I’m old enough to remember when ATM’s arrived on the scene. Of course, we called them “MAC Machines”. I recall a local bank holding a contest to see who could withdraw the most money in a set amount of time to highlight the ease of use.

I also remember the concern that such technology raised about the future of banking. Well, the ATM didn’t replace the teller. But as this excellent article highlights, the smartphone is.

And when you combine the smartphone with an ebanking platform and the ATM, you get the perfect fraud workflow.

Proxy takedown

Law enforcement from eight countries seized 23 servers and 34 domains, froze $3.5M in crypto, and identified more than 124,000 users. Known as “SocksEscort”, the network, powered by the AVRecon botnet, has co-opted more than 369,000 IPs since 2020.

This service essentially took control of unsecured residential and business routers and sold access to them. This enabled an attacker to route their malicious Internet traffic through the router in a residential home or (small) business.

Untrained investigators often assume that tracing an IP address back to an ISP subscriber indicates that a user physically on the property who connected to the Internet through the router was responsible for the activity. Poor assumption. You must consider the possibility of an infected router being used as a proxy.

https://www.justice.gov/usao-edca/pr/authorities-dismantle-global-malicious-proxy-service-deployed-malware-and-defrauded

And not by coincidence, I’m sure, the Internet Crime Complaint Center (IC3) published a document titled “Evading Residential Proxy Networks: Protecting Your Devices From Becoming a Tool for Criminals”. https://www.ic3.gov/PSA/2026/PSA260312

More News…

This executive order, signed by President Trump, outlines a U.S. government strategy to combat cybercrime, fraud, and predatory schemes targeting American citizens, particularly those orchestrated by transnational criminal organizations (TCOs), sometimes with foreign state support. It directs multiple federal agencies to review and strengthen defenses, establish a coordinated operational cell within the National Coordination Center, enhance victim support through a proposed Victims Restoration Program, and engage internationally to pressure nations that harbor these criminal groups. The order emphasizes law enforcement, diplomacy, and potential offensive actions to disrupt and dismantle these threats. https://www.whitehouse.gov/presidential-actions/2026/03/combating-cybercrime-fraud-and-predatory-schemes-against-american-citizens/

C’mon, where are the controls? A Catholic bishop in the San Diego area resigned after being arrested and charged with embezzling $270,000 from St. Peter Chaldean Catholic Cathedral in El Cajon, California. He faces 16 felony charges, including money laundering, with prosecutors alleging he misappropriated monthly rental payments exceeding $30,000 from a church tenant. https://www.ncronline.org/news/pope-announces-resignation-us-bishop-accused-embezzling-270k-california-parish

Not a good week for men of the cloth. The head priest of Trinity Episcopal Cathedral in Pittsburgh was arrested on February 27 after being accused of stealing over $1,000 in baseball cards from a Walmart in Economy Borough. Police say he was caught leaving the store with 27 packs of baseball cards concealed on his person, and security footage allegedly showed him stealing from the same store on five separate occasions. The very reverend faces charges of receiving stolen property and retail theft. https://abcnews.com/US/wireStory/head-priest-episcopal-church-pittsburgh-accused-stealing-baseball-130976273

Crypto traders - “Slippage” will kill you. Or cost you 50 million dollars. “Slippage is the difference between the price a trader would expect to get in a trade and the price they receive once the transaction executes. This can happen in large orders or when liquidity is weak.” https://www.theblock.co/post/393466/crypto-whale-loses-nearly-50-million-swapping-usdt-for-aave

A ransomware negotiator working for an incident response firm has been accused by the Department of Justice of secretly collaborating with the ALPHV/BlackCat cybercrime group while helping victims negotiate ransoms. The man and two colleagues allegedly carried out at least 10 ransomware attacks and shared confidential negotiation details with criminals to increase ransom payments in exchange for a share of the proceeds, with ransoms reaching up to $26 million. https://therecord.media/ransomware-blackcat-doj-incident-responder

Bonus

Anthropic is doubling the usage limits for Claude during off-hours. So do your heavy work at 2 am. https://support.claude.com/en/articles/14063676-claude-march-2026-usage-promotion

Cool Job

Head of Digital Financial Crimes Compliance, State Street. https://statestreet.wd1.myworkdayjobs.com/Global/job/Boston-Massachusetts/Head-of-Digital-Financial-Crimes-Compliance--Managing-Director_R-781812

Financial Crimes Investigations Specialist, DraftKings. https://draftkings.wd1.myworkdayjobs.com/draftkings/job/Remote---US/Financial-Crimes-Investigations-Specialist_JR13845-3

Cool Tool

Notes as easy as texting. https://prism.you/

ABA Routing Number Look-up/Search. https://routingnumber.aba.com/Search1.aspx

DFIR

The forensic value of Apple Spotlight artifacts. https://forensafe.com/blogs/apple-spotlight.html

Young people…

Claude assessed itself and identified the jobs it will replace. Pivot and adapt as needed. Don’t be like the wagon wheel maker who kept making wagon wheels after seeing the automobile pass through town.

https://www.anthropic.com/research/labor-market-impacts

Irrelevant

Sending employees back into the office isn’t going well. https://thehill.com/opinion/technology/5775420-remote-first-productivity-growth/

Sign Off

My good will, positive vibes, and prayers will be offered to anyone traveling this week. What a mess. Get to the airport early and bring an extra dose of patience. I try to keep politics out of the newsletter, but damn, what do we even have these people for? If our elected officials can’t agree to ensure our essential security personnel, like TSA, get paychecks, then the system is graveyard dead. They all need to go, regardless of whether they have a D or R behind their name.

Thanks,

Matt

“TRY BEING INFORMED INSTEAD OF JUST OPINIONATED.”

Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.

Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.