I want to give full credit to Jay Dubina for sparking my thoughts on this topic. He’s the first person I’ve heard delve into the idea of agentic AI commerce fraud to this extent. I’ve been aware of the concept, but I heard Jay discuss it last week, and he really brought it to life for me.

We know how to investigate cyber-fraud: Follow the money. Find the device. Put the bad guy behind the keyboard.

What happens when there’s no keyboard?

Agentic AI is here, and it’s changing how commerce works at a fundamental level. These aren’t chatbots answering questions, they’re autonomous systems with tools, stored credentials, and decision-making authority. You give them a goal and they execute it.

And so we’re all on the same page, an agent is “an autonomous software system powered by AI that can perceive its environment, make decisions, and execute multi-step tasks to achieve a specific goal without constant human intervention.”

Consider this. You tell your AI agent, “Buy me a battery-powered lawn mower. Budget is $500. Prioritize reviews, price, and shipping time. Deliver to my home address.” The agent searches, evaluates, selects, and purchases, all without you touching a browser. Two days later, a mower shows up at your door. You spent thirty seconds on a task that used to take hours.

It’s brilliantly useful. It’s also a fraud investigator’s nightmare.

Now run that same scenario with a stolen identity, a compromised credit card, and a drop address. The bad guy doesn’t search for anything. Doesn’t visit any merchant site. Doesn’t enter a single piece of payment data manually. He gives the agent an instruction and walks away. The agent does the rest, across ten stolen identities, simultaneously, without getting tired.

What does the merchant see? An API call, a billing address that matches the stolen card, a gift shipping address. The transaction looks clean in isolation. The velocity looks odd across accounts, but individually? Nothing flags.

But eventually the cardholder recognizes the fraud and files a report. So you open an investigation.

The communication chain runs like this: actor > agent > merchant API > payment processor > fulfillment. Every hop is a potential evidence gap. The merchant has a transaction record. The payment processor has an authorization. The shipping carrier has a delivery scan. And what nobody has is an idea of what the agent platform logs, what they retain, and what legal framework applies when you ask for it.

Is an AI agent platform an Internet service provider? A bank? A phone carrier? A search engine? The search warrant process hasn’t caught up to the question. And some platforms are built privacy-forward by design, which means the logs you need may not exist at all.

Even if you get the logs, you have a new attribution problem. You can prove the agent made the purchase. But can you prove that the human gave the instruction? The session that initiated the task might be behind a residential proxy. Might be a stolen session token. Might be another automated layer entirely.

The bad guys’ defense writes itself: “I didn’t choose those items. I didn’t enter that payment data. Maybe the system did that, but it wasn’t me.”

Technically? They’re not wrong.

The investigative frameworks we have were built around one assumption: a human made each decision in a transaction. Agentic AI destroys that assumption completely. Yes, a human may have “set it off,” but what exactly is “it”? How much control did the human actually have once the agent took the wheel?

It’s probably good we start talking about this because the future is here.

The News

Maybe (probably not) I’ll have to start suggesting older adults look at Android again…Google’s June Android update introduces improved scam detection features aimed at fighting AI-driven impersonation and deepfake voice scams. This new system, available on Android 12 and above, requires users to install Google’s Phone, Contacts, and Messages apps to verify incoming calls from contacts. If a call appears to be spoofed via an online relay, the user will receive an alert. https://arstechnica.com/gadgets/2026/06/google-announces-deepfake-call-detection-for-android-new-airdrop-device-support/

You’ll be hard-pressed to name a group that provides a better threat intelligence write-up than the team at Flare. In this article, they profile a new stealer malware: “For $40 and a tutorial video, anyone can deploy a fully functional information stealer with credential harvesting, screen capture, Wi-Fi password extraction, file collection, persistence installation, and remote access, all controlled through a Telegram bot. KeyCat is a Python-based, multi-platform infostealer and remote access toolkit targeting both Windows and Linux environments.” https://flare.io/learn/resources/blog/keycat-stealer-multi-platform-infostealer

Yes, passkeys are better security. Yes, most people reject using them. Microsoft is forcing the issue and will no longer provide codes through SMS. https://support.microsoft.com/en-us/accounts-billing/manage/microsoft-to-stop-sending-sms-codes-for-personal-accounts

Here's an interesting statistic for your next dinner party: between 10% and 20% of all domains registered in 2025 were created by cybercriminals. Even on the lower end, that means there are approximately 8.5 million malicious domains available for criminal activity. Great reporting by Interisle. https://static1.squarespace.com/static/63dbf2b9075aa2535887e365/t/6a20724a659b821142b48388/1780511306582/FullReport_MaliciousRegistrationsintheDomainNameMarket_2026_rev.pdf

Proving there is no floor to the prospect of insider threats, this Pennsylvania government employee threw away her job and reputation over $6,000. https://www.wtaj.com/crime/former-rush-township-employee-facing-forgery-charge-after-stealing-6k/

