Episodes

  • Scamming just isn't what it used to be.

    Scamming just isn't what it used to be.
    Nov 28 2024
    Please enjoy this encore of Hacking Humans: This week, we are joined by host of N2K's T-Minus Space Daily podcast, Maria Varmazis, she sits down with Joe and Dave to discuss sextorion materials that were found on popular social media apps such as, TikTok, Instagram, Snapchat and YouTube. Joe and Dave share quite a bit of follow up, Joe starts with an anonymous listener writing in sharing their story on gift card scams. Dave shares another anonymous listeners comments, sharing about what they think of Andy Cohen going public on how he got scammed. Finally, Joe and Dave hear from a listener by the name of "The Computrix," who says they need to defend Walmart. Dave share's his story about the most common phishing email themes of 2023. Joe's got the story of ransomware not being paid the same way as it used to be by companies, and share the two different angles on that. Our catch of the day comes from listener William, who writes in with a phishing scam that caught his eye. Links to the stories: Sextortion training materials found on TikTok, Instagram, Snapchat and YouTube, according to new report Most Common Phishing Email Themes of 2023 Companies aren’t paying ransoms like they used to New Ransomware Reporting Requirements Kick in as Victims Increasingly Avoid Paying FBI: Scammers Are Sending Couriers to Collect Cash From Victims You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.
    Show more Show less
    48 mins
  • security orchestration, automation, and response (SOAR) (noun) [Word Notes]

    security orchestration, automation, and response (SOAR) (noun) [Word Notes]
    Nov 26 2024
    Please enjoy this encore episode of Word Notes. A stack of security software solutions and tools that allow organizations to orchestrate disparate internal and external tools which feed pre-built automation playbooks that respond to events or alert analysts if an event meets a certain threshold.
    Show more Show less
    6 mins
  • Granny’s got a new trick.

    Granny’s got a new trick.
    Nov 21 2024
    On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week, Joe shares a note from listener Michael before getting into stories, and Michael writes in to share that there are VIN cloning scams. Joe brings back the Iota discussion from last week. Joe's up first for stories and focuses on fraud. Dave informs us of the new human-like AI granny who is wasting scammers time. Finally Maria brings us the story of how BforeAI researchers analyzed over 6000 newly registered retail domains, revealing a surge in scam activity targeting shoppers with phishing websites, fake apps, and fraudulent offers, particularly during the holiday season, exploiting brand names, seasonal trends, and emerging technologies like AI and cryptocurrency. Our catch of the day comes from listener Kenneth who writes in about a fraudulent email claiming to be from Emirates Group, inviting a company to register as a vendor or contractor for upcoming projects in 2024/2025. The email emphasizes the company's experience in various sectors and urges a prompt response to initiate the registration process. It is signed by a supposed "Contractors Coordinator," Mr. Steve Ibrahim Ghandi, and includes fake contact details for the Emirates Group. Resources and links to stories: VIN cloning How Cybercriminals Use Vehicle Identification Numbers (VINs) to Hack Cars Yes, your car's Vehicle Identification Number can be used to steal from you Geolocation Resources for OSINT Investigations Person dressed in a bear costume to fake attacks on cars for insurance payout, California officials say U.S. Trustee Program Warns Consumers of Bankruptcy Fraud Alert Scam O2 unveils Daisy, the AI granny wasting scammers’ time 2024 Online Holiday Retail Threat Report You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.
    Show more Show less
    36 mins
  • personally identifiable information (PII) (noun) [Word Notes]

    personally identifiable information (PII) (noun) [Word Notes]
    Nov 19 2024
    A term of legal art that defines the types of data and circumstances that permits a third party to directly or indirectly identify an individual with collected data.
    Show more Show less
    7 mins
  • Final approach to scammer advent.

    Final approach to scammer advent.
    Nov 14 2024
    On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week, the team shares follow up about FEMA and Hurricane Helene relief. Dave's story is about romance scams involving an impersonator of a WWE star scamming a grandfather out of their retirement savings, Maria shares a story about a valid-looking document impersonating DocuSign's API (application programming interface). Joe's got a few stories including one about a CVE (Common Vulnerabilities Enumeration) relating to an Okta bug and one from the Better Business Bureau with a new twist on online shopping scams where your get a "card declined" message. Our Catch of the Day comes from listener William about an email from the "United Nations." Resources and links to stories: DisasterAssistance.gov They’re Giving Scammers All Their Money. The Kids Can’t Stop Them. Attackers Abuse DocuSign API to Send Authentic-Looking Invoices At Scale DMARC: Domain-based Message Authentication, Reporting & Conformance CVE-2024-10327 BBB Scam Alert: 'Card declined' error may lead to multiple fraudulent charges You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.
    Show more Show less
    43 mins
  • secure access service edge (SASE) (noun) [Word Notes]

    secure access service edge (SASE) (noun) [Word Notes]
    Nov 12 2024
    Enjoy this encore episode. A security architecture that incorporates the cloud shared responsibility model, a vendor provided security stack, an SD-WAN abstraction layer, and network peering with one or more of the big content providers and their associated fiber networks.
    Show more Show less
    8 mins
  • Happy hour hacking.

    Happy hour hacking.
    Nov 7 2024
    Maria Varmazis, host of N2K's daily space show T-Minus, joins Dave and Joe to share the story of the five types of social engineers Deanne Lewis encountered while tending bar, revealing how each barroom personality reflects a common cybersecurity threat. Our hosts share some follow-up from a friend of the show, JJ, who reports a rise in tech support scams targeting non-tech-savvy users by locking their screens and persuading them to call scammers, often leading to credit card fraud and unauthorized remote access through tools like AnyDesk or TeamViewer. Joe has two stories this week: one covering JPMorgan Chase's lawsuits against individuals who exploited an ATM glitch to withdraw fake deposits, a scam popularized on TikTok; and the second on four suspects in Maryland charged with conning an elderly woman out of nearly $40,000 in a "pigeon drop" scam, where victims are promised a cut of "found" money in exchange for collateral. Dave's story is on a viral AI-generated hoax spreading on Facebook, where fake posts about neighbors egging cars over Halloween decorations are stirring moral panic and sowing distrust, especially among older users. Finally, our catch of the day comes from some text threads about a scammer trying to get clever while buying a used car. Links to the stories: The Five Types of Social Engineers I Met Tending Bar (And What They Taught Me About InfoSec) JPMorgan Chase is suing customers over 'infinite money glitch' ATM scam Four charged in ‘pigeon drop’ scam targeting elderly in Maryland The newest AI slop on Facebook exploits suburban fear You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.
    Show more Show less
    48 mins
  • Whispers in the wires: A closer look at the new age of intrusion. [OMITB]

    Whispers in the wires: A closer look at the new age of intrusion. [OMITB]
    Nov 5 2024
    Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about how threat actors are shifting tactics across the landscape, focusing more on advanced social engineering and refined initial access strategies than on sophisticated malware. We’ll dive into Proofpoint's latest blog detailing a transport sector breach that, while involving relatively standard malware, showcases this growing trend of nuanced techniques and toolsets.
    Show more Show less
    40 mins