Hacking Humans

Please enjoy this encore episode. President Biden's May, 2021 formal compliance mandate for federal civilian executive branch agencies, or FCEBs, to include specific shortterm and longterm deadlines designed to enhance the federal government's digital defense posture.

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week we jump right into stories, Maria shares Apple’s new AI feature and how it is unintentionally rewording scam messages to make them appear more legitimate and flagging them as priority notifications, raising concerns about increased susceptibility to scams. Joe has two stories this week, the first focuses on two individuals, including an inmate using a smuggled cellphone, being charged with defrauding a Sarasota woman of $12,000 in a jury duty scam involving spoofed law enforcement identities and Bitcoin transfers, with authorities urging vigilance against such schemes. Joe's second story is on a LinkedIn job interview turned hacking attempt when a technical challenge contained obfuscated code designed to gather crypto wallet information from the user's computer; the scam highlights the importance of carefully reviewing code and using secure environments like virtual machines during such evaluations. Finally Dave has the story on a prolific voice phishing crew manipulating legitimate Apple and Google services to deceive victims, leveraging advanced phishing kits, social engineering tactics, and automated tools like "autodoxers" to target cryptocurrency holders and high-value individuals for significant financial theft. Our catch of the day comes from listener Keefe, who shares a voicemail from one suspicious sounding Walmart voice. Resources and links to stories: Apple’s new AI feature rewords scam messages to make them look more legit Apple urged to withdraw 'out of control' AI news alerts Suspected jury duty scammers arrested for bilking Sarasota woman out of $12K: DOJ The code challenge scam A Day in the Life of a Prolific Voice Phishing Crew You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Phase of a typical cyber adversary group's attack sequence, after the initial compromise and usually after the group has established a command and control channel, where the group moves through the victims network by compromising as many systems as it can, by looking for the data, it has come to steal or to destroy.

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. Our hosts discuss and ponder whether or not diamonds are the original cryptocurrency, as well as diving further into Yubikeys for organizations. Maria shares the story of a 66-year-old woman who lost her $2 million retirement savings to a romance scam on Match.com, highlighting the rise in such scams and efforts to pass the Online Dating Safety Act to protect users. Joe's story is on the Madoff Victim Fund's final $131.4 million payout, bringing total recoveries to $4.3 billion for victims of Bernard Madoff's infamous Ponzi scheme, which collapsed during the 2008 financial crisis. Dave's got the story on allegations that the PayPal Honey browser extension not only fails to deliver the best deals but also hijacks affiliate revenue from influencers by replacing their links with its own, sparking backlash and controversy. Our catch of the day comes from Reddit and Dave and Maria do their best impressions yet, as a scammer chats up an unsuspecting victim. Resources and links to stories: Online dating scammers bilk more money each year. A bipartisan bill seeks to stop them at the source. Madoff fraud victims get $4.3bn as fund completes payouts Honey’s deal-hunting browser extension is accused of ripping off customers and YouTubers You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the year's most impactful cyber trends and incidents—from the Snowflake hack and Operation Endgame to the rise of multi-channel scams and explosive growth in web inject attacks. Ransomware continued to wreak havoc, especially in healthcare, while callback phishing and MFA-focused credential attacks kept defenders on high alert. Join us as we reflect on these challenges and look ahead to what’s next in 2025.

A public list sponsored by the US government and designed to uniquely identify, without the need to manually cross- reference, all the known software vulnerabilities in the world.

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. First off, our hosts share some follow up, Asher wrote in to discuss follow up on the AI granny. Maria's story covers a "new QR code scam" involving unsolicited packages and brushing tactics, where scammers lure victims into scanning malicious QR codes to steal personal and financial information. Joe's story highlights how the FBI and CISA urge Americans to secure their text messages using end-to-end encryption to combat sophisticated hacking campaigns linked to China's government, which target telecom networks and user data. Dave's story highlights how pallet liquidation scams target buyers with offers of discounted merchandise, warning against red flags like unrealistic prices and unverified sellers. Our Catch of the Day comes from Jim, who shares a suspicious email he received offering a collaboration under the guise of a business partnership, which included overly generic language and an unusual sign-off from "Robert De Niro." Resources and links to stories: New warning about ‘brushing’ scam as victims are reported in Colorado FBI warns Americans to keep their text messages secure: What to know Pallet liquidation scams and how to recognize them Mobile Communications Best Practice Guidance You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

A forensic technique where practitioners capture an entire image of a system and analyze the contents offline.

