Baked goods and bad actors.

Maria Varmazis, host of N2K's daily space show T-Minus, joins Dave and Joe to share the story on the "Hello pervert" sextortion scam, where scammers now use threats of Pegasus spyware and photos of victims' homes to intensify their demands. We have quite a bit of follow-up today. Scott from Australia shared how self-service checkouts now display scam warnings when purchasing gift cards to prevent fraud. Jim highlighted a vulnerability in YubiKey encryption libraries that allows key cloning with an oscilloscope, while a former US Marshal reminded us that Zelle is marketed specifically for transfers between friends and family. Joe's story is on Loria Stern, a small bakery owner who fell victim to a counterfeit check scam after receiving a $7,500 payment for a large cupcake order that was later halved, resulting in her bank withdrawing the funds. Dave's story follows the scams targeting grieving individuals on Facebook, where cybercriminals use fake funeral live stream links or donation requests to steal money and credit card details. Our catch of the day comes from listener Anne, who shares a phishing email sent to a friend. The email emphasized the importance of thorough testing in the software development lifecycle and came with a suspicious PDF attachment, likely containing a malicious link. Anne hopes the campaign has zero success.

Links to the stories:

• “Hello pervert” sextortion scam includes new threat of Pegasus—and a picture of your home
• LA bakery owner takes big financial hit after receiving scam order of 1,000 cupcakes, paid for with a $7.5K counterfeit check — her bank’s promise of protection fell through
• Fake funeral “live stream” scams target grieving users on Facebook

You can hear more from the T-Minus space daily show here.

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.