Hacking Humans

N2K Networks
  • 4.6 (311)
  • TECH NEWS
  • UPDATED WEEKLY

Deception, influence, and social engineering in the world of cyber crime.

  1. 16H AGO

    When a scammer meets the Force.

    This week, while ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) is out, our hosts⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Joe starts us off with a chicken update. Joe’s story is on CrowdStrike’s 2025 Global Threat Report, which reveals faster-than-ever breakout times, a surge in vishing and initial access attacks, widespread abuse of valid accounts, and a growing shift toward malware-free intrusions as adversaries become more numerous and sophisticated. Dave’s got the story on how “pig-butchering” romance scams are industrialized, detailing Reuters’ reporting on cyberfraud gangs using step-by-step psychological playbooks to groom victims, manufacture emotional attachment, and rapidly funnel them into fake investments that leave lasting financial and emotional damage. Rishika Desai, Threat Researcher and Writer from Bfore.ai, joins Dave and Joe to discuss renting social media ad accounts for scamming purposes. Our catch of the day comes from Reddit, where one user channels their inner Jedi and uses the Force to send a pesky scammer retreating to the dark side. Resources and links to stories: ⁠A scammer’sblueprint CROWDSTRIKE 2025 GLOBAL THREAT REPORT ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

    51 min
  2. MFA prompt bombing (noun) [Word Notes]

    2D AGO · BONUS

    MFA prompt bombing (noun) [Word Notes]

    Please enjoy this encore of Word Notes. Hackers bypass, multifactor authentication schemes by sending a blizzard of spamming login attempts until the accounts owner accepts the MFA prompt out of desperation to make the spamming stop.  CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/mfa-prompt-bombing⁠ Audio reference link: movieclips. “⁠Sneakers (2/9) Movie Clip - Defeating the Keypad (1992) HD.⁠” YouTube, YouTube, 29 May 2011, https://www.youtube.com/watch?v=oG5vsPJ5Tos.

    7 min

  3. JAN 8

    It's just too good to be true.

    This week, our hosts⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow up on a big honor for Dave, recognized by SANS as a Difference Maker in Media—plus a quick chicken update, a newly named rooster, and construction officially getting underway on the new run. Maria has the story on a congressional warning about a surge in winter holiday travel scams, as fake booking sites and airline impersonators drive millions in losses during peak travel season. Dave has two stories this week, one on a friend who received a suspicious email appearing to come from the chair of a nonprofit, and the other on a BBC investigation uncovering how fraudulent crowdfunding campaigns exploited children with cancer and their families, siphoning off millions meant for life-saving treatment. Joe’s story covers a warning from the IRS on how to spot and avoid tax scams, highlighting red flags like too-good-to-be-true refunds, urgent threats, fake websites, and impersonators pressuring victims for money or personal information. For our Catch of the Day, it turns out Aquaman isn’t just ruling the seas — he’s apparently sliding into fans’ texts, proving once again that when a celebrity starts sounding a little too approachable, it’s probably not Hollywood calling. Resources and links to stories: ALERT: Winter Holidays Travel Scams Children with cancer scammed out of millions fundraised for their treatment, BBC finds Recognize tax scams and fraud How to know it's the IRS ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

    53 min
  4. Apple Lockdown Mode (noun) [Word Notes]

    JAN 6 · BONUS

    Apple Lockdown Mode (noun) [Word Notes]

    Please enjoy this encore of Word Notes. An optional security mode for macOS and iOS that reduces the attack surface of the operating system by disabling certain commonly attacked features.  CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/apple-lockdown-mode⁠ Audio reference link: “⁠How NSO Group’s Pegasus Spyware Was Found on Jamal Khashoggi’s Fiancée’s Phone⁠,” FRONTLINE, YouTube, 18 July 2021.

    6 min
  5. Poisoned at the source. [OMITB]

    JAN 6 · BONUS

    Poisoned at the source. [OMITB]

    Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is ⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠⁠. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠Qintel⁠⁠⁠⁠. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we dive into supply chain attacks through the lens of a massive Android malware campaign that infects devices before they ever reach users, embedding itself in firmware and reseller-installed system images. We connect the dots to other high-impact supply chain incidents—from SolarWinds to the recent F5 breach—and share new intelligence on Android devices compromised during manufacturing and distribution in China. Together, these cases highlight how attacks at the source can quietly scale, persist, and evade traditional defenses.

    45 min
  6. Hot sauce and hot takes: An Only Malware in the Building special.

    JAN 1

    Hot sauce and hot takes: An Only Malware in the Building special.

    While our team is out on winter break, please enjoy this episode of Only Malware in the Building. Welcome in! You’ve entered, Only Malware in the Building — but this time, it’s not just another episode. This is a special edition you won’t want to miss. For the first time, our hosts are together in-studio — and they’re turning up the heat. Literally. Join ⁠⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠⁠DISCARDED⁠, along with  ⁠⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠⁠Qintel⁠⁠⁠⁠⁠⁠⁠⁠⁠, as they take on a fiery hot wings challenge while answering personal questions about themselves, their careers, and the stories that shaped them. Think you’ve seen them tackle malware mysteries before? Wait until you see them sweat. This one’s too good for audio alone — you’ll want to watch the full ⁠video⁠ edition to catch every spicy reaction, every laugh, and maybe even a few tears. So grab your milk, get ready to feel the burn, and come join us for this special hot take on Only Malware in the Building.

    37 min
  7. Simulated Phishing (noun) [Word Notes]

    12/30/2025 · BONUS

    Simulated Phishing (noun) [Word Notes]

    While our team is out on winter break, please enjoy this episode of Word Notes. A security awareness training technique in which authorized, but fake phishing emails are sent to employees in order to measure and improve their resistance to real phishing attacks.  CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/simulated-phishing⁠ Audio reference link: ⁠“Blackhat (2014) - Hacking the NSA Scene (4/10) | Movieclips.”⁠ YouTube, YouTube, 19 Apr. 2017.

    8 min

  8. 12/25/2025

    Scammers are recruiting.

    While our team is out on winter break, please enjoy this episode of Hacking Humans This week, our hosts⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with a scam warning from Michal, who is sharing the latest conference scam. Dave's got the story of a retired federal investigator who mapped out the “Scammer Psychological Kill Chain” and shared rules to help you spot and break it. Maria has the story of job scams surging over 1,000% in 2025, as scammers exploit a slowing labor market and desperate jobseekers with fake offers, texts, and bogus recruiter schemes. Joe follows the story on a $4 million forex scam where two men promised safe, high returns but instead ran a Ponzi scheme that defrauded 20 investors before landing in federal prison. Our catch of the day comes from listener Shannon who writes in to share a message from "Amazon" about a recall notice. Resources and links to stories: J⁠ob Scams Surge 1,000% As Americans Struggle to Find Work⁠ ⁠Forex Account: What It Means and How It Works⁠ ⁠Ex-NYPD Cop Gets 36 Months In $4M Forex Scam That Duped 20 Investors: Feds⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

    46 min
See All (737)

Trailer

Hosts & Guests

4.6
out of 5
311 Ratings

About

Deception, influence, and social engineering in the world of cyber crime.

Information

  • Creator
    N2K Networks
  • Years Active
    2018 - 2026
  • Episodes
    737
  • Rating
    Clean
  • Copyright
    © 2024 N2K Networks, Inc. 706761
  • Show Website
    Hacking Humans

You Might Also Like