When AI Wears a Suit and Tie.
Cybersecurity

Hacking Humans

When AI Wears a Suit and Tie.

Hacking HumansMar 19, 2026

Why It Matters

The episode underscores how supply‑chain vulnerabilities and voice‑phishing can expose sensitive personal data, emphasizing the need for faster breach detection and notification. Understanding these threats helps organizations and individuals improve their security hygiene and demand better vendor oversight.

Key Takeaways

  • Aggravated identity theft involves using stolen ID for another crime
  • Shared mailboxes need no license, but lack passwords and quotas
  • Ericsson breach stemmed from vendor vishing attack, exposing 15,000 records
  • Vendor delayed breach notification to Ericsson by six months
  • FTC warns “you’ve won” scams demanding upfront fees

Pulse Analysis

The episode opens with a clear distinction between ordinary identity theft and its aggravated form. Aggravated identity theft occurs when a stolen identity is leveraged to commit another felony, such as wire fraud, raising the legal stakes and penalties. Listeners also receive a practical briefing on shared mailboxes: they operate without a dedicated license, lack individual passwords, and are limited to a 50‑GB quota unless a license is added, which then unlocks archiving and litigation‑hold features. This nuance highlights how seemingly benign IT configurations can become security blind spots if not properly managed.

The centerpiece of the discussion is the Ericsson U.S. subsidiary breach. Attackers used a vishing (voice‑phishing) call to compromise a third‑party vendor, gaining foothold in Ericsson’s network and exfiltrating roughly 15,000 records containing personal, financial, and health data. While the vendor detected the intrusion within 11 days, they failed to inform Ericsson until six months later, underscoring the critical importance of rapid breach disclosure and robust third‑party risk programs. The delayed notification amplified regulatory exposure and eroded trust, prompting Ericsson to offer identity‑theft protection services through IDX, though the effectiveness of such programs remains debated.

Finally, the hosts turn to broader social‑engineering trends. The FTC’s warning about “you’ve won” prize scams illustrates how fraudsters exploit the allure of free rewards, demanding upfront fees for taxes or shipping. Coupled with the earlier shared‑mailbox and USB‑drop anecdotes, the conversation reinforces a recurring theme: attackers thrive on convenience and oversight. For business leaders, the takeaway is clear—enforce strict access controls, monitor vendor communications, and educate employees on phishing cues to reduce the attack surface and protect sensitive data.

Episode Description

This week, hosts of N2K CyberWire ⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ and⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ alongside ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ are discussing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow up on aggravated identity theft and how it ties to crimes like wire fraud, along with a quick look at shared mailboxes and why sharing login credentials can create security risks. Joe’s got the story of a vishing attack on an Ericsson vendor that exposed sensitive data of over 15,000 people, highlighting the risks of third-party security gaps. Dave’s story is on Meta removing millions of scam ads and accounts while facing scrutiny over whether it profits from fraudulent advertising, highlighting the growing scale of social media-driven scams and pressure from lawmakers to crack down. Maria has the story on how scammers are using AI to impersonate government officials through deepfakes, fake websites, and voice cloning, making fraud more convincing and harder to detect while stealing money and personal information. Our Catch of the Day comes from Reddit where a user has an intriguing conversation with Elon Musk, where he professes his love in a very record amount of time.

Resources and links to stories:

⁠Ericsson US Discloses Data Breach as Hackers Steal Employee and Customer Data

That random call saying “you’ve won a prize” is a scam

Meta says it culled millions of scam ads amid accusations that it profits from them

Watch out for AI-generated government impersonators

Grammarly Is Facing a Class Action Lawsuit Over Its AI ‘Expert Review’ Feature

Warren Buffett didn’t make this video about Canada-U.S. tensions. It's fake and there will be more

How to Fix a Sticking Door

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

Show Notes

Comments

Want to join the conversation?

Loading comments...