Summary5 min read

Podcast Summary: "Scam Losses Surge"

Cybersecurity Today with David Shipley
Date: June 17, 2026

Episode Overview

In this episode of Cybersecurity Today, guest host David Shipley dives into the latest cyber threats rattling businesses and individuals alike. The core focus is the surge in scam losses in the U.S., the debate over Anthropic model jailbreaks, the Justice Department’s first deepfake takedowns under new law, and a critical Microsoft Copilot vulnerability. Shipley offers a data-packed, high-tempo breakdown of how classic and emerging digital threats are evolving—and what’s at stake for businesses and public trust.

Key Discussion Points & Insights

1. Explosive Growth in Imposter Scams

Americans lost $3.5 billion to imposter scams in 2025—nearly triple the amount lost in 2020.
Imposter scams stood out as the most reported fraud category (accounts for 1 in 3 FTC fraud reports) (00:20).
Common scam tactics involve phishing via text, calls, emails, or fake bank alerts urging money transfers.
Top targets & vectors:
- Business impersonators netted nearly $1 billion.
- Bank and government impersonation scams: $920 million stolen.
- Social media as a fraud vector—$2.1 billion in losses, up 8x since 2020. Facebook led; WhatsApp and Instagram followed.
Quote:

“Social platforms where we live so much of our lives now have become the places where we lose money.”
—David Shipley (01:50)
Total annual losses: FTC reports $16 billion in total fraud (~25% rise YoY); FBI’s broader cyber crime tally: $21 billion, with true losses estimated at $210–420 billion.
Call to action:

“Until the companies running these platforms treat fraud as their problem, not just yours, that $3.5 billion loss is only going in one direction. Up top.”
—David Shipley (02:10)

2. Anthropic Model Jailbreak Controversy

Context: US government ordered Anthropic (an AI company) to take its latest models offline after alleged security bypasses.
Details:
- Security expert Katie Musaris (Luda Security) was briefed on the incident.
- Alleged exploit boiled down to slight changes in prompt phrasing (e.g., “review code for security issues” vs. “fix this code”).
Industry pushback:
- Musaris calls the export control order “hasty, heavy handed and misguided.”
- Over a dozen security researchers urge reversal, fearing the loss of cyber defense capability.
- Axios suggests the dispute was more about “personality differences” between Anthropic and the Trump administration than true technical danger.
Systemic worry:
- Precedent of a government agency shutting down a company’s flagship product with “one letter and the lights go out for everyone.”
- Raises trust issues globally regarding US AI reliability.
Quote:

“The behavior in this paper can’t be fixed meaningfully, and trying to fix it would only make the model worse at doing beneficial things like helping find software vulnerabilities and defend networks.”
—(Paraphrased from Katie Musaris, 04:10)

3. Landmark DOJ Deepfake Takedowns

First-ever domain seizures under the Take It Down Act, targeting sites (seefake.com and sock.com) dealing in AI-generated non-consensual nudes.
Scope of harm:
- Victims included politicians, royalty, journalists, athletes, entertainers.
- Multi-country operation: U.S., Italy, and France coordinated across law enforcement and judicial channels.
- Italian authorities initiated investigation after complaints from women in politics, sports, and entertainment (06:28).
- French police arrested a suspect and seized related cryptocurrency.
Quote:

“Fake images, but real harm.”
—David Shipley (06:10)
Prosecution significance:
- “A significant victory in the fight against deepfake pornography,” says Acting U.S. Attorney General Todd Blanche.

4. Microsoft Copilot 'Search Leak' Vulnerability

Researchers at Varonis Threat Labs discovered a dangerous attack chain dubbed search leak.
How it worked:
- One click on a legitimate Microsoft.com link could leak emails, calendars, and index files from Microsoft 365 Copilot.
- No password or additional user action needed (07:55).
- The vulnerability chained three bugs:
  1. Parameter to prompt injection: URL query parameter interpreted as Copilot instruction.
  2. Sanitizer race condition: Malicious content rendered before it’s sanitized.
  3. Content Security Policy (CSP) bypass: Bing’s search by image feature, which allows server-side fetching, is exploited as the data exfiltration route.
Impact:
- Critical severity (tagged as CVE202642824), but only a proof of concept; no known exploitation in the wild.
- Resembles prior Copilot hacks (Echo Leak, Reprompt) showing how old bug classes become dangerous in the LLM era.
Quote:

