Jim McKee

🕵️‍♂️ Behind the Scenes of Fighting Romance Scams • A private investigator examined hundreds of passports used in romance scams — not a single one was real • Scammers reuse the same fake IDs over and over because they only need one victim to fall for it • Today’s PIs spend less time tailing suspects and more time verifying identities, documents, and backgrounds • Fake passports, banking records, and even AI deepfake videos are now common tools of online fraud • The work doesn’t just stop scams — it protects reputations, assets, and people at their most vulnerable https://bit.ly/4tDTXU2

7

2 Comments

Private Investigators Let’s Talk Database Platforms. Behind every solid investigation is solid data. Before surveillance is ever set up, most of us are digging through professional platforms like: • TLOxp • Tracers • LexisNexis Accurint • CLEAR (Thomson Reuters) • IDI Core • IRBsearch Each one has strengths. Each one has gaps. Some are stronger for current address development. Some map associates are better. Some give better business affiliations. Some are more budget-friendly for smaller agencies. I’ve found that no single database tells the full story, verification and cross-checking are everything. So I’m curious: What platform do you rely on most? Do you stack multiple systems to confirm accuracy? Which one gives you the best ROI for your agency size? Any platform you’ve dropped recently and why? No proprietary methods, just professional preferences. Because in this field, good data saves hours in the field. #PrivateInvestigator #Investigations #SkipTracing #OSINT #DataResearch #PILife #LegalEyeInvestigations

20

10 Comments

🔍 Some of the most creative breakthroughs in OSINT come from experimental R&D and this upcoming edition of the The OSINT Newsletter by Jake Creps is packed with exactly that. From biometric tattoo recognition (via Aidan Raney) to AI agents that can instantly profile companies, the research covered here has real investigative applications. Add in ethical Gmail validation insights from 🔐Yoni ‍ and a clever phishing trick breakdown by Michel Coene, and you’ve got a playbook of techniques every investigator should know. Subscribe FREE to get notified when it is sent out 👇

21

Fraud investigations may appear simple on the surface, but in reality they are highly complex professional engagements that require extensive planning, specialized skills, and strong coordination. A fraud investigator must conduct coordinated activities supported by a deep understanding of systems, careful planning aligned with evolving modus operandi, in-depth knowledge of market systems and structures, and deliberate, rigorous analytical execution.

1

The future of fraud prevention is not detection. It’s #prediction! And prediction only becomes possible when intelligence is shared. Investment, romance, and marketplace scams consistently reuse the same recipient accounts across many victims. Viewed in isolation, each institution sees a single transaction and responds reactively. Viewed collectively, those shared signals expose active scam infrastructure early, making it possible to predict that additional victims are already engaged and that more payment attempts are imminent. The same holds for money mule networks: what appears as weak or ambiguous activity in one bank becomes a reliable predictor of future fraud when correlated across several institutions. Fraud operates as a coordinated system, and effective defense must do the same. The organizations that will lead in fraud prevention are those that shift from retrospective detection to anticipatory action, using shared intelligence not just to stop today’s loss, but to predict and prevent tomorrow’s.

127

1 Comment

Why Private Investigators Don't Trust Databases Alone... Commercial databasea like (TLO, IRB, Accurint, Clear, Lexis...) are only as good as the records they can access and can pull information from. When those sources are credit bureaus and other document repositories there is often incorrect information reported. Source documents MUST be pulled and reviewed to verify findings in commercial database reports. +Property Records +Tax Assessor Records +Court Records (State & Federal) +Bankruptcy Cases +Driving Records +Business Filings +Corporate Records +Business Licenses +Fictitious Business Names +Vehicle Ownership Records +Trademark Registrations +Sex Offender Registries +Government Watch Lists +Domain Registration (WHOIS) Records Remember, commercial databases are good at showing you where to look, but don't always give you the whole picture. #PrivateInvestigator #InvestigativeResearch #TrustButVerify #ProfessionalInvestigator