Please enjoy this encore episode of Hacking Humans. This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. She discusses how AI is being used as a possible solution to one of the oldest scams in the book in Japan. Dave and Joe share some listener follow up, one from listener Alan and one from Clinton, who both write in about a recent episode and they share their thoughts on the story of Charlotte Cowles being scammed out of $50,000. Dave shares a story about calendar meeting links, from Calendly, a popular application for scheduling appointments and meetings, being used to spread mac malware. Joe shares write ins from several listeners, some writing in to share experiences with scams they have come across, others writing to warn others on scams they have seen used in the real world. Our catch of the day comes from Zach with an oddity, getting scammed by mail! Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: Japan’s new ATMs automatically play anti-fraud videos to people talking on mobile phones【Video】 Fraudsters in Japan use foreigners' bank accounts in cash grab 【警察庁】ATMで携帯電話…AIで検知し警告表示 特殊詐欺の被害増受け Calendar Meeting Links Used to Spread Mac Malware IDcare You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Please enjoy this encore episode of Word Notes. A supply chain cybersecurity accreditation standard designed for the protection of controlled unclassified information that the U.S. Department of Defense, or DoD, will require for all contract bids by October, 2025.

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. First we start off with some follow up, our hosts share some more information on VIN swapping, and a clarification on bank participation in FinCEN. Maria shares a telling tale about a Bethesda couple loosing $367,000 in gold bars to a sophisticated scam involving fake officials and elaborate deceptions, but a police sting led to the arrest of a suspect, highlighting a growing nationwide trend of elderly victims targeted by gold bar fraud. Joe's story comes from KnowBe4 and is on DavidB, their VP of Asia Pacific, thwarting a sophisticated social engineering attack via WhatsApp by recognizing inconsistencies in the impersonator’s behavior and verifying directly with the colleague they claimed to be. Dave's story comes from the FBI on how criminals are exploiting generative AI to enhance fraud schemes, including using AI-generated text, images, audio, and video to create convincing social engineering attacks, phishing scams, and identity fraud, while offering tips to protect against these threats. Our catch of the day comes from a listener who received an urgent email from someone claiming to be an FBI agent with a rather dramatic tale about intercepted consignment boxes, missing documents, and a ticking clock—but let's just say this "agent" might need some better training in both law enforcement and grammar. Resources and links to stories: “VIN swap scam costs Las Vegas man $50K, new truck" FinCEN Gold bar scammers claimed hackers could fund Russian missiles, police say Real Social Engineering Attack on KnowBe4 Employee Foiled Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Please enjoy this encore episode of Word Notes. A collection of people, process, and technology that provides an organization the ability to detect and respond to cyber attacks.

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week, Maria shares two stories this week, the first is from "PayPal" saying they are owed over $200. The second comes from LinkedIn where a gentleman shares the terrifying story of losing everything all because of a scam. Joe's story is on text message scams where strangers pretend to know you, building trust over time to lure victims into schemes like cryptocurrency fraud; he advises ignoring unknown messages, blocking suspicious numbers, avoiding links, and protecting personal information. Dave's story follows Silent Push Threat Analysts tracking "Payroll Pirates," a group leveraging phishing campaigns targeting HR systems like Workday to redirect payroll funds by using search ads, spoofed websites, and credential harvesting, as they alert organizations and share threat intelligence to counter these sophisticated attacks. Our catch of the day comes from a phishing scam email claiming to offer a $1.75 million compensation fund via the "United Bank for Africa," requiring victims to share personal and banking details under the guise of an IMF directive. Resources and links to stories: “Wrong Number” Text Scams on the Rise Hunting Payroll Pirates: Silent Push Tracks HR Redirect Phishing Scam You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Please enjoy this encore episode of Word Notes. Cybercriminals who lack the expertise to write their own programs use existing scripts, code, or tools authored by other more skilled hackers.

