Hacking Humans

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that an average citizen, regardless of political philosophy, can take in order to not succumb to propaganda. References: David Ehl, 2024. Why Meta is now banning Russian propaganda [News]. Deutsche Welle. Jeff Berman, Renée DiResta, 2023. Disinformation & How To Combat It [Interview]. Youtube. Niha Masih, 2024. Meta bans Russian state media outlet RT for acts of ‘foreign interference’ [News]. The Washington Post. Quentin Hardy, Renée DiResta, 2024. The Invisible Rulers Turning Lies Into Reality [Interview]. YouTube. Rob Tracinski, Renée DiResta, 2024. The Internet Rumor Mill [Interview]. YouTube. Robin Stern, Marc Brackett, 2024. 5 Ways to Recognize and Avoid Political Gaslighting [Explainer]. The Washington Post. Sarah Ellison, Amy Gardner, Clara Ence Morse, 2024. Elon Musk’s misleading election claims reach millions and alarm election officials [News]. The Washington Post. Scott Small, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal Cyber. Staff, 2021. Foreign Threats to the 2020 US Federal Elections [Intelligence Community Assessment]. DNI. Staff, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal. Stuart A. Thompson, Tiffany Hsu, 2024. Left-Wing Misinformation Is Having a Moment [Analysis. The New York Times. Stuart A. Thompson, 2024. Elon Musk’s Week on X: Deepfakes, Falsehoods and Lots of Memes [News]. The New York Times. Will Oremus, 2024. Zuckerberg expresses regrets over covid misinformation crackdown [News]. The Washington Post. Yascha Mounk, Renée DiResta, 2022. How (Not) to Fix Social Media [Interview]. YouTube. Renee DiResta, 2024. Invisible Rulers: The People Who Turn Lies into Reality [Book]. Goodreads. Nina Jankowicz, 2020. How to Lose the Information War: Russia, Fake News and the Future of Conflict [Book]. Goodreads.

Enjoy this encore of Word Notes. Digital assets that are cryptographically protected on a blockchain and contain unique identification codes and metadata that makes them one of a kind.

Welcome, witches, wizards, and cybersecurity sleuths! You’ve entered, Only Malware in the Building. Join us each month to brew potions of knowledge and crack the curses of today’s most intriguing cyber mysteries. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we dive into how Proofpoint researchers uncovered an espionage campaign casting custom malware known as "Voldemort" in August 2024. The Dark Arts practitioner behind this campaign targeted global organizations, disguising themselves as mundane tax authorities and weaving clever enchantments like using Google Sheets for command and control (C2). While their ultimate motive remains as shadowy as a cursed Horcrux, this malware is built for intelligence gathering and is primed to unleash additional attacks — likely summoning something even darker, like Cobalt Strike. Prepare your wands, and let’s dive into this tale of digital sorcery!

It's all in the details, folks. Pay attention to those and you can avoid unnecessary stress. Dave Bittner, Maria Varmazis, and Joe Carrigan swap stories on email password-stealing attacks, Google ads scams, and fake banks this week. The team shares follow up from listener Steven from the UK about the hazards of shoulder surfing when they received their new debit card with all PII on the same side of the card. A friend of the show JJ shared a story and a warning about fake checks. Never accept a check from a stranger. Dave's story covers Action Fraud, the UK’s national fraud and cyber reporting center, warning iPhone users of a new Apple ID phishing campaign. Maria talks about new research that uncovers a new scam that takes advantage of public wishlists on ecommerce websites, which in this case is Walmart, but is similar to those found on Amazon and other sites. Joe's story is about a firm in Singapore with an email from a supplier requesting that a pending payment be sent to a new bank account based in East Timor. Our Catch of the Day is from Reddit on the /scambait subreddit "THE Dolly Parton is going to let ME in her VIP club." Links to the stories: iPhone Users Warned As New Email Password-Stealing Attacks Reported Walmart customers scammed via fake shopping lists, threatened with arrest Police recover over USD 40 million from international email scam THE Dolly Parton is going to let ME in her VIP club. You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Enjoy this special encore episode. The use of two or more verification methods to gain access to an account.

