This week, our hosts⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow up from Chris Martin, a long-time listener and fan of the show. Chris shares that his employer uses Hoxhunt for cybersecurity awareness training and came across a fun gem worth mentioning. Next, Jay writes in with a heads-up about a scam running in large cities. Criminals are reportedly sticking phones to desirable cars and then using the tracking features to show up at victims’ homes to steal the vehicles. Joe has more info on his chickens. Maria shares the story of a Spotify job recruitment scam and the email she received, where scammers used a convincing fake site to mimic Spotify’s real careers page in an attempt to steal logins. Joe has two stories this week, the first on federal investigators charging 13 people in a $5 million “grandparent scam” that targeted hundreds of elderly victims, a scheme uncovered after Uber flagged suspicious activity to the FBI when its drivers were unknowingly used to move cash. His second story looks at Northern California, where two suspects were arrested in a “cash drop scam” linked to more than 40 cases across six states, after a sharp-eyed loss prevention agent recognized the scheme and alerted police. Dave’s story this week covers federal investigators charging 13 people in a $5 million “grandparent scam” that targeted hundreds of elderly victims, uncovered after Uber flagged suspicious activity to the FBI when its drivers were unknowingly used to move cash. Our Catch of the Day comes from Patrick, who shared a scam email claiming to be from the IMF offering a $9.8 million “compensation fund” paid out in daily $5,000 MoneyGram transfers—if the recipient just hands over all their personal details. Complete our annual ⁠⁠⁠⁠⁠⁠⁠audience survey⁠⁠⁠⁠⁠⁠⁠ before August 31. Resources and links to stories: ⁠Spotify Job Recruitment scam Uber drivers help end scam targeting hundreds of grandparents, U.S. attorney says ‘Cash drop scam’ in Northern California leads to two arrests, linked to 40 cases Good Morning Britain Correspondent Noel Phillips Loses Life Savings in Elaborate Phone Scam. How Can Your Stay Safe living nightmare Good Morning Britain host loses ‘whole life savings’ to phone scam and admits ‘the shame is devastating’ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

Please enjoy this encore of Word Notes. A software development philosophy that emphasizes incremental delivery, team collaboration, continual planning, and continual learning  CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/agile-software-development⁠ Audio reference link: "⁠Velocity 09: John Allspaw and Paul Hammond, "10+ Deploys Pe,⁠" John Allspaw and Paul Hammond, 2009 Velocity Conference, YouTube, 25 June 2009.

This week, our hosts⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) are back sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Joe's story is on WhatsApp rolling out new anti-scam tools, disrupting over 6.8 million scam-linked accounts, and partnering with experts to share tips on spotting and avoiding sophisticated cross-platform scams run by organized crime networks. Dave's got the story of how “PharmaFraud” — a global network of fake online pharmacies — scams consumers with counterfeit or dangerous medications, stealing money and personal data while putting health and safety at serious risk. Maria dives into the story on a new twist to jury duty scams, where callers posing as police direct victims to fake government websites to steal personal data and money, often demanding payment through cryptocurrency or other untraceable methods. Our catch of the day comes from listener Adam who shares a SiriusXM payment scam they received through an email. Complete our annual ⁠⁠⁠⁠⁠⁠audience survey⁠⁠⁠⁠⁠⁠ before August 31. Resources and links to stories: New WhatsApp Tools and Tips to Beat Messaging Scams Disrupting malicious uses of AI: June 2025 PharmaFraud: how illegal online pharmacies endanger your health and your wallet Scammers are using fake websites in a twist on jury duty scams ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

Please enjoy this encore of Word Notes. The flagship product of the controversial Israeli spyware vendor, the NSO Group, use for remotely hacking mobile devices, most notably iPhones, via zero-click exploits. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/pegasus⁠ Audio reference link:⁠“Cybersecurity beyond the Headlines: A Conversation with Journalist Nicole Perlroth⁠,” Kristen Eichensehr, and Nicole Perlroth, University of Virginia School of Law, YouTube, 14 February 2022

This week, our hosts⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) are back sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up on an Arizona woman sentenced to over eight years in prison for running a “laptop farm” that helped North Korean IT workers pose as U.S. employees at hundreds of American companies, funneling over $17 million to Pyongyang through stolen identities and remote access. We also share an update on Joe's Profile picture. We start with Dave’s story on a Facebook scam falsely claiming insider access to a secret Yeti cooler deal from Dick’s Sporting Goods, using a fake emotional backstory to lure users into clicking a malicious link under the guise of an employee-only loophole. Maria’s story is on escalating violence at the Thailand-Cambodia border, where a long-standing territorial dispute has reignited after a leaked phone call between leaders fractured a decades-old political friendship, sparking deadly clashes, diplomatic fallout, and rising tensions fueled by personal betrayal, political instability, and mutual economic pressures. Joe’s story follows the indictment of a former Tri-Cities pastor who allegedly used his position and a fake cryptocurrency scheme called “Solano Fi” to defraud his congregation and others out of millions, promising risk-free returns while siphoning the funds for himself and his co-conspirators. Our catch of the day comes from Joe who shares an interesting email from "Xfinity." Complete our annual ⁠⁠⁠⁠⁠audience survey⁠⁠⁠⁠⁠ before August 31. Resources and links to stories: ⁠⁠⁠⁠⁠Arizona woman sentenced over $17 million North Korea worker fraud scheme⁠ Facebook: Ava Davis  Facebook Facebook Facebook The fractured friendship behind the fight at the Thailand-Cambodia border Lethal Cambodia-Thailand border clash linked to cyber-scam slave camps Beneath the Border: Scam Centers and the Thailand–Cambodia Conflict Grand Jury Charges Pastor, Wife in Alleged Multi-Million Dollar Cryptocurrency Scam Former Tri-Cities Pastor Indicted for Multi-Million Dollar Cryptocurrency Scam ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

