Hacking Humans

AI ate my homework.

This week, hosts of N2K CyberWire ⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/varmazis/] and⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/dave-bittner-27231a4/] ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/dave-bittner-27231a4/] alongside ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/joecarrigan/] are discussing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Maria’s story covers a BBC experiment by Thomas Germain showing how easily major AI tools like ChatGPT and Google’s Gemini repeated a completely fabricated claim he posted online, highlighting what experts call a “renaissance for spam” as SEO-style manipulation resurfaces in the age of AI. Dave’s story examines Elizabeth Chamblee Burch’s book The Pain Brokers, which details how women with pelvic mesh implants were allegedly cold-called and steered into surgeries as part of a $40 million mass-tort recruitment scheme fueled by litigation finance and regulatory gaps. Joe’s story reports on an alleged decade-long ticket fraud ring at the Louvre in Paris, where tour guides and museum employees are accused of reusing tickets and bribery, costing more than €10 million before French authorities made multiple arrests. Our catch of the day comes from Reddit, where a user tested the limits of a land developer. Resources and links to stories: * ⁠ [https://www.technadu.com/apple-pay-users-targeted-by-sophisticated-phishing-scam-leveraging-voice-and-email/619646/]I hacked ChatGPT and Google's AI - and it only took 20 minutes [https://www.bbc.com/future/article/20260218-i-hacked-chatgpt-and-googles-ai-and-it-only-took-20-minutes] * A Terrifying Scam and the System That Made It Possible [https://www.newyorker.com/books/under-review/a-terrifying-scam-and-the-system-that-made-it-possible] * The Pain Brokers: How Con Men, Call Centers, and Rogue Doctors Fuel America's Lawsuit Factory  [https://www.amazon.com/Pain-Brokers-Centers-Doctors-Americas/dp/1668068869] * Louvre tour guides accused of orchestrating $16m ticket fraud ring over a decade [https://www.abc.net.au/news/2026-02-17/how-louvre-ticket-guides-ran-alleged-ticket-fraud-ring/106353046] * T&T&T Land&Sea [https://www.reddit.com/r/scambait/comments/1r8ie6x/ttt_landsea/] ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.ghanaweb.com/GhanaHomePage/business/Inside-the-alleged-2-5-million-Dubai-Crown-Prince-romance-scam-2020297]Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://therecord.media/fin6-recruitment-scam-malware-campaign]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [hackinghumans@n2k.com].

COBIT (noun) [Word Notes]

Please enjoy this encore of Word Notes. An IT governance framework developed by ISACA.  CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/cobit⁠ [https://thecyberwire.com/glossary/cobit] Audio reference link: isacappc. “How Do You Explain Cobit to Your Dad – or Your CEO?” YouTube, YouTube, 24 Aug. 2016, ⁠https://www.youtube.com/watch?v=EYATVkddIyw⁠ [https://www.youtube.com/watch?v=EYATVkddIyw].

The voice on the other end.

This week, hosts ⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/varmazis/] (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://space.n2k.com/podcasts/t-minus?__hstc=223811332.a636bba53840b4700c929fe67723a129.1721054632698.1747145009569.1747159962459.413&__hssc=223811332.2.1747159962459&__hsfp=3690629108] Space Daily show),⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/dave-bittner-27231a4/] ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/dave-bittner-27231a4/] and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/joecarrigan/] are discussing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We have some follow up where Joe shares a scam call he received. Dave’s got the story on a sophisticated phishing campaign targeting Apple Pay users through fake emails and voice calls impersonating customer support, as well as Australia’s ClickFit initiative warning that romance scammers are exploiting trust online for emotional and financial gain. Joe’s story is about a former Ohio bank employee who used his insider access to steal identities and siphon roughly $2 million from elderly customers, ultimately leading to his arrest in Chicago and federal conviction. Maria’s story is about a daughter who discovers her 84-year-old mother has been financially exploited by trusted professionals and even family members, underscoring how elder fraud often comes from familiar faces. It highlights the rapid rise in elder financial abuse and the urgent need for families to step in early—before cognitive decline makes the losses irreversible. Our catch of the day come's from the "Australian Government" on a tax document being floated around. Resources and links to stories: * Apple Pay Users Targeted by Sophisticated Phishing Scam Leveraging Voice and Email [https://www.technadu.com/apple-pay-users-targeted-by-sophisticated-phishing-scam-leveraging-voice-and-email/619646/] * ClickFit: Romance scams [https://www.afp.gov.au/news-centre/feature/clickfit-romance-scams] * Former Bank Employee Found Guilty of Targeting Elderly Victims in Identity Theft and Fraud Scheme [https://www.justice.gov/usao-ndoh/pr/former-bank-employee-found-guilty-targeting-elderly-victims-identity-theft-and-fraud] * Ohio bank’s anti-fraud agent stole $2M from elderly customers: DOJ [https://fox8.com/news/ohio-banks-anti-fraud-agent-stole-2m-from-elderly-customers-doj/] ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.ghanaweb.com/GhanaHomePage/business/Inside-the-alleged-2-5-million-Dubai-Crown-Prince-romance-scam-2020297]Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://therecord.media/fin6-recruitment-scam-malware-campaign]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [hackinghumans@n2k.com].

