Hacking Humans

While our team is out on winter break, please enjoy this episode of Word Notes. A security awareness training technique in which authorized, but fake phishing emails are sent to employees in order to measure and improve their resistance to real phishing attacks.  CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/simulated-phishing⁠ Audio reference link: ⁠“Blackhat (2014) - Hacking the NSA Scene (4/10) | Movieclips.”⁠ YouTube, YouTube, 19 Apr. 2017.

While our team is out on winter break, please enjoy this episode of Hacking Humans This week, our hosts⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with a scam warning from Michal, who is sharing the latest conference scam. Dave's got the story of a retired federal investigator who mapped out the “Scammer Psychological Kill Chain” and shared rules to help you spot and break it. Maria has the story of job scams surging over 1,000% in 2025, as scammers exploit a slowing labor market and desperate jobseekers with fake offers, texts, and bogus recruiter schemes. Joe follows the story on a $4 million forex scam where two men promised safe, high returns but instead ran a Ponzi scheme that defrauded 20 investors before landing in federal prison. Our catch of the day comes from listener Shannon who writes in to share a message from "Amazon" about a recall notice. Resources and links to stories: J⁠ob Scams Surge 1,000% As Americans Struggle to Find Work⁠ ⁠Forex Account: What It Means and How It Works⁠ ⁠Ex-NYPD Cop Gets 36 Months In $4M Forex Scam That Duped 20 Investors: Feds⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

Please enjoy this encore of Word Notes. The process of installing applications on a device without the use of official software distribution channels. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/sideloading

This week, our hosts⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. In follow-up this week, we waded into murky legal waters with a fish-demeanor pun that’s now swimming rent-free in our heads, then pivoted to some surprisingly practical home-network wisdom—segregating IoT devices before they take over your Wi-Fi (and your sanity). Joe looks at how Google is taking a dual approach to fighting scams—suing to dismantle the “Lighthouse” phishing operation while backing bipartisan legislation and rolling out AI tools to protect users from smishing, robocalls, and fraud. Maria looks at how seniors are more digitally active than ever—and why caregivers and families play a key role in keeping them safe online, with practical tips ranging from strong passwords and MFA to regular conversations about scams and device security. Dave looks at two very different but increasingly common scam fronts: an FBI warning about AI-powered “virtual kidnapping” extortion schemes using fake proof-of-life images, and a surge in celebrity impersonation scams that used hacked social media accounts to trick music fans out of billions in fake tickets, merch, crypto, and VIP offers. Our catch of the day comes from Reddit where Dave and Joe take on a series of messages that will have you rethinking the way you answer scams. Resources and links to stories: ⁠⁠⁠⁠A dual strategy: legal action and new legislation to fight scammers Empowering Seniors for Safer Online Experiences: 6 Practical Safety Tips for Caregivers and Families New FBI alert urges vigilance on virtual kidnapping schemes Taylor Swift, Sabrina Carpenter Impersonators Scam Fans Out of $5.3 Billion in 2025: Report ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

Please enjoy this encore of Word Notes. A zero trust security technique that isolates application workloads from each other, allowing each one to be protected individually. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/microsegmentation⁠ Audio reference link: “⁠Micro-Segmentation Masterpieces⁠,” PJ Kirner, Illumio CTO and Co-Founder, Tech Field Day, YouTube, 13 December 2020.

This week, our hosts ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with another chicken update for everyone. Dave’s got the story of a Monotype font-licensing shakedown that totally backfired — automated claims, mass messages, and scary warnings that all unraveled when a typography-savvy employee proved every allegation was wrong, leaving Monotype empty-handed. Joe’s story is on a massive Walmart robocall scam targeting millions of customers. Fake calls, using AI voices claiming a pricey PlayStation 5 order, tricked people into giving personal info. The FCC is cracking down on SK Teleco, the U.S. voice provider behind the calls, threatening to cut them off from U.S. networks if they don’t act fast to stop the scam. Maria has the story on TSA warnings for travelers: avoid plugging phones into public USB ports and skip unsecured airport Wi-Fi. Hackers can sneak malware through USBs or intercept data over open networks, so TSA and the FCC recommend using portable chargers, charging-only cables, or a VPN to stay safe while traveling. Our catch of the day comes from a Microsoft looking email which says the user has been flagged. Resources and links to stories: ⁠Monotype font licencing shake-down Millions of Walmart customers victims of major scam FCC Demands Cessation of Walmart-Impersonation Robocalls VIA ELECTRONIC DELIVERY AND CERTIFIED MAIL - RETURN RECEIPT REQUESTED Is charging your phone at the airport safe? An Open Letter Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

Please enjoy this encore of Word Notes. The use of similar-looking characters in a phishing URL to spoof a legitimate site. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/homograph-phishing⁠ Audio reference link: “⁠Mission Impossible III 2006 Masking 01⁠,” uploaded by DISGUISE MASK, 28 July 2018.

This week, a humorous tale of a fish committing credit card fraud kicks things off. AI chatbots capable of generating phishing emails targeting seniors are scrutinized, revealing alarming click rates. There’s a discussion on Myanmar's military raids on scam centers and the shocking scale of fraud involving $233 million in Affordable Care Act subsidies. To wrap it up, tips to dodge holiday scams are shared, alongside a laughable phishing text from Reddit, leaving listeners entertained and more informed about the world of scams.

Welcome in! You’ve entered, Only Malware in the Building. Wrap yourself in a warm blanket, pour your favorite mug of tea, and join us each month as we unwrap the season’s juiciest cyber mysteries. Your host is ⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠⁠. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠Qintel⁠⁠⁠⁠. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we explore Remote access, real cargo: cybercriminals targeting trucking and logistics. From clever schemes to protect shipments to the tools cybercriminals use, our guests discuss how organizations can safeguard physical goods in an increasingly connected world—because even during the season of hustle and bustle, the threats don’t take a holiday.

Please enjoy this encore of Word Notes. Software designed to prevent cheating in video games.  CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/anti-cheat-software⁠ Audio reference link: “⁠The BIG Problem with Anti-Cheat⁠,” by Techquickie, YouTube, 5 June 2020