This week, Dave and Joe share some listener follow-up from Clayton about credit card fraud and the potential issues with automatic update services that some cards provide. Dave's story is on sextortion scams targeting spouses, where scammers claim a partner is cheating and provide links to fake "proof." Joe has two stories this week, the first one is on how Police in Lebanon County arrested an alleged grandparent scammer after a sting operation. Joe's second story is on scam victims being compensated under a new Labor plan in Australia, which would fine banks, telcos, and social media platforms up to $50 million for failing to meet anti-scam obligations. Our catch of the day comes from Reddit, where someone posted a text message thread of their conversation with a scammer about a potential job. Links to the stories: Sextortion scams now use your "cheating" spouse’s name as a lure Police in Lebanon County arrest alleged grandparent scammer after sting operation Scam victims to be compensated under Labor plan to fine banks and social media platforms $50m Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Enjoy this special encore episode. A programming technique where the developer doesn't specify each step of the algorithm in code, but instead teaches the algorithm to learn from the experience.

Maria Varmazis, host of N2K's daily space show T-Minus, joins Dave and Joe to share the story on the "Hello pervert" sextortion scam, where scammers now use threats of Pegasus spyware and photos of victims' homes to intensify their demands. We have quite a bit of follow-up today. Scott from Australia shared how self-service checkouts now display scam warnings when purchasing gift cards to prevent fraud. Jim highlighted a vulnerability in YubiKey encryption libraries that allows key cloning with an oscilloscope, while a former US Marshal reminded us that Zelle is marketed specifically for transfers between friends and family. Joe's story is on Loria Stern, a small bakery owner who fell victim to a counterfeit check scam after receiving a $7,500 payment for a large cupcake order that was later halved, resulting in her bank withdrawing the funds. Dave's story follows the scams targeting grieving individuals on Facebook, where cybercriminals use fake funeral live stream links or donation requests to steal money and credit card details. Our catch of the day comes from listener Anne, who shares a phishing email sent to a friend. The email emphasized the importance of thorough testing in the software development lifecycle and came with a suspicious PDF attachment, likely containing a malicious link. Anne hopes the campaign has zero success. Links to the stories: “Hello pervert” sextortion scam includes new threat of Pegasus—and a picture of your home LA bakery owner takes big financial hit after receiving scam order of 1,000 cupcakes, paid for with a $7.5K counterfeit check — her bank’s promise of protection fell through Fake funeral “live stream” scams target grieving users on Facebook You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Enjoy this special encore episode. The process of turning raw information into intelligence products that leaders use to make decisions with.

Maria Varmazis, host of N2K's daily space show T-Minus, joins Dave and Joe to share the story of how the ease of registering an LLC in Colorado has led to a surge in fraudulent businesses. She discusses how residents receiving suspicious mail addressed to fake LLCs registered at their homes are overwhelming the state's Secretary of State with thousands of complaints. Joe's story is on how scammers used a seaside hotel and former bank offices on the Isle of Man to defraud victims in China out of millions of dollars. Dave's story follows a phishing campaign where attackers impersonated HR departments by sending fake mid-year employee engagement surveys to steal Microsoft Office 365 credentials. Our catch of the day comes from Mitch, who received a scam email claiming to be an invitation to join the "Great Illuminati Brotherhood." The email promises wealth, fame, and protection, urging the recipient to contact them to solve financial problems and join the so-called "Elite Family." Links to the stories: Colorado has a backlog of shady LLCs to investigate China scam run from Isle of Man Mid-Year Engagement Trap: How Fake Surveys Are Used in Phishing You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the abuse of legitimate services for malware delivery. Proofpoint has seen an increase in the abuse of tools like ScreenConnect and NetSupport, as well as Cloudflare Tunnel abuse and the use of IP filtering. They have also observed a rise in financially motivated malware delivery using TryCloudflare Tunnel abuse, focusing on remote access trojans (RATs) like Xworm and AsyncRAT. Today we look at how Cloudflare tunnels are used to evade detection and how they have evolved their tactics by incorporating obfuscation techniques, with ongoing research to identify the threat actors involved.

