Hacking Humans

This week, our hosts Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. This week Joe's got some follow up about his chickens. Joe's story is on LLM-powered coding tools, and how they are increasingly hallucinating fake software package names, opening the door for attackers to upload malicious lookalike packagesa practice dubbed "slopsquatting"that can compromise software supply chains when developers unwittingly install them. Daves story is on Cisco Talos uncovering a widespread toll road smishing campaign across multiple U.S. states, where financially motivated threat actorsusing a smishing kit developed by Wang Duo Yuimpersonate toll services to steal victims' personal and payment information through spoofed domains and phishing sites. Maria's got the story of how scammers are using fake banking apps to fool sellers with phony payment screensand walking away with thousands in goods. Our catch of the day comes from listener John who writes in to share a suspicious text message he received. Resources and links to stories:

LLMs can't stop making up software dependencies and sabotaging everything

Unraveling the U.S. toll road smishing scams

'Scammers used fake app to steal from me in person'

Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Please enjoy this encore episode of Word Notes. A broad OWASP Top 10 software development category representing missing, ineffective, or unforeseen security measures. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-insecure-design Audio reference link: Oceans Eleven Problem Constraints Assumptions. by Steve Jones, YouTube, 4 November 2015.

This week, our hosts Dave Bittner and Joe Carrigan, are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines, while our other host, Maria Varmazis is at a conference. We begin with some follow-up, as Joe reflects on the density of gold. Then, Dave shares some heartfelt and moving words about the recent passing of his father. Dave's story follows how confusion sparked by Trump's erratic tariff policies is fueling a global surge in cyber scams, phishing sites, and crypto cons, as threat actors exploit the chaos to mislead, defraud, and manipulate online users. Joe has two stories this week, the first is about the "blessing scam," a con that targets older Chinese women with promises of spiritual cleansing that ends in financial ruin. The second covers a new FTC rule requiring companies to make subscription cancellations as easy as sign-ups, cracking down on deceptive practices. Our catch of the day this week comes from MontClair University, as they are warning of a phishing scam offering a “free 2014 Airstream Sport 16′ Travel Trailer.” Resources and links to stories:

Trump Tariff Confusion Fuels Online Scams

Oklahoma woman charged with laundering $1.5M from elderly women in online romance scam

A new ‘jackpotting’ scam has drained more than $236,000 from Texas ATMs — but who foots the loss?

Opportunity To Own A Free 2014 Airstream Sport 16′ Travel Trailer

Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Please enjoy this encore of Word Notes. A broad class of attack vectors, where an attacker supplies input to an applications command interpreter that results in unanticipated functionality.  CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-injection Audio reference link: “APPSEC Cali 2018 - Taking on the King: Killing Injection Vulnerabilities” YouTube Video. YouTube, March 19, 2018.

This week, while Dave Bittner is out, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start off with a lot of follow up on listener feedback this week! Justin shares a thought about how to track gold deliveries with a simple sting operation involving an AirTag. Xray Specs offers a fun response to a theory about scanning plates and running Python scripts, stating they receive similar emails despite not owning a car. Jim Gilchrist recounts his experience with E-ZPass and unpaid tolls, explaining how a failed transponder led to a replacement and noting the prevalence of scam toll messages. Joe shares two gripping stories this week, one being on how the FBI is seizing $8.2 million from a massive romance scam involving cryptocurrency, and second is on a Maryland woman losing millions in a growing "pig butchering" scheme, with the FBI warning that many more victims are at risk. Maria's story is on an East Hartford woman caught up in a federal sweepstakes scam targeting the elderly. The suspects, including one local resident, allegedly stole millions. What did they do, and how did they get caught? Our catch of the day comes from a user on Reddit who shares a message they got from billionaire, and owner of Tesla, Elon Musk. Resources and links to stories:

FBI Cracks 'Pig Butchering' Scam on Dating Sites

Maryland woman loses millions in crypto "pig butchering" scam as FBI warns of more targets

East Hartford Woman Bilked Elderly In Fake Sweepstakes Scam: Feds

Elon Musk Vows To Hand Out $1 Million Checks This Weekend: What To Know

Have a Catch of the Day you'd like to share? Email it to us at [email protected].