying. There are many advanced technological attacks, but for the most part, the real risk comes from the non-technical.

As an investigator, dedicate yourself to learning about the newest threats, but don’t forget where we’ve been.

Welcome to 2026, or maybe 2016.

The News…

Baker University disclosed a data breach affecting more than 53,000 individuals, revealing that attackers accessed its network from December 2-19, 2024 and stole sensitive information. The Kansas school hasn’t released information about the cause of the breach. https://www.bakeru.edu/wp-content/uploads/2025/12/Baker-Unviersity-Final-Website-Notice.pdf

The U.S. Attorney’s Office, working with international partners and the Michigan State Police, dismantled the online infrastructure of E-Note, a cryptocurrency exchange reportedly used for money laundering by transnational cybercriminal groups. Operating since 2010, the service provided money laundering services to cybercriminals, enabled international transfer of criminal funds, and converted cryptocurrency into cash. It’s good to see a cyber task force receive credit for its efforts. https://www.justice.gov/usao-edmi/pr/fbi-disrupts-virtual-money-laundering-service-used-facilitate-criminal-activity

Brad Duncan at the Sans Internet Storm Center examines some cryptocurrency scam emails. https://isc.sans.edu/diary/rss/32594

I teach a class called “How the Internet Works,” which delves into the development of IPv6 and why it’s not being adopted. IPv6, now 30 years old, was created in 1995 to address the looming IPv4 address shortage by expanding from 32-bit to 128-bit addresses, significantly increasing the available IP pool. Yet, less than half of internet users have adopted IPv6 due to its limited features beyond the larger address space, lack of backward compatibility with IPv4, and the widespread use of Network Address Translation (NAT), which allows multiple devices to share a single IPv4 address. https://www.theregister.com/2025/12/31/ipv6_at_30/

More like an incident non-response. Hernando County government website and services were offline for over a year and a half due to a Rhysida ransomware attack. The county recently confirmed data exfiltration, although the local newspaper has been actively reporting on the incident throughout. Nice of the County to final confirm what the local reporter knew 18 months ago. https://www.hernandosun.com/2026/01/02/hernando-county-notices-cybersecurity-breach-21-months-later/

Though not a major vulnerability, I tested this issue and confirmed it. A quirk in the iPhone Camera app causes the camera to activate when the app icon is touched, even if the app isn't opened. https://blog.jgc.org/2025/12/if-you-care-about-security-you-might.html

Reader Mail

Matt, my victim purchased some “Bitcoin” from someone on Facebook Marketplace. I’ve attached an image from the ad for your amusement. - G

This raises a genuine legal question: Is there a crime here? Clearly, the buyer failed to do basic research to understand what they intended to buy versus what they actually purchased. Where is the line between “theft by deception” and “buyer beware"? If I advertise an elephant for sale with a picture of a Husky and deliver a dog instead of an elephant, is that theft? Or is the buyer simply negligent or maybe plain stupid?

Send me mail: matt (at) threatswithoutborders.com

If the rent is too damn low

(It’s probably a scam)

The FTC released a new Data Spotlight report highlighting nearly 65,000 rental scams since 2020, resulting in approximately $65 million in losses, with the actual harm likely much higher due to underreporting.

Some highlights of the report:

• Scammers create fake listings by copying legitimate ads, changing contact information, or fabricating properties with attractive photos and below-market rent

• Facebook is the most reported platform (50% of scams), followed by Craigslist (16%)

• Young adults ages 18-29 are three times more likely to lose money to rental scams than other age groups

• The median reported loss is $1,000 per victim

https://www.ftc.gov/news-events/data-visualizations/data-spotlight/2025/12/rental-scams-hit-home-65-million-reported-losses

Cool Job

Director of Intelligence and Investigations - Major League Soccer. https://careers-mlssoccer.icims.com/jobs/2207/job

Senior Manager, Payments and Fraud - Tapestry https://careers.tapestry.com/job/North-Bergen-Sr_-Manager%2C-Payments-&-Fraud-NJ/1262914600/

Cool Tool

Search public forums and message boards: https://boardreader.com/

IntelOwl is an open-source platform built for managing large-scale threat intelligence. It combines a variety of online analyzers and sophisticated malware analysis tools to offer comprehensive insights from a single interface. https://github.com/intelowlproject/IntelOwl

Irrelevant

Last week, I provided an overview of the iOS apps that were moved to my phone's home screen due to heavy usage. Here are my favorite macOS applications.

Brave is my web browser of choice. It’s not as full-featured as Safari, but it is privacy-focused and secure, and it includes the best ad and pop-up blocker built in.

My information documentation and retention system includes Obsidian as my knowledge base, where I store long-term information—think of it as a personal Wiki. For routine notes, I use Bear. Almost all begin as a note in Bear and are moved to other repositories as needed. Bear uses tags for organization rather than folders. It’s awkward at first, but once you get the hang of it, you don’t want to use anything else. Additionally, I use Apple Notes for documentation tasks such as saving receipts or property inventories.

As mentioned in the iOS post, Things 3 is my task manager / To-Do application. It’s simple and effective.

All my writing starts in Drafts. It’s hard to find another app that’s as effective and efficient as Drafts, regardless of the app’s purpose. It’s really good, and the development team keeps it on point. I’ll transfer writing out of Drafts to other resources as needed. And of course, everything gets run through Grammarly. I pay for the Pro license, and it’s easily one of my best investments.

I’ve tested nearly all commercially available AI and LLM models. My most used are Perplexity, for Internet searches and general knowledge, and Claude, which I find excellent for ideation and exploring topics.

I use so many different utility and single-function apps that I can’t list them all. Some of the MVPs are:

TrashMe to remove apps and files from my Mac permanently. Dragging and dropping an app into the trash can (the Apple-recommended method) leaves orphaned files and folders scattered across the entire file system. TrashMe gets them all.

Cleanshot X is the best app for screenshots and recordings. Amphetamine is a small utility that keeps your machine from going to sleep. If you know, you know.

And I use many more, but you’re no longer reading at this point.

Sign Off

Thanks for sticking around another year! I can’t promise the newsletter will be great, but it probably can’t get worse.

See you next Tuesday.

Matt

“YOU WILL REGRET THINGS YOU DO NOT DO MORE THAN THE THINGS YOU DO.”

Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.

Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.