I frequently see requests from investigators seeking OSINT (Open Source Intelligence) training and resources to track down scoflaw account holders. The common belief is, “If we have more tools and training, we can effectively find these individuals.”

This topic came up in a forum this week, reminding me of a recent LinkedIn post that truly resonated with me.

For those not aware, a recent TransUnion analysis shows that synthetic identity fraud loss exposure rose to $3.3 billion for US lenders in 2024, involving open accounts for credit cards, retail cards, auto loans, and personal loans.

Investigators DO need more OSINT training and access to better tools, but first things first… tools and knowing how to use them are irrelevant if the person you're trying to find doesn’t exist!

A lot of time is spent tracking down puppets instead of uncovering the puppet masters.

The initial step should be learning how to identify synthetic identities. If an account is synthetic, focus on discovering who is behind it. If you verify that the account is linked to a real person, then proceed to find that individual.

At this stage, the initial question shouldn’t be “Where is this person?”, but rather “Is this actually a person?”.

https://plaid.com/resources/fraud/synthetic-identity-fraud/

The News…

Trellix observed a surge in Facebook phishing scams in the second half of 2025, notably using the “Browser in the Browser” technique to trick users into revealing credentials. https://www.trellix.com/blogs/research/the-unfriending-truth-how-to-spot-a-facebook-phishing-scam/

Unit 42 describes a payroll fraud attack where threat actors used social engineering to compromise employee accounts and redirect paychecks to attacker-controlled bank accounts. The attackers bypassed technical security controls by impersonating employees and manipulating help desk staff into performing password resets and MFA re-enrollment, using publicly available information from social platforms to answer verification questions. https://unit42.paloaltonetworks.com/social-engineering-payroll-pirates/

The Chainalysis 2026 Crypto Crime Report estimates that $17 billion was lost to crypto scams and fraud in 2025. This increase was driven by a 1400% year-over-year rise in impersonation scams and the growing use of AI tools, which make scams 4.5 times more profitable. Major trends include the industrialization of fraud through “crime-as-a-service” models like phishing kits and AI-powered deepfakes, often connected to criminal networks in East and Southeast Asia. The report also emphasizes the merging of different scam types, the involvement of human trafficking, and the urgent need for better international cooperation and real-time detection tools to address the escalating threat transnational threat.

https://www.chainalysis.com/blog/crypto-scams-2026/

Microsoft Threat Intelligence has identified RedVDS, a virtual desktop service exploited by cybercriminals for activities like business email compromise (BEC), phishing, account takeovers, and financial fraud. Operating since 2019, RedVDS offers inexpensive, unlicensed Windows RDP servers with complete administrative control, allowing threat actors to carry out extensive attacks with little oversight. The service is hosted by several third-party providers in countries including the U.S., Canada, UK, France, and the Netherlands, with payments made through cryptocurrency to preserve anonymity. https://www.microsoft.com/en-us/security/blog/2026/01/14/inside-redvds-how-a-single-virtual-desktop-provider-fueled-worldwide-cybercriminal-operations/

A man from Venezuela has been charged in the Eastern District of Virginia with laundering one billion dollars. Yes, that's a billion. https://www.justice.gov/usao-edva/pr/venezuelan-national-charged-laundering-approximately-billion-dollars-illicit-funds

Ever wonder how cocaine traffickers launder their money? Well, here’s a pretty good explanation. https://theconversation.com/how-cocaine-traffickers-launder-cartel-money-270500

DFIR

Steve Whalen is the the O.G. of Mac forensics so when he writes something, you need to read it. He explains why physical imaging is effectively dead for modern macOS machines. https://sumuri.com/the-death-of-physical-imaging-understanding-the-new-standard-in-mac-forensics/

I know physics

Cool Job

Fraud and Corruption Investigator - NSA. https://apply.intelligencecareers.gov/job-description/1248692

Cool Tool

Quickly find those hidden account deletion pages. https://justdeleteme.xyz/

To the glee of the enterprise's Marketing departments, this tool helps you create the most suspicious-looking link possible. https://creepylink.com/

Irrelevant

It’s annoying that Wal-Mart doesn’t accept Apple Pay. Here’s an explanation why. https://9to5mac.com/2026/01/18/heres-why-walmart-still-doesnt-support-apple-pay/

Sign Off

Thanks for checking in again this week. A major storm is forecasted to hit most of the eastern U.S. this weekend, so please stay safe if you need to travel.

See you all next Tuesday.

Matt

“IT ISN’T A PROBLEM UNLESS YOU WORRY ABOUT IT.”

Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.

Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.