In This Issue

Title Story

The Fungus Before the Fire — Is China Testing Its ‘Last of Us’ Playbook?

A Dangerous Fungus, Two Chinese Nationals, and a Warehouse in California

Federal prosecutors have charged Yunqing “William” Jian and Zunyong “Tiger” Liu, both Chinese nationals living in California, with conspiring to smuggle a dangerous crop fungus into the United States.

According to the Department of Justice, the pair illegally imported Fusarium graminearum, a pathogen that causes a devastating plant disease known as Fusarium Head Blight. This fungus contaminates wheat and barley, produces toxins harmful to humans and animals, and can cause severe crop loss. It is regulated as a select agent under U.S. bioterrorism laws.

Jian and Liu allegedly brought the fungus into the country through their company, Western International Trading Group Inc., mislabeling packages and failing to obtain mandatory permits from the Centers for Disease Control and the Department of Agriculture. When federal agents executed a search warrant at their warehouse on May 29, Jian tried to hide or destroy evidence. Liu tried to run.

They now face multiple felony charges, including smuggling, transporting a select agent, and obstruction of justice. If convicted, they could face up to 20 years in prison.

These arrests point to a much larger pattern—and a much older strategy.

China has spent decades positioning itself to cause disruption if a future global conflict breaks out. It’s been stealing advanced technology, embedding itself in critical U.S. infrastructure, recruiting insiders, manipulating social media platforms, and now—targeting our food supply.

In the HBO TV show The Last of Us, a fungus wipes out civilization by infecting human brains. In the real world, it’s targeting our food supply instead. What we’re seeing is deliberate, long-term preparation for war—just not the kind fought with missiles.

Cyberattacks. Economic pressure. Disinformation. Psychological manipulation. Biological threats. China isn’t waiting for a war to start. It’s already shaping the battlefield—quietly, methodically, and with patience.

Not Imminent but Intentional

No one’s suggesting the CCP is about to unleash a biological attack tomorrow. But these kinds of incidents reveal intent. If a major war ever does erupt—over Taiwan, trade, or something unexpected—China is building a playbook filled with unconventional weapons.

A crop-destroying fungus might seem minor—until it poisons grain stores, spikes food prices, collapses supply chains, and sparks panic. Or perhaps China or another threat actor might unleash a second pandemic that makes COVID-19 look like a holiday from work.

The real danger isn’t the fungus in a warehouse. The west has become complacent, while a new Axis of China, Russia and Iran have begun a silent war.

What keeps me up at night? If the battlefield no longer looks like one… will we even see the war coming?

Cybersecurity Tip of the Week

Spot Scam Websites Before They Trap You

Online shopping makes life easier—but it also makes it easier for scammers to set up fake storefronts and steal your money or personal information. Before you click Buy Now, here are the top four ways to spot a scam website:

1. Scrutinize the URL

Scammers love lookalike web addresses: amaz0n.com, paypal.support, or payoneer.secure-login-site.com. These subtle fakes are meant to trick you at a glance. If the URL feels off, it probably is.

Red flags:

• Misspelled brand names

• Weird domain extensions

• No padlock icon 🔒or missing https://

2. Check Domain Age

A new website claiming to be a “trusted retailer since 1999” should raise your eyebrows. Scam sites pop up overnight and vanish just as fast.

Use tools like who.is to check how long a domain has existed. A site registered two weeks ago and offering “80% off Rolex watches”? Walk away.

3. Spot Sloppy Design and Broken English

If the site looks like it was thrown together in a weekend—with clashing fonts, stock photos, typos, or broken links—that’s because it probably was. Real businesses care about their image. Trust your gut—what I call you “cop instinct.” If it feels sketchy, don’t click.

Red Flags:

• Misspellings, awkward phrasing, and broken buttons

• Blurry logos or inconsistent layouts

• One-page sites with no navigation

4. Beware of Unrealistic Deals and Fake Reviews

If a luxury product is 90% off and the reviews sound like a bot wrote them (“Best service ever!!!”), it’s a trap. Check real sources:

• Search “[Site Name] + reviews” on Google

• Use Trustpilot or Reddit for honest feedback

• Avoid sites with only glowing, vague testimonials

Scam websites are the new pickpockets. They’re slick, fast, and counting on you to let your guard down. If the URL looks off, the site feels rushed, the deal sounds too good, and you can’t find real info about who’s behind it—close the tab and keep your data safe.

