Episodios

  • Not-so-real deals.

    Not-so-real deals.
    Apr 3 2025
    This week our hosts, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. First, we start off with some more follow-up on EZ passes, along with the newest iteration, as Kailey Cornick shares that scammers target phone numbers rather than actual toll users, sending her SUN pass scam texts tied to her old Florida number. Dave shares the story of Palo Alto's Unit 42 researchers uncovering a massive campaign distributing thousands of fraudulent cryptocurrency investment platforms via websites and mobile apps, using brand impersonation, Ponzi-like schemes, and domain fronting to deceive victims, primarily in East Africa and Asia. Maria follows the story of a Queens man arraigned for allegedly scamming a 72-year-old Newton woman out of over $480,000 by posing as a DEA agent and coercing her into transferring her assets under the threat of arrest. Joe came across a Facebook video featuring an AI-generated ad falsely claiming Kelly Clarkson endorsed a weight loss product. These deceptive ads use AI to create convincing deepfakes, making it appear as if celebrities are promoting products they’ve never actually supported. Our catch of the day comes from listener Connor, who flagged a phishing email pretending to be from the Social Security Administration. The email urges the recipient to click a link to view an "important update," but the repetition of the message and a suspicious logo placeholder suggest it's a phishing attempt designed to steal personal info. Resources and links to stories: Investigating Scam Crypto Investment Platforms Using Pyramid Schemes to Defraud Victims Man Arraigned After Posing as Government Agent to Scam Senior out of Over $480,000 'I have terminal cancer and lost my life savings to whisky barrel scammers' Casks and Kegs Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.
    Más Menos
    46 m
  • account takeover prevention (noun) [Word Notes]

    account takeover prevention (noun) [Word Notes]
    Apr 1 2025
    Enjoy this encore of Word Notes. The prevention of the first part of an intrusion kill chain model exploitation technique, where the hacker steals valid logging credentials from a targeted victim. CyberWire Glossary link: https://thecyberwire.com/glossary/account-takeover-prevention
    Más Menos
    6 m
  • Hello? Is it malware you’re looking for? [OMITB]

    Hello? Is it malware you’re looking for? [OMITB]
    Apr 1 2025
    Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner —and our newest totally unbiased co-host, Archy, a highly sophisticated AI robot who swears they have no ulterior motives (but we’re keeping an eye on them just in case). Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our hosts discuss Telephone-Oriented Attack Delivery (TOAD), also known as callback phishing. In this type of attack, an attacker sends a seemingly benign email, often containing an invoice or payment notification, along with a phone number. When the victim calls, they speak with the attacker, who convinces them to install remote access tools, leading to malware installation, phishing, and financial theft. Tune in as we explore how this deceptive tactic works and ways to protect yourself from falling victim to it.
    Más Menos
    38 m
  • Smells like scam season is upon us.

    Smells like scam season is upon us.
    Mar 27 2025
    This week our hosts, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), and they are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up on E-ZPass scams—a listener suggests that scammers may be exploiting exposed license plate reader data, as demonstrated by YouTuber Mike Brown, to link plate numbers with breached phone records and send scam texts in real time. Dave's story is on how scammers may use conditioning techniques in romance scams—Ben Tasker observed that refusing to provide a phone number led to fewer photos being sent early on, suggesting scammers use rewards like photos to encourage compliance. Joe's got the story of Google's lawsuit against scammers who created and sold thousands of fake business listings on Google Maps, exploiting urgent services like locksmiths and towing to deceive customers and charge inflated fees. Maria's got the story of the FTC suing Click Profit for allegedly scamming consumers out of millions with a fake “passive income” scheme, falsely promising high returns through AI-driven e-commerce stores on Amazon, Walmart, and TikTok while most investors ended up losing money. Our catch of the day comes from Reddit after a user posted a conversation with a scammer after messing with them about a potential job opportunity. Resources and links to stories: Who is sending those scammy text messages about unpaid tolls? My Scammer Girlfriend: Baiting A Romance Fraudster Google finds 10,000 fake listings on Google Maps, sues alleged network of scammers AI scammers on Amazon duped investors out of millions with ‘passive income’ scheme, FTC alleges Can I work from jail? Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.
    Más Menos
    49 m
  • threat hunting (noun) [Word Notes]