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week, our hosts dive into some follow up from listener Will. who writes in about the Financial Crimes Enforcement Network. They also share after an anonymous listener writes in with a suggestion on filtering scam emails using the DocuSign API. Maria follows the story of how Black Friday is increasingly being dubbed "Black Fraud Day," as criminals exploit the festive shopping frenzy to scam eager bargain hunters, often using AI to create convincing fraud schemes. Joe has two stories this week. The first one is on scammers exploiting financially distressed individuals by posing as the "Bankruptcy Fraud Watchdog Group," threatening bankruptcy filers with false accusations and fines payable in Bitcoin, while warning them against contacting their attorneys. The second story explores the rise of deepfake scams in the U.S., with criminals using AI-generated videos of celebrities like Elon Musk to deceive victims into fraudulent cryptocurrency investments, contributing to over $12 billion in annual fraud losses. Finally, Dave share's a story on a new wave of deepfake scams, where AI-generated videos of Elon Musk trick unsuspecting victims into investing large sums, contributing to billions in fraud losses. Our catch of the day comes from Raul, who shares a scammy text message sent to his mother, sharing his efforts to educate her on spotting fraudulent messages. Resources and links to stories: Black Friday turning into Black Fraud Day, says UK cybersecurity chief U.S. Trustee Program Warns Consumers of Bankruptcy Fraud Alert Scam Deepfakes of Elon Musk are contributing to billions of dollars in fraud losses in the U.S. Inside the Mind of Thru-Hiking’s Most Devious Con Man You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Welcome in! You’ve entered, Only Malware in the Building. Grab your eggnog and don your coziest holiday sweater as we sleuth our way through cyber mysteries with a festive twist! Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our cyber ghosts delve into the past, present, and future of some of the season’s most pressing threats: two-factor authentication (2FA), social engineering scams, and the return to consumer-targeted attacks. Together, Rick, Dave, and Selena deliver a ghostly—but insightful—message about the state of cybersecurity, past, present, and future. Can their advice save your holiday season from digital disaster? Tune in and find out. May your holidays be merry, bright, and free of cyber fright!

Please enjoy this encore episode of Word Notes. An isolated and controlled set of resources that mimics real world environments and used to safely execute suspicious code without infecting or causing damage to the host machine, operating system, or network.

Please enjoy this encore of Hacking Humans: This week, we are joined by host of N2K's T-Minus Space Daily podcast, Maria Varmazis, she sits down with Joe and Dave to discuss sextorion materials that were found on popular social media apps such as, TikTok, Instagram, Snapchat and YouTube. Joe and Dave share quite a bit of follow up, Joe starts with an anonymous listener writing in sharing their story on gift card scams. Dave shares another anonymous listeners comments, sharing about what they think of Andy Cohen going public on how he got scammed. Finally, Joe and Dave hear from a listener by the name of "The Computrix," who says they need to defend Walmart. Dave share's his story about the most common phishing email themes of 2023. Joe's got the story of ransomware not being paid the same way as it used to be by companies, and share the two different angles on that. Our catch of the day comes from listener William, who writes in with a phishing scam that caught his eye. Links to the stories: Sextortion training materials found on TikTok, Instagram, Snapchat and YouTube, according to new report Most Common Phishing Email Themes of 2023 Companies aren’t paying ransoms like they used to New Ransomware Reporting Requirements Kick in as Victims Increasingly Avoid Paying FBI: Scammers Are Sending Couriers to Collect Cash From Victims You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Please enjoy this encore episode of Word Notes. A stack of security software solutions and tools that allow organizations to orchestrate disparate internal and external tools which feed pre-built automation playbooks that respond to events or alert analysts if an event meets a certain threshold.

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week, Joe shares a note from listener Michael before getting into stories, and Michael writes in to share that there are VIN cloning scams. Joe brings back the Iota discussion from last week. Joe's up first for stories and focuses on fraud. Dave informs us of the new human-like AI granny who is wasting scammers time. Finally Maria brings us the story of how BforeAI researchers analyzed over 6000 newly registered retail domains, revealing a surge in scam activity targeting shoppers with phishing websites, fake apps, and fraudulent offers, particularly during the holiday season, exploiting brand names, seasonal trends, and emerging technologies like AI and cryptocurrency. Our catch of the day comes from listener Kenneth who writes in about a fraudulent email claiming to be from Emirates Group, inviting a company to register as a vendor or contractor for upcoming projects in 2024/2025. The email emphasizes the company's experience in various sectors and urges a prompt response to initiate the registration process. It is signed by a supposed "Contractors Coordinator," Mr. Steve Ibrahim Ghandi, and includes fake contact details for the Emirates Group. Resources and links to stories: VIN cloning How Cybercriminals Use Vehicle Identification Numbers (VINs) to Hack Cars Yes, your car's Vehicle Identification Number can be used to steal from you Geolocation Resources for OSINT Investigations Person dressed in a bear costume to fake attacks on cars for insurance payout, California officials say U.S. Trustee Program Warns Consumers of Bankruptcy Fraud Alert Scam O2 unveils Daisy, the AI granny wasting scammers’ time 2024 Online Holiday Retail Threat Report You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

A term of legal art that defines the types of data and circumstances that permits a third party to directly or indirectly identify an individual with collected data.