Enjoy this special edition of Word Notes: A cloud-based software distribution method where app infrastructure, performance, and security are maintained by a service provider and accessible to users, typically via subscription, from any device connected to the internet.

This week Joe and Dave share some listener follow up from Tim, who writes in to give some more information on a payment apps story in episode 302. Joe's story is on Suzy Enos, whose sister died, only for scammers to impersonate a family member and take over her phone number, leading to fraudulent charges on her accounts. Enos fought back to secure her late sister's assets and raise awareness about protecting accounts after a loved one's death. Dave's story follows how scammers exploit the "Automatic Billing Update" (ABU) program to enroll people in fake subscriptions and charge them even after their credit cards are replaced. To avoid this, you need to inform your issuer that it's a subscription scam and request them to block the merchant from using ABU to get your new card number. Our catch of the day comes from listener Felipe, who writes in share a letter he got in the mail where scammers were trying to convince him that he is owed money from a family member he has never heard of before. Links to the stories: Her sister died. Then scammers took over her phone number and started racking up bills. Mastodon Royce Williams The little-known credit card program that lets companies share your information Keep your cards on file always up-to-date MasterCard Automatic Billing Updater Service Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Enjoy this special encore episode. A cryptographic hack that relies on guessing all possible letter combinations of a targeted password until the correct codeword is discovered.

Maria Varmazis host of the N2K daily space show, T-Minus, joins Dave and Joe to share her story on how AI-generated scams have infiltrated the world of crochet and other crafts, selling fake patterns that often result in impossible or frustrating projects. Dave's story is on the rise of "digital arrest" scams in India, where criminals posing as law enforcement officers coerce victims into making payments to avoid fake charges against their loved ones. Joe's story come's from a listener this week, and follows the latest evolution of the classic invoice scam, where scammers are now embedding unrelated but meaningful text to bypass spam filters. Our catch of the day comes from listener William, who shares a classic Nigerian Banker Scam. In this version, a young bank employee named Zayas Yovani claims to have discovered your overdue funds at the Central Bank of Nigeria. He offers to release the money if you help him flee the country, requiring you to purchase special hard drives and share your banking details. Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: This is what happens when ChatGPT tries to create crochet patterns 'Digital arrest' scams are big in India and may be spreading You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Enjoy this special encore of Word Notes. A process of converting encrypted data into something that a human or computer can understand.

Maria Varmazis host of the N2K daily space show, T-Minus, joins Dave and Joe to share her story from listener Chloe, who shared a post she found on a social media platformed called "Bluesky," where a company is asking for photos and videos of your children to help AI smarter. Our hosts share some listener follow up on how a scammer impersonated a government official to deceive a woman into converting her assets into gold bars, resulting in the theft of over $789,000. They also share some follow up from listener Steve to discuss the "No Numbers Project" from episode 300. Joe's story is on regulators investigating whether major banks, including JPMorgan Chase, Bank of America, and Wells Fargo, are adequately addressing Zelle scams by shutting down accounts used by fraudsters. Dave has the story on the FTC warning that scammers are the only ones who promise to remove all negative details from your credit report. Our catch of the day come from listener Benjamin who shares an email they received claiming to know things about him that he would not want getting out. Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: Bluesky Second gold bar scam suspect arrested, extradited to Maryland Regulators Probing Big Banks’ Handling of Zelle Scams FTC warns consumers of scammers offering to remove all negative information from credit reports You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Enjoy this encore episode: A cyber attack designed to impair or eliminate access to online services or data.

