Hacking Humans

It's just too good to be true.

This week, our hosts⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/dave-bittner-27231a4/] ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/dave-bittner-27231a4/], ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/joecarrigan/], and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/varmazis/] (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://space.n2k.com/podcasts/t-minus?__hstc=223811332.a636bba53840b4700c929fe67723a129.1721054632698.1747145009569.1747159962459.413&__hssc=223811332.2.1747159962459&__hsfp=3690629108] Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow up on a big honor for Dave, recognized by SANS as a Difference Maker in Media—plus a quick chicken update, a newly named rooster, and construction officially getting underway on the new run. Maria has the story on a congressional warning about a surge in winter holiday travel scams, as fake booking sites and airline impersonators drive millions in losses during peak travel season. Dave has two stories this week, one on a friend who received a suspicious email appearing to come from the chair of a nonprofit, and the other on a BBC investigation uncovering how fraudulent crowdfunding campaigns exploited children with cancer and their families, siphoning off millions meant for life-saving treatment. Joe’s story covers a warning from the IRS on how to spot and avoid tax scams, highlighting red flags like too-good-to-be-true refunds, urgent threats, fake websites, and impersonators pressuring victims for money or personal information. For our Catch of the Day, it turns out Aquaman isn’t just ruling the seas — he’s apparently sliding into fans’ texts, proving once again that when a celebrity starts sounding a little too approachable, it’s probably not Hollywood calling. Resources and links to stories: * ALERT: Winter Holidays Travel Scams [https://www.jec.senate.gov/public/_cache/files/c1717fa4-9ab4-444e-b6f6-0e9000bfccea/12.2025-holiday-travel-scams-alert.pdf] * Children with cancer scammed out of millions fundraised for their treatment, BBC finds [https://www.bbc.com/news/articles/ckgz318y8elo] * Recognize tax scams and fraud [https://www.irs.gov/help/tax-scams/recognize-tax-scams-and-fraud] * How to know it's the IRS [https://www.irs.gov/help/how-to-know-its-the-irs] ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://therecord.media/fin6-recruitment-scam-malware-campaign]⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://therecord.media/fin6-recruitment-scam-malware-campaign]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [hackinghumans@n2k.com].

Apple Lockdown Mode (noun) [Word Notes]

Please enjoy this encore of Word Notes. An optional security mode for macOS and iOS that reduces the attack surface of the operating system by disabling certain commonly attacked features.  CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/apple-lockdown-mode⁠ [https://thecyberwire.com/glossary/apple-lockdown-mode] Audio reference link: “⁠How NSO Group’s Pegasus Spyware Was Found on Jamal Khashoggi’s Fiancée’s Phone⁠ [https://www.youtube.com/watch?v=a2BIYWHdfTE],” FRONTLINE, YouTube, 18 July 2021.

Poisoned at the source. [OMITB]

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is ⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/selenalarson/], ⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠ [https://www.proofpoint.com/] intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠⁠ [https://www.proofpoint.com/us/podcasts/discarded]. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠ [https://www.n2k.com/] ⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/dave-bittner-27231a4/] and ⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠ [https://www.linkedin.com/in/keith-mularski-b737551/], former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠Qintel⁠⁠⁠⁠ [https://www.linkedin.com/company/qintel/]. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we dive into supply chain attacks through the lens of a massive Android malware campaign that infects devices before they ever reach users, embedding itself in firmware and reseller-installed system images. We connect the dots to other high-impact supply chain incidents—from SolarWinds to the recent F5 breach—and share new intelligence on Android devices compromised during manufacturing and distribution in China. Together, these cases highlight how attacks at the source can quietly scale, persist, and evade traditional defenses.

Hot sauce and hot takes: An Only Malware in the Building special.

While our team is out on winter break, please enjoy this episode of Only Malware in the Building. Welcome in! You’ve entered, Only Malware in the Building — but this time, it’s not just another episode. This is a special edition you won’t want to miss. For the first time, our hosts are together in-studio — and they’re turning up the heat. Literally. Join ⁠⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/selenalarson/], ⁠⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠⁠ [https://www.proofpoint.com/] intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠⁠DISCARDED⁠ [https://www.proofpoint.com/us/podcasts/discarded], along with  ⁠⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠⁠ [https://www.n2k.com/] ⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/dave-bittner-27231a4/] and ⁠⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/keith-mularski-b737551/], former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠⁠Qintel⁠⁠⁠⁠⁠ [https://www.linkedin.com/company/qintel/]⁠⁠⁠⁠, as they take on a fiery hot wings challenge while answering personal questions about themselves, their careers, and the stories that shaped them. Think you’ve seen them tackle malware mysteries before? Wait until you see them sweat. This one’s too good for audio alone — you’ll want to watch the full ⁠video⁠ [https://youtu.be/HDgLBxEKx28] edition to catch every spicy reaction, every laugh, and maybe even a few tears. So grab your milk, get ready to feel the burn, and come join us for this special hot take on Only Malware in the Building.

Simulated Phishing (noun) [Word Notes]

While our team is out on winter break, please enjoy this episode of Word Notes. A security awareness training technique in which authorized, but fake phishing emails are sent to employees in order to measure and improve their resistance to real phishing attacks.  CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/simulated-phishing⁠ [https://thecyberwire.com/glossary/simulated-phishing] Audio reference link: ⁠“Blackhat (2014) - Hacking the NSA Scene (4/10) | Movieclips.”⁠ [https://www.youtube.com/watch?v=7HWfwLBqSQ4] YouTube, YouTube, 19 Apr. 2017.