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week, the team shares follow up about FEMA and Hurricane Helene relief. Dave's story is about romance scams involving an impersonator of a WWE star scamming a grandfather out of their retirement savings, Maria shares a story about a valid-looking document impersonating DocuSign's API (application programming interface). Joe's got a few stories including one about a CVE (Common Vulnerabilities Enumeration) relating to an Okta bug and one from the Better Business Bureau with a new twist on online shopping scams where your get a "card declined" message. Our Catch of the Day comes from listener William about an email from the "United Nations." Resources and links to stories: DisasterAssistance.gov They’re Giving Scammers All Their Money. The Kids Can’t Stop Them. Attackers Abuse DocuSign API to Send Authentic-Looking Invoices At Scale DMARC: Domain-based Message Authentication, Reporting & Conformance CVE-2024-10327 BBB Scam Alert: 'Card declined' error may lead to multiple fraudulent charges You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Enjoy this encore episode. A security architecture that incorporates the cloud shared responsibility model, a vendor provided security stack, an SD-WAN abstraction layer, and network peering with one or more of the big content providers and their associated fiber networks.

Maria Varmazis, host of N2K's daily space show T-Minus, joins Dave and Joe to share the story of the five types of social engineers Deanne Lewis encountered while tending bar, revealing how each barroom personality reflects a common cybersecurity threat. Our hosts share some follow-up from a friend of the show, JJ, who reports a rise in tech support scams targeting non-tech-savvy users by locking their screens and persuading them to call scammers, often leading to credit card fraud and unauthorized remote access through tools like AnyDesk or TeamViewer. Joe has two stories this week: one covering JPMorgan Chase's lawsuits against individuals who exploited an ATM glitch to withdraw fake deposits, a scam popularized on TikTok; and the second on four suspects in Maryland charged with conning an elderly woman out of nearly $40,000 in a "pigeon drop" scam, where victims are promised a cut of "found" money in exchange for collateral. Dave's story is on a viral AI-generated hoax spreading on Facebook, where fake posts about neighbors egging cars over Halloween decorations are stirring moral panic and sowing distrust, especially among older users. Finally, our catch of the day comes from some text threads about a scammer trying to get clever while buying a used car. Links to the stories: The Five Types of Social Engineers I Met Tending Bar (And What They Taught Me About InfoSec) JPMorgan Chase is suing customers over 'infinite money glitch' ATM scam Four charged in ‘pigeon drop’ scam targeting elderly in Maryland The newest AI slop on Facebook exploits suburban fear You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Enjoy this encore episode. The practice of emulating known adversary behavior against an organization's actual defensive posture.

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about how threat actors are shifting tactics across the landscape, focusing more on advanced social engineering and refined initial access strategies than on sophisticated malware. We’ll dive into Proofpoint's latest blog detailing a transport sector breach that, while involving relatively standard malware, showcases this growing trend of nuanced techniques and toolsets.

Happy Halloween from the team at N2K Networks! We hope you share in our Halloween tradition of listening to the Malware Mash. You can check out our video here. Lyrics I was coding in the lab late one night when my eyes beheld an eerie sight for my malware threat score began to rise and suddenly to my surprise... It did the Mash It did the Malware Mash The Malware Mash It was a botnet smash It did the Mash It caught on 'cause of Flash The Malware Mash It did the Malware Mash From the Stuxnet worm squirming toward the near east to the dark web souqs where the script kiddies feast the APTs left their humble abodes to get installed from rootkit payloads. They did the Mash They did the Malware Mash The Malware Mash It was an adware smash They did the Mash It caught on 'cause of Flash The Malware Mash They did the Malware Mash The botnets were having fun The DDoS had just begun The viruses hit the darknet, with ransomware yet to come. The keys were logging, phishing emails abound, Snowden on chains, backed by his Russian hounds. The Shadow Brokers were about to arrive with their vocal group, "The NotPetya Five." They did the Mash They played the Malware Mash The Malware Mash It was a botnet smash They did the Mash It caught on 'cause of Flash The Malware Mash They played the Malware Mash Somewhere in Moscow Vlad's voice did ring Seems he was troubled by just one thing. He opened a shell then shook his fist and said, "Whatever happened to my Turla Trojan twist." It's now the Mash It's now the Malware Mash The Malware Mash And it's a botnet smash It's now the Mash It caught on 'cause of Flash The Malware Mash It's now the Malware Mash Now everything's cool, Vlad's a part of the band And the Malware Mash is the hit of the land. For you, defenders, this mash was meant to when you get to my door, tell them Creeper sent you. Then you can Mash Then you can Malware Mash The Malware Mash And be a botnet smash It is the Mash Don't you dare download Flash The Malware Mash Just do the Malware Mash

