On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week, Dave has the story from Ampyx Cyber that has a scam reporter on staff to do awareness videos and this latest one is about an amazing sale on fake leather bags. Joe has two stories this week. The first one sent Joe down a rabbit hole and is about romance scams where 3 people were recently sentenced. The second one is about one of the victims of that previous romance scam. And finally, Maria's story is about Restaurant Week in NYC and third-party brokers who do restaurant reservation auctions. Our Catch of the Day involves a GoGetFunding gift card scam related to a campaign looking for donations to help pay for a child's medical costs.

Resources and links to stories:

• Fake leather, fake people: AI sellers generate numerous complaints
• Romance scam "money mules" sentenced in case that ended with Illinois woman's death
• When her mother went missing, an Illinois woman ventured into the dark corners of America's romance scam epidemic
• Security Alert: Bots Target NYC Restaurant Week
• GoGetFunding Scamming Donations Alert

You can hear more from the T-Minus space daily show here.

Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Please enjoy this encore of Word Notes.

The practice of securing a device that connects to a network in order to facilitate communication with other devices on the same or different networks. 

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week Maria has the story on how the return to office life brings unique security challenges, highlighting the need for Red Team assessments to uncover and address physical and digital vulnerabilities, empowering organizations to proactively enhance workplace security and protect against evolving threats. Joe's story comes from the FCC's warning about a scam dubbed "Green Mirage," where fraudsters impersonate mortgage lenders, spoof caller IDs, and use social engineering to trick financially vulnerable homeowners into sending payments via unconventional methods, often only discovered when foreclosure proceedings begin. Last but not least, Dave's story is on how a Reddit user shared their cautious experiment with a suspected Airbnb scam involving a new account requesting to move to WhatsApp, agreeing to unusually high rental rates, and engaging in rapport-building tactics, with red flags pointing to potential financial fraud or phishing attempts. Our catch of the day comes from listener William, who spotted a phishing scam disguised as a security alert about a compromised crypto wallet, featuring an unsolicited QR code and a generic warning that targets even non-crypto users.

Resources and links to stories:

• Navigating Workplace Security: Red Team Insights for the Return to Office
• FCC warns of 50-state scam by fraudsters posing as mortgage lenders
• FCC ENFORCEMENT ADVISORY
• I'm saying "Yes" to the Chinese long-term rental WhatsApp chat asking for video

You can hear more from the T-Minus space daily show here.

Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Please enjoy this encore episode.

President Biden's May, 2021 formal compliance mandate for federal civilian executive branch agencies, or FCEBs, to include specific shortterm and longterm deadlines designed to enhance the federal government's digital defense posture. 

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week we jump right into stories, Maria shares Apple’s new AI feature and how it is unintentionally rewording scam messages to make them appear more legitimate and flagging them as priority notifications, raising concerns about increased susceptibility to scams. Joe has two stories this week, the first focuses on two individuals, including an inmate using a smuggled cellphone, being charged with defrauding a Sarasota woman of $12,000 in a jury duty scam involving spoofed law enforcement identities and Bitcoin transfers, with authorities urging vigilance against such schemes. Joe's second story is on a LinkedIn job interview turned hacking attempt when a technical challenge contained obfuscated code designed to gather crypto wallet information from the user's computer; the scam highlights the importance of carefully reviewing code and using secure environments like virtual machines during such evaluations. Finally Dave has the story on a prolific voice phishing crew manipulating legitimate Apple and Google services to deceive victims, leveraging advanced phishing kits, social engineering tactics, and automated tools like "autodoxers" to target cryptocurrency holders and high-value individuals for significant financial theft. Our catch of the day comes from listener Keefe, who shares a voicemail from one suspicious sounding Walmart voice.

Resources and links to stories:

• Apple’s new AI feature rewords scam messages to make them look more legit
• Apple urged to withdraw 'out of control' AI news alerts
• Suspected jury duty scammers arrested for bilking Sarasota woman out of $12K: DOJ
• The code challenge scam
• A Day in the Life of a Prolific Voice Phishing Crew

You can hear more from the T-Minus space daily show here.

Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Phase of a typical cyber adversary group's attack sequence, after the initial compromise and usually after the group has established a command and control channel, where the group moves through the victims network by compromising as many systems as it can, by looking for the data, it has come to steal or to destroy.

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. Our hosts discuss and ponder whether or not diamonds are the original cryptocurrency, as well as diving further into Yubikeys for organizations. Maria shares the story of a 66-year-old woman who lost her $2 million retirement savings to a romance scam on Match.com, highlighting the rise in such scams and efforts to pass the Online Dating Safety Act to protect users. Joe's story is on the Madoff Victim Fund's final $131.4 million payout, bringing total recoveries to $4.3 billion for victims of Bernard Madoff's infamous Ponzi scheme, which collapsed during the 2008 financial crisis. Dave's got the story on allegations that the PayPal Honey browser extension not only fails to deliver the best deals but also hijacks affiliate revenue from influencers by replacing their links with its own, sparking backlash and controversy. Our catch of the day comes from Reddit and Dave and Maria do their best impressions yet, as a scammer chats up an unsuspecting victim.

Resources and links to stories:

• Online dating scammers bilk more money each year. A bipartisan bill seeks to stop them at the source.
• Madoff fraud victims get $4.3bn as fund completes payouts
• Honey’s deal-hunting browser extension is accused of ripping off customers and YouTubers

You can hear more from the T-Minus space daily show here.

Have a Catch of the Day you'd like to share? Email it to us at [email protected].

A public list sponsored by the US government and designed to uniquely identify, without the need to manually cross- reference, all the known software vulnerabilities in the world. 

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. 

Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the year's most impactful cyber trends and incidents—from the Snowflake hack and Operation Endgame to the rise of multi-channel scams and explosive growth in web inject attacks. Ransomware continued to wreak havoc, especially in healthcare, while callback phishing and MFA-focused credential attacks kept defenders on high alert. Join us as we reflect on these challenges and look ahead to what’s next in 2025.

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. First off, our hosts share some follow up, Asher wrote in to discuss follow up on the AI granny. Maria's story covers a "new QR code scam" involving unsolicited packages and brushing tactics, where scammers lure victims into scanning malicious QR codes to steal personal and financial information. Joe's story highlights how the FBI and CISA urge Americans to secure their text messages using end-to-end encryption to combat sophisticated hacking campaigns linked to China's government, which target telecom networks and user data. Dave's story highlights how pallet liquidation scams target buyers with offers of discounted merchandise, warning against red flags like unrealistic prices and unverified sellers. Our Catch of the Day comes from Jim, who shares a suspicious email he received offering a collaboration under the guise of a business partnership, which included overly generic language and an unusual sign-off from "Robert De Niro."

Resources and links to stories:

• New warning about ‘brushing’ scam as victims are reported in Colorado
• FBI warns Americans to keep their text messages secure: What to know
• Pallet liquidation scams and how to recognize them
• Mobile Communications Best Practice Guidance

You can hear more from the T-Minus space daily show here.

Have a Catch of the Day you'd like to share? Email it to us at [email protected].

A forensic technique where practitioners capture an entire image of a system and analyze the contents offline.