Although paper documents used for the promise of financial payment date back to the Romans, the invention of the pre-printed consumer check with serial numbers is credited to an English banker in 1762. Fraudulent checks probably started appearing three days later.

And here we are, 264 years in the future, still fighting check fraud, and it might even be a worse problem than it ever has been.

At least three of the talks I heard at the BSides Harrisburg cybersecurity conference last week prominently discussed mental health and the need for self-care. It’s not being selfish or being fragile. It’s necessary to keep you fit for the job, which ultimately makes you more effective.

The cybersecurity field is getting really good at talking about this. And demanding management recognizes it and provides resources for it. Coming together as a community and saying, “ Hey, we’re going to make mental health wellness part of our group identity.

Fraud - not so much. In fact, I feel like it’s gotten worse. A recurring mantra shared at conferences and shouted across social media of “mount up fraud fighters and get locked-the-fuck-in because THIS is the year we take it to the fraudsters!”

So everyone gets hyped, puts on their armor, works 58 hours a week for months, only to get absolutely steamrolled by the bad guys. And you all end up right back at disappointment and burnout.

Because the lack of diligence, knowledge, and hard work is not the problem. It’s a resource problem and a human psychology problem.

Remember the old fraud triangle? Three elements come together to create a situation of fraud: Opportunity, Rationalization, and Pressure. Well, there are a hell of lot of people out there with the pressure to get money, our societal decay and low moral standards make it easy to rationalize criminality, and the Internet - oh, the great facilitator - is giving more and more people the opportunity every day.

I spent twelve of my twenty-four-year law enforcement career in the criminal investigation room with a case docket. And guess what, I never got to Casleoad 0. Regardless of how much overtime I worked, or how many birthdays and kids’ sporting events I missed to “get caught up”. And for what? So I could determine that some ass-hole in Romania stole some files from a company in Pennsylvania. Well, the company didn’t get their files back, the suspect is still in Romania, and I missed making memories with my kids. Duplicate this story dozens and dozens of times. Ask my wife, she spent a lot of time as a single mother.

The reality is that macro-level fraud is essentially unsolvable, so stop thinking you’re going to be the one to do it.

We are never going to work hard enough to expel all the adversaries. Like weeds in the garden, no matter how many we pull, there will be more next week.

Listen up, and don’t hear what I’m not saying. Yes, we should be working hard, continuously training, and accepting every effort to learn. Absolutely, go to fraud conferences to get recharged and socialized. Post your catchy slogans to LinkedIn. Get yourself locked in and down for the effort.

But remember, we’re not going to solve this problem. You’re going to have three more cases Monday morning, whether you work Saturday or not.

Prioritize your well-being by taking a mental health day, visiting the park with your kids, enjoying a nice dinner with your spouse, or spending a few days digging your toes in the sand.

Take a break. Or as the kids like to say, touch earth.

The fraud will be there when you return.

The News

This article is not interesting because of the subject itself but because of how the author analyzed the probable cause affidavit written by the charging investigator. Sometimes, we overlook this aspect in the name of “probable cause," but we often provide suspects with details that improve their chances of not getting caught. This results in us only catching the” low-hanging fruit” and inadvertently empowering the more dangerous individuals. https://arstechnica.com/tech-policy/2026/05/fbi-easily-nabs-man-selling-sexy-deepfakes-who-used-his-own-photo-in-profile/

US law enforcement and intelligence agencies are increasingly labeling dissent against artificial intelligence and data centers as “anti-tech extremism,”. Yeah, well, I don’t want a 24/7 data center in my backyard and I’m certainly not an anti-tech extremist. https://www.wired.com/story/us-law-enforcement-warns-of-anti-tech-extremism/

A Google employee has been charged with fraud for allegedly using insider information to profit $1.2 million from bets on Polymarket. https://www.cnbc.com/2026/05/27/google-employee-polymarket-insider-trading.html

Microsoft is not happy that several vulnerability researchers have released reports on bugs and exploits in Microsoft systems without first giving the compani’s PR teams time to spin the news , err, to create a patch. https://www.microsoft.com/en-us/msrc/blog/2026/05/a-shared-responsibility-protecting-customers-through-coordinated-vulnerability-disclosure