Maria Varmazis, host of N2K's daily space show T-Minus, joins Dave and Joe to share the story of a relentless wave of political donation texts that go well beyond simple annoyance, revealing an unsettling impact on vulnerable populations. CNN's investigation exposes how these texts, with their urgent and personal tone, have led seniors, including those with dementia, to make thousands of donations—sometimes unknowingly amassing hundreds of thousands of dollars for campaigns. Joe's story highlights a dash cam video capturing a car colliding with another vehicle while backing up on a busy highway. The footage raises questions about driver awareness and road safety in high-traffic situations. Dave's story shares the alarming potential of OpenAI's real-time voice API, which allows scammers to create AI agents capable of executing phone scams for as little as $0.75. Researchers from the University of Illinois Urbana-Champaign revealed that these agents can autonomously conduct scams, raising serious concerns about the misuse of voice-enabled AI technology despite previous safety precautions. And finally, our catch of the day shares how the Library of Congress is cracking down on copy write infringement. Links to the stories: Age of fraud: Are seniors more vulnerable to financial scams? How elderly dementia patients are unwittingly fueling political campaigns Apparent attempt at insurance scam caught on camera Voice-enabled AI agents can automate everything, even your phone scams Bank account transfer scam You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Please enjoy this encore episode of Word Notes. A layer seven security orchestration platform deployed at the boundary between internal workloads slash data storage and untrusted sources that blocks incoming and outgoing network traffic with rules that tie applications to the authenticated user and provides most of the traditional security stack functions in one device or software application.

Maria Varmazis, host of N2K's daily space show T-Minus, joins Dave and Joe to share the story of how ESET Research revealed that Telekopye, a scam toolkit used by cybercriminals, has expanded its operations from online marketplaces to accommodation booking platforms like Booking.com and Airbnb. Joe’s story is on the elaborate "blessing scam" targeting older Chinese women, where scammers pose as spiritual healers to swindle victims out of their valuables by convincing them their loved ones are in danger—a criminal act spanning across the UK, US, Australia, and Canada, leaving families desperate to catch the perpetrators. Dave follows the story of a new rule passed by the US Federal Trade Commission (FTC) to make subscription cancellations easier with a simple "click to cancel" process. Our catch of the day comes from Reddit where a user was contacted via text message claiming that they were mixed up in a romance scam. Links to the stories: Telekopye scammer network targets Booking.com and Airbnb 'Your son will die': How blessing scammers prowl streets FTC “click to cancel” rule seeks to end free trial traps, sneaky auto-enrollments You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Please enjoy this encore of Word Notes. A network designed to obfuscate the location of a cyber adversary's command and control server by manipulating the domain name system, or DNS, in a way that rotates the associated IP address among large numbers of compromised hosts in a botnet.