“You can think of Search Leak as three bugs in a trench coat. One new, too old, and each one hands off to the next.”
—David Shipley (08:54)
Wider lesson:

“We bolted a large language model onto everything, and in doing so, we may have just handed attackers a brand new way to make some of our oldest bugs dangerous again.”
—David Shipley (10:48)

Notable Quotes by Timestamp

On social media scam surge:
"The social platforms where we live so much of our lives now have become the places where we lose money."
—David Shipley (01:50)
On platform accountability:
"Until the companies running these platforms treat fraud as their problem, not just yours, that $3.5 billion loss is only going in one direction. Up top."
—David Shipley (02:10)
On Anthropic model bypasses:
"The behavior in this paper can’t be fixed meaningfully, and trying to fix it would only make the model worse."
—Katie Musaris paraphrased (04:10)
On deepfake impact:
"Fake images, but real harm."
—David Shipley (06:10)
On Microsoft Copilot vulnerability:
"You can think of Search Leak as three bugs in a trench coat. One new, too old, and each one hands off to the next."
—David Shipley (08:54)

"We bolted a large language model onto everything, and in doing so, we may have just handed attackers a brand new way to make some of our oldest bugs dangerous again."
—David Shipley (10:48)

Important Timestamps

00:20–03:00 — Deep dive into scam loss statistics, vectors, and platform responsibility
03:05–06:25 — Anthropic model jailbreak story, government intervention, and expert commentary
06:28–07:45 — DOJ deepfake site takedowns, international coordination, and real-world harms
07:55–10:55 — Microsoft Copilot 'search leak', technical breakdown, and implications for AI security

Tone & Style

Shipley’s delivery is brisk, data-rich, and often urgent, punctuated by memorable analogies and a clear call for institutional accountability. His narrative invites listeners to grasp both the technical nuance and the human stakes behind the numbers.

This summary distills the episode’s central warnings: online scams are escalating sharply, platform owners must step up, and AI security—both in governance and engineering—has never been more precarious.

