Hacking Humans

Homograph phishing (noun) [Word Notes]

Please enjoy this encore of Word Notes. The use of similar-looking characters in a phishing URL to spoof a legitimate site. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/homograph-phishing⁠ [https://thecyberwire.com/glossary/homograph-phishing] Audio reference link: “⁠Mission Impossible III 2006 Masking 01⁠ [https://youtu.be/8VgscNBhD6g],” uploaded by DISGUISE MASK, 28 July 2018.

A fish commits credit card fraud (inadvertently).

This week, our hosts ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/dave-bittner-27231a4/], ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/joecarrigan/], and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/varmazis/] (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://space.n2k.com/podcasts/t-minus?__hstc=223811332.a636bba53840b4700c929fe67723a129.1721054632698.1747145009569.1747159962459.413&__hssc=223811332.2.1747159962459&__hsfp=3690629108] Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow up from listener John Helt having some chicken withdrawal, Foghorn Leghorn excluded. You are welcome, John, you now have your chicken updates! And, we share how a fish went shopping. Maria shares some research (including her own) on using AI chatbots to phish the elderly. Joe’s got two stories today. First up, he talks about the Myanmar army continuing their raids on scam centers. Joe also shares a piece on two men found guilty of engaging in an extensive fraud scheme of ACA plan subsidies involving over $233 million from the federal government. Dave's story helps keep scammers out of your stockings this holiday season. Our catch of the day comes from the phishing subreddit about a text a la Strong Bad. Resources and links to stories: * Black neon tetra: Credit card fraud [https://en.wikipedia.org/w/index.php?title=Black_neon_tetra&direction=prev&oldid=1323424421] * ⁠⁠⁠⁠⁠ [https://www.linkedin.com/feed/update/urn:li:activity:7389277517540478976/]⁠⁠⁠ [https://www.reuters.com/investigations/meta-is-earning-fortune-deluge-fraudulent-ads-documents-show-2025-11-06/]⁠ [https://www.cbsnews.com/news/china-myanmar-thailand-criminal-gangs-fraud-scam-centers-death-sentences/]We set out to craft the perfect phishing scam. Major AI chatbots were happy to help. [https://www.reuters.com/investigates/special-report/ai-chatbots-cyber/] * Can AI Models be Jailbroken to Phish Elderly Victims? An End-to-End Evaluation [https://simonlermen.substack.com/p/can-ai-models-be-jailbroken-to-phish] * Can AI Models be Jailbroken to Phish Elderly Victims? An End-to-End Evaluation [https://arxiv.org/pdf/2511.11759] * Myanmar’s military launches raid on second major online scam center [https://www.politico.com/news/2025/11/20/myanmars-military-launches-raid-on-second-major-online-scam-center-00661367] * President of Insurance Brokerage Firm and CEO of Marketing Company Convicted in $233M Affordable Care Act Enrollment Fraud Scheme [https://www.justice.gov/opa/pr/president-insurance-brokerage-firm-and-ceo-marketing-company-convicted-233m-affordable-care] * Keep scammers out of your stockings this holiday season [https://www.mastercard.com/us/en/news-and-trends/stories/2025/holiday-shopping-scams-cybersecurity-tips.html] ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://therecord.media/fin6-recruitment-scam-malware-campaign]⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://therecord.media/fin6-recruitment-scam-malware-campaign]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [hackinghumans@n2k.com].

Yippee-ki-yay, cybercriminals! [OMITB]

Welcome in! You’ve entered, Only Malware in the Building. Wrap yourself in a warm blanket, pour your favorite mug of tea, and join us each month as we unwrap the season’s juiciest cyber mysteries. Your host is ⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/selenalarson/], ⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠ [https://www.proofpoint.com/] intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠⁠ [https://www.proofpoint.com/us/podcasts/discarded]. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠ [https://www.n2k.com/] ⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/dave-bittner-27231a4/] and ⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠ [https://www.linkedin.com/in/keith-mularski-b737551/], former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠Qintel⁠⁠⁠⁠ [https://www.linkedin.com/company/qintel/]. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we explore Remote access, real cargo: cybercriminals targeting trucking and logistics. From clever schemes to protect shipments to the tools cybercriminals use, our guests discuss how organizations can safeguard physical goods in an increasingly connected world—because even during the season of hustle and bustle, the threats don’t take a holiday.

Anti-cheat software (noun) [Word Notes]

Please enjoy this encore of Word Notes. Software designed to prevent cheating in video games.  CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/anti-cheat-software⁠ [https://thecyberwire.com/glossary/anti-cheat-software] Audio reference link: “⁠The BIG Problem with Anti-Cheat⁠ [https://www.youtube.com/watch?v=aaL7owZmbEA],” by Techquickie, YouTube, 5 June 2020

Nice to meet you, I'm a scammer.

Please enjoy this encore of Hacking Humans. On Hacking Humans, ⁠Dave Bittner⁠ [https://www.linkedin.com/in/dave-bittner-27231a4/], ⁠Joe Carrigan⁠ [https://www.linkedin.com/in/joecarrigan/], and ⁠Maria Varmazis⁠ [https://www.linkedin.com/in/varmazis/] (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. Our hosts discuss and ponder whether or not diamonds are the original cryptocurrency, as well as diving further into Yubikeys for organizations. Maria shares the story of a 66-year-old woman who lost her $2 million retirement savings to a romance scam on Match.com, highlighting the rise in such scams and efforts to pass the Online Dating Safety Act to protect users. Joe's story is on the Madoff Victim Fund's final $131.4 million payout, bringing total recoveries to $4.3 billion for victims of Bernard Madoff's infamous Ponzi scheme, which collapsed during the 2008 financial crisis. Dave's got the story on allegations that the PayPal Honey browser extension not only fails to deliver the best deals but also hijacks affiliate revenue from influencers by replacing their links with its own, sparking backlash and controversy. Our catch of the day comes from Reddit and Dave and Maria do their best impressions yet, as a scammer chats up an unsuspecting victim. Resources and links to stories: * ⁠Online dating scammers bilk more money each year. A bipartisan bill seeks to stop them at the source.⁠ [https://www.cbsnews.com/news/online-dating-scams-bipartisan-bill-congress/] * ⁠Madoff fraud victims get $4.3bn as fund completes payouts⁠ [https://www.bbc.com/news/articles/c140yjm5znzo] * ⁠Honey’s deal-hunting browser extension is accused of ripping off customers and YouTubers⁠ [https://www.theverge.com/2024/12/23/24328268/honey-coupon-code-browser-extension-scam-influencers-affiliate-marketing] You can hear more from the T-Minus space daily show ⁠here⁠ [https://space.n2k.com/podcasts/t-minus]. Have a Catch of the Day you'd like to share? Email it to us at ⁠hackinghumans@n2k.com⁠ [hackinghumans@n2k.com].