Maria Varmazis, host of N2K's daily space show T-Minus, joins Dave and Joe to share the story of how cybercriminals are exploiting the chaos following Hurricane Helene in Florida by launching scams and phishing attacks. Veriti’s research highlights three key threats: FEMA claim scams, phishing using hurricane-related domains, and malicious files disguised as FEMA documents, all targeting vulnerable individuals. This week, Joe's got three hard-hitting stories lined up! First, U.S. authorities have charged 18 individuals and companies for pulling off fraudulent schemes to manipulate cryptocurrency markets. Next, leaders from four crypto firms and market makers face charges for wash-trading and inflating prices to lure in investors. Finally, in a groundbreaking move, federal prosecutors have launched the first-ever criminal case targeting wash trading in digital assets, shaking up the crypto world. Dave share's a Facebook watch you can't say no too. Our catch of the day comes from Reddit, and follows a chain of messages where a scammer is sharing news that sounds a bit too good to be true. Links to the stories: Exploiting Hurricane Helene with FEMA Scams and Phishing Threats Eighteen Individuals and Entities Charged in International Operation Targeting Widespread Fraud and Manipulation in the Cryptocurrency Markets Seeking Information in Cryptocurrency Investment Fraud Investigation U.S. Federal Prosecutors File First-Ever Criminal Charges for Crypto Market Manipulation You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Check out Part 1 & 2! Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Rick Howard, 2024. Election Propaganda Part 1: How does election propaganda work? [3 Part Podcast Series]. The CyberWire. Rick Howard, 2024. Election Propaganda: Part 2: Modern propaganda efforts. [3 Part Podcast Series]. The CyberWire. Christopher Chabris, Daniel Simons, 2010. The Invisible Gorilla: And Other Ways Our Intuitions Deceive Us [Book]. Goodreads. Chris Palmer, 2010. TFL Viral - Awareness Test (Moonwalking Bear) [Explainer]. YouTube. David Ehl, 2024. Why Meta is now banning Russian propaganda [News]. Deutsche Welle. Eli Pariser, 2011. The Filter Bubble: What the Internet is Hiding From You [Book]. Goodreads. Kara Swisher, Julia Davis, Alex Stamos, Brandy Zadrozny, 2024. Useful Idiots? How Right-Wing Influencers Got $ to Spread Russian Propaganda [Podcast]. On with Kara Swisher. Nate Silver, 2024. What’s behind Trump’s surge in prediction markets? [Analysis]. Silver Bulletin. Niha Masih, 2024. Meta bans Russian state media outlet RT for acts of ‘foreign interference’ [News]. The Washington Post. Nilay Patel, 2024. The AI election deepfakes have arrived [Podcast]. Decoder. Nina Jankowicz, 2020. How to Lose the Information War: Russia, Fake News and the Future of Conflict [Book]. Goodreads. Perry Carpenter, 2024. FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions [Book]. Goodreads. Perry Carpenter, 2021. Meatloaf Recipes Cookbook: Easy Recipes For Preparing Tasty Meals For Weight Loss And Healthy Lifestyle All Year Round [Book]. Goodreads. Perry Carpenter, n.d. 8th Layer Insights [Podcast]. N2K CyberWire. Renee DiResta, 2024. Invisible Rulers: The People Who Turn Lies into Reality [Book]. Goodreads. Robin Stern, Marc Brackett, 2024. 5 Ways to Recognize and Avoid Political Gaslighting [Explainer]. The Washington Post. Sarah Ellison, Amy Gardner, Clara Ence Morse, 2024. Elon Musk’s misleading election claims reach millions and alarm election officials [News]. The Washington Post. Scott Small, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal Cyber. Staff, n.d. Overview: Coalition for Content Provenance and Authenticity [Website]. C2PA. Staff, 2021. Foreign Threats to the 2020 US Federal Elections [Intelligence Community Assessment]. DNI. Staff, n.d. Project Origin [Website]. OriginProject. URL https://www.originproject.info/ Stuart A. Thompson, Tiffany Hsu, 2024. Left-Wing Misinformation Is Having a Moment [Analysis] The New York Times.

Enjoy this Word Notes encore. The process of converting plain text into an unrecognizable form or secret code to hide its true meaning.

Maria Varmazis, host of N2K's daily space show T-Minus, joins Dave and Joe to share the story of a South Carolina couple, and how they were devastated to discover their vacant land in Concord, Massachusetts was fraudulently sold by thieves who posed as them, with the new owners already building a home on the property, prompting a lawsuit and an FBI investigation. Our hosts share some follow-up on two intriguing listener contributions. John blocks Google ads using NextDNS, which catches ad wrappers unless manually disabled. Georgi from Japan describes a new Visa card with no visible number or CVV. Dave's story is on triangulation fraud, a scam on e-commerce platforms like Amazon, where a fraudster lures buyers with fake listings for popular products at enticingly low prices, then uses stolen payment information to purchase the legitimate product from a seller, ultimately leaving the buyer unaware until debt collection notices arrive. Meanwhile, Joe has two stories this week. Police arrested five individuals in connection with a fake Brad Pitt scam that defrauded two women of $362,000. He also explores insights from the 2024 Global State of Authentication survey in a Q&A with Yubico VP Derek Hanson, who discusses the future of passkeys. Our catch of the day shares some royal secrets you won't want to miss. Links to the stories: Valuable land in Concord, Massachusetts stolen from couple. Now a home is being built there The Amazon triangle scam: What it is, how it works, and what to do Police arrest five people over fake Brad Pitt scam after two women lost $362,000 2024 Global State of Authentication survey: Q&A with Yubico VP Derek Hanson on a passkey future You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Scott Small, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal Cyber. Renee DiResta, 2024. Invisible Rulers: The People Who Turn Lies into Reality [Book]. Goodreads. Nina Jankowicz, 2020. How to Lose the Information War: Russia, Fake News and the Future of Conflict [Book]. Goodreads.

Please enjoy this encore episode of Word Notes. Software or hardware that records the computer keys pressed by a user.