Cybersecurity Breach of the Week

Pig Butchering Scam Tied to Foreign Tech Firm

In another unsettling link to China, the U.S. Treasury has sanctioned Funnull Technology Inc., a Philippine-based tech company accused of powering the infrastructure behind one of the most devastating scam models targeting Americans today—pig butchering.

Pig butchering scams—what Interpol calls “romance baiting”—combine social engineering with long-term financial fraud. Scammers lure victims through fake relationships, often posing as romantic interests online. Once trust is built, they convince their targets to invest in fraudulent cryptocurrency platforms. The money disappears. The scammer vanishes. The victim is left broke and emotionally drained.

According to the FBI and Treasury, Funnull is at the heart of it. The company’s administrator, Liu Lizhi, a Chinese national, helped assign domains used in crypto scams, phishing attacks, and gambling sites. Since January 2025, authorities have linked over 332,000 fraudulent domains to infrastructure Funnull controlled or distributed.

Like a true criminal mastermind, Liu allegedly ran a server farm, oversaw task lists, tracked employee performance, and deployed digital logistics designed to keep the scam engine running. And it worked. U.S. victims lost more than $200 million, with average losses topping $150,000.

Tech of the Week

In the chaos of a recent drone attack, Israel quietly made history.

Last week, Israel became the first nation to use an AI-powered air defense system that uses lasers to shoot down an incoming swarm of hostile drones. The system—powered by autonomous detection and rapid targeting—identified, tracked, and neutralized the threat faster than any human could. No operator pulled a trigger.

Let that sink in: a war machine decided to fire. And this time, it worked.

This breakthrough is a warning shot in a world where AI is beginning to take the wheel in combat. Israel’s system operated with real-time autonomy—an edge every superpower wants.

This is a glimpse of warfare’s future: silent, invisible, nearly instantaneous—and increasingly autonomous. Are we ready for that fight?

Appearance of the Week

On stage at DPI Ottawa, Canada. Clearly enjoying myself!

A.I. Trend of the Week

Everyone is having fun with Google’s new Veo v3 video generator because it does one thing exceptionally well: it makes AI-generated video look like real cinema. So here is my video idea of an espionage exchange at a train station. I’d have made this guy as the spy faster than you can blink, but you be the judge! It is quite cool that I was able to create this video with just a short promo of text.

Like What You're Reading?

Don’t miss a newsletter! Subscribe to Spies, Lies & Cybercrime for our top espionage, cybercrime and security stories delivered right to your inbox. Always weekly, never intrusive, totally secure.

Are you protected?

Recently nearly 3 billion records containing all our sensitive data was exposed on the dark web for criminals, fraudsters and scammers to data mine for identity fraud. Was your social security number and birthdate exposed? Identity threat monitoring is now a must to protect yourself? Use this affiliate link to get up to 60% off of Aura’s Cybersecurity, Identity monitoring and threat detecting software!

Want to start a newsletter?

Use this Link to get a 30 days trial + 2-% Beehiiv!

Ready for Next Week?

What do YOU want to learn about in my next newsletter? Reply to this email or comment on the web version, and I’ll include your question in next month’s issue!

Thank you for subscribing to Spies, Lies and Cybercrime. Please comment and share the newsletter. I look forward to helping you stay safe in the digital world.

Best,
Eric

Let's make sure my emails land straight in your inbox.

Gmail users: Move this email to your primary inbox

On your phone? Hit the 3 dots at top right corner, click "Move to" then "Primary."

On desktop? Close this email then drag and drop this email into the "Primary" tab near the top left of your screen

Apple mail users: Tap on our email address at the top of this email (next to "From:" on mobile) and click “Add to VIPs”

For everyone else: follow these instructions

Partner Disclosure: Please note that some of the links in this post are affiliate links, which means if you click on them and make a purchase, I may receive a small commission at no extra cost to you. This helps support my work and allows me to continue to provide valuable content. I only recommend products that I use and love. Thank you for your support!