Hacking Humans

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week, Maria shares two stories this week, the first is from "PayPal" saying they are owed over $200. The second comes from LinkedIn where a gentleman shares the terrifying story of losing everything all because of a scam. Joe's story is on text message scams where strangers pretend to know you, building trust over time to lure victims into schemes like cryptocurrency fraud; he advises ignoring unknown messages, blocking suspicious numbers, avoiding links, and protecting personal information. Dave's story follows Silent Push Threat Analysts tracking "Payroll Pirates," a group leveraging phishing campaigns targeting HR systems like Workday to redirect payroll funds by using search ads, spoofed websites, and credential harvesting, as they alert organizations and share threat intelligence to counter these sophisticated attacks. Our catch of the day comes from a phishing scam email claiming to offer a $1.75 million compensation fund via the "United Bank for Africa," requiring victims to share personal and banking details under the guise of an IMF directive. Resources and links to stories: “Wrong Number” Text Scams on the Rise Hunting Payroll Pirates: Silent Push Tracks HR Redirect Phishing Scam You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Please enjoy this encore episode of Word Notes. Cybercriminals who lack the expertise to write their own programs use existing scripts, code, or tools authored by other more skilled hackers.

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week, our hosts dive into some follow up from listener Will. who writes in about the Financial Crimes Enforcement Network. They also share after an anonymous listener writes in with a suggestion on filtering scam emails using the DocuSign API. Maria follows the story of how Black Friday is increasingly being dubbed "Black Fraud Day," as criminals exploit the festive shopping frenzy to scam eager bargain hunters, often using AI to create convincing fraud schemes. Joe has two stories this week. The first one is on scammers exploiting financially distressed individuals by posing as the "Bankruptcy Fraud Watchdog Group," threatening bankruptcy filers with false accusations and fines payable in Bitcoin, while warning them against contacting their attorneys. The second story explores the rise of deepfake scams in the U.S., with criminals using AI-generated videos of celebrities like Elon Musk to deceive victims into fraudulent cryptocurrency investments, contributing to over $12 billion in annual fraud losses. Finally, Dave share's a story on a new wave of deepfake scams, where AI-generated videos of Elon Musk trick unsuspecting victims into investing large sums, contributing to billions in fraud losses. Our catch of the day comes from Raul, who shares a scammy text message sent to his mother, sharing his efforts to educate her on spotting fraudulent messages. Resources and links to stories: Black Friday turning into Black Fraud Day, says UK cybersecurity chief U.S. Trustee Program Warns Consumers of Bankruptcy Fraud Alert Scam Deepfakes of Elon Musk are contributing to billions of dollars in fraud losses in the U.S. Inside the Mind of Thru-Hiking’s Most Devious Con Man You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Please enjoy this encore episode of Word Notes. An isolated and controlled set of resources that mimics real world environments and used to safely execute suspicious code without infecting or causing damage to the host machine, operating system, or network.