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that an average citizen, regardless of political philosophy, can take in order to not succumb to propaganda. References: David Ehl, 2024. Why Meta is now banning Russian propaganda [News]. Deutsche Welle. Jeff Berman, Renée DiResta, 2023. Disinformation & How To Combat It [Interview]. Youtube. Niha Masih, 2024. Meta bans Russian state media outlet RT for acts of ‘foreign interference’ [News]. The Washington Post. Quentin Hardy, Renée DiResta, 2024. The Invisible Rulers Turning Lies Into Reality [Interview]. YouTube. Rob Tracinski, Renée DiResta, 2024. The Internet Rumor Mill [Interview]. YouTube. Robin Stern, Marc Brackett, 2024. 5 Ways to Recognize and Avoid Political Gaslighting [Explainer]. The Washington Post. Sarah Ellison, Amy Gardner, Clara Ence Morse, 2024. Elon Musk’s misleading election claims reach millions and alarm election officials [News]. The Washington Post. Scott Small, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal Cyber. Staff, 2021. Foreign Threats to the 2020 US Federal Elections [Intelligence Community Assessment]. DNI. Staff, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal. Stuart A. Thompson, Tiffany Hsu, 2024. Left-Wing Misinformation Is Having a Moment [Analysis. The New York Times. Stuart A. Thompson, 2024. Elon Musk’s Week on X: Deepfakes, Falsehoods and Lots of Memes [News]. The New York Times. Will Oremus, 2024. Zuckerberg expresses regrets over covid misinformation crackdown [News]. The Washington Post. Yascha Mounk, Renée DiResta, 2022. How (Not) to Fix Social Media [Interview]. YouTube. Renee DiResta, 2024. Invisible Rulers: The People Who Turn Lies into Reality [Book]. Goodreads. Nina Jankowicz, 2020. How to Lose the Information War: Russia, Fake News and the Future of Conflict [Book]. Goodreads.

Welcome, witches, wizards, and cybersecurity sleuths! You’ve entered, Only Malware in the Building. Join us each month to brew potions of knowledge and crack the curses of today’s most intriguing cyber mysteries. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we dive into how Proofpoint researchers uncovered an espionage campaign casting custom malware known as "Voldemort" in August 2024. The Dark Arts practitioner behind this campaign targeted global organizations, disguising themselves as mundane tax authorities and weaving clever enchantments like using Google Sheets for command and control (C2). While their ultimate motive remains as shadowy as a cursed Horcrux, this malware is built for intelligence gathering and is primed to unleash additional attacks — likely summoning something even darker, like Cobalt Strike. Prepare your wands, and let’s dive into this tale of digital sorcery!

Enjoy this encore of Word Notes. Digital assets that are cryptographically protected on a blockchain and contain unique identification codes and metadata that makes them one of a kind.

It's all in the details, folks. Pay attention to those and you can avoid unnecessary stress. Dave Bittner, Maria Varmazis, and Joe Carrigan swap stories on email password-stealing attacks, Google ads scams, and fake banks this week. The team shares follow up from listener Steven from the UK about the hazards of shoulder surfing when they received their new debit card with all PII on the same side of the card. A friend of the show JJ shared a story and a warning about fake checks. Never accept a check from a stranger. Dave's story covers Action Fraud, the UK’s national fraud and cyber reporting center, warning iPhone users of a new Apple ID phishing campaign. Maria talks about new research that uncovers a new scam that takes advantage of public wishlists on ecommerce websites, which in this case is Walmart, but is similar to those found on Amazon and other sites. Joe's story is about a firm in Singapore with an email from a supplier requesting that a pending payment be sent to a new bank account based in East Timor. Our Catch of the Day is from Reddit on the /scambait subreddit "THE Dolly Parton is going to let ME in her VIP club." Links to the stories: iPhone Users Warned As New Email Password-Stealing Attacks Reported Walmart customers scammed via fake shopping lists, threatened with arrest Police recover over USD 40 million from international email scam THE Dolly Parton is going to let ME in her VIP club. You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Enjoy this special encore episode. The use of two or more verification methods to gain access to an account.

This week, Dave and Joe share some listener follow-up from Clayton about credit card fraud and the potential issues with automatic update services that some cards provide. Dave's story is on sextortion scams targeting spouses, where scammers claim a partner is cheating and provide links to fake "proof." Joe has two stories this week, the first one is on how Police in Lebanon County arrested an alleged grandparent scammer after a sting operation. Joe's second story is on scam victims being compensated under a new Labor plan in Australia, which would fine banks, telcos, and social media platforms up to $50 million for failing to meet anti-scam obligations. Our catch of the day comes from Reddit, where someone posted a text message thread of their conversation with a scammer about a potential job. Links to the stories: Sextortion scams now use your "cheating" spouse’s name as a lure Police in Lebanon County arrest alleged grandparent scammer after sting operation Scam victims to be compensated under Labor plan to fine banks and social media platforms $50m Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Enjoy this special encore episode. A programming technique where the developer doesn't specify each step of the algorithm in code, but instead teaches the algorithm to learn from the experience.

