App Store

Google Play

DK - Details page - Device banner - 894x1036

Nyd den ubegrænsede adgang til tusindvis af spændende e- og lydbøger - helt gratis

Lyt når som helst, hvor som helst 

N2K Networks

Deception, influence, and social engineering in the world of cyber crime.

Hacking Humans

This week, our hosts⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. This week’s follow-up brings two gems: a smart tip from a listener on handling suspicious “bank calls” by asking the caller to leave a note on your account, then verifying directly with your bank. Plus, a delightful story about “Chicken Camp,” where trainers hone their skills by teaching chickens tricks—proof that maybe one day a chicken-driven tractor isn’t such a far-fetched idea! Joe's story is on YouTube scam-baiters who helped expose a $65 million fraud ring that preyed on vulnerable victims, including a Holocaust survivor’s widow. Maria's got the story of how agentic AI browsers, designed to shop and click for you, proved alarmingly easy to trick into scams and phishing schemes—ushering in a new era of “Scamlexity.” Dave's story covers a growing luggage tag scam where discarded tags give scammers enough personal info to file false baggage claims against travelers. The catch of the day comes from listener Chad, who spotted a suspicious message likely aiming to hijack his Facebook account—but wisely didn’t take the bait.

Resources and links to stories:

 YouTube ‘scambaiters' expose ring that left Holocaust survivor's widow penniless: DA

 “Scamlexity” We Put Agentic AI Browsers to the Test - They Clicked, They Paid, They Failed

 Airport Worker Reveals Growing Luggage Tag Scam Targeting Travelers

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

When your AI gets scammed.

Please enjoy this encore of Word Notes. 

The set of people, process, technology, and cultural norms that integrates software development and IT operations into a system-of-systems.

CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/devops⁠

Audio reference link: "⁠10+ Deploys Per Day: Dev and Ops Cooperation at Flickr⁠," by John Allspaw and Paul Hammond, Velocity 09, 25 July 2009.

DevOps (noun) [Word Notes]

Welcome in! You’ve entered, Only Malware in the Building — but this time, it’s not just another episode. This is a special edition you won’t want to miss.

For the first time, our hosts are together in-studio — and they’re turning up the heat. Literally. Join ⁠⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠⁠DISCARDED⁠, along with ⁠⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠⁠Qintel⁠⁠⁠⁠⁠⁠⁠⁠⁠, as they take on a fiery hot wings challenge while answering personal questions about themselves, their careers, and the stories that shaped them. Think you’ve seen them tackle malware mysteries before? Wait until you see them sweat. 

This one’s too good for audio alone — you’ll want to watch the full ⁠video⁠ edition to catch every spicy reaction, every laugh, and maybe even a few tears.

So grab your milk, get ready to feel the burn, and come join us for this special hot take on Only Malware in the Building.

Hot sauce and hot takes: An Only Malware in the Building special. [OMITB]

This week, our hosts⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow up, this time involving a surprising new flock of chickens and a listener note from Belgium. Via Peter Janssen, as he’s seen the same fake “employee discount” scams we covered, only this time targeting backpacks and other products. Dave's story is on a new “podcast imposter” scam, where fake invites trick business owners and influencers into giving remote access so attackers can hijack their accounts. Joe's got a story on Workday disclosing a breach after attackers used social engineering to infiltrate a third-party CRM system, and why this matters given Workday’s wide use as the front end for so many companies’ HR departments. Maria brings two quick hits this week: a fake FedEx text scam making the rounds, and a look at whether covering kids’ faces with emojis in photos really protects their privacy — or if it’s more illusion than protection. On today's catch of the day, Dave got a text claiming he’s been recommended for a high-paying, no-experience-needed YouTube job—classic signs of a scam promising easy money and “free training.”

Complete our annual ⁠⁠⁠⁠⁠⁠⁠⁠audience survey⁠⁠⁠⁠⁠⁠⁠⁠ before August 31. 

Resources and links to stories:

 
⁠⁠Dumbest Friend Just Bought 20 Chickens

 Executives Warned About Celebrity Podcast Scams

 Workday Discloses Data Breach Following CRM-Targeted Social Engineering Attack

 Will covering your child’s face with an emoji actually protect their privacy?

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

Social engineering served sunny-side up.

Please enjoy this encore of Word Notes.

A software development model that relies on a series of sequential steps that flow into each other, like a series of waterfalls. 

CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/waterfall-software-development⁠

Audio reference link: “⁠Creating Video Games - Agile Software Development,⁠” by Sara Verrilli, MIT OpenCourseWare, YouTube, 10 December 2015

Waterfall Software Development Method (noun) [Word Notes]

This week, our hosts⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow up from Chris Martin, a long-time listener and fan of the show. Chris shares that his employer uses Hoxhunt for cybersecurity awareness training and came across a fun gem worth mentioning. Next, Jay writes in with a heads-up about a scam running in large cities. Criminals are reportedly sticking phones to desirable cars and then using the tracking features to show up at victims’ homes to steal the vehicles. Joe has more info on his chickens. Maria shares the story of a Spotify job recruitment scam and the email she received, where scammers used a convincing fake site to mimic Spotify’s real careers page in an attempt to steal logins. Joe has two stories this week, the first on federal investigators charging 13 people in a $5 million “grandparent scam” that targeted hundreds of elderly victims, a scheme uncovered after Uber flagged suspicious activity to the FBI when its drivers were unknowingly used to move cash. His second story looks at Northern California, where two suspects were arrested in a “cash drop scam” linked to more than 40 cases across six states, after a sharp-eyed loss prevention agent recognized the scheme and alerted police. Dave’s story this week covers federal investigators charging 13 people in a $5 million “grandparent scam” that targeted hundreds of elderly victims, uncovered after Uber flagged suspicious activity to the FBI when its drivers were unknowingly used to move cash. Our Catch of the Day comes from Patrick, who shared a scam email claiming to be from the IMF offering a $9.8 million “compensation fund” paid out in daily $5,000 MoneyGram transfers—if the recipient just hands over all their personal details.

