a
About T&M
Expert Insights
Client Login
Request a Consultation
M

T&M USA Headquarters

New York
230 Park Avenue, Suite 440,
New York, NY 10169

212.422.0000

Office Locations

  • Washington D.C.
  • Boston
  • Los Angeles
  • West Palm Beach

T&M Edge – Issue No. 4: AI-Enabled Cybercrime and the Expanding Fraud Landscape

Tuesday, May 12, 2026 

Welcome to T&M Edge

Fast-moving events can reshape the security landscape overnight – whether oceans away or in our streets. In these times, staying informed is more than an advantage; it is a necessity. That’s why T&M is pleased to launch T&M Edge, a newsletter that delivers timely and actionable insights for busy security professionals like you.

Each edition of T&M Edge will dissect the security consequences of major events, from geopolitical shifts to cyberattacks, from natural disasters to workplace violence.

When we highlight an event or trend in T&M Edge, it’s a heads-up worth your time and attention because exploring security implications today could safeguard your operations tomorrow.

Why T&M Edge?

  • Curated Analysis
  • Concise Takeaways
  • Valuable Insights
  • Practical Strategies
  • Expert Perspectives
  • Best Practices

As we know, staying safe in today’s world takes more than reacting. It requires information/intel, preparation, and action. T&M Edge will help identify patterns and help you plan appropriately. T&M Edge will explore how events at home and abroad may impact your business or community and offer proactive steps to address emerging threats.

We look forward to navigating the future with you.

Remain Vigilant,
George Sax, Chief Security Officer, T&M USA LLC

 

INTERVIEW WITH CYBER CRIME EXPERT MATT O’NEILL

 

T&M Edge Perspective:

Staying vigilant against cyber threats takes effort every day, sometimes every hour. Scammers target all aspects of our lives, from the routine to the special. UPS allegedly texts about delivery instructions, but there is no package, and the text is actually from a hacker. An Evite for a dinner party looks like it came from a friend, but it’s the work of an intruder trying to hijack your digital life. Even death becomes an opening for criminals, who build identity theft profiles from the personal details in online obituaries.

Cyber-enabled crimes are all around and on the rise, defrauding Americans out of nearly $21 billion a year, according to the latest figures from the FBI. Hardest hit are people over the age of 60, who lost $7.7 billion to scammers in 2025 — a 37% jump from 2024.

Cybercrime expert Matt O’Neill has dedicated his career to analyzing and battling these alarming trends. For 25 years, he specialized in fraud investigations for the United States Secret Service, retiring as the Deputy Special Agent in Charge of the Cyber Operations section of the Criminal Investigative Division. Today, Matt runs his own firm, the Washington DC-based 5oH Consulting, and focuses on protecting digital assets and strengthening defenses in the financial services industry.

He’s a veteran of all manner of fraud and impersonation investigations: from counterfeit paper checks and stolen Treasury bills back in the day, to hacker rings from Moscow to Pyongyang; and now to AI-generated deep fakes, polymorphic malware that changes its features to thwart detection and phishing attacks based on Business Email Compromise (BEC).

Matt also hosts the “Detonation Point” podcast, introducing each segment with this warning: “I’m going inside the fight against cybercrime, hearing directly from defenders in government, infrastructure, and enterprise who are racing to stay ahead. Because cybercrime isn’t slowing down, and neither can we.”

His most crucial advice for people and companies: first, stick to the basics. Ensure that routine cyber hygiene consistently informs all online activities. Safeguards like strong, unique passwords that are frequently changed, multi-factor authentication (MFA), email encryption and regular software updates should be as regular as breathing.

“Most hackers are lazy and will go after the lowest hanging fruit first,” said Matt, “so don’t leave yourself vulnerable on the basics.”

“Let’s perfect the Packers’ Sweep, before we run any double reverses,” he added, channeling Vince Lombardi.

Once the basics are in place, then it’s prudent to consider other weapons, as needed, like AI-powered threat detection programs to identify and disrupt malicious actors or email security platforms that can thwart phishing attempts.

Matt also urges everyone to be proactive in protecting finances and limiting the amount of information shared on social media.

“The most important thing people can do is freeze your credit at all three credit bureaus,” he said. “That makes it impossible to open a new line of credit in your name until you lift the freeze. Next, lock down your social media to prevent people from learning too much about you or your business. We know that bad actors will leverage information to exploit it.”

For institutions, enroll in positive pay, said Matt. This automated anti-fraud measure compares account numbers, sequential numbers and dollar amounts on checks presented for payment against the corresponding data about an issuer’s legitimate checks.

Matt also advises companies to tighten the circle of those authorized to send wire transfers while also placing limits on the amount of money that such designees can wire.

Training employees to stay vigilant against phishing attempts has become more complex, Matt noted. The awkward language once used in phishing messages has been smoothed somewhat by AI, although inconsistencies remain, and those should still be red flags. Links or pop-up windows that mimic anti-virus software, or trusted websites that were visited previously, are actually portals that, when clicked, load viruses.

