Hacking Humans Podcast

This week, our hostsDave Bittner, Joe Carrigan, andMaria Varmazis(also host of theT-MinusSpace Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start off with some more chicken follow up, this week, delving into malware-related chicken names. Daves got the story of Brevard-based Health First Health Plans teaming up with the FBI to warn consumers about a nationwide medical insurance scam where victims pay upfront for fake coverage and end up stuck with huge medical bills. Maria shares the story on how a recent April 2025 survey reveals that while most US consumers feel confident identifying scams and rely on traditional security measures like strong passwords and two-factor authentication, many still experience scam attempts and data breaches, with real-time threat detection emerging as the most valued feature in security products. Joe shares a personal story about how he was mildly got, gottricked, that ishe thought he was filling out a quick survey for a waiter, but it actually ended up as a Google review. It's a reminder of how AI and tech are blurring the lines in everyday interactions, and how easily people can get tripped up by these evolving processes. The catch of the day this week is from the Scams sub-Reddit, and Dave reads a text from a scammer claiming to have information on his doing drugs at his old work place.

Resources and links to stories:

ALERT! Brevard-Based Health First Health PlansJoins FBI to Expose Medical Insurance Scam

Scams and Protections US Report: April 2025

We make building an app so easy, anyone can do it

'700 Indian engineers posed as AI': The London startup that took Microsoft for a ride

Artificial Intelligence stories

Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Please enjoy this encore of Word Notes.

Code and data repositories that don't protect against unauthorized changes.

This week, our hosts⁠⁠⁠ ⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠, and ⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠T-Minus⁠⁠⁠⁠ Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up from a listener on class action settlements: they’re a class action attorney and shared that the best way to verify a notice is to contact the law firm listed in the court documents—plus, unclaimed funds don’t go to the attorneys, but are redistributed to claimants. Maria's story is on a listener dealing with phishing calendar invites that auto-add to their calendar—she shares tips like avoiding the “decline” button, adjusting settings to prevent automatic invite processing, and contacting email admins to help block these pesky requests. Joe's got the story on a film made almost entirely with AI tools like Google Veo and Runway—while the results are stunning, the process was chaotic, proving that human creativity, direction, and a lot of trial and error are still essential behind the scenes. Our cluck of the day is from listener Clayton, who writes in with a scam email sharing a fake job about a virtual interview.

Resources and links to stories:

⁠We Made a Film With AI. You’ll Be Blown Away—and Freaked Out.

AI Will Smith eating spaghetti pasta (AI footage and audio)

Just got access to Veo 3 and the first thing I did was try the Will Smith spaghetti test.

AI video just took a startling leap in realism. Are we doomed?

Impossible Challenges (Google Veo 3 )

Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠[email protected]⁠⁠⁠⁠⁠⁠.

Please enjoy this encore of Word Notes.

An attack technique that leverages an unprotected web server as a proxy for attackers to send commands through to other computers. 

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is ⁠⁠Selena Larson⁠⁠, ⁠⁠Proofpoint⁠⁠ intelligence analyst and host of their podcast ⁠⁠DISCARDED⁠⁠. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts ⁠⁠N2K Networks⁠⁠ ⁠⁠Dave Bittner⁠⁠ and ⁠Keith Mularski⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠Qintel⁠.

Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our hosts discuss Chinese-speaking threat actors are targeting Japan with a massive phishing campaign using a sneaky new kit called CoGUI, which has hit organizations with over 170 million messages in a single month. The campaign mimics trusted brands like Amazon, PayPay, and Rakuten to steal login and payment info—lining up with warnings from Japan’s Financial Services Agency about attackers cashing out and buying Chinese stocks. While the CoGUI kit is slick with its evasion tricks and browser profiling, your hosts are hot on its trail with new detections to help stop the phishing frenzy.