Hacking Humans
When a Scammer Meets the Force.
Hacking Humans
•January 15, 2026•51 min
0
Hacking Humans•Jan 15, 2026
Key Takeaways
- •Scammers use seven‑day romance arc to harvest money.
- •Handbooks detail persona crafting, daily messages, and information gaps.
- •CrowdStrike reports average breach breakout 48 minutes, fastest 51 seconds.
- •Voice‑phishing attacks surged 442% in 2024.
- •79% of detections were malware‑free, driven by social engineering.
Pulse Analysis
The recent Reuters investigation uncovered detailed handbooks that teach fraudsters how to stage romance‑based social engineering attacks, often called pig‑butchering. The guides prescribe a seven‑day engagement curve: initial contact, investment pitch, emotional bonding, and a fake platform launch by day seven. Scammers are instructed to craft believable personas, reference hobbies, zodiac signs, and send mandatory daily messages to reinforce trust. By deliberately leaving key questions unanswered, they create an information gap that keeps victims hooked and eager for the next reveal. This systematic approach shows how emotional manipulation is weaponized at scale.
The CrowdStrike 2025 Global Threat Report reinforces the shift toward human‑centric breaches. It records an average lateral‑movement breakout time of 48 minutes, with the fastest observed at just 51 seconds, highlighting the power of automated intrusion tools. Voice‑phishing, or scam calls, exploded by 442% in 2024, while access‑broker advertisements rose 50% year over year, indicating a booming market for stolen credentials. Cloud incidents remain vulnerable, with 35% stemming from valid‑account abuse and token leakage in code repositories. Notably, 79% of detections were malware‑free, confirming that social engineering now dominates the threat landscape.
For enterprises, these findings demand a renewed focus on people‑first defenses. Continuous security awareness training must address romance‑scam narratives, the danger of information gaps, and the prevalence of voice‑phishing scripts. Organizations should enforce strict credential hygiene, monitor for anomalous token exposure, and deploy rapid detection tools that flag lateral movement within minutes. Integrating behavioral analytics with traditional malware scanners can surface the growing class of malware‑free attacks. By combining technical controls with a culture of skepticism, businesses can reduce the success rate of social‑engineering campaigns and protect both their assets and their employees.
Episode Description
This week, while Maria Varmazis (also host of the T-Minus Space Daily show) is out, our hosts Dave Bittner and Joe Carrigan are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Joe starts us off with a chicken update. Joe’s story is on CrowdStrike’s 2025 Global Threat Report, which reveals faster-than-ever breakout times, a surge in vishing and initial access attacks, widespread abuse of valid accounts, and a growing shift toward malware-free intrusions as adversaries become more numerous and sophisticated. Dave’s got the story on how “pig-butchering” romance scams are industrialized, detailing Reuters’ reporting on cyberfraud gangs using step-by-step psychological playbooks to groom victims, manufacture emotional attachment, and rapidly funnel them into fake investments that leave lasting financial and emotional damage. Rishika Desai, Threat Researcher and Writer from Bfore.ai, joins Dave and Joe to discuss renting social media ad accounts for scamming purposes. Our catch of the day comes from Reddit, where one user channels their inner Jedi and uses the Force to send a pesky scammer retreating to the dark side.
Resources and links to stories:
A scammer’sblueprint
CROWDSTRIKE 2025 GLOBAL THREAT REPORT
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.
Show Notes
0
Comments
Want to join the conversation?
Loading comments...