In reminding employees to stay vigilant against such phishing attempts, Matt wishes the gotcha nature of such training — emailing secret tests in an attempt to trick staffers — would give way to a more collaborative approach.

“We largely do training as punishment — sending out a message, and if I make a mistake and click on it, I get derided,” he said. “That’s not effective. The metrics are wrong or misguided. Better to concentrate on three-to-four-minute modules with vignettes every two weeks or so, something new so people can actually see how the phishing works.”

“You have to instill a culture of security from the top down that’s also adopted by others,” he added.

More carrots than sticks? “Yes, because we’re all in this together.”

If you have any questions or concerns, please do not hesitate to contact T&M USA LLC. 212 422-0000;  tmusallc.com; info@tmusallc.com.

NEWS COVERAGE 

 

Cryptocurrency and AI Scams Bilk Americans of Billions

“The FBI’s 2025 Internet Crime Report shows cyber-enabled crimes defrauded Americans of nearly $21 billion, with cryptocurrency and artificial intelligence-related complaints among the costliest.

The Internet Crime Complaint Center (IC3) received 1,008,597 total complaints, an increase from 859,532 in 2024. Phishing/spoofing, extortion, and investment schemes were the most frequently reported complaints. Americans over 60 reported approximately $7.7 billion in losses, up 37% from 2024.

The IC3 received approximately 453,000 cyber-enabled fraud complaints, with reported losses exceeding $17.7 billion. Investment fraud remains the primary driver, accounting for nearly 49% of all scam-related losses.” FBI.gov

There’s a New Phishing Scam: Fake Invitations

Phishing scams have long tried to frighten people into clicking on links with emails claiming that their bank accounts have been hacked, or that they owe thousands of dollars in fines.

The invitation scam is a little more subtle: It preys on the all-too-human desire to be included in social gatherings.

The phishy invitations mimic emails from Paperless Post, Evite and Punchbowl. What appears to be a friendly overture from someone you know is really a digital Trojan horse that gives scammers access to your personal information.” NYTimes 

Fraud trends in 2026: What to expect

“AI is changing how financial institutions detect and respond to fraud. Just as fraudsters use AI to create synthetic identities, deepfake personas, voice clones and phishing campaigns, the financial services industry is adopting AI-driven tools to keep pace.

The growth of real-time payments fraud is expected to continue in 2026. Faster payments improve client satisfaction and business efficiency but shorten the window for detecting and stopping fraudulent activity. Fraudsters will likely target instant payment channels with account takeover (ATO) schemes, business email compromise and synthetic identity fraud.

Cyberattacks are no longer limited to stealing data or disrupting systems. Fraudsters increasingly exploit employees through social engineering, phishing emails and other schemes that exploit human error or outdated security practices.” ACAMS

How to Spot & Avoid Phishing Scams

“Often, a phishing message tries to inspire a positive sense of urgency: You won an expensive cooler!” Messages promising free money, prizes, or exclusive deals are often scams

Scammers also use negative senses of urgency. They try to rush you with messages like: “Your account will be locked!” or “Act now to avoid penalties!”

Ignore, delete, and report messages like this – real organizations, companies, and government agencies won’t contact you through email like this.

Legitimate organizations won’t ask for passwords, Social Security numbers, or financial details over email or text. On laptops or desktops, you can usually hover over links before clicking to see the real destination. Never download attachments you weren’t expecting, even from someone you know. Double-check independently that it’s safe.” NationalCybersecurityAlliance

Obituary Scams

“Obituary scams, also known as bereavement scams, typically start with information gleaned from death notices in newspapers or posted online. Criminals harvest facts commonly included in obits — such as the deceased’s birth date, where the person lived and worked, and family members’ names — to start building a profile for identity theft.

With just a few key details, criminals can locate and purchase a dead person’s personal data on the dark web, including home address and Social Security number. They use that information to access or create financial accounts, take out loans, obtain health care or file phony tax returns (and claim bogus refunds) under the deceased’s name — a form of ID theft dubbed ghosting.” AARP

The Top Financial Scams Targeting Older Adults

“The person-in-need and grandparent scam. Fake grandchildren ask for help with car repairs, late rent, a medical emergency, or even to post bond. They pretend to be in distress.

Or a caller claims to be an arresting police officer, doctor, or lawyer trying to help the grandchild. They prey upon emotions to pressure victims into sending money as quickly as possible.

Financial services scam. These cons work because they appear to come from a legitimate source: a bank, a mortgage company, or a debt collection agency. Scammers call, text, or send email messages that look and sound perfectly legitimate.

Robocalls and phone scams. One common robocall scam is the “Can you hear me?” call. When the person who answers says “yes,” the scammer records their voice and hangs up. The criminal then has a voice signature to authorize unwanted charges on items like stolen credit cards.

Internet and email scams include pop-up windows that look like anti-virus software; in reality, these windows install computer viruses when clicked on.” NationalCouncilonAging