Attackers are abusing the shared content features of AI chatbot platforms like ChatGPT and Claude to deliver malware by hosting malicious pages on trusted domains such as `chatgpt.com` and `claude.ai`, effectively bypassing standard URL reputation checks. https://pushsecurity.com/blog/llmshare-malvertising-campaign

Researchers from Unit 42 are recognizing a significant shift in the cyber extortion landscape, in which threat actors are increasingly abandoning ransomware encryption in favor of pure data theft and extortion, a trend driven by improved organizational backup capabilities and the severe financial leverage of modern regulatory frameworks like GDPR and SEC disclosure rules. This “data-only” approach has surged, with incidents rising from 2% in 2020 to 15% in 2025, particularly targeting mid-sized firms in healthcare, professional services, and construction, where the average cost of a breach now exceeds $5 million. https://unit42.paloaltonetworks.com/cyber-extortion-economy/

The Supreme Court will soon decide the legality of geofence warrants. It heard arguments in Chatrie v. United States, a case about geofence warrants and Fourth Amendment privacy concerns. Tech Policy Press fellow Jake Laperruque discussed the case with Michael Price from the Fourth Amendment Center. https://www.techpolicy.press/whats-at-stake-in-chatrie-v-united-states/

Feedback

“I agree with your take that most of us would probably pay the ransom, but I think you missed an important caveat. At this point, the business isn’t making the decision; the insurance company is, or at least an attorney and a bean counter working for the insurance company is. The business owner makes that single phone call, and it’s on autopilot from there. Incident response team, ransom negotiator, legal, finance — it’s all pre-packaged. It is now standard for attackers to demand insurance documents to prove the payment limits before they lower their demands.” - Jack B.

Send Feedback to matt(at)threatswithoutborders.com

No subscription fees, no ads, no paid product placements. Free, for real. How about helping the newsletter grow? Share it with your network.

Share Threats Without Borders

DFIR

The digital forensics lab at Neumann University (just outside Philadelphia) led by Prof. Joe Walsh is winning at everything. Fantastic experience for students and actually helping law enforcement solve crimes. Awesome work, Joe.

To date, that team has assisted in 988 cases across 64 departments and agencies since the center’s inception in May 2024, including 424 forensic investigations of digital devices and 528 incidents of real-time crime.

https://www.govtech.com/education/higher-ed/neumann-university-helps-law-enforcement-with-digital-forensics

Cool Jobs

Sr. Manager of Cybersecurity, Washington Commanders Football. https://www.teamworkonline.com/football-jobs/washington-commanders-jobs/washington-commanders-jobs/cyber-security-sr-manager-2161458

Cool Tools

Chrome, Edge, Brave, Vivaldi, and Helium are all browsers built on Chromium. This site tests to ensure your browser of choice is built on the most up-to-date version of Chromium. https://chromiumchecker.com/

Network investigations toolbox. https://robtex.com/

Irrelevant

The Costco theory of the Internet. https://www.joanwestenberg.com/the-costco-theory-of-the-internet/

Just under the wire…

Published just in time to make this issue, David Maimon traces how the online fake document economy has evolved from the centralized, physical-forgeries marketplace of the Silk Road period (2011–2017) to an automated, AI-powered process accessible to anyone with a browser. The current “AI Era” has removed the last obstacle by employing generative AI to produce synthetic faces and evade liveness checks, rendering the entire fraud cycle, from identity creation to verification, completely automated. https://resources.sentilink.com/blog/the-evolution-of-the-online-fake-document-economy

Sign Off

They informed me that the attendance at the BSides Harrisburg Cybersecurity Conference this year was lower than usual, but I couldn’t tell. The rooms appeared packed, at least during the morning sessions. However, attendance at the presentations significantly declined in the afternoon, which was disappointing and something I never quite comprehend. Why pay to attend an event only to spend half of the day there? If I ever organize a conference, I’ll definitely schedule the most anticipated speaker at 3 p.m.

It was wonderful to meet so many readers and reconnect with those I’ve known.

Matt

Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.

Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.