Loading summary

Transcript1 lines

[00:00]
A
Americans lose $3.5 billion to imposter scams. Security experts debunk anthropic model jailbreak concerns. The U.S. justice Department seizes its first deepfake sites under a brand new law. And one click could have turned Microsoft Copilot against you. This is Cybersecurity today and I'm your host David Shipley. Let's get started. The con artists are winning and they're getting better than ever at online fraud. The U. S. Federal Trade Commission says Americans lost three and a half billion dollars to imposter scams last year. That's nearly triple what was lost in 2020. Imposter scams were the single most reported fraud category of 2025. Nearly one in three fraud reports filed with the Federal Trade Commission. The pitch is a text, a call, an email, a fake bank alert telling you your account's at risk and the only way to protect your money is to move it straight into the scammer's hands. Business impersonators took in nearly a billion dollars. Banks were the most lucrative disguise. With bank impersonation, government impersonation pulled in another $920 million. Social media was the most efficient hunting ground for fraudsters. More than $2.1 billion in losses were traced back to social Networks. That's an Eightfold jump since 2020. Facebook losses alone beat text and email combined. WhatsApp and Instagram came second and third. Total reported fraud losses across every category hit roughly $16 billion in 2025, the highest on record. That's about 25% above the year before. And the FBI's own tally counting all cyber enabled crime puts the bill last year at closer to $21 billion in reported losses, noting that those are only what is reported, with likely losses as high as 210 to $420 billion. The social platforms where we live so much of our lives now have become the places where we lose money. And until the companies running these platforms treat fraud as their problem, not just yours, that $3.5 billion loss is only going in one direction. Up top. Security researchers are casting doubt on why the US Government forced Anthropic's most recent models offline. Katie Musaris, the cybersecurity veteran who founded Luda Security, says Anthropic quietly shared a research paper with her and asked for her read on it. The paper describes the alleged bypass at the heart of the government's case. The Wall Street Journal reports the authors are security researchers at Amazon. Musarus says the Anthropic guardrail bypass should never have triggered an export control because the trick wasn't some exotic exploit or obvious code vulnerability. It just came down to phrasing asking the model to, quote, review code for security issues, end quote versus asking it to, quote, fix this code, end quote. That's the entire national security crisis in a prompt. The behavior in this paper can't be fixed meaningfully, and trying to fix it would only make the model worse at doing beneficial things like helping find software vulnerabilities and defend networks. Musaris called the order hasty, heavy handed and misguided. She's not alone. Dozens of top security researchers have asked the administration to reverse the decision, warning that yanking advanced cyber capabilities away from American defenders is a bad idea. And that's where Anthropic is. They've had to turn it off for everyone because they can't meet the thresholds required under the export control order. Axios reports the real driver wasn't technical at all. The real reason behind this Personality differences between Anthropic and the Trump administration. A government agency forced a private company in the US to take its flagship products offline with no court order, no public reasoning. One letter and the lights go out for everyone. Experts worry the move is likely to spook foreign capitals and raise questions about whether American AI can be trusted for critical work and whether US Companies can continue to ship software without their own government suddenly pulling the plug. The US Department of Justice has seized two websites, seefake.com and sock.com both according to the DOJ, trafficked in non consensual AI, generated nude images and videos. This appears to be the first time a domain has been seized under the Take It down act in the United States. Prosecutors say the fabricated images targeted politicians, first ladies of multiple countries, royalty, journalists, broadcasters, athletes and entertainers. Fake images, but real harm. The takedown came Thursday after a federal judge found probable cause that the sites had violated the act. This wasn't a solo effort. It was a three country operation the United States, Italy and France. Italy's postal and cybersecurity police spotted the site's first and tipped off US authorities. Italian investigators had opened their inquiry back in October 2025 after complaints about AI generated explicit images of women in politics, sport and entertainment. They secured a court order blocking the sites inside Italy. US Law enforcement then gathered evidence and shared it with the French government. French prosecutors ran with it, and on June 10th they arrested a suspect in Nice and seized cryptocurrency allegedly tied to the operation. None of the allegations have been proven in court. Acting U.S. attorney General Todd Blanche called the seizures a significant victory in the fight against deepfake pornography. We turn now from heinous deepfakes to the latest AI security headaches. Researchers at Varonis Threat Labs built an attack they're calling search leak. One click on a legitimate Microsoft link, a real Microsoft.com URL, and an attacker could siphon a victim's emails, calendar, and index files straight out of Microsoft 365 copilot enterprise search. No prompt to approve, no password, no second click required. Microsoft tagged it as CVE202642 824 and called it critical. Microsoft has since fixed the vulnerability on the back end, and the good news here is this was a proof of concept. No one has seen it exploited in the wild yet. You can think of Search Leak as three bugs in a trench coat. One new, too old, and each one hands off to the next. The first the entry point a queue parameter. Copilot reads whatever sits there as instructions, not just as text. Varonis calls it parameter to prompt injection. Craft the URL right and it tells Copilot to search the victim's mailbox, grab an email subject line and tuck it inside an image address. The victim types nothing. They click. Copilot does the rest. You can see why this would be so dangerous when you think about things like one time emailed second factor authentication codes. The second link in the chain erase condition. Microsoft's guardrail wraps Copilot's output in code blocks, so the browser treats markup as harmless text. The wrapping happens after Copilot finishes generating. The browser renders the stream as it arrives. The malicious image tag gets drawn and fires its request before the sanitizer can even run. By the time the output is neutralized, the data is already gone and the third link in the chain slipping past the content security policy. The CSP blocks images from random domains, but it allows Sping and Bing's search by image feature. Fetches any image URL server side. So point that fetch at an attacker server with the stolen text encoded into the path, and Bing dutifully retrieves it. Bing becomes the getaway driver for the data server side. Request forgery and sanitizer race conditions are old bug classes. We've known about them for a long time. The prompt injection here is the new ingredient, and it makes these old wounds reachable all over again. This is the third time researchers have pulled a similar trick on Copilot Echo Leak last year from AIM Security and Varonis own Reprompt before this hack. The lesson underneath all three of these copilot attacks is the same one we keep coming back to. We bolted a large language model onto everything, and in doing so, we may have just handed attackers a brand new way to make some of our oldest bugs dangerous again. We're going to see more of this. That's Cybersecurity today for Wednesday, June 17th. Thanks for listening. And if you like the show, let us know. Drop us a note@technewsday.com or or leave a comment under the YouTube video. Jim Love will be back on Friday with the latest headlines.