app_store_button

google_play_button

Copy of Device Banner Block 894x1036 3

Descubre un mundo infinito de historias

Escucha y lee

N2K Networks

Deception, influence, and social engineering in the world of cyber crime.

Hacking Humans

This week, our hosts ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up, listener Jay shared how Robinhood tackled a $25.4 billion phone scam problem with a simple fix—a bright yellow in-call banner that warns users, “We’re not calling you. If the caller says they’re from Robinhood, they’re not—hang up.” Meanwhile, Myanmar’s military blew up a major online scam center at KK Park, forcing over 1,500 people to flee into Thailand. Listener JJ reminds us it’s “CAC cards,” not just “CAC,” and Shannon reports from Scooter’s Coffee, where customers are now bringing chickens for pup cups—proving some pets really do rule the roost. Maria’s story is on Bitdefender and NETGEAR’s 2025 IoT Security Report, which found smart homes now face triple the attacks of last year—about 29 a day. Dave’s story is on a cloud architect who exposed his AWS keys online, letting attackers hijack his account for crypto-mining and phishing. His takeaway: secure keys, limit privileges, and assume it can happen to you. Joe’s got the story of scammers posing as banks or the FTC, using fake security alerts to trick older adults into draining their savings. The FTC says losses are skyrocketing—so don’t move money or trust surprise calls or pop-ups. Our catch of the day comes from the Scams SubReddit, where a scammer got way more than what they signed up for in a text chain. 

Resources and links to stories:

 Robinhood LinkedIn post.

 Stragglers from Myanmar scam center raided by army cross into Thailand as buildings are blown up

 My AWS Account Got Hacked - Here Is What Happened

 False alarm, real scam: how scammers are stealing older adults’ life savings

 Trying to scam the scammer

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

Seniors in scam crosshairs.

Please enjoy this encore of Word Notes. 

The potential next evolution of the worldwide web that decentralizes interaction between users and content away from the big silicon valley social media platforms like Twitter, Facebook, and YouTube, and towards peer-to-peer interaction using blockchain as the underlying technology. 

CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/web-30⁠

Audio reference link: “⁠What Elon Musk Just Said about Metaverse, Web3 and Neuralink⁠,” By Clayton Morris, Crypto News Daily, YouTube. 2 December 2021.

Web 3.0 (noun) [Word Notes]

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is ⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠, ⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠ ⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠ and ⁠⁠⁠Keith Mularski⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠Qintel⁠⁠⁠.

Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we explore what makes information sharing actually work. From public-private partnerships to actionable intelligence, our guests discuss how organizations can prioritize, process, and operationalize shared cyber threat data to stay ahead of emerging risks.

Plus, catch Dave, Selena, and Keith on their road trip adventure in our video on ⁠YouTube⁠ — full of laughs, unexpected detours, and plenty of sleuthing!

Pass the intel, please. [OMITB]

Happy Halloween from the team at N2K Networks! 

We hope you share in our Halloween tradition of listening to the Malware Mash. You can check out our video ⁠here⁠. 

Lyrics

I was coding in the lab late one night

when my eyes beheld an eerie sight 

for my malware threat score began to rise 

and suddenly to my surprise...

It did the Mash 

It did the Malware Mash 

The Malware Mash 

It was a botnet smash 

It did the Mash 

It caught on 'cause of Flash 

The Malware Mash 

It did the Malware Mash

From the Stuxnet worm squirming toward the near east 

to the dark web souqs where the script kiddies feast 

the APTs left their humble abodes 

to get installed from rootkit payloads. 

They did the Mash 

They did the Malware Mash 

The Malware Mash 

It was an adware smash 

They did the Mash 

It caught on 'cause of Flash 

The Malware Mash 

They did the Malware Mash

The botnets were having fun 

The DDoS had just begun 

The viruses hit the darknet, 

with ransomware yet to come. 

The keys were logging, phishing emails abound, 

Snowden on chains, backed by his Russian hounds. 

The Shadow Brokers were about to arrive 

with their vocal group, "The NotPetya Five."

They did the Mash 

They played the Malware Mash

The Malware Mash 

It was a botnet smash 

They did the Mash 

It caught on 'cause of Flash 

The Malware Mash 

They played the Malware Mash

Somewhere in Moscow Vlad's voice did ring 

Seems he was troubled by just one thing. 

He opened a shell then shook his fist 

and said, "Whatever happened to my Turla Trojan twist." 

It's now the Mash 

It's now the Malware Mash 

The Malware Mash 

And it's a botnet smash 

It's now the Mash 

It caught on 'cause of Flash 

The Malware Mash 

It's now the Malware Mash

Now everything's cool, Vlad's a part of the band 

And the Malware Mash is the hit of the land. 

For you, defenders, this mash was meant to 

when you get to my door, tell them Creeper sent you.

Then you can Mash 

Then you can Malware Mash 

The Malware Mash 

And be a botnet smash 

It is the Mash 

Don't you dare download Flash 

The Malware Mash 

Just do the Malware Mash

The Malware Mash!

