On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week, Maria shares two stories this week, the first is from "PayPal" saying they are owed over $200. The second comes from LinkedIn where a gentleman shares the terrifying story of losing everything all because of a scam. Joe's story is on text message scams where strangers pretend to know you, building trust over time to lure victims into schemes like cryptocurrency fraud; he advises ignoring unknown messages, blocking suspicious numbers, avoiding links, and protecting personal information. Dave's story follows Silent Push Threat Analysts tracking "Payroll Pirates," a group leveraging phishing campaigns targeting HR systems like Workday to redirect payroll funds by using search ads, spoofed websites, and credential harvesting, as they alert organizations and share threat intelligence to counter these sophisticated attacks. Our catch of the day comes from a phishing scam email claiming to offer a $1.75 million compensation fund via the "United Bank for Africa," requiring victims to share personal and banking details under the guise of an IMF directive.Resources and links to stories: “Wrong Number” Text Scams on the Rise Hunting Payroll Pirates: Silent Push Tracks HR Redirect Phishing Scam You can hear more from the T-Minus space daily show here.Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.

Please enjoy this encore episode of Word Notes.Cybercriminals who lack the expertise to write their own programs use existing scripts, code, or tools authored by other more skilled hackers. 

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week, our hosts dive into some follow up from listener Will. who writes in about the Financial Crimes Enforcement Network. They also share after an anonymous listener writes in with a suggestion on filtering scam emails using the DocuSign API. Maria follows the story of how Black Friday is increasingly being dubbed "Black Fraud Day," as criminals exploit the festive shopping frenzy to scam eager bargain hunters, often using AI to create convincing fraud schemes. Joe has two stories this week. The first one is on scammers exploiting financially distressed individuals by posing as the "Bankruptcy Fraud Watchdog Group," threatening bankruptcy filers with false accusations and fines payable in Bitcoin, while warning them against contacting their attorneys. The second story explores the rise of deepfake scams in the U.S., with criminals using AI-generated videos of celebrities like Elon Musk to deceive victims into fraudulent cryptocurrency investments, contributing to over $12 billion in annual fraud losses. Finally, Dave share's a story on a new wave of deepfake scams, where AI-generated videos of Elon Musk trick unsuspecting victims into investing large sums, contributing to billions in fraud losses. Our catch of the day comes from Raul, who shares a scammy text message sent to his mother, sharing his efforts to educate her on spotting fraudulent messages. Resources and links to stories: Black Friday turning into Black Fraud Day, says UK cybersecurity chief U.S. Trustee Program Warns Consumers of Bankruptcy Fraud Alert Scam Deepfakes of Elon Musk are contributing to billions of dollars in fraud losses in the U.S. Inside the Mind of Thru-Hiking’s Most Devious Con Man You can hear more from the T-Minus space daily show here.Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.

This discussion delves into the fascinating concept of sandboxes in cybersecurity. It explores how these controlled environments allow for the safe execution of potentially harmful code. The historical evolution of sandboxing is highlighted, showcasing its journey from educational tools to critical security measures. The importance of these systems in protecting sensitive information from cyber threats is emphasized, making it clear that sandboxes play a vital role in modern computing.

Get ready for a festive twist on cybersecurity! The hosts explore the dark yet humorous world of malware through holiday-themed stories. They discuss the evolution of authentication methods, stressing the importance of multi-factor authentication. A creative retelling of a classic tale unveils vital lessons about social engineering threats. Plus, the evolving landscape of cybercrime is revealed, targeting consumers like never before. As hackers ponder retirement, the conversation takes a light-hearted turn into holiday reflections. Stay safe this season!

Maria Varmazis, host of N2K's T-Minus Space Daily podcast, dives into the alarming rise of sextortion on popular social media platforms, emphasizing its impact on vulnerable teens. Joe and Dave share listener stories about gift card scams and phishing tactics, revealing clever and deceptive methods used by scammers. They discuss the changing landscape of ransomware, noting companies are less inclined to pay ransoms and new reporting requirements. The conversation highlights the necessity of proactive measures to protect personal information in a rapidly evolving fraud environment.

Discover the fascinating world of Security Orchestration, Automation, and Response. Learn how SOAR enhances security operations by streamlining disparate tools into cohesive systems. The discussion dives into the shift from manual processes to automated solutions, addressing the need to keep pace with evolving security threats. Explore the journey of integrating pre-built automation playbooks that significantly bolster organizational defenses.

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week, Joe shares a note from listener Michael before getting into stories, and Michael writes in to share that there are VIN cloning scams. Joe brings back the Iota discussion from last week. Joe's up first for stories and focuses on fraud. Dave informs us of the new human-like AI granny who is wasting scammers time. Finally Maria brings us the story of how BforeAI researchers analyzed over 6000 newly registered retail domains, revealing a surge in scam activity targeting shoppers with phishing websites, fake apps, and fraudulent offers, particularly during the holiday season, exploiting brand names, seasonal trends, and emerging technologies like AI and cryptocurrency. Our catch of the day comes from listener Kenneth who writes in about a fraudulent email claiming to be from Emirates Group, inviting a company to register as a vendor or contractor for upcoming projects in 2024/2025. The email emphasizes the company's experience in various sectors and urges a prompt response to initiate the registration process. It is signed by a supposed "Contractors Coordinator," Mr. Steve Ibrahim Ghandi, and includes fake contact details for the Emirates Group. Resources and links to stories: VIN cloning How Cybercriminals Use Vehicle Identification Numbers (VINs) to Hack Cars Yes, your car's Vehicle Identification Number can be used to steal from you Geolocation Resources for OSINT Investigations Person dressed in a bear costume to fake attacks on cars for insurance payout, California officials say U.S. Trustee Program Warns Consumers of Bankruptcy Fraud Alert Scam O2 unveils Daisy, the AI granny wasting scammers’ time 2024 Online Holiday Retail Threat Report You can hear more from the T-Minus space daily show here.Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.

A term of legal art that defines the types of data and circumstances that permits a third party to directly or indirectly identify an individual with collected data. 

Dive into the world of scams and vulnerabilities! Discover a heartbreaking tale of a WWE impersonator scamming an elderly man. Learn about a sophisticated phishing scheme exploiting DocuSign's API to send fake invoices. The Better Business Bureau reveals new twists in online shopping fraud, including alarming 'card declined' messages. Plus, hear crucial tips on email authentication and how to navigate the evolving landscape of social media scams. Stay informed and protect yourself from becoming the next victim!