Complete our annual ⁠⁠⁠⁠⁠⁠⁠audience survey⁠⁠⁠⁠⁠⁠⁠ before August 31. 

Resources and links to stories:

 ⁠Spotify Job Recruitment scam

 Uber drivers help end scam targeting hundreds of grandparents, U.S. attorney says

 ‘Cash drop scam’ in Northern California leads to two arrests, linked to 40 cases

 Good Morning Britain Correspondent Noel Phillips Loses Life Savings in Elaborate Phone Scam. How Can Your Stay Safe

 living nightmare Good Morning Britain host loses ‘whole life savings’ to phone scam and admits ‘the shame is devastating’

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

Scammers hit the right notes in the wrong way.

Please enjoy this encore of Word Notes. 

A software development philosophy that emphasizes incremental delivery, team collaboration, continual planning, and continual learning 

CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/agile-software-development⁠

Audio reference link: "⁠Velocity 09: John Allspaw and Paul Hammond, "10+ Deploys Pe,⁠" John Allspaw and Paul Hammond, 2009 Velocity Conference, YouTube, 25 June 2009.

Agile Software Development Method (noun) [Word Notes]

This week, our hosts⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) are back sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Joe's story is on WhatsApp rolling out new anti-scam tools, disrupting over 6.8 million scam-linked accounts, and partnering with experts to share tips on spotting and avoiding sophisticated cross-platform scams run by organized crime networks. Dave's got the story of how “PharmaFraud” — a global network of fake online pharmacies — scams consumers with counterfeit or dangerous medications, stealing money and personal data while putting health and safety at serious risk. Maria dives into the story on a new twist to jury duty scams, where callers posing as police direct victims to fake government websites to steal personal data and money, often demanding payment through cryptocurrency or other untraceable methods. Our catch of the day comes from listener Adam who shares a SiriusXM payment scam they received through an email. 

Complete our annual ⁠⁠⁠⁠⁠⁠audience survey⁠⁠⁠⁠⁠⁠ before August 31.

Resources and links to stories:

 New WhatsApp Tools and Tips to Beat Messaging Scams

 Disrupting malicious uses of AI: June 2025

 PharmaFraud: how illegal online pharmacies endanger your health and your wallet

 Scammers are using fake websites in a twist on jury duty scams

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

This scam is now in session.

Please enjoy this encore of Word Notes.

The flagship product of the controversial Israeli spyware vendor, the NSO Group, use for remotely hacking mobile devices, most notably iPhones, via zero-click exploits.

CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/pegasus⁠

Audio reference link:⁠“Cybersecurity beyond the Headlines: A Conversation with Journalist Nicole Perlroth⁠,” Kristen Eichensehr, and Nicole Perlroth, University of Virginia School of Law, YouTube, 14 February 2022

Pegasus (noun) [Word Notes]

This week, our hosts⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) are back sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up on an Arizona woman sentenced to over eight years in prison for running a “laptop farm” that helped North Korean IT workers pose as U.S. employees at hundreds of American companies, funneling over $17 million to Pyongyang through stolen identities and remote access. We also share an update on Joe's Profile picture. We start with Dave’s story on a Facebook scam falsely claiming insider access to a secret Yeti cooler deal from Dick’s Sporting Goods, using a fake emotional backstory to lure users into clicking a malicious link under the guise of an employee-only loophole. Maria’s story is on escalating violence at the Thailand-Cambodia border, where a long-standing territorial dispute has reignited after a leaked phone call between leaders fractured a decades-old political friendship, sparking deadly clashes, diplomatic fallout, and rising tensions fueled by personal betrayal, political instability, and mutual economic pressures. Joe’s story follows the indictment of a former Tri-Cities pastor who allegedly used his position and a fake cryptocurrency scheme called “Solano Fi” to defraud his congregation and others out of millions, promising risk-free returns while siphoning the funds for himself and his co-conspirators. Our catch of the day comes from Joe who shares an interesting email from "Xfinity."

Complete our annual ⁠⁠⁠⁠⁠audience survey⁠⁠⁠⁠⁠ before August 31.

Resources and links to stories:

 
⁠⁠⁠⁠⁠Arizona woman sentenced over $17 million North Korea worker fraud scheme⁠

 
Facebook: Ava Davis 

 Facebook

 Facebook

 Facebook

 The fractured friendship behind the fight at the Thailand-Cambodia border

 Lethal Cambodia-Thailand border clash linked to cyber-scam slave camps

 Beneath the Border: Scam Centers and the Thailand–Cambodia Conflict

 Grand Jury Charges Pastor, Wife in Alleged Multi-Million Dollar Cryptocurrency Scam

 Former Tri-Cities Pastor Indicted for Multi-Million Dollar Cryptocurrency Scam

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

Yeti or not, it’s a scam.

From the intrusion kill chain model, a malicious code delivery technique that allows hackers to send code of their choosing to their victim’s browser. XSS takes advantage of the fact that roughly 90% of web developers use the JavaScript scripting language to create dynamic content on their websites. Through various methods, hackers store their own malicious javascript code on unprotected websites. When the victim browses the site, the web server delivers that malicious code to the victim’s computer and the victim’s browser runs the code.

cross-site scripting (noun) [Word Notes]

Lyt når som helst, hvor som helst

Other podcasts you might like ...