Enjoy this special encore episode.

A programming technique where the developer doesn't specify each step of the algorithm in code, but instead teaches the algorithm to learn from the experience.

Maria Varmazis, host of N2K's daily space show T-Minus, joins Dave and Joe to share the story on the "Hello pervert" sextortion scam, where scammers now use threats of Pegasus spyware and photos of victims' homes to intensify their demands. We have quite a bit of follow-up today. Scott from Australia shared how self-service checkouts now display scam warnings when purchasing gift cards to prevent fraud. Jim highlighted a vulnerability in YubiKey encryption libraries that allows key cloning with an oscilloscope, while a former US Marshal reminded us that Zelle is marketed specifically for transfers between friends and family. Joe's story is on Loria Stern, a small bakery owner who fell victim to a counterfeit check scam after receiving a $7,500 payment for a large cupcake order that was later halved, resulting in her bank withdrawing the funds. Dave's story follows the scams targeting grieving individuals on Facebook, where cybercriminals use fake funeral live stream links or donation requests to steal money and credit card details. Our catch of the day comes from listener Anne, who shares a phishing email sent to a friend. The email emphasized the importance of thorough testing in the software development lifecycle and came with a suspicious PDF attachment, likely containing a malicious link. Anne hopes the campaign has zero success.

Links to the stories:

• “Hello pervert” sextortion scam includes new threat of Pegasus—and a picture of your home
• LA bakery owner takes big financial hit after receiving scam order of 1,000 cupcakes, paid for with a $7.5K counterfeit check — her bank’s promise of protection fell through
• Fake funeral “live stream” scams target grieving users on Facebook

You can hear more from the T-Minus space daily show here.

Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Enjoy this special encore episode.

The process of turning raw information into intelligence products that leaders use to make decisions with.

Maria Varmazis, host of N2K's daily space show T-Minus, joins Dave and Joe to share the story of how the ease of registering an LLC in Colorado has led to a surge in fraudulent businesses. She discusses how residents receiving suspicious mail addressed to fake LLCs registered at their homes are overwhelming the state's Secretary of State with thousands of complaints. Joe's story is on how scammers used a seaside hotel and former bank offices on the Isle of Man to defraud victims in China out of millions of dollars. Dave's story follows a phishing campaign where attackers impersonated HR departments by sending fake mid-year employee engagement surveys to steal Microsoft Office 365 credentials. Our catch of the day comes from Mitch, who received a scam email claiming to be an invitation to join the "Great Illuminati Brotherhood." The email promises wealth, fame, and protection, urging the recipient to contact them to solve financial problems and join the so-called "Elite Family."

Links to the stories:

• Colorado has a backlog of shady LLCs to investigate
• China scam run from Isle of Man
• Mid-Year Engagement Trap: How Fake Surveys Are Used in Phishing

You can hear more from the T-Minus space daily show here.

Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. 

Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the abuse of legitimate services for malware delivery.

Proofpoint has seen an increase in the abuse of tools like ScreenConnect and NetSupport, as well as Cloudflare Tunnel abuse and the use of IP filtering. They have also observed a rise in financially motivated malware delivery using TryCloudflare Tunnel abuse, focusing on remote access trojans (RATs) like Xworm and AsyncRAT.

Today we look at how Cloudflare tunnels are used to evade detection and how they have evolved their tactics by incorporating obfuscation techniques, with ongoing research to identify the threat actors involved.

Enjoy this special edition of Word Notes:

A cloud-based software distribution method where app infrastructure, performance, and security are maintained by a service provider and accessible to users, typically via subscription, from any device connected to the internet.

This week Joe and Dave share some listener follow up from Tim, who writes in to give some more information on a payment apps story in episode 302. Joe's story is on Suzy Enos, whose sister died, only for scammers to impersonate a family member and take over her phone number, leading to fraudulent charges on her accounts. Enos fought back to secure her late sister's assets and raise awareness about protecting accounts after a loved one's death. Dave's story follows how scammers exploit the "Automatic Billing Update" (ABU) program to enroll people in fake subscriptions and charge them even after their credit cards are replaced. To avoid this, you need to inform your issuer that it's a subscription scam and request them to block the merchant from using ABU to get your new card number. Our catch of the day comes from listener Felipe, who writes in share a letter he got in the mail where scammers were trying to convince him that he is owed money from a family member he has never heard of before.

Links to the stories:

• Her sister died. Then scammers took over her phone number and started racking up bills.
• Mastodon Royce Williams
• The little-known credit card program that lets companies share your information
• Keep your cards on file always up-to-date
• MasterCard Automatic Billing Updater Service

Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Enjoy this special encore episode.

A cryptographic hack that relies on guessing all possible letter combinations of a targeted password until the correct codeword is discovered.

Maria Varmazis host of the N2K daily space show, T-Minus, joins Dave and Joe to share her story on how AI-generated scams have infiltrated the world of crochet and other crafts, selling fake patterns that often result in impossible or frustrating projects. Dave's story is on the rise of "digital arrest" scams in India, where criminals posing as law enforcement officers coerce victims into making payments to avoid fake charges against their loved ones. Joe's story come's from a listener this week, and follows the latest evolution of the classic invoice scam, where scammers are now embedding unrelated but meaningful text to bypass spam filters. Our catch of the day comes from listener William, who shares a classic Nigerian Banker Scam. In this version, a young bank employee named Zayas Yovani claims to have discovered your overdue funds at the Central Bank of Nigeria. He offers to release the money if you help him flee the country, requiring you to purchase special hard drives and share your banking details.

Please take a moment to fill out an audience survey! Let us know how we are doing!

Links to the stories:

• This is what happens when ChatGPT tries to create crochet patterns
• 'Digital arrest' scams are big in India and may be spreading

You can hear more from the T-Minus space daily show here.

Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Enjoy this special encore of Word Notes.

A process of converting encrypted data into something that a human or computer can understand.

Maria Varmazis host of the N2K daily space show, T-Minus, joins Dave and Joe to share her story from listener Chloe, who shared a post she found on a social media platformed called "Bluesky," where a company is asking for photos and videos of your children to help AI smarter. Our hosts share some listener follow up on how a scammer impersonated a government official to deceive a woman into converting her assets into gold bars, resulting in the theft of over $789,000. They also share some follow up from listener Steve to discuss the "No Numbers Project" from episode 300. Joe's story is on regulators investigating whether major banks, including JPMorgan Chase, Bank of America, and Wells Fargo, are adequately addressing Zelle scams by shutting down accounts used by fraudsters. Dave has the story on the FTC warning that scammers are the only ones who promise to remove all negative details from your credit report. Our catch of the day come from listener Benjamin who shares an email they received claiming to know things about him that he would not want getting out.

Please take a moment to fill out an audience survey! Let us know how we are doing!

Links to the stories:

• Bluesky
• Second gold bar scam suspect arrested, extradited to Maryland
• Regulators Probing Big Banks’ Handling of Zelle Scams
• FTC warns consumers of scammers offering to remove all negative information from credit reports

You can hear more from the T-Minus space daily show here.

Have a Catch of the Day you'd like to share? Email it to us at [email protected].