Maria Varmazis host of the N2K daily space show, T-Minus, joins Dave to share her story on how recent research by security firm Veriti reveals a phishing campaign targeting Trump’s 2024 supporters, soliciting cryptocurrency donations through fake WinRed-branded domains, with limited transactions and some activity traced to China. Dave and Maria share some follow-up from a listener, including suggestions for protecting Dave's father's computer from phishing scams by using LibreWolf browser, UBlock Origin extension, and NextDNS, as well as a listener sharing insights on the pronunciation of "Ports-Muth." Dave's story follows how in June, Ferrari CEO Benedetto Vigna was impersonated via deepfake technology in an attempted scam to deceive a Ferrari executive into signing a Non-Disclosure Agreement for a fictitious acquisition, but the ruse was detected and the company emerged unscathed. Dave also goes on to share news about his own home state Maryland and their gift card policy. Our catch of the day come from the scam subreddit and follows a text message where a scammer is trying to intimidate the recipient. Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: Ferrari exec foils deepfake attempt by asking the scammer a question only CEO Benedetto Vigna could answer Maryland becomes first state to pass law against gift card draining TRUMP CAMPAIGN CRYPTO SCAM: UNVEILING THE PHISHING PLOT You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the use of AI in cyberattacks Proofpoint recently released two articles on two cyber campaigns: one by the group UNK_SweetSpecter targeting U.S. organizations involved in AI with the SugarGh0st RAT, and another by TA547 targeting German organizations with Rhadamanthys malware. Today we look at what the focus of threat actor objectives are and what that means for defenders.

Please enjoy this special encore episode of Word Notes. A type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer’s Random Access Memory or RAM during the reboot process in order to steal sensitive data.

This week we celebrate 300 episodes! Maria Varmazis host of the N2K daily space show, T-Minus, joins Dave and Joe and shares a PSA on the CrowdStrike outage. Her story focuses on the Olympics, as this was the first week the Olympics started, and she shares about a recent fraud campaign that is targeting iPhone users in India, posing as India Post through smishing attacks. Our hosts discuss some follow up, from listener Brie, who writes in to share how one police force is helping folks stay safe from scam callers. They also share a story from listener Mark, who writes in about his 77-year-old mom's Facebook account being hacked, and she was tricked into downloading an app and opening her banking app while on a fake customer service call. Dave's story is on Gina Russell, who posed as a psychic and led an elaborate extortion scheme with her family, coercing victims into giving them millions of dollars under threats of harm. Joe has the story of social media giant Meta saying sextortion scams are increasing, with criminals from Nigeria often targeting adult men in the U.S.. Our catch of the day comes from an anonymous listener, who shared a post they found on the social media platform "Shared," about a scammer getting messed with. Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: Phishing Campaign Targeting Mobile Users in India Using India Post Lures Sextortion scams run by Nigerian criminals are targeting American men, Meta says ‘Psychic’ and family of extortionists scam Md. man out of $4.2 million You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

On-demand pay-as-you-go Internet delivered compute, storage, infrastructure, and security services that are partially managed by the cloud provider and partially managed by the customer.

This week, Maria Varmazis host of the N2K daily space show, T-Minus, joins Dave and Joe, as they celebrate Maria joining the Hacking Humans podcast every week! Maria's story is from a listener this week who writes in with a story on an IT company that is a third party for a healthcare company, and the dangers that can come from that. Dave and Joe share some listener follow up from Michael, who shares some thoughts on AI. Dave's story follows how a recent study found that 40% of elderly adults in the UK regularly face phone-based fraud attempts, with significant impacts on their mental health and quality of life. Joe follows a Scottsdale couple, Alexandra Gehrke and Jeffrey King, and how they have been indicted for a $900 million fraud scheme targeting hospice patients, receiving $330 million in illegal kickbacks used to purchase luxury items. Our catch of the day comes from listener Jim who writes in with a letter about a concerned beneficiary who received a letter from the FBI about their overdue inheritance with the National Bank of Belgium. The message confirmed the legitimacy of their claim but warned of potential scams by individuals impersonating bank officials. Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: Two-Fifths of Senior Citizens Suffer Frequent Fraud Attempts ‘It’s really disgusting’: Scottsdale couple accused of $900 million fraud scheme targeting hospice patients, according to DOJ You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

An acronym for Advanced Persistent Threat to describe hacker groups or campaigns normally, but not always, associated with nation state cyber espionage and continuous low-level cyber conflict operations.

