Hacking Humans

Anti-cheat software (noun) [Word Notes]

Please enjoy this encore of Word Notes. Software designed to prevent cheating in video games.  CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/anti-cheat-software⁠ [https://thecyberwire.com/glossary/anti-cheat-software] Audio reference link: “⁠The BIG Problem with Anti-Cheat⁠ [https://www.youtube.com/watch?v=aaL7owZmbEA],” by Techquickie, YouTube, 5 June 2020

Nice to meet you, I'm a scammer.

Please enjoy this encore of Hacking Humans. On Hacking Humans, ⁠Dave Bittner⁠ [https://www.linkedin.com/in/dave-bittner-27231a4/], ⁠Joe Carrigan⁠ [https://www.linkedin.com/in/joecarrigan/], and ⁠Maria Varmazis⁠ [https://www.linkedin.com/in/varmazis/] (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. Our hosts discuss and ponder whether or not diamonds are the original cryptocurrency, as well as diving further into Yubikeys for organizations. Maria shares the story of a 66-year-old woman who lost her $2 million retirement savings to a romance scam on Match.com, highlighting the rise in such scams and efforts to pass the Online Dating Safety Act to protect users. Joe's story is on the Madoff Victim Fund's final $131.4 million payout, bringing total recoveries to $4.3 billion for victims of Bernard Madoff's infamous Ponzi scheme, which collapsed during the 2008 financial crisis. Dave's got the story on allegations that the PayPal Honey browser extension not only fails to deliver the best deals but also hijacks affiliate revenue from influencers by replacing their links with its own, sparking backlash and controversy. Our catch of the day comes from Reddit and Dave and Maria do their best impressions yet, as a scammer chats up an unsuspecting victim. Resources and links to stories: * ⁠Online dating scammers bilk more money each year. A bipartisan bill seeks to stop them at the source.⁠ [https://www.cbsnews.com/news/online-dating-scams-bipartisan-bill-congress/] * ⁠Madoff fraud victims get $4.3bn as fund completes payouts⁠ [https://www.bbc.com/news/articles/c140yjm5znzo] * ⁠Honey’s deal-hunting browser extension is accused of ripping off customers and YouTubers⁠ [https://www.theverge.com/2024/12/23/24328268/honey-coupon-code-browser-extension-scam-influencers-affiliate-marketing] You can hear more from the T-Minus space daily show ⁠here⁠ [https://space.n2k.com/podcasts/t-minus]. Have a Catch of the Day you'd like to share? Email it to us at ⁠hackinghumans@n2k.com⁠ [hackinghumans@n2k.com].

Pseudoransomware (noun) [Word Notes]

Please enjoy this encore of Word Notes. Malware, in the guise of ransomware, that destroys data rather than encrypts. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/pseudoransomware⁠ [https://thecyberwire.com/glossary/pseudoransomware] Audio reference link: “⁠Some Men Just Want to Watch the World Burn | the Dark Knight⁠ [https://www.youtube.com/watch?v=oCIsI7EUYL8],” by YouTube, 2 November 2019.

Lost iPhone, found trouble.

This week, our hosts ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/dave-bittner-27231a4/], ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/joecarrigan/], and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/varmazis/] (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://space.n2k.com/podcasts/t-minus?__hstc=223811332.a636bba53840b4700c929fe67723a129.1721054632698.1747145009569.1747159962459.413&__hssc=223811332.2.1747159962459&__hsfp=3690629108] Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow up on China sentencing five members of a violent Kokang-based gang to death for running brutal scam compounds in Myanmar. And in related news, China has also extradited alleged scam kingpin She Zhijiang, a major figure behind one of Southeast Asia’s largest fraud hubs, as Beijing intensifies its crackdown on global cyber-fraud networks. Listener Jon reports a new twist on sextortion, where scammers used an unsolicited FaceTime call to capture an image, generate an AI-manipulated obscene photo, and then extort an employee using publicly scraped contact lists. Joe’s story is on Anthropic’s claim that attackers jailbroke its Claude model to carry out what it calls the first AI-orchestrated cyber-espionage campaign, a narrative now being challenged by researchers like Dan Goodin and Dan Tentler, who argue the attack was far less “autonomous” than advertised and comparable to long-standing hacking tools rather than a breakthrough in offensive AI. Dave’s story is on a new phishing scam where attackers use the contact info displayed on a lost iPhone’s lock screen to send fake “Find My” texts claiming the device was found, luring victims to a spoofed Apple login page to steal their Apple ID and bypass Activation Lock. Maria has the story on Zimperium’s Mobile Shopping Report, which shows that during the holiday season mobile threats surge across mishing, fake retail and payment apps, and app-level vulnerabilities—making this the peak time for scammers to exploit shoppers with spoofed texts, malicious apps, and insecure SDKs hidden inside legitimate shopping tools. Our catch of the day comes from the phishing subreddit as someone is impersonating a woman who is sick with cancer asking for the victim to take care of their money. Resources and links to stories: * ⁠⁠⁠ [https://www.linkedin.com/feed/update/urn:li:activity:7389277517540478976/]⁠ [https://www.reuters.com/investigations/meta-is-earning-fortune-deluge-fraudulent-ads-documents-show-2025-11-06/]China sentences 5 to death for building, running criminal gang fraud centers in Myanmar's lawless borderlands [https://www.cbsnews.com/news/china-myanmar-thailand-criminal-gangs-fraud-scam-centers-death-sentences/] * Man Accused of Running Southeast Asia Scam Compound Is Extradited to China [https://www.nytimes.com/2025/11/13/world/asia/scam-center-she-zhijiang-extradited-china.html] * Disrupting the first reported AI-orchestrated cyber espionage campaign [https://www.anthropic.com/news/disrupting-AI-espionage] * Researchers question Anthropic claim that AI-assisted attack was 90% autonomous [https://arstechnica.com/security/2025/11/researchers-question-anthropic-claim-that-ai-assisted-attack-was-90-autonomous/] * Lost iPhone? Don’t fall for phishing texts saying it was found [https://www.bleepingcomputer.com/news/security/lost-iphone-dont-fall-for-phishing-texts-saying-it-was-found/] ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://therecord.media/fin6-recruitment-scam-malware-campaign]⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://therecord.media/fin6-recruitment-scam-malware-campaign]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [hackinghumans@n2k.com].

Trusted Platform Module (TPM) (noun) [Word Notes]

Please enjoy this encore of Word Notes. A browser configuration control that prevents accessing resources within a private network. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/trusted-platform-module⁠ [https://thecyberwire.com/glossary/trusted-platform-module] Audio reference link: “⁠TPM (Trusted Platform Module) - Computerphile⁠ [https://youtu.be/RW2zHvVO09g],” Computerphile, 23 July 2021