    threat hunting (noun) [Word Notes]
    Mar 25 2025
    Please enjoy this encore of Word Notes. The process of proactively searching through networks to detect and isolate security threats, rather than relying on security solutions or services to detect those threats. CyberWire Glossary link: https://thecyberwire.com/glossary/threat-hunting Audio reference link: “My ‘Aha!" Moment - Methods, Tips, & Lessons Learned in Threat Hunting - sans Thir Summit 2019.” YouTube, YouTube, 25 Feb. 2020.
    Más Menos
    7 m
  • E-ZPass or easy scam?

    E-ZPass or easy scam?
    Mar 20 2025
    On Hacking Humans, this week Dave Bittner is back with Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), and they are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Joe shares a bit of follow up on scam victims sharing their experiences of losing money to various frauds, including investment schemes, romance scams, business email compromises, online shopping fraud, unusual payment requests, tax impersonations, remote access scams, and identity theft. Maria shares a story on scammers using fake E-ZPass toll alerts to steal personal information, and another on victims losing thousands to investment, romance, and online shopping scams. Dave's got the story of how digital scammers prey on the financially vulnerable, using AI-generated content and deceptive ads on platforms like Instagram to sell worthless "get-rich-quick" schemes that ultimately leave victims deeper in debt. Joe's got two stories this week, the first being on Wenhui Sun, a California man, and how he was sentenced to six and a half years for stealing nearly $800,000 through a gold bar scam targeting victims nationwide. Meanwhile, the U.S. Federal Trade Commission reported a sharp rise in fraud, with 2.6 million people losing $12.5 billion in 2024, up from $2.5 billion in 2023, primarily due to impostor scams. Younger adults reported losing money more often than older ones. Our catch of the day follows how First Lady Melania Trump messaged an unsuspecting citizen claiming to give them a free gift. Resources and links to stories: Scam victims tell us their stories Digital Snake Oil Merchants Are Stealing From The Already Broken California man sentenced after Montgomery Co. woman loses over $700K in gold bar scam FTC says Americans lost $12.5B to scams last year — social media, AI, and crypto didn’t help You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.
    Más Menos
    36 m
  • vulnerability management (noun) [Word Notes]

    vulnerability management (noun) [Word Notes]
    Mar 18 2025
    Please enjoy this encore of Word Notes. The continuous practice of identifying classifying, prioritizing, remediating, and mitigating software vulnerabilities within this. CyberWire Glossary link: https://thecyberwire.com/glossary/vulnerability-management Audio reference link: “Vulnerability Scanning - Comptia Security+ sy0-501 - 1.5.” YouTube, YouTube, 11 Nov. 2017,
    Más Menos
    8 m
  • Catch me if you scam.

    Catch me if you scam.
    Mar 13 2025
    On Hacking Humans, this week Dave Bittner is on vacation so our two hosts Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Our hosts start out with some follow up on chicken talk from last week. Maria shares the story of scammers impersonating police officers in England to steal cryptocurrency by exploiting leaked personal data, creating fake fraud reports, and tricking victims into revealing their seed phrases, leading to losses totaling £1 million. Joe has two stories this week, his first one is on a $21 million "Grandparent Scam" in which 25 Canadians were charged for running a scheme from Montreal call centers, posing as grandchildren in distress to deceive elderly Americans into handing over money, with 23 suspects already arrested. Joe's second story is on two people charged in a ticket scam that exploited a loophole in StubHub’s system to steal and resell over 900 tickets—mostly for Taylor Swift’s Eras Tour—netting more than $600,000 in profit before being caught by the Queens D.A.'s Cybercrime Unit. We have a special catch of the day this week, where we are joined by N2K's own Ma'ayan Plaut, who joins to discuss going out of business scams. Resources and links to stories: ‘Fake police call cryptocurrency investors to steal their funds Dozens of Canadians Are Charged in $21 Million ‘Grandparent Scam’ 2 People Charged with Taylor Swift Eras Tour Ticket Scam That Allegedly Netted More Than $600K BBB Scam Alert: How to spot a fake "going out of business" sale Joann Fabric’s going out of business scam You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.
    Más Menos
    42 m