This week, Maria Varmazis host of the N2K daily space show, T-Minus, joins Dave and Joe, as they celebrate Maria joining the Hacking Humans podcast every week! Maria's story is on supplement scams, as there has been a significant surge in health-related supplement scams on social media platforms, utilizing advanced technologies like AI-generated images and deepfake videos to promote fake products endorsed by celebrities and medical professionals. Joe's story follows Airplane WiFi, now essential for many travelers, and how it poses unexpected risks as recent incidents highlight dangers like "evil twin" attacks, urging caution with VPNs and verifying network legitimacy to safeguard personal data midair. Dave has the story on 2 women charged in a romance scheme, defrauding elderly men out of $7 million. Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: Deep Dive on Supplement Scams: How AI Drives ‘Miracle Cures’ and Sponsored Health-Related Scams on Social Media Federal Agency Issues New Security Advice If You Use Airplane WiFi 2 women charged in 'romance schemes' to defraud elderly men out of $7 million, feds say You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

An undocumented or publicly unknown method to access a computer system undetected or to break a cypher used to encode messages.

This week Dave shares a story on Business email compromise (BEC) scams, and how they are a major threat, costing $26 billion annually. The story shares how it's crucial for employees to verify suspicious emails through a secondary channel and for companies to foster transparent communication to mitigate such risks. Joe shares two stories with us this week. The first is from a listener named Jay, who received a story from a relative. In this story, someone claiming to be a constable calls to warn about a person who has gift cards with the victim's name on them, then tries to get the caller to call the police to confirm. Joe's second story comes from Allison Gormly at Consumer reporter at WTHR in Indianapolis. Allison share's videos videos on Instagram that all start with “Hey Allison,” this one starts with Hey Allison, a stranger sent me money on Venmo, should I send it back? Our catch of the day comes from listener Cameron, who shares how he is a business owner with a public-facing email address, and how he gets his fair share of scam emails, but this one takes the cake. Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: How to Spot a Business Email Compromise Scam Scam alert on Venmo, CashApp & Zelle! Have a Catch of the Day you'd like to share? Email it to us at [email protected].

From the intrusion kill chain model, a technique where the hacker compromises sites commonly visited by members of a targeted community in order to deliver a malicious payload to the intended victim.

Blair Cohen from AuthenticID joins Dave to discuss how generative AI and authentication go hand in hand. Joe and Dave share some follow up from listener Robert who discusses an ad for a device that uses ChatGPT to record phone calls on your device. Dave helps his dad out with his computer and shares the tale. Dave also shares a story this week on the FBI warning against scammers who are posing as NFT devs to try and steal your crypto. Joe and Dave test their scammer catching skills while taking a test to see if they are smarter than the average scammer. Our catch of the day comes from listener Steve who writes in to share a receipt he received that looked quite suspicious. Links to stories: FBI warns of scammers posing as NFT devs to steal your crypto Are you smarter than a scammer? Play this game. Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about "Operation Endgame." Operation Endgame is a strategy by Western law enforcement to counter Russian cybercriminals through psychological tactics. This involves creating distrust among hackers, exposing their internal communications, and dismantling their anonymity to hinder their operations. You can find more information on Operation Endgame here. Today we look at the new tactics used to disrupt these criminals by eroding trust among them and undermining their anonymity.

Network observation systems designed to monitor globally unreachable but unused Internet address space or the Deep Web in order to study a wide range of interesting Internet phenomena.

This week Joe and Dave share some interesting follow up from a few episodes ago where Dave shared his love for baby grand pianos and how scammers we're using that to lure people into traps. Listener George wrote in to share about a show on UK Channel 4, called "The Piano," it's a music competition where visitors play a public piano in a train station, judged by hidden famous pianists, with winners performing at the UK Royal Festival Hall. Joe's story is a warning to travel goers using booking.com, as they share scams are at a all time high. Dave's story follows some neighborhood Facebook groups, and how they are inundated with posts about air duct cleaning services, prompting an investigation that reveals a scam involving fake profiles, telemarketers in Pakistan, and local technicians. Our catch of the day comes from listener Christopher, who writes in to share an outlandish message he received from a hacker with too much time on their hands. Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: Note by Note: The Making of a Steinway Piano | Musical Instrument | ENDEVR Documentary Booking.com warns of up to 900% increase in travel scams Air Duct Cleaning Scam Exposed! Have a Catch of the Day you'd like to share? Email it to us at [email protected].

A best practice for framing cyber intelligence critical information requirements that recommends collecting and consolidating data from three specific sources: endpoint, network and log.

