Who Is Winning the Scam Game?
In this episode of Hacking Humans, hosts Dave Bittner, Joe Kerrigan, and Maria Vermazis dissect two major scam narratives: an international gold‑scam ring that lured U.S. victims into buying $800,000 worth of physical gold, culminating in the arrest of a New Jersey‑based conspirator, and a newly identified threat group targeting Business Process Outsourcing (BPO) firms with sophisticated social‑engineering attacks that spoof live‑chat and Okta login pages. The discussion highlights how scammers exploit multi‑factor authentication weaknesses, emphasizing the superiority of hardware‑based FIDO2 keys over SMS or software tokens. Guest insights from Polera CISO Sean Colicchio underscore the psychological angle of social engineering and the need for AI‑aware training programs.
When “Opportunity” Knocks, Don’t Answer.
In this episode of Hacking Humans, Dave, Joe, and Maria dissect two major social‑engineering threats: a LinkedIn‑based phishing campaign that uses urgent “business opportunity” emails and look‑alike login pages to harvest credentials, and a $20 million Everest‑guide scam where climbers are...
Who’s Logging In? [OMITB]
In this episode of Only Malware in the Building, host Selina Larson and guests Keith Malarski and Dave discuss the rapid rise of identity‑based attacks, noting that identity‑related root causes now outpace traditional malware. They cite recent reports from Sophos,...
When AI Wears a Suit and Tie.
In this episode of Hacking Humans, hosts Dave Bittner, Joe Kerrigan, and Maria Vermazis discuss recent social‑engineering attacks, focusing on a data breach at Ericsson’s U.S. subsidiary caused by a vishing attack on a third‑party vendor. They explain the concept...
The Voice on the Other End.
In this episode, hosts Maria Varmazis, Dave Bittner, and Joe Carrigan examine a wave of social engineering attacks, including a sophisticated phishing campaign that dupes Apple Pay users via fake emails and voice calls, Australia’s ClickFit initiative exposing romance scams,...
Security Service Edge (SSE) (Noun) [Word Notes]
In this brief episode, host Rick Howard defines Security Service Edge (SSE) as a cloud‑centric security architecture that blends the shared responsibility model, vendor‑provided security stacks, and direct network peering with major content providers and their fiber networks. He highlights...
Love Was the Hook.
In this episode, hosts Maria Varmazis, Dave Bittner, and Joe Carrigan explore the surge in romance and social‑engineering scams, highlighting high‑profile cases like a €3 million "Dubai Crown Prince" fraud and a handyman‑turned‑boyfriend con that inspired an Amazon Prime documentary. They...
Domain Spoofing (Noun) [Word Notes]
In this concise episode, host Rick Howard explains domain spoofing, a social engineering technique where attackers create malicious domains that closely resemble legitimate ones to deceive users. He outlines how the tactic works, its common vectors, and the potential damage...
When Legit Is the Trick: Phishing’s Sneaky New Moves. [OMITB]
In this episode of Only Malware in the Building, hosts Selena Larson, Dave Bittner, and former FBI cybercrime investigator Keith Mularski explore how attackers are weaponizing legitimate Microsoft services to make phishing campaigns harder to detect. They break down two...
Secure Web Gateway (Noun) [Word Notes]
In this brief episode, host Rick Howard defines a Secure Web Gateway (SWG) as a layer‑seven firewall positioned at the network perimeter to enforce security policies and conduct detection and prevention tasks. He highlights the SWG’s role in inspecting web...
Cold Weather, Hot Scams.
In this episode, the hosts dissect recent social‑engineering attacks, covering a Verizon outage‑related credit scam, a rare case where a victim recovered nearly $1 million after a cyber fraud, and a surge of Ozembic/GLP‑1 weight‑loss drug scams targeting Wisconsin consumers with...
Scammers Gonna Scam.
In this episode, hosts Dave Bittner, Joe Carrigan, and Maria Varmazis dissect recent social‑engineering threats, from politically‑charged SendGrid phishing campaigns to a crackdown on Southeast Asian scam networks after the arrest of alleged kingpin Chen Zhi. They share real‑world anecdotes,...
Intrusion Detection System (Noun) [Word Notes]
In this episode, host Rick Howard explains what an Intrusion Detection System (IDS) is—a technology that monitors network traffic for malicious activity and either alerts administrators or blocks threats. He highlights the dual roles of detection and prevention, emphasizing how...
When a Scammer Meets the Force.
The episode reviews the latest social engineering threats, highlighting CrowdStrike's 2025 Global Threat Report which notes faster breach times, a rise in vishing and account abuse, and a shift toward malware‑free intrusions. It then examines the industrialization of "pig‑butchering" romance...
MFA Prompt Bombing (Noun) [Word Notes]
In this brief episode, host Rick Howard defines "MFA prompt bombing" as a technique where attackers flood a user with authentication prompts until they approve one out of frustration, effectively bypassing multifactor authentication. He highlights the growing relevance of this...