10

PCI DSS has a fundamental design flaw. Enforcement is outsourced to acquiring banks, who have every commercial reason not to irritate their merchant customers. They don’t want to build or fund large teams of PCI specialists capable of accurately assessing the compliance of millions of merchants, so they push the burden downstream. Merchants are told to self‑assess, which means the people least equipped to understand PCI DSS end up determining their own compliance status. The results are predictable. The downstream ecosystem has repeatedly shown it cannot be trusted to secure cardholder data. If an ecosystem consistently fails to meet the minimum bar, the logical conclusion is that it shouldn’t be allowed anywhere near sensitive payment data in the first place. What makes this even more absurd is that banks absolutely could design a tamper‑proof, foolproof, merchant‑proof payment system. The technology exists. The cryptography exists. The outsourcing options exist. What doesn’t exist is the incentive. The current model is profitable and low‑liability. Fraud losses, compliance costs, breach penalties and operational burdens are all pushed onto merchants. A truly secure system would flip that responsibility back onto the banks and card brands, but they have no interest in owning that liability. On top of that, a foolproof system would wipe out the entire PCI compliance industry, which has become a revenue stream in its own right. So we’re left with a system built on 1970s architecture, protected by a standard that relies on self‑attestation, enforced by organisations with no incentive to enforce it, and surrounded by an ecosystem that has proven it cannot secure the data it handles. If the industry genuinely wants secure payments, it needs to stop pretending PCI DSS is a security standard and start treating it for what it is: a liability‑shifting mechanism. Real security will only arrive when the organisations with the power to fix the system are also the ones who bear the consequences when it fails. #payments #security #pcidss #compliance #fintech #cybersecurity #riskmanagement #dataprotection #infosec #governance #standards #paymentsindustry #merchantservices #regulation #technology

21

15 Comments

Strong conversations coming out of Milipol Paris 2025 🇫🇷 Megadose Palenath met with the Ministère de l'Intérieur of the Préfecture de Police who use OSINT Industries in their daily investigative work. These exchanges underline something we are seeing across Europe and beyond. Open source intelligence is no longer a specialist capability. It is becoming core infrastructure for modern law enforcement and security operations. The feedback from teams like the BRI is invaluable and helps shape the direction of our platform. Great work Megadose Palenath! 🤝 #OSINT #Intelligence

8

“Probably the best OSINT capability in the world." Now embedded in Altia OSINT Investigator across Canada via the OSINT Industries API - faster intelligence, deeper digital footprint analysis, less manual work. I’m in Canada this week. Recognise the slogan? Use your OSINT skills… guess the brand and I’ll give you a free pilot.”** altia US | Canada

7

Beyond Compliance: Understanding Sanctions Risk in the Defense Sector Many organizations assume their exposure is covered because they operate within U.S. regulatory frameworks. But real vulnerabilities often sit just beneath the surface: • Suppliers and partners operating in high-risk regions • Complex subcontractor and vendor networks • Layered or opaque ownership structures • Transactions that indirectly touch sanctioned jurisdictions In today’s environment, regulators expect more than basic screening — they expect visibility. And when gaps are identified, the impact can extend beyond penalties: Contract disruption, reputational damage, and increased scrutiny across programs. Our team works with organizations across the defense sector to identify and address sanctions exposure before it becomes a problem. We support: • Sanctions risk assessments aligned to operational realities • Third-party and supply chain due diligence • Beneficial ownership analysis • Practical remediation strategies that strengthen internal controls Because in a sector where precision matters, assumptions can be costly. If your organization operates globally or relies on complex partner networks, it may be time to take a closer look. https://lnkd.in/eW6dvJCb #DefenseIndustry #SanctionsCompliance #ExportControls #RiskManagement #SupplyChainRisk #Compliance #AerospaceAndDefense

8

1 Comment

🚨 BREAKING: FBI Exposes Philippines-Based Pig Butchering Infrastructure 🚨 📄 Read the full FBI FLASH PDF below. - The FBI just dropped a FLASH bulletin exposing Funnull Technology Inc., a Philippines-based provider that supplied infrastructure to over 332,000 domains facilitating crypto investment fraud — the notorious “Pig Butchering” scams. These domains weren't just random popups. They were part of a deliberately managed, synchronized fraud network, shifting IP addresses in bulk and camouflaged through thousands of Canonical Names (CNAMEs) like funnull01.vip, fn01.vip, and funnullcdn.com. These aren’t one-off scammers in basements. They’re transnational syndicates, trafficking humans into scam compounds in Southeast Asia and bleeding Westerners dry through emotional manipulation and crypto fraud. ❗But here’s the kicker: These domains got their infrastructure from legitimate U.S. providers — bought in bulk, resold to criminals, and then used to defraud the vulnerable. * This isn’t a tech problem. * It’s a justice problem. * A policy problem. * A response problem. At Stingforce, we don’t wait for permission. We don’t just write whitepapers. We freeze assets. We stop active frauds. We get bad guys arrested. And we’re building a global public-private force of investigators, analysts, prosecutors, and frontline agents to respond in real time — across borders, jurisdictions, and red tape. 🟡 Want in? Start here → https://lnkd.in/dRG-ZrZU 🟡 This is where excuses go to die. And justice begins.