Brandon Kovacs, a Senior Red Team Consultant at Bishop Fox, is talking about how Artificial Intelligence is shaping the future of social engineering. Listener Adina wrote in to share their thoughts on an earlier episode on Google. Dave share's listener Tony's write in for his story this week. Joe and Dave discuss some questions Tony shared about preparing for an overseas trip when his bank account was locked due to security measures triggered by setting up a backup phone and using a VPN. Joe has two stories for this week, one from Blair Young at WBAL, where Maryland Lottery is warning the public about a phone scam claiming Powerball winnings. The second comes from listener Don who shares a story on people who hold posters up saying they need money for children's funerals. Our catch of the day comes from a listener that found a "task scam" on Reddit. Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: Maryland Lottery warns public about phone scam claiming Powerball winnings ‘It’s a scam’: Poster-holders aren’t really raising money for a child’s funeral Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Also known as a third-party attack or a value-chain attack, advisory groups gain access to a targeted victims network by first infiltrating a business partner's network that has access to the victim's systems or data.

This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. Maria's story covers the escalating efforts of pro-Russian propagandists to tarnish the Paris Summer Olympics and erode Western support for Ukraine, employing bold tactics like using AI to mimic Tom Cruise's voice. Joe and Dave share quite a bit of listener follow up, the first on is regarding the AirBnB story from a few weeks ago, the second one is from listener Lawrence who wrote in to verify dave’s comments about American Express, and the last one is from listener Tait, who shares some info on how they stay safe with banking. Joe has two stories for this week, the first one is on how the FBI is investigating the city of Gooding after they sent $1 million to a contractor for a wastewater project but later learned it was the victim of a scam. Joe's second story follows how a scammer dupes a Las Vegas woman out of $9,000 using a simple trick after turning up on her doorstep. Dave shares Avast's Q1, 2024 threat report. Our catch of the day comes from listener Clinton who wrote in to share and invoice he received from Apple Global requesting almost $1400. Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: City of Gooding scammed out of $1 million, officials say Scammer dupes Las Vegas woman out of $9,000 using a simple trick after turning up on her doorstep... so can you spot it? Avast Q1/2024 Threat Report Russians target Olympics with fake AI-generated Tom Cruise video You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

The process of software engineers checking the flow of user input in application code to determine if unanticipated input can affect program execution in malicious ways.

This week, we are joined by Dr. Chris Pierson CEO at Black Cloak, and he is talking about some of the social engineering attacks his team is tracking. Joe's story follows how Microsoft Threat Intelligence has observed the financially motivated cybercriminal group Storm-1811 misusing the client management tool Quick Assist in social engineering attacks. Dave share's the story of the lure of a free baby grand piano to deceive over 125,000 email recipients, mainly targeting North American university students and faculty, earning at least $900,000. Our catch of the day comes from listener Chuck who writes in to share some of his junk mail he has been receiving recently, and shares concerns for other listeners. Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: Threat actors misusing Quick Assist in social engineering attacks leading to ransomware Free Piano phish targets American university students, staff Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about "The curious case of the missing IcedID." IcedID is a malware originally classified as a banking trojan and was first observed in 2017. It also acts as a loader for other malware, including ransomware, and was a favored payload used by multiple cybercriminal threat actors until fall 2023. Then, it all but disappeared. In its place, a new threat crawled: Latrodectus. Named after a spider, this new malware, created by the same people as IcedID, is now poised to take over where IcedID melted off. Today we look back at what happened to the once prominent payload, and what its successor’s spinning web of activity means for the overall landscape.

The process of stealing ATM customer credentials by means of physically and covertly installing one or more devices onto a public ATM machine.

This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. Maria shares an interesting story from a listener, who writes in on an AirBnB debacle he was dealing with. Joe shares the newly released 2024 Data Breach Investigations Report from Verizon. Dave shares a story From the New York Magazine, written by Ezra Marcus, on a college sophomore from University of Miami who was found to be tangled up in a refund fraud scam that granted him a lavish lifestyle. Our catch of the day comes from Joe's mother this week. She happened to receive an email with the subject line being "your order is confirmed," coming from what looks to be "McAfee." Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: The Package King of Miami 2024 Data Breach Investigations Report You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

A nation-state hacking group’s practice of funding its town activities through cybercrime or cyber mercenary work.

