Hacking Humans 4u3n1i

This week our hosts, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. First, we start off with some more follow-up on EZ es, along with the newest iteration, as Kailey Cornick shares that scammers target phone numbers rather than actual toll s, sending her SUN scam texts tied to her old Florida number. Dave shares the story of Palo Alto's Unit 42 researchers uncovering a massive campaign distributing thousands of fraudulent cryptocurrency investment platforms via websites and mobile apps, using brand impersonation, Ponzi-like schemes, and domain fronting to deceive victims, primarily in East Africa and Asia. Maria follows the story of a Queens man arraigned for allegedly scamming a 72-year-old Newton woman out of over $480,000 by posing as a DEA agent and coercing her into transferring her assets under the threat of arrest. Joe came across a Facebook video featuring an AI-generated ad falsely claiming Kelly Clarkson endorsed a weight loss product. These deceptive ads use AI to create convincing deepfakes, making it appear as if celebrities are promoting products they’ve never actually ed. Our catch of the day comes from listener Connor, who flagged a phishing email pretending to be from the Social Security istration. The email urges the recipient to click a link to view an "important update," but the repetition of the message and a suspicious logo placeholder suggest it's a phishing attempt designed to steal personal info. Resources and links to stories: Investigating Scam Crypto Investment Platforms Using Pyramid Schemes to Defraud Victims Man Arraigned After Posing as Government Agent to Scam Senior out of Over $480,000 'I have terminal cancer and lost my life savings to whisky barrel scammers' Casks and Kegs Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Enjoy this encore of Word Notes. The prevention of the first part of an intrusion kill chain model exploitation technique, where the hacker steals valid logging credentials from a targeted victim.  CyberWire Glossary link: https://thecyberwire.com/glossary/-takeover-prevention

Welcome in! You’ve entered, Only Malware in the Building. us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is ed by N2K Networks Dave Bittner —and our newest totally unbiased co-host, Archy, a highly sophisticated AI robot who swears they have no ulterior motives (but we’re keeping an eye on them just in case). Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our hosts discuss Telephone-Oriented Attack Delivery (TOAD), also known as callback phishing. In this type of attack, an attacker sends a seemingly benign email, often containing an invoice or payment notification, along with a phone number. When the victim calls, they speak with the attacker, who convinces them to install remote access tools, leading to malware installation, phishing, and financial theft. Tune in as we explore how this deceptive tactic works and ways to protect yourself from falling victim to it.

This week our hosts, Dave Bittner is back with Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), and they are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up on E-Z scams—a listener suggests that scammers may be exploiting exposed license plate reader data, as demonstrated by YouTuber Mike Brown, to link plate numbers with breached phone records and send scam texts in real time. Dave's story is on how scammers may use conditioning techniques in romance scams—Ben Tasker observed that refusing to provide a phone number led to fewer photos being sent early on, suggesting scammers use rewards like photos to encourage compliance. Joe's got the story of Google's lawsuit against scammers who created and sold thousands of fake business listings on Google Maps, exploiting urgent services like locksmiths and towing to deceive customers and charge inflated fees. Maria's got the story of the FTC suing Click Profit for allegedly scamming consumers out of millions with a fake “ive income” scheme, falsely promising high returns through AI-driven e-commerce stores on Amazon, Walmart, and TikTok while most investors ended up losing money. Our catch of the day comes from Reddit after a posted a conversation with a scammer after messing with them about a potential job opportunity. Resources and links to stories: Who is sending those scammy text messages about unpaid tolls? My Scammer Girlfriend: Baiting A Romance Fraudster Google finds 10,000 fake listings on Google Maps, sues alleged network of scammers AI scammers on Amazon duped investors out of millions with ‘ive income’ scheme, FTC alleges Can I work from jail? Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Please enjoy this encore of Word Notes. The process of proactively searching through networks to detect and isolate security threats, rather than relying on security solutions or services to detect those threats.  CyberWire Glossary link: https://thecyberwire.com/glossary/threat-hunting Audio reference link: “My ‘Aha!" Moment - Methods, Tips, & Lessons Learned in Threat Hunting - sans Thir Summit 2019.” YouTube, YouTube, 25 Feb. 2020.

