Hacking Humans

N2K Networks
  • 4.6 (290)
  • TECH NEWS
  • UPDATED WEEKLY
Hacking Humans Podcast

Deception, influence, and social engineering in the world of cyber crime.

  1. 2 DAYS AGO

    The devil IS in the details.

    It's all in the details, folks. Pay attention to those and you can avoid unnecessary stress. Dave Bittner, Maria Varmazis, and Joe Carrigan swap stories on email password-stealing attacks, Google ads scams, and fake banks this week. The team shares follow up from listener Steven from the UK about the hazards of shoulder surfing when they received their new debit card with all PII on the same side of the card. A friend of the show JJ shared a story and a warning about fake checks. Never accept a check from a stranger. Dave's story covers Action Fraud, the UK’s national fraud and cyber reporting center, warning iPhone users of a new Apple ID phishing campaign. Maria talks about new research that uncovers a new scam that takes advantage of public wishlists on ecommerce websites, which in this case is Walmart, but is similar to those found on Amazon and other sites. Joe's story is about a firm in Singapore with an email from a supplier requesting that a pending payment be sent to a new bank account based in East Timor.  Our Catch of the Day is from Reddit on the /scambait subreddit "THE Dolly Parton is going to let ME in her VIP club." Links to the stories: iPhone Users Warned As New Email Password-Stealing Attacks Reported Walmart customers scammed via fake shopping lists, threatened with arrest Police recover over USD 40 million from international email scam THE Dolly Parton is going to let ME in her VIP club. You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.

    47 min

  2. 4 DAYS AGO

    multi-factor authentication (noun) [Word Notes]

    Enjoy this special encore episode. The use of two or more verification methods to gain access to an account.

    6 min

  3. SEP 19

    Scammers beware, the world is watching!

    This week, Dave and Joe share some listener follow-up from Clayton about credit card fraud and the potential issues with automatic update services that some cards provide. Dave's story is on sextortion scams targeting spouses, where scammers claim a partner is cheating and provide links to fake "proof." Joe has two stories this week, the first one is on how Police in Lebanon County arrested an alleged grandparent scammer after a sting operation. Joe's second story is on scam victims being compensated under a new Labor plan in Australia, which would fine banks, telcos, and social media platforms up to $50 million for failing to meet anti-scam obligations. Our catch of the day comes from Reddit, where someone posted a text message thread of their conversation with a scammer about a potential job. Links to the stories: Sextortion scams now use your "cheating" spouse’s name as a lure Police in Lebanon County arrest alleged grandparent scammer after sting operation Scam victims to be compensated under Labor plan to fine banks and social media platforms $50m Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

    31 min

  4. SEP 17

    machine learning (noun) [Word Notes]

    Enjoy this special encore episode. A programming technique where the developer doesn't specify each step of the algorithm in code, but instead teaches the algorithm to learn from the experience.

    6 min

  5. SEP 12

    Baked goods and bad actors.

    Maria Varmazis, host of N2K's daily space show T-Minus, joins Dave and Joe to share the story on the "Hello pervert" sextortion scam, where scammers now use threats of Pegasus spyware and photos of victims' homes to intensify their demands. We have quite a bit of follow-up today. Scott from Australia shared how self-service checkouts now display scam warnings when purchasing gift cards to prevent fraud. Jim highlighted a vulnerability in YubiKey encryption libraries that allows key cloning with an oscilloscope, while a former US Marshal reminded us that Zelle is marketed specifically for transfers between friends and family. Joe's story is on Loria Stern, a small bakery owner who fell victim to a counterfeit check scam after receiving a $7,500 payment for a large cupcake order that was later halved, resulting in her bank withdrawing the funds. Dave's story follows the scams targeting grieving individuals on Facebook, where cybercriminals use fake funeral live stream links or donation requests to steal money and credit card details. Our catch of the day comes from listener Anne, who shares a phishing email sent to a friend. The email emphasized the importance of thorough testing in the software development lifecycle and came with a suspicious PDF attachment, likely containing a malicious link. Anne hopes the campaign has zero success. Links to the stories: “Hello pervert” sextortion scam includes new threat of Pegasus—and a picture of your home LA bakery owner takes big financial hit after receiving scam order of 1,000 cupcakes, paid for with a $7.5K counterfeit check — her bank’s promise of protection fell through Fake funeral “live stream” scams target grieving users on Facebook You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

    43 min

  6. SEP 10

    intelligence (noun) [Word Notes]

    Enjoy this special encore episode. The process of turning raw information into intelligence products that leaders use to make decisions with.

    6 min

  7. SEP 5

    Illusions & ill-intent.

    Maria Varmazis, host of N2K's daily space show T-Minus, joins Dave and Joe to share the story of how the ease of registering an LLC in Colorado has led to a surge in fraudulent businesses. She discusses how residents receiving suspicious mail addressed to fake LLCs registered at their homes are overwhelming the state's Secretary of State with thousands of complaints. Joe's story is on how scammers used a seaside hotel and former bank offices on the Isle of Man to defraud victims in China out of millions of dollars. Dave's story follows a phishing campaign where attackers impersonated HR departments by sending fake mid-year employee engagement surveys to steal Microsoft Office 365 credentials. Our catch of the day comes from Mitch, who received a scam email claiming to be an invitation to join the "Great Illuminati Brotherhood." The email promises wealth, fame, and protection, urging the recipient to contact them to solve financial problems and join the so-called "Elite Family." Links to the stories: Colorado has a backlog of shady LLCs to investigate China scam run from Isle of Man Mid-Year Engagement Trap: How Fake Surveys Are Used in Phishing You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

    39 min

  8. SEP 3

    RATs in the tunnel: Uncovering the cyber underworld. [OMITB]

    Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks.  Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the abuse of legitimate services for malware delivery. Proofpoint has seen an increase in the abuse of tools like ScreenConnect and NetSupport, as well as Cloudflare Tunnel abuse and the use of IP filtering. They have also observed a rise in financially motivated malware delivery using TryCloudflare Tunnel abuse, focusing on remote access trojans (RATs) like Xworm and AsyncRAT. Today we look at how Cloudflare tunnels are used to evade detection and how they have evolved their tactics by incorporating obfuscation techniques, with ongoing research to identify the threat actors involved.

    38 min
See All (582)

Trailer

Hosts & Guests

4.6
out of 5
290 Ratings

About

Deception, influence, and social engineering in the world of cyber crime.

Information

  • Creator
    N2K Networks
  • Years Active
    2018 - 2024
  • Episodes
    582
  • Rating
    Clean
  • Copyright
    © 2024 N2K Networks, Inc. 706761
  • Show Website
    Hacking Humans

You Might Also Like

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes, and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada