App Store

Google Play

Details page - Device banner - 894x1036

Step into an infinite world of stories

Listen and read

N2K Networks

Deception, influence, and social engineering in the world of cyber crime.

Hacking Humans

Please enjoy this encore episode of Word Notes.
Cybercriminals who lack the expertise to write their own programs use existing scripts, code, or tools authored by other more skilled hackers.

script kiddies (noun) [Word Notes]

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week, Maria shares two stories this week, the first is from "PayPal" saying they are owed over $200. The second comes from LinkedIn where a gentleman shares the terrifying story of losing everything all because of a scam. Joe's story is on text message scams where strangers pretend to know you, building trust over time to lure victims into schemes like cryptocurrency fraud; he advises ignoring unknown messages, blocking suspicious numbers, avoiding links, and protecting personal information. Dave's story follows Silent Push Threat Analysts tracking "Payroll Pirates," a group leveraging phishing campaigns targeting HR systems like Workday to redirect payroll funds by using search ads, spoofed websites, and credential harvesting, as they alert organizations and share threat intelligence to counter these sophisticated attacks. Our catch of the day comes from a phishing scam email claiming to offer a $1.75 million compensation fund via the "United Bank for Africa," requiring victims to share personal and banking details under the guise of an IMF directive.
Resources and links to stories: 

“Wrong Number” Text Scams on the Rise

Hunting Payroll Pirates: Silent Push Tracks HR Redirect Phishing Scam

You can hear more from the T-Minus space daily show here.

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.

Silent push, loud consequences.

Please enjoy this encore episode of Word Notes. 
A collection of people, process, and technology that provides an organization the ability to detect and respond to cyber attacks.

incident response (noun) [Word Notes]

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. First we start off with some follow up, our hosts share some more information on VIN swapping, and a clarification on bank participation in FinCEN. Maria shares a telling tale about a Bethesda couple loosing $367,000 in gold bars to a sophisticated scam involving fake officials and elaborate deceptions, but a police sting led to the arrest of a suspect, highlighting a growing nationwide trend of elderly victims targeted by gold bar fraud. Joe's story comes from KnowBe4 and is on DavidB, their VP of Asia Pacific, thwarting a sophisticated social engineering attack via WhatsApp by recognizing inconsistencies in the impersonator’s behavior and verifying directly with the colleague they claimed to be. Dave's story comes from the FBI on how criminals are exploiting generative AI to enhance fraud schemes, including using AI-generated text, images, audio, and video to create convincing social engineering attacks, phishing scams, and identity fraud, while offering tips to protect against these threats. Our catch of the day comes from a listener who received an urgent email from someone claiming to be an FBI agent with a rather dramatic tale about intercepted consignment boxes, missing documents, and a ticking clock—but let's just say this "agent" might need some better training in both law enforcement and grammar.
Resources and links to stories: 

“VIN swap scam costs Las Vegas man $50K, new truck"

FinCEN

Gold bar scammers claimed hackers could fund Russian missiles, police say

Real Social Engineering Attack on KnowBe4 Employee Foiled

Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud

You can hear more from the T-Minus space daily show here.

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.

Gold bars and bold lies.

Please enjoy this encore episode of Word Notes. 
A supply chain cybersecurity accreditation standard designed for the protection of controlled unclassified information that the U.S. Department of Defense, or DoD, will require for all contract bids by October, 2025.

cybersecurity maturity model certification (CMMC) (noun) [Word Notes]

Please enjoy this encore episode of Hacking Humans. 
This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. She discusses how AI is being used as a possible solution to one of the oldest scams in the book in Japan. Dave and Joe share some listener follow up, one from listener Alan and one from Clinton, who both write in about a recent episode and they share their thoughts on the story of Charlotte Cowles being scammed out of $50,000. Dave shares a story about calendar meeting links, from Calendly, a popular application for scheduling appointments and meetings, being used to spread mac malware. Joe shares write ins from several listeners, some writing in to share experiences with scams they have come across, others writing to warn others on scams they have seen used in the real world. Our catch of the day comes from Zach with an oddity, getting scammed by mail! 
Please take a moment to fill out an audience survey! Let us know how we are doing! 
Links to the stories:

Japan’s new ATMs automatically play anti-fraud videos to people talking on mobile phones【Video】

Fraudsters in Japan use foreigners' bank accounts in cash grab

【警察庁】ATMで携帯電話…AIで検知し警告表示 特殊詐欺の被害増受け

Calendar Meeting Links Used to Spread Mac Malware

IDcare

You can hear more from the T-Minus space daily show here.
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

New tools, old problems.

A forensic technique where practitioners capture an entire image of a system and analyze the contents offline.

dead-box forensics (noun) [Word Notes]

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. First off, our hosts share some follow up, Asher wrote in to discuss follow up on the AI granny. Maria's story covers a "new QR code scam" involving unsolicited packages and brushing tactics, where scammers lure victims into scanning malicious QR codes to steal personal and financial information. Joe's story highlights how the FBI and CISA urge Americans to secure their text messages using end-to-end encryption to combat sophisticated hacking campaigns linked to China's government, which target telecom networks and user data. Dave's story highlights how pallet liquidation scams target buyers with offers of discounted merchandise, warning against red flags like unrealistic prices and unverified sellers. Our Catch of the Day comes from Jim, who shares a suspicious email he received offering a collaboration under the guise of a business partnership, which included overly generic language and an unusual sign-off from "Robert De Niro."
Resources and links to stories: 

New warning about ‘brushing’ scam as victims are reported in Colorado

FBI warns Americans to keep their text messages secure: What to know

Pallet liquidation scams and how to recognize them

Mobile Communications Best Practice Guidance

You can hear more from the T-Minus space daily show here.

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.

The intersection of hackers, scammers, and false collaborations.

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. 
Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the year's most impactful cyber trends and incidents—from the Snowflake hack and Operation Endgame to the rise of multi-channel scams and explosive growth in web inject attacks. Ransomware continued to wreak havoc, especially in healthcare, while callback phishing and MFA-focused credential attacks kept defenders on high alert. Join us as we reflect on these challenges and look ahead to what’s next in 2025.

Malware metamorphosis: 2024 reflections and 2025 predictions. [Only Malware in the building]

A public list sponsored by the US government and designed to uniquely identify, without the need to manually cross- reference, all the known software vulnerabilities in the world.

common vulnerabilities and exposures (CVE) (noun) [Word Notes]

Please enjoy this encore of Word Notes.
A broad class of attack vectors, where an attacker supplies input to an applications command interpreter that results in unanticipated functionality. 
CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-injection
Audio reference link: “APPSEC Cali 2018 - Taking on the King: Killing Injection Vulnerabilities” YouTube Video. YouTube, March 19, 2018.

OWASP injection (noun) [Word Notes]

Listen and read

Other podcasts you might like ...