This week, our hosts Joe Carrigan, and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up from a listener on class action settlements: they’re a class action attorney and shared that the best way to verify a notice is to contact the law firm listed in the court documents—plus, unclaimed funds don’t go to the attorneys, but are redistributed to claimants. Maria's story is on a listener dealing with phishing calendar invites that auto-add to their calendar—she shares tips like avoiding the “decline” button, adjusting settings to prevent automatic invite processing, and contacting email admins to help block these pesky requests. Joe's got the story on a film made almost entirely with AI tools like Google Veo and Runway—while the results are stunning, the process was chaotic, proving that human creativity, direction, and a lot of trial and error are still essential behind the scenes. Our cluck of the day is from listener Clayton, who writes in with a scam email sharing a fake job about a virtual interview.
Resources and links to stories:
We Made a Film With AI. You’ll Be Blown Away—and Freaked Out.
AI Will Smith eating spaghetti pasta (AI footage and audio)
Just got access to Veo 3 and the first thing I did was try the Will Smith spaghetti test.
AI video just took a startling leap in realism. Are we doomed?
Impossible Challenges (Google Veo 3 )
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.
--------
46:33
The great CoGUI caper. [OMITB]
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts N2K Networks Dave Bittner and Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qintel.
Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our hosts discuss Chinese-speaking threat actors are targeting Japan with a massive phishing campaign using a sneaky new kit called CoGUI, which has hit organizations with over 170 million messages in a single month. The campaign mimics trusted brands like Amazon, PayPay, and Rakuten to steal login and payment info—lining up with warnings from Japan’s Financial Services Agency about attackers cashing out and buying Chinese stocks. While the CoGUI kit is slick with its evasion tricks and browser profiling, your hosts are hot on its trail with new detections to help stop the phishing frenzy.
Please enjoy this encore of Word Notes.
An attack technique that leverages an unprotected web server as a proxy for attackers to send commands through to other computers.
--------
7:38
Lights, camera, scam!
This week, our three hosts Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with a bit of follow up, one from listener Aaron, who shares some safety tips for chickens, and from listener Shannon, who writes in with a new fashion statement. Maria’s got the story on how Trump’s sweeping new tariffs are creating the “perfect storm” for scams, as cybercriminals exploit consumer confusion with fake fee requests, shady links, and urgent messages—three red flags experts say to watch for. Joe shares the story of a new FBI warning about an AI-driven phone scam targeting iPhone and Android users, where scammers impersonate senior U.S. officials through fake texts and voice messages to steal personal information via malicious links. Dave shares the story of a classic Hollywood pitch deck scam, where fake agents from bogus production companies like "Hollywood Talent Agency" and "Writer’s Edge Production" lure authors into paying for useless film services with promises of big-screen adaptations. We have our new Cluck of the Day, and this week, Jonathan Webster shares a classic scam attempt: a fake PayPal invoice PDF designed to trick recipients into calling a fraudulent support number or paying a bogus charge.
Resources and links to stories:
Trump tariffs create the ‘perfect storm’ for scams, cybersecurity expert says — 3 red flags to watch out for
FBI warns of new phone scam targeting iPhone, Android users, advises not to answer these messages
Senior US Officials Impersonated in Malicious Messaging Campaign
The Hollywood Talent Agency / Writers Edge Production Scam
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.
--------
41:49
OWASP security logging and monitoring failures (noun) [Word Notes]
Please enjoy this encore of Word Notes.
The absence of telemetry that could help network defenders detect and respond to hostile attempts to compromise a system.
Italia