47

2 Comments

Bank and insurance security isn’t just about vault doors or access controls anymore. Today’s real threat comes from 𝘰𝘳𝘨𝘢𝘯𝘪𝘻𝘦𝘥 𝘢𝘤𝘵𝘪𝘷𝘪𝘴𝘵 𝘤𝘢𝘮𝘱𝘢𝘪𝘨𝘯𝘴 aimed at disrupting operations, damaging reputations, and pressuring financial institutions over financing of oil & gas, defense, and other targeted industries. Consider this scenario: Activist networks plan coordinated blockades of 25 bank and insurance offices, vandalize ATMs and storefronts overnight, and launch viral social media campaigns calling for mass account closures. Timed precisely with earnings releases or shareholder meetings to maximize impact. Modern Attack Vectors Include: - Synchronized local protests and office blockades disrupting daily operations - Vandalism of branches, ATMs, and insurance offices to create fear and reputational damage - Social media campaigns urging “digital runs” or mass policy cancellations - Targeting of payment and claims processing facilities - Shareholder activism coordinated for maximum public pressure The Critical Gap in Traditional Security: Conventional approaches focus on individual incidents or locations, but miss the 𝘯𝘦𝘵𝘸𝘰𝘳𝘬𝘦𝘥 𝘱𝘭𝘢𝘯𝘯𝘪𝘯𝘨 behind these activities, often coordinated via encrypted messaging, social media channels, and transnational activist groups. Effective Financial Sector Security Must Include Proactive Monitoring of: - Online activist organizing and planning forums - Cross-platform, cross-border coordination patterns - Timing strategies linked to financial events (earnings calls, shareholder votes) - Local protest mobilization efforts, blockade planning, and vandalism threats - Regulatory and reputational campaigns in the pipeline Institutions that succeed won’t just react to smashed windows or blocked entrances, they’ll anticipate these moves by understanding the networks and tactics behind them. Is your security strategy watching doors, or the networks where disruption is planned? #FinancialSecurity #BankingSecurity #InsuranceSecurity #OperationalIntelligence #ActivistMonitoring #ReputationalRisk #CoordinatedThreats

13

Are we really measuring what matters? The latest #NIST #PFT results raise this very important question. As the top fingerprint providers show near-parity in accuracy (just 0.1% separates the top four algorithms), it’s clear we may be hitting the ceiling of what accuracy alone can offer. So what else sets you apart? ROC delivers comparable accuracy while performing 25x faster than the #1-ranked provider. That kind of speed doesn’t just win benchmarks. It slashes operational costs and accelerates mission-critical output in the real world. As someone who’s been on the other side of procurement decisions, I know just how important accuracy is. But when speed, scale, and cost matter just as much, perhaps it is time for the industry to start looking beyond the outsized influence of a single dominant metric. I’m interested to get your read on this... Meanwhile, feel free to explore the results for yourself: https://lnkd.in/egPBWNrf Sidenote: It’s an open secret in the industry that some vendors game the system, running their benchmark submissions at slower speeds to manipulate accuracy, while selling a scaled back, less accurate version to customers. This proves that what you see in the benchmark isn’t always what you get in production.