This week, we are joined by host of 8th Layer Insights, Perry Carpenter from KnowBe4 and Dr. Jessica Barker from Cygenta to discuss human risk: awareness, behavior and beyond. Joe and Dave share some listener follow up, the first being from Richard, who writes in to share some tips and tricks regarding relationship scams mentioned in a previous show. The second is from Michael, who writes in with some thoughts on social engineering to compromise open source projects from episode 288. Dave shares a story on researchers observing millions of daily emails from "Jenny Green," facilitated by the Phorpiex botnet, distributing LockBit 3.0 ransomware that has affected millions of people. Joe share's Paul Raffile's story, a gentleman who got fired from Facebook before he even started. Our catch of the day comes from listener Gordy who shared an email with us regarding his "McAfee security." Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: Security Experts Issue Jenny Green Email Warning For Millions LinkedIn Paul Raffile (Part 1) LinkedIn Paul Raffile (Part 2) Have a Catch of the Day you'd like to share? Email it to us at [email protected].

A device connected to a network that accepts communications from other endpoints like laptops, mobile devices, IoT equipment, routers, switches, and any tool on the security stack.

This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. Maria shares an interesting story about how ransomware infections are beginning to change to form a more psychological attack against victims' organizations, as criminals are using personal and aggressive tactics to force them to pay. Dave and Joe share some listener follow up, from Bob, who writes in to share how he shares stories with his family members, and mentions one specifically on a Best Buy Geek Squad scam. Dave share's a story on bank scams, and how scammers are using genuine push notifications to trick their victims. Joe shares a story regarding email security loopholes, and how these loopholes are the latest path for North Korean social engineering attacks. Our catch of the day is from our follow up listener Bob, as he shares the story of trying to figure out the difference between a real email from the U.S social security department and a fake one. Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: Ransomware crooks now SIM swap executives' kids to pressure their parents Bank scammers using genuine push notifications to trick their victims Email security loopholes are latest path for North Korean social engineering attacks You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].

An extension of the traditional Basic Input/Output System or BIOS that, during the boot process, facilitates the communication between the computer’s firmware and the computer’s operating system.

Bogdan Botezatu from Bitdefender is discussing research on "Audio deepfakes: Celebrity-endorsed giveaway scams and fraudulent investment opportunities flood social media platforms." Dave and Joe shares some follow up from listener Lara, who writes in to discuss a few topics regarding a previous episode. Joe's story is sharing a game changer in the social engineering world. Dave shares the story of a listener's grandmother who had fallen victim to a pig butchering scam. Our catch of the day comes from listener Kenneth who shares an email he received from a "Cardiologist" on some puppies. Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: Audio deepfakes: Celebrity-endorsed giveaway scams and fraudulent investment opportunities flood social media platforms PCI DSS v4.0 a game-changer in social engineering awareness, prevention Have a Catch of the Day you'd like to share? Email it to us at [email protected].

An operating system program running in the background designed to perform a specific task when certain conditions or events occur.

This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. Maria shares an interesting story from Canada on a gentleman who thought he was calling Best Buy's Geek Squad, but instead ended up getting scammed out of $25,000. Dave and Joe share quite a bit of listener follow up, the first one is from Raul who shares how they saw an infamous Facebook scam. The second one is from listener Alec who shares some thoughts on episode 286's catch of the day. Lastly, Paula shares some thoughts on a recent discussion on why people are on the phone when a flight gets cancelled. Joe brings back answers to an old scam featured on an episode back in January on toll scams, as well as sharing about how the OpenSSF and OpenJS Foundations have issued an alert for social engineering takeovers of open source projects. Dave shares updates from the ex-athletic director accused of framing principal with AI and how he was arrested at the airport with a gun. Our catch of the day comes from listener Kenneth who shares an email from a "doctor" who has puppies for sale. Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: An Ontario senior thought he called Geek Squad for help with his printer. Instead, he got scammed out of $25,000 Smishing Scam Regarding Debt for Road Toll Services Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects Ex-athletic director accused of framing principal with AI arrested at airport with gun You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at [email protected].