Hacking Humans

Don’t let public ports bite.

This week, our hosts ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/dave-bittner-27231a4/], ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/joecarrigan/], and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/varmazis/] (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://space.n2k.com/podcasts/t-minus?__hstc=223811332.a636bba53840b4700c929fe67723a129.1721054632698.1747145009569.1747159962459.413&__hssc=223811332.2.1747159962459&__hsfp=3690629108] Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with another chicken update for everyone. Dave’s got the story of a Monotype font-licensing shakedown that totally backfired — automated claims, mass messages, and scary warnings that all unraveled when a typography-savvy employee proved every allegation was wrong, leaving Monotype empty-handed. Joe’s story is on a massive Walmart robocall scam targeting millions of customers. Fake calls, using AI voices claiming a pricey PlayStation 5 order, tricked people into giving personal info. The FCC is cracking down on SK Teleco, the U.S. voice provider behind the calls, threatening to cut them off from U.S. networks if they don’t act fast to stop the scam. Maria has the story on TSA warnings for travelers: avoid plugging phones into public USB ports and skip unsecured airport Wi-Fi. Hackers can sneak malware through USBs or intercept data over open networks, so TSA and the FCC recommend using portable chargers, charging-only cables, or a VPN to stay safe while traveling. Our catch of the day comes from a Microsoft looking email which says the user has been flagged. Resources and links to stories: * ⁠ [https://en.wikipedia.org/w/index.php?title=Black_neon_tetra&direction=prev&oldid=1323424421]Monotype font licencing shake-down [https://www.insanityworks.org/randomtangent/2025/11/14/monotype-font-licencing-shake-down] * Millions of Walmart customers victims of major scam [https://www.al.com/news/2025/12/millions-of-walmart-customers-victims-of-major-scam.html] * FCC Demands Cessation of Walmart-Impersonation Robocalls [https://www.fcc.gov/document/fcc-demands-cessation-walmart-impersonation-robocalls] * VIA ELECTRONIC DELIVERY AND CERTIFIED MAIL - RETURN RECEIPT REQUESTED [https://docs.fcc.gov/public/attachments/DOC-415638A1.pdf] * Is charging your phone at the airport safe? [https://www.usatoday.com/story/travel/2025/12/03/tsa-airports-safety-usb-wifi/87582007007/] * An Open Letter [https://www.hacklore.org/letter] * Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison [https://www.bleepingcomputer.com/news/security/man-behind-in-flight-evil-twin-wifi-attacks-gets-7-years-in-prison/] ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://therecord.media/fin6-recruitment-scam-malware-campaign]⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://therecord.media/fin6-recruitment-scam-malware-campaign]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [hackinghumans@n2k.com].

Homograph phishing (noun) [Word Notes]

Please enjoy this encore of Word Notes. The use of similar-looking characters in a phishing URL to spoof a legitimate site. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/homograph-phishing⁠ [https://thecyberwire.com/glossary/homograph-phishing] Audio reference link: “⁠Mission Impossible III 2006 Masking 01⁠ [https://youtu.be/8VgscNBhD6g],” uploaded by DISGUISE MASK, 28 July 2018.

A fish commits credit card fraud (inadvertently).

This week, our hosts ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/dave-bittner-27231a4/], ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/joecarrigan/], and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/varmazis/] (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://space.n2k.com/podcasts/t-minus?__hstc=223811332.a636bba53840b4700c929fe67723a129.1721054632698.1747145009569.1747159962459.413&__hssc=223811332.2.1747159962459&__hsfp=3690629108] Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow up from listener John Helt having some chicken withdrawal, Foghorn Leghorn excluded. You are welcome, John, you now have your chicken updates! And, we share how a fish went shopping. Maria shares some research (including her own) on using AI chatbots to phish the elderly. Joe’s got two stories today. First up, he talks about the Myanmar army continuing their raids on scam centers. Joe also shares a piece on two men found guilty of engaging in an extensive fraud scheme of ACA plan subsidies involving over $233 million from the federal government. Dave's story helps keep scammers out of your stockings this holiday season. Our catch of the day comes from the phishing subreddit about a text a la Strong Bad. Resources and links to stories: * Black neon tetra: Credit card fraud [https://en.wikipedia.org/w/index.php?title=Black_neon_tetra&direction=prev&oldid=1323424421] * ⁠⁠⁠⁠⁠ [https://www.linkedin.com/feed/update/urn:li:activity:7389277517540478976/]⁠⁠⁠ [https://www.reuters.com/investigations/meta-is-earning-fortune-deluge-fraudulent-ads-documents-show-2025-11-06/]⁠ [https://www.cbsnews.com/news/china-myanmar-thailand-criminal-gangs-fraud-scam-centers-death-sentences/]We set out to craft the perfect phishing scam. Major AI chatbots were happy to help. [https://www.reuters.com/investigates/special-report/ai-chatbots-cyber/] * Can AI Models be Jailbroken to Phish Elderly Victims? An End-to-End Evaluation [https://simonlermen.substack.com/p/can-ai-models-be-jailbroken-to-phish] * Can AI Models be Jailbroken to Phish Elderly Victims? An End-to-End Evaluation [https://arxiv.org/pdf/2511.11759] * Myanmar’s military launches raid on second major online scam center [https://www.politico.com/news/2025/11/20/myanmars-military-launches-raid-on-second-major-online-scam-center-00661367] * President of Insurance Brokerage Firm and CEO of Marketing Company Convicted in $233M Affordable Care Act Enrollment Fraud Scheme [https://www.justice.gov/opa/pr/president-insurance-brokerage-firm-and-ceo-marketing-company-convicted-233m-affordable-care] * Keep scammers out of your stockings this holiday season [https://www.mastercard.com/us/en/news-and-trends/stories/2025/holiday-shopping-scams-cybersecurity-tips.html] ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://therecord.media/fin6-recruitment-scam-malware-campaign]⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://therecord.media/fin6-recruitment-scam-malware-campaign]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [hackinghumans@n2k.com].

Yippee-ki-yay, cybercriminals! [OMITB]

Welcome in! You’ve entered, Only Malware in the Building. Wrap yourself in a warm blanket, pour your favorite mug of tea, and join us each month as we unwrap the season’s juiciest cyber mysteries. Your host is ⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/selenalarson/], ⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠ [https://www.proofpoint.com/] intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠⁠ [https://www.proofpoint.com/us/podcasts/discarded]. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠ [https://www.n2k.com/] ⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/dave-bittner-27231a4/] and ⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠ [https://www.linkedin.com/in/keith-mularski-b737551/], former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠Qintel⁠⁠⁠⁠ [https://www.linkedin.com/company/qintel/]. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we explore Remote access, real cargo: cybercriminals targeting trucking and logistics. From clever schemes to protect shipments to the tools cybercriminals use, our guests discuss how organizations can safeguard physical goods in an increasingly connected world—because even during the season of hustle and bustle, the threats don’t take a holiday.

Anti-cheat software (noun) [Word Notes]

Please enjoy this encore of Word Notes. Software designed to prevent cheating in video games.  CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/anti-cheat-software⁠ [https://thecyberwire.com/glossary/anti-cheat-software] Audio reference link: “⁠The BIG Problem with Anti-Cheat⁠ [https://www.youtube.com/watch?v=aaL7owZmbEA],” by Techquickie, YouTube, 5 June 2020