On Hacking Humans, this week Dave Bittner is on vacation so our two hosts Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Joe shares a bit of follow up on scam victims sharing their experiences of losing money to various frauds, including investment schemes, romance scams, business email compromises, online shopping fraud, unusual payment requests, tax impersonations, remote access scams, and identity theft. Maria shares a story on scammers using fake E-Z toll alerts to steal personal information, and another on victims losing thousands to investment, romance, and online shopping scams. Dave's got the story of how digital scammers prey on the financially vulnerable, using AI-generated content and deceptive ads on platforms like Instagram to sell worthless "get-rich-quick" schemes that ultimately leave victims deeper in debt. Joe's got two stories this week, the first being on Wenhui Sun, a California man, and how he was sentenced to six and a half years for stealing nearly $800,000 through a gold bar scam targeting victims nationwide. Meanwhile, the U.S. Federal Trade Commission reported a sharp rise in fraud, with 2.6 million people losing $12.5 billion in 2024, up from $2.5 billion in 2023, primarily due to impostor scams. Younger adults reported losing money more often than older ones. Our catch of the day follows how First Lady Melania Trump messaged an unsuspecting citizen claiming to give them a free gift. Resources and links to stories: Scam victims tell us their stories Digital Snake Oil Merchants Are Stealing From The Already Broken California man sentenced after Montgomery Co. woman loses over $700K in gold bar scam FTC says Americans lost $12.5B to scams last year — social media, AI, and crypto didn’t help You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Please enjoy this encore of Word Notes. The continuous practice of identifying classifying, prioritizing, remediating, and mitigating software vulnerabilities within this. CyberWire Glossary link: https://thecyberwire.com/glossary/vulnerability-management Audio reference link: “Vulnerability Scanning - Comptia Security+ sy0-501 - 1.5.” YouTube, YouTube, 11 Nov. 2017,

On Hacking Humans, this week Dave Bittner is on vacation so our two hosts Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Our hosts start out with some follow up on chicken talk from last week. Maria shares the story of scammers impersonating police officers in England to steal cryptocurrency by exploiting leaked personal data, creating fake fraud reports, and tricking victims into revealing their seed phrases, leading to losses totaling £1 million. Joe has two stories this week, his first one is on a $21 million "Grandparent Scam" in which 25 Canadians were charged for running a scheme from Montreal call centers, posing as grandchildren in distress to deceive elderly Americans into handing over money, with 23 suspects already arrested. Joe's second story is on two people charged in a ticket scam that exploited a loophole in StubHub’s system to steal and resell over 900 tickets—mostly for Taylor Swift’s Eras Tour—netting more than $600,000 in profit before being caught by the Queens D.A.'s Cybercrime Unit. We have a special catch of the day this week, where we are ed by N2K's own Ma'ayan Plaut, who s to discuss going out of business scams. Resources and links to stories: ‘Fake police call cryptocurrency investors to steal their funds Dozens of Canadians Are Charged in $21 Million ‘Grandparent Scam’ 2 People Charged with Taylor Swift Eras Tour Ticket Scam That Allegedly Netted More Than $600K BBB Scam Alert: How to spot a fake "going out of business" sale Joann Fabric’s going out of business scam You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Please enjoy this encore of Word Notes. A formal record containing the details and supply chain relationships of various components used in building software. 

On Hacking Humans, this week Dave Bittner is on vacation so our two hosts Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start off the show with some follow-up from a long-time listener who shared how switching to Publii and Cloudflare Pages saved his wife's psychiatric nurse practice over $120/year in hosting costs after discovering static site generators on Hacking Humans. Joe's story is on a warning from an Oregon woman who fell victim to an online scam while trying to buy hens for her backyard chicken coop amid egg shortages caused by the bird flu, urging others to be cautious and avoid transactions on social media. Maria has the story on the increasing threats targeting sellers on online marketplaces, including phishing campaigns, scams designed to by platform protections, and the risks associated with off-platform transactions, all of which emphasize the need for heightened vigilance and security measures. The catch of the day, from Scott, highlights an email invitation that appeared legitimate but redirected to a phishing site designed to steal email credentials, with Scott’s wife recognizing the suspicious nature and forwarding it for further investigation. Resources and links to stories: ‘Be suspicious’: Sweet Home woman warns of chicken scam amid egg shortage Your item has sold! Avoiding scams targeting online sellers You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Welcome in! You’ve entered, Only Malware in the Building. us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is ed by N2K Networks Dave Bittner —and our newest totally unbiased co-host, Archy, a highly sophisticated AI robot who swears they have no ulterior motives (but we’re keeping an eye on them just in case). Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the latest shake-ups in the fake update threat landscape, including two new cybercriminal actors, fresh Mac malware, and the growing challenge of tracking these evolving campaigns.

Please enjoy this encore of Word Notes. A security philosophy that assumes adversaries have already penetrated the digital environment and tries to reduce the potential impact by limiting access by people, devices, and software to only the resources essential to perform their function and nothing more. 

