SLAM, Scam, Thank You Ma’am.
Cybersecurity

Hacking Humans

SLAM, Scam, Thank You Ma’am.

Hacking HumansApr 23, 2026

Why It Matters

Understanding and applying the SLAM framework equips both individuals and organizations to better defend against increasingly sophisticated phishing attacks, reducing financial loss and emotional harm. As fraudsters adapt their tactics, staying ahead through education and proactive measures is critical for safeguarding personal and corporate security.

Key Takeaways

  • SLAM framework simplifies phishing detection: Sender, Links, Attachments, Message.
  • Early inoculation reduces victims of romance and other scams.
  • EMV chip adoption driven by liability shift, not security.
  • Meta profits from Chinese scam ads despite policy violations.
  • Anthropic Mythos AI automates code vulnerability discovery for banks.

Pulse Analysis

The episode opens with a deep dive into the SLAM method, a four‑point checklist that helps professionals spot phishing attempts quickly. By verifying the Sender, inspecting Links, scrutinizing Attachments, and reading the Message for tone or inconsistencies, users can cut through social‑engineering tricks before they click. The hosts stress that the framework is easy to remember and works across desktop and mobile environments, making it a practical tool for security teams looking to boost awareness without adding complexity.

Beyond the SLAM basics, the conversation expands to the wider scam ecosystem. Listeners hear a real‑world romance‑scam story that illustrates how early inoculation—educating potential victims before they’re targeted—dramatically improves resistance. The hosts also trace the adoption of EMV chip cards to a liability shift by Visa, Mastercard and others, not pure security concerns, highlighting how financial incentives drive protective technology. A Reuters investigation is cited showing Meta’s Chinese ad revenue, with roughly $3 billion flowing from fraudulent ads, underscoring the profit motive that lets scams thrive on major platforms. Meanwhile, UK banks are pushing responsibility upstream to telecoms and social media firms, signaling a new era of shared accountability for fraud prevention.

The final segment spotlights Anthropic’s Mythos AI model, which can automatically locate software vulnerabilities at scale. After a high‑severity CVE was discovered by Mythos, Treasury officials convened bank CEOs to discuss securing critical infrastructure, bypassing traditional cybersecurity agencies. The hosts argue that banks and other enterprises should integrate such AI tools into their dev‑sec‑ops pipelines to stay ahead of attackers, complementing zero‑trust strategies like ThreatLocker’s default‑deny execution. By marrying proactive education, liability‑aware technology adoption, and AI‑driven code analysis, organizations can build a multi‑layered defense against today’s sophisticated social‑engineering threats.

Episode Description

This week, while Maria is on vacation, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ are joined by Michele Kellerman as they discuss the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Dave brings us a lively follow-up from his recent theater outing the conversation circles back to chicken talk. Michele also highlights the work of Blood Cancer United sharing insight into their mission and impact. Dave’s story is on the SLAM method, a simple phishing-defense framework that teaches users to evaluate suspicious emails by checking the sender, links, attachments, and message for common signs of deception and social engineering. Michele’s got the story on a potential turning point in online scams, where rising pressure—from revelations that Meta Platforms has profited from fraudulent ads, to banks and regulators like Jerome Powell and Scott Bessent warning about systemic risks—suggests liability may soon expand beyond banks to include social media, telecoms, and other upstream players. Joe’s story is on two cousins, Shray Goel and Shaunik Raheja, who pleaded guilty in a nationwide $8.5 million scheme using fake listings, double bookings, and last-minute cancellations across platforms like Airbnb and Vrbo to maximize profits while deceiving thousands of travelers. On our catch of the day, A Reddit user shares a message they got from a scammer posing as their child.

Resources and links to stories:

SLAM Method for a Comprehensive Phishing Prevention Guide

Meta tolerates rampant ad fraud from China to safeguard billions in revenue

Banks cannot save the UK financial system from fraud alone

Bessent, Powell warned bank CEOs about Anthropic model risks, sources say

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

Show Notes

Comments

Want to join the conversation?

Loading comments...