Security Service Edge (SSE) (noun) [Word Notes]

Please enjoy this encore of Word Notes. A security architecture that incorporates the cloud shared responsibility model, a vendor provided security stack, and network peering with one or more of the big content providers and their associated fiber networks.  CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/security-service-edge⁠ [https://thecyberwire.com/glossary/security-service-edge] Audio reference link: Netskope (2022). What is Security Service Edge (SSE). YouTube. Available at: ⁠https://www.youtube.com/watch?v=Z9H84nvgBqw⁠ [https://www.youtube.com/watch?v=Z9H84nvgBqw] [Accessed 21 Oct. 2022].

Love was the hook.

This week, hosts ⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/varmazis/] (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://space.n2k.com/podcasts/t-minus?__hstc=223811332.a636bba53840b4700c929fe67723a129.1721054632698.1747145009569.1747159962459.413&__hssc=223811332.2.1747159962459&__hsfp=3690629108] Space Daily show),⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/dave-bittner-27231a4/] ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/dave-bittner-27231a4/] and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.linkedin.com/in/joecarrigan/] are discussing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Dave sits down with ⁠Simon Horswell⁠ [https://538d0b96.streak-link.com/CwmSgoMpaQzgubv8dwEjAYWz/https%3A%2F%2Fwww.linkedin.com%2Fin%2Fsimon-horswell-72b2052a%2F%3ForiginalSubdomain%3Duk], a Senior Fraud Specialist at ⁠Entrust⁠ [https://538d0b96.streak-link.com/CwmSgoM1dWw6IlY3Ug-9oKo1/https%3A%2F%2Fwww.entrust.com%2F] discussing evolving romance scams for Valentine's Day. We have some follow up on chickens and a listener write-in, with a quick note on the backyard chicken trend and a closer look at a Bank of America fraud text that looked like a phish. Maria’s story follows an alleged “Dubai Crown Prince” scam that drained nearly €3 million from a Romanian businesswoman using fake banks and humanitarian appeals. Joe’s story tells of a handyman-turned-boyfriend who ran multiple dating scams and stole from his partner and her family, now featured on Amazon Prime. Dave’s story features Simon Horswell from Entrust explaining why romance scams hit $4.5 billion in 2024 and how scammers use psychological tricks, AI tools, and celebrity impersonation to manipulate victims. We have two catches of the day this week, one a physical letter from the DOJ and the other is an email from Microsoft. Resources and links to stories: * Let's stop shipping baby chickens in the mail [https://www.wbur.org/cognoscenti/2026/02/03/hatcheries-chicks-backyard-coops-homesteaders-backyard-tove-danovich] * Inside the alleged $2.5 million Dubai Crown Prince romance scam [https://www.ghanaweb.com/GhanaHomePage/business/Inside-the-alleged-2-5-million-Dubai-Crown-Prince-romance-scam-2020297] * CASHED OUT I fell in love with a handyman who came to fix my kitchen – little did I know my fairytale would cost me £150k [https://www.thesun.co.uk/fabulous/37567733/romance-scammer-jason-porter-amazon-prime-documentary/] ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://www.ghanaweb.com/GhanaHomePage/business/Inside-the-alleged-2-5-million-Dubai-Crown-Prince-romance-scam-2020297]Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [https://therecord.media/fin6-recruitment-scam-malware-campaign]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ [hackinghumans@n2k.com].