A North Carolina man was sentenced to 121 months in prison for selling lists of elderly Americans’ personal information to Jamaican lottery fraud scammers. His lists were so good that his pseudonym, “Steve Dixon,” became synonymous with the scam, to the point that it was dropped in rap music. It is alleged he earned over $5.2 million from the scheme, which victimized over seven million elderly Americans and resulted in losses exceeding $9.5 million. https://www.justice.gov/opa/pr/fraudster-who-sold-personal-information-over-7-million-elderly-americans-jamaican-scammers

Troy Hunt believes the data breach disclosure lag is worse than ever. And he’s the authority on the issue. https://www.troyhunt.com/1000-data-breaches-later-the-disclosure-lag-is-worse-than-ever/

FinCEN has issued a warning to banks to look out for “red flags” suggesting payroll schemes involving individuals living illegally in the country. This marks an important step in the Trump administration’s immigration enforcement. After President Trump signed an executive order in May, which instructs regulators to check the citizenship status of bank customers without making it mandatory to collect such data, the advisory highlights more than twelve signs of identity theft, payroll tax fraud, and money laundering associated with unauthorized workers. https://www.fincen.gov/system/files/2026-06/FinCEN-Advisory-Non-Work-Authorized-Populations.pdf

The FBI released an unserious "Most Wanted Fraudster” list. While the individuals included are certainly deserving, not a single politician made the list. Which politician? Any of them, I suppose. https://www.fbi.gov/wanted/most-wanted-fraudsters

Feedback

Hey Matt, saw in Issue 286 where you asked the rhetorical question “how do you leverage your existing network to find a new job without broadcasting to your current employer that you’re looking to leave. Any additional insights on that? - Keith

For context, that question was part of a larger conversation, and I wasn’t asking for myself (in case my current employer might be reading this). But, no, Keith, I don’t have any additional ideas. It’s a valid question—what’s the point of having a big social media network if you can’t leverage it? Except when you're already unemployed. Let’s try an experiment: someone who is employed should activate their “open to work” banner and report back the results.

Send Feedback to matt(at)threatswithoutborders.com

dfir

Andrea Fortune examines a study tracking hired crime and intelligence analysts at a UK law enforcement agency over three interview periods: at six, twelve, and eighteen months. A total of sixty-three interviews were conducted. These analysts handled cases involving sexual assault, homicide, and serious crimes, frequently reviewing investigative reports, interview transcripts, recordings, and crime scene or autopsy images. The findings indicate that their mental health declined as expected. https://andreafortuna.org/2026/06/05/dfir-analyst-psychological-impact/

Share Threats Without Borders

Cool Jobs

Director of Fraud Risk Oversight, Fidelity. https://jobs.fidelity.com/en/jobs/2125543/director-fraud-risk-oversight/

Technology Services Specialist, Hershey Entertainment and Resorts. https://hersheypa.rec.pro.ukg.net/HER1020HERS/JobBoard/035cdc57-c54b-48c9-8c4d-f30e022675e5/OpportunityDetail?opportunityId=9a55dff5-4337-4489-93af-e8ff0a4f93b3

Cool Tools

Supported in-flight Wi-Fi portals expose a flight manifest. CabinLink uses it to show your location, altitude, speed, and how long until you land. It keeps working when the cabin signal does not. (I have not personally used this app, but it looks cool.) https://www.vishrutjha.com/cabinlink

Long for the days of Windows 95? Want to get nostalgic about MacOS Puma? This emulator has over 1700 operating systems pre-loaded and ready to run. https://virtualosmuseum.org/

Irrelevant

Statistics show many parolees are sent back to prison for “technical parole violations,” not committing new crimes. But a closer examination reveals they are committing new crimes, yet are sent back to prison for the TPV and never charged for the new offenses. Why? The authors of the study conclude:

The candid answer: it’s faster, easier, and more likely to pay off for prosecutors to send someone back to prison through a parole-violation hearing rather than through the courts. The parole hearing is held before representatives of the parole board, without any need to seat a jury, and the standard of proof is lower (“preponderance of the evidence,” not “beyond a reasonable doubt”).

City Journal Substack

The Hidden Crimes of Parolees

By Barry Latzer and Kristofer Bret Bucklen…

Read more

13 days ago · 12 likes · 1 comment

Sign Off

I received a lot of feedback over the last few weeks, especially about the editorial and the term “touch grass.” I can’t take credit for that, but I do subscribe to it. I spent my past Saturday outside, pretty much doing nothing but sitting in a chair, looking at trees, grass, and animals, and feeling the sun. I’m still a nutcase, but for that day, at least, it was a small dose of peace. And it felt good.

And I hope you all find some of it during your week.

Matt

Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.

Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.