48

2 Comments

What if the regulations you thought were holding back facial authentication were actually the key to making it work? That’s the insight behind our new white paper, written in collaboration with The Access Control Collective and RealSense: 𝙏𝙝𝙚 𝙀𝙩𝙝𝙞𝙘𝙖𝙡 𝘼𝙥𝙥𝙡𝙞𝙘𝙖𝙩𝙞𝙤𝙣 𝙤𝙛 𝙁𝙖𝙘𝙞𝙖𝙡 𝘼𝙪𝙩𝙝𝙚𝙣𝙩𝙞𝙘𝙖𝙩𝙞𝙤𝙣 𝙞𝙣 𝙀𝙣𝙩𝙚𝙧𝙥𝙧𝙞𝙨𝙚 𝘼𝙘𝙘𝙚𝙨𝙨 𝘾𝙤𝙣𝙩𝙧𝙤𝙡 𝙞𝙣 𝙒𝙚𝙨𝙩𝙚𝙧𝙣 𝙈𝙖𝙧𝙠𝙚𝙩𝙨. Thank you to Mike Nielsen, Eyal Rond, Penny Malsch and the team at RealSense for the opportunity to collaborate on such an important piece. 𝗔𝘃𝗮𝗶𝗹𝗮𝗯𝗹𝗲 𝗻𝗼𝘄. Download in the comments. 👇

21

1 Comment

The data associated with Flock Safety deployments, year over year, is impossible to ignore. Here's yet another example of that! Excerpt from the story on SDPD: Inside the category, the number of motor vehicle theft incidents had the biggest drop, falling about 20% — from 6,723 in 2023 to 5,409 in 2024. Police officials attribute this change to the use of automated license plate reader technology...

15

As a trusted partner to MSPs across the U.S., Breadcrumb provides DFIR expertise and investigative support when it matters most — ransomware, bank fraud, account compromise, insider threats, and more. We work behind the scenes to help partners navigate complex investigations and deliver clarity to their clients. When the objective is to understand root cause and the scope of impact, independence matters. That’s when MSPs turn to Breadcrumb — for neutral, defensible digital forensics and incident response when clarity counts. #dfir #msp #mssp Breadcrumb Cybersecurity

6

“Protecting the American Public from Crypto Risks and Harms” — A Must-Read From Tonantzin Carmona of the Brookings Institution Explicating the Multi-Faceted Perils of the Cryptoverse In a comprehensive crypto-exposé, Tonantzin reframes crypto not just as a tech or finance issue, but as a broader public-interest challenge that affects financial stability, consumer protection, and local communities. Along these lines, Tonantzin outlines how crypto is already impacting: — State pensions and retirement savings; — Consumer fraud and scams, especially targeting older adults, Black, Latino or Hispanic, and lower-income neighborhoods (instead of providing meaningful financial access, crypto contributes to a devastating form of predatory inclusion); — Environmental and public health harms via bitcoin mining; — National security risks tied to crypto-financed ransomware and illicit trafficking; and — Political ethics and conflicts of interest among lawmakers involved in crypto policy. Tonantzin carefully catalogues the disturbing trend of U.S. crypto-regulatory rollback, not just at the SEC, but also at DOJ, FDIC, OCC, the Fed and everywhere else in the U.S. government, all carried out under the laughable auspices of “facilitating innovation,” a fallacy which is not only nonsensical but also shamelessly orchestrated in plain view. Tonantzin writes: “[U]nlike past technological breakthroughs such as smartphones, GPS, or cloud computing, which rapidly improved daily life, cryptocurrencies have yet to deliver comparable public value. Sixteen years after its creation, crypto’s primary legal use case remains financial speculation, benefiting a small class of insiders while leaving everyday Americans to bear the cost.” Tonantzin also meticulously explains how today’s crypto policy landscape shows signs of teeing up the possibility of a repeat performance of the 2008 financial crisis and the savings and loan crisis of the 1980s, where “a combination of regulatory complacency and deregulation of speculative financial products created a recipe for disaster.” Tonantzin’s ominous tone is both foretelling and compelling: “The warning signs are familiar: Financial products that are complex, opaque, and poorly understood by the public; increased risk-taking justified by promises of innovation; and a growing intertwining of speculative assets and essential institutions. Without stronger oversight and structural safeguards, a major disruption in crypto markets—such as the collapse of a major stablecoin issuer, crypto lending platform, or crypto exchange—could affect pensions, savings, small business loans, and more. And if a taxpayer-funded bailout becomes necessary, even those who never engaged with crypto could bear the cost.” Kudos to Tonantzin Carmona, she is speaking truth to power — and she is a national treasure. Read Tonantzin’s carefully-footnoted analysis at:

62

5 Comments