This week, our hosts ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. In our follow up, our hosts respond to a listener who wrote in with an insightful question about the role of wealth in scam susceptibility. Joe's story covers how a fake AI recruiter lures developers with a GitHub “technical assessment” that, when run, unleashes a five-stage malware chain to steal credentials, wallets, and install persistent backdoors. Maria has the story on a Halloween-themed phishing scam that lured victims with a fake Home Depot giveaway, using obfuscated code, stolen email threads, and tracking pixels to trick users into handing over personal and payment information. Dave’s story is on a convincing phishing email claiming Dashlane was hacked, showing how fear and urgency—even in obvious scams—can make anyone second-guess before thinking twice. Our catch of the day is from the scams sub-Reddit thread, and is how one user received a message from their "aunt" who wanted to be nice and grab the user a present. 

Resources and links to stories:

 
⁠How a fake AI recruiter delivers five staged malware disguised as a dream job

 Home Depot Halloween phish gives users a fright, not a freebie

 Why the Obviously Fake Dashlane Hack Phishing Email Still Made Me Jump

 

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

Beware the boo-gus giveaway.

Please enjoy this encore of Word Notes. 

A set of solutions for ensuring that the right users can only access the appropriate resources.

CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/identity-and-access-management⁠

Audio reference link: “⁠The Wrath of Khan (1982) ‘Kirk’s Response⁠,’” by Russell, YouTube, 16 May 2017.

Identity access management (IAM) (noun) [Word Notes]

This week, while ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠ is on vacation, hosts ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Users are reporting a potential new Signal scam involving fake in-app messages posing as official support, though Signal confirms it never contacts users first and only communicates via Signal email addresses. Joe’s story is on South Korea targeting Cambodia’s scam industry after reports of kidnappings, torture, and a death, as officials crack down on criminal groups luring citizens into forced online fraud operations across Southeast Asia. Maria has the story on how AI-driven scams like deepfakes and virtual kidnappings are increasingly targeting Gen Z, using fake voices and videos to power extortion schemes that exploit their mobile-first, always-online lives. Listener DarkProphet6 shares a clever phishing attempt disguised as a fake Cloudflare “I’m not a robot” check, which tried to trick users into pasting malicious code into their terminal — a move that could have created a remote shell for attackers.

Resources and links to stories:

 South Korea Targets Cambodia’s Scam Industry After Kidnappings, Torture and a Death

 Feds seize $15 billion in bitcoin after busting alleged global crypto scam

 China sentences 11 members of mafia family to death

 AI-driven scams are preying on Gen Z’s digital lives​

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

Liar, liar, AI on fire.

Please enjoy this encore of Word Notes. 

The deployment of rules to the security stack across all data islands, cloud, SaaS applications, data centers, and mobile devices designed to manifest an organization's cybersecurity first principle strategies of zero trust, intrusion kill chain prevention, resilience, and risk forecasting. 

CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/policy-orchestration⁠

Audio reference link: “⁠The Value of Using Security Policy Orchestration and Automation⁠,” by David Monahan, uploaded by EMAResearch, 3 April, 2018

Policy Orchestration (noun) [Word Notes]

This week, our hosts ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠ , ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Dave's story is on how older aspiring models like Judy were scammed into paying hundreds for fake photoshoots, and how to avoid falling for similar tricks. Joe’s got the story of how Bitcoin ATMs are being exploited by scammers, costing Americans millions and targeting mostly older victims. Maria's got the story of a rapidly spreading WhatsApp “Vote for My Child” scam across Europe that hijacks accounts and extorts money through emotional trickery. Our catch of the day comes from Reddit, where a user is messaged by the one and only Barack Obama. 

Resources and links to stories:

 I was fooled into paying £500 to be a model. Here's how to avoid my mistake

 Bitcoin ATMs increasingly used by scammers to target victims, critics say

 WhatsApp ‘Vote for My Child’ Scams Are Rapidly Spreading Across Europe, Bitdefender Lab Warns

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

Scams that steal more than money.

Please enjoy this encore of Word Notes. 

A process of hiding the complexity of a system by providing an interface that eases its manipulation.

CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/abstraction-layer⁠

Audio reference link: “⁠What Is Abstraction in Computer Science,⁠” by Codexpanse, YouTube, 29 October 2018.

Abstraction layer (noun) [Word Notes]

From the intrusion kill chain model, a malicious code delivery technique that allows hackers to send code of their choosing to their victim’s browser. XSS takes advantage of the fact that roughly 90% of web developers use the JavaScript scripting language to create dynamic content on their websites. Through various methods, hackers store their own malicious javascript code on unprotected websites. When the victim browses the site, the web server delivers that malicious code to the victim’s computer and the victim’s browser runs the code.

cross-site scripting (noun) [Word Notes]

Escucha y lee

Otros podcasts que te pueden gustar...