In this special live episode of Hacking Humans, recorded at ThreatLocker’s Zero Trust World 2025 conference in Orlando, Florida, Dave Bittner is ed by T-Minus host Maria Varmazis. Together, they explore the latest in social engineering scams, phishing schemes, and cybercriminal exploits making headlines. Their guest, Seamus Lennon, ThreatLocker’s VP of Operations for EMEA, shares insights on Zero Trust security and the evolving threat landscape. Maria's story this week follows the IRS warning about a fake “Self Employment Tax Credit” scam on social media, urging taxpayers to ignore misinformation and consult professionals. Dave's got the story of the Better Business Bureau’s annual Scam Tracker report, revealing that online shopping scams continue to top the list for the fifth year, with phishing and employment scams remaining major threats, while fraudsters increasingly use AI and deepfake technology to deceive victims. Our catch of the day comes from Diesel in West Virginia, and features a scammer who tried to panic their target with a classic “We’ve frozen your ” scam—only to get hilariously mixed up with actual embryo freezing. Resources and links to stories: Better Business Bureau reveals top local scams of 2024 IRS warns taxpayers about misleading claims about non-existent “Self Employment Tax Credit;” promoters, social media peddling inaccurate eligibility suggestions BBB Scam Tracker Got a $1,400 rebate text from the IRS? It's a scam, Better Business Bureau warns. You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Please enjoy this encore episode of Word Notes. Hardware and software designed to detect and prevent cyber adversary campaigns that target industrial operations. 

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. We start off with some follow up from listener Dave who writes in with a call for help after a good friend of his, who fell victim to a dream job scam. They also have a discussion after the Washington Post shared an article on scammers are remorseful and how they have a group. Maria has a quick follow up from last week, talking about deepfakes, this week, she talks about Kim Jong Un. Dave has a romance scam story this week, talking about how the loneliness epidemic is causing issues. Joe has two stories this week, the first is on a thief using a homemade barcode ring to scam Walmart self-checkouts. Joe's second story is on new protection methods that are out, giving us game changing anti-scam laws. Our catch of the day comes from Reddit after a posted a conversation they had with a scammer that got a bit out of hand. Resources and links to stories: Arizona laptop farmer pleads guilty for funneling $17M to Kim Jong Un The Loneliness Epidemic Is a Security Crisis Thief using homemade barcode ring to scam Walmart self-checkout busted after trying to ring up $300 grill for price of tomato soup: cops 'Game-changing' anti-scam laws to protect consumers Hello, Jane. You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Please enjoy this encore episode of Word Notes. The difference between organizational employee job requirements and the available skillsets in the potential employee pool.

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. Our hosts start off with some follow up from listener Robert who writes in from the Great White North, who shares how he thinks the U.S. might be stuck in the past with payment tech. Joe's got two stories this week, both on financial crime—Thailand cutting power to Myanmar's billion-dollar scam hubs and the struggle to shut them down for good. Maria has the story of a job candidate who not only used AI-generated answers during a technical interview but also altered his appearance with software—marking the second time this has happened to the interviewer in just two months. Dave sits down with our guest Nati Tal, Head of Guardio Labs, as he is discussing the growing danger of homograph attacks. Our catch of the day comes from listener Kenneth, who got an alarming email from the PayPal Security Team—apparently, he just bought nearly $700 in Bitcoin. Resources and links to stories: China's Xi hails Thailand's 'strong' action against scam centres Power cut to site of global, billion-dollar scam industry. But will it halt the swindling? AI altering You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Please enjoy this encore episode of Word Notes. The use of technology to radically improve the performance or reach of the business. 

On this episode of Hacking Humans, we are going old school with Dave Bittner and Joe Carrigan sans T-Minus host Maria Varmazis (as she was hanging out with astronauts at the SpaceCom event). Not to worry, Dave and Joe have it covered sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week, we have some follow up including a conversation Joe had with ChatGPT, some discussion on AI generated images of people, and scam letters that are sent out in the mail. Joe shares a text his office mate received from the "IRS." He also has a story about food workers taking photos of credit and debit cards at restaurant drive throughs. Dave's story is about a near-perfect scam attempt that almost fooled a very smart guy—Zach Latta, the founder of Hack Club. Our Catch of the Day comes from Reddit about a Facebook Marketplace scam using Zelle. Resources and links to stories: Scam Warning: Food workers taking photos of debit cards in North Carolina, police say Google takes action after coder reports 'most sophisticated attack I've ever seen' FB Marketplace scam using Zelle You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Please enjoy this encore episode of Word Notes. Cloud services intended for cyber criminals and other bad actors designed to obstruct law enforcement and other kinds of government investigations, and to provide some protection against competitors.