Maria Varmazis, host of N2K's daily space show T-Minus, joins Dave and Joe to share the story on the "Hello pervert" sextortion scam, where scammers now use threats of Pegasus spyware and photos of victims' homes to intensify their demands. We have quite a bit of follow-up today. Scott from Australia shared how self-service checkouts now display scam warnings when purchasing gift cards to prevent fraud. Jim highlighted a vulnerability in YubiKey encryption libraries that allows key cloning with an oscilloscope, while a former US Marshal reminded us that Zelle is marketed specifically for transfers between friends and family. Joe's story is on Loria Stern, a small bakery owner who fell victim to a counterfeit check scam after receiving a $7,500 payment for a large cupcake order that was later halved, resulting in her bank withdrawing the funds. Dave's story follows the scams targeting grieving individuals on Facebook, where cybercriminals use fake funeral live stream links or donation requests to steal money and credit card details. Our catch of the day comes from listener Anne, who shares a phishing email sent to a friend. The email emphasized the importance of thorough testing in the software development lifecycle and came with a suspicious PDF attachment, likely containing a malicious link. Anne hopes the campaign has zero success. Links to the stories: “Hello pervert” sextortion scam includes new threat of Pegasus—and a picture of your home LA bakery owner takes big financial hit after receiving scam order of 1,000 cupcakes, paid for with a $7.5K counterfeit check — her bank’s promise of protection fell through Fake funeral “live stream” scams target grieving users on Facebook You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Enjoy this special encore episode. The process of turning raw information into intelligence products that leaders use to make decisions with.

Maria Varmazis, host of N2K's daily space show T-Minus, joins Dave and Joe to share the story of how the ease of registering an LLC in Colorado has led to a surge in fraudulent businesses. She discusses how residents receiving suspicious mail addressed to fake LLCs registered at their homes are overwhelming the state's Secretary of State with thousands of complaints. Joe's story is on how scammers used a seaside hotel and former bank offices on the Isle of Man to defraud victims in China out of millions of dollars. Dave's story follows a phishing campaign where attackers impersonated HR departments by sending fake mid-year employee engagement surveys to steal Microsoft Office 365 credentials. Our catch of the day comes from Mitch, who received a scam email claiming to be an invitation to join the "Great Illuminati Brotherhood." The email promises wealth, fame, and protection, urging the recipient to contact them to solve financial problems and join the so-called "Elite Family." Links to the stories: Colorado has a backlog of shady LLCs to investigate China scam run from Isle of Man Mid-Year Engagement Trap: How Fake Surveys Are Used in Phishing You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the abuse of legitimate services for malware delivery. Proofpoint has seen an increase in the abuse of tools like ScreenConnect and NetSupport, as well as Cloudflare Tunnel abuse and the use of IP filtering. They have also observed a rise in financially motivated malware delivery using TryCloudflare Tunnel abuse, focusing on remote access trojans (RATs) like Xworm and AsyncRAT. Today we look at how Cloudflare tunnels are used to evade detection and how they have evolved their tactics by incorporating obfuscation techniques, with ongoing research to identify the threat actors involved.

Enjoy this special edition of Word Notes: A cloud-based software distribution method where app infrastructure, performance, and security are maintained by a service provider and accessible to users, typically via subscription, from any device connected to the internet.

This week Joe and Dave share some listener follow up from Tim, who writes in to give some more information on a payment apps story in episode 302. Joe's story is on Suzy Enos, whose sister died, only for scammers to impersonate a family member and take over her phone number, leading to fraudulent charges on her accounts. Enos fought back to secure her late sister's assets and raise awareness about protecting accounts after a loved one's death. Dave's story follows how scammers exploit the "Automatic Billing Update" (ABU) program to enroll people in fake subscriptions and charge them even after their credit cards are replaced. To avoid this, you need to inform your issuer that it's a subscription scam and request them to block the merchant from using ABU to get your new card number. Our catch of the day comes from listener Felipe, who writes in share a letter he got in the mail where scammers were trying to convince him that he is owed money from a family member he has never heard of before. Links to the stories: Her sister died. Then scammers took over her phone number and started racking up bills. Mastodon Royce Williams The little-known credit card program that lets companies share your information Keep your cards on file always up-to-date MasterCard Automatic Billing Updater Service Have a Catch of the Day you'd like to share? Email it to us at [email protected].