Please enjoy this encore of Word Notes. An open source email authentication protocol designed to prevent emails, spoofing in phishing, business email compromise or BEC, and other email-based attacks.  CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/pegasus⁠ Audio reference link:"⁠Global Cyber Alliance's Phil Reitinger talks DMARC adoption⁠" “Global Cyber Alliance’s Phil Reitinger Talks DMARC Adoption.” YouTube Video. YouTube, April 27, 2018

In this special episode of Hacking Humans, while Joe and Maria take a well-earned summer break, we’re joined by a special guest host: Rob Allen, Chief Product Officer at ThreatLocker. Rob dives into the tactics and profile of the cybercriminal group known as Scattered Spider—a crew that’s gained notoriety for its cunning use of social engineering over traditional hacking techniques. Known for being young, agile, and highly manipulative, Scattered Spider has successfully bypassed security measures not by breaking systems, but by fooling the people who use them. Tune in for a fascinating breakdown of how this group operates and what you can do to defend against them. A listener caught this catch of the day on campus—an email claiming a “salary increase” and urging them to click a sketchy link. It came from outside the company, was riddled with grammar issues, and asked for info HR should already have. Complete our annual ⁠⁠⁠⁠audience survey⁠⁠⁠⁠ before August 31. Resources and links to stories: ⁠⁠Scattered Spider weaves web of social-engineered destruction ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

Please enjoy this encore of Word Notes. A condition announced by the US Cybersecurity and Infrastructure Security Agency (CISA) to draw attention to a temporary period of high alert, associated with expectation of a connected wave of cyberattacks prompted by either a widespread vulnerability or an unusually active and capable threat actor. CyberWire Glossary link: ⁠⁠https://thecyberwire.com/glossary/shields-up⁠⁠ Audio reference link: “⁠⁠Star Trek II Wrath of Khan - Reliant vs Enterprise; First Clash⁠⁠” YouTube, YouTube, 11 Apr. 2015,

This week, our hosts⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) are back sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We've got some follow-up from listener Kajetan, who recalled a run-in with a scammer in Paris posing as a mute fundraiser—and says he performed a "miracle" by crossing out his name, prompting the supposedly mute woman to suddenly start yelling at him. Maria has the story on how small businesses in Toronto, like the family-run Souvlaki Hut and Pippins Tea Company, were shocked to discover that thieves exploited vulnerabilities in their point of sale terminals to issue themselves thousands in fraudulent refunds—exposing serious flaws in how these machines are secured. Dave's story is on a Stanford-led study that found popular AI therapy bots, including ChatGPT and commercial mental health platforms, often respond inappropriately to serious mental health issues—fueling delusions, validating harmful thoughts, and failing to follow basic therapeutic guidelines—raising urgent concerns about their use as replacements for human therapists. Joe follows the story on a sweeping federal investigation into Minnesota's Housing Stabilization Services program, where agents raided homes and businesses tied to an alleged multi-million-dollar Medicaid fraud scheme that exploited vulnerable residents and billed taxpayers for housing support services that were never provided. Our catch of the day is on a patient scammer who spent five months building trust before claiming to send a $700K inheritance payout locked in a lawsuit—complete with a fake video of a safe and a shady tracking number—only to demand €15,000 in "customs fees," a scam the Redditor thankfully saw through before handing over any money. Complete our annual ⁠⁠⁠audience survey⁠⁠⁠ before August 31. Resources and links to stories: ⁠AI therapy bots fuel delusions and give dangerous advice, Stanford study finds ‘It was a shock’: Toronto business owner says customer used point of sale terminal to issue himself $2,000 refund KARE 11 Investigates: Federal agents raid homes & businesses seizing evidence in housing fraud investigation ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

Please enjoy this encore of Word Notes. A prescriptive open source software security maturity model designed to guide strategies tailored to an organization’s specific risks. Audio reference link: "⁠⁠OWASPMSP - Pravir Chandra: Software Assurance Maturity Model (OpenSAMM)⁠⁠." by Pravir Chandra, OWASP MSP, 2009.