Podcast Summary: Hacking Humans — "Identity theft gets a raise."
Release Date: March 5, 2026
Host: Dave Bittner
Co-hosts: Joe Kerrigan, Maria Varmanzas
Production: N2K Networks / CyberWire
Episode Overview
This episode dives into the evolving landscape of social engineering with a focus on new trends in identity-based scams. The hosts analyze recent cases where criminals have bypassed technical defenses through clever manipulation of human processes, discuss scams targeting authors, and explore recent law enforcement victories against gold bar scammers. The tone is investigative yet accessible, peppered with personal anecdotes and humor.
Key Discussion Points & Insights
1. The Power and Pitfalls of Language, AI, and Personalized Communication
- [00:38–09:17]
Hosts kick off with light banter about language (“irregardless”), illustrating how collective behavior changes norms. This segues into a listener comment about the outputs of AI models like ChatGPT differing due to user settings and interaction history. - Quote:
“Language adapts over time and people change it.” – Joe Kerrigan (02:11) - The team discusses how AI can personalize interactions based on user context or directives, and how these tools can become study partners or digital assistants.
2. Story 1: Payroll Pirates—Social Engineering in Healthcare
- [10:51–18:06]
Dave breaks down a true story from The Register about payroll diversion via social engineering at a healthcare organization.- Attackers accessed a shared mailbox using compromised credentials (11:48).
- They observed internal communication patterns to impersonate a physician, then called the help desk claiming an urgent lockout (12:25).
- Help desk, pressed by urgency, reset the physician’s credentials—including multi-factor authentication—granting the attacker access (12:55).
- The attacker changed payroll direct deposit info, rerouting the victim’s salary to their account undetected until the real physician noticed missing funds (13:44).
- Because the actions came from the trusted network and appeared routine, no security alerts were triggered (14:05).
- Notable Quotes:
“There was no malware, there was no flashy exploit, just pure social engineering and some weak processes within the organization.” – Dave Bittner (11:21)
“The security tools just saw what looked like a normal internal user. And there were no alarms.” – Dave Bittner (13:44) - The group reflects on the risk of shared mailboxes and lax internal controls, emphasizing that any financial transaction (like payroll changes) should demand extra scrutiny, akin to wire transfers.
- Takeaway:
Identity is increasingly the “new perimeter”—technical defenses mean little if trust is exploited at the human level.
3. Story 2: AI-Driven Author Scams and the Rise of Personalized Fraud
- [18:15–29:49]
Maria presents a piece from the New York Times about scammers targeting authors—especially those self-published or less well-known—via highly personalized phishing emails, often powered by AI.- Scammers impersonate industry professionals, leveraging detailed flattery about obscure works (19:06).
- Fake offers include marketing, proofreading, republishing, club appearances, and mentorship—eventually leading to requests for hefty fees (22:00).
- Resources like fraudulent “National Book Foundation” websites mimic legitimate institutions (20:08).
- The same scam strategies are targeting academics with offers for predatory journals and fake conferences (24:09).
- Notable Quotes:
“Authors famously have a lot of money, right?” – Maria Varmanzas (19:22, irony)
“These scams are targeting a lot of these authors’ insecurities... preying on people’s hopes and ego.” – Maria Varmanzas (25:43) - The hosts note the role of AI in escalating both volume and credibility, burning through spam filters and making targeting more convincing than ever.
- Related anecdote:
Dave and Maria share that even podcasters receive similar AI-driven scam emails.
4. Story 3: Cracking Down on Gold Bar Scams
- [31:16–45:29]
Joe reports on law enforcement busts around gold bar scams targeting the elderly, particularly in Texas.- Victims receive calls claiming their bank accounts are compromised and are instructed to convert savings into gold for “safe keeping” (31:58).
- Stolen gold is channeled to jewelry stores who melt it down or export it (33:22).
- Multiple raids have resulted in dozens of arrests and the seizure of millions in gold and cash, though only a small fraction of total losses has been recovered (34:09, 45:29).
- Notable Quotes:
“The jewelry business is tough… so if you can eliminate the cost of gold and just scam people out of their life savings… all profit operation.” – Joe Kerrigan (36:05) - The hosts discuss the unique challenges of tracking precious metals, the minimal regulation on melting gold, and share skepticism about jewelry business practices.
- Side anecdotes include stories about old classroom science practices and the changing landscape of school safety (39:56–44:54).
Memorable Moments & Quotes
- Shared mailbox risk as a “window into the organization” (17:04):
“It was a window into the organization and their processes.” – Joe Kerrigan - On scam psychology:
“If you’re already primed to think highly enough of yourself that other people are going to see what you have to say, does that prime you for these people coming in and reinforcing that notion?” – Dave Bittner (26:47) - On Keanu Reeves scams:
“Keanu Reeves has zero social media presence deliberately… if you ever get anything on social media from somebody claiming to be Keanu Reeves, it is not Keanu Reeves.” – Joe Kerrigan (52:37)
Timestamps for Important Segments
- [10:51] — Introduction to Payroll Pirates story
- [13:38] — Details of how the payroll diversion was executed
- [15:45] — Risks of shared mailboxes; discussion of email administration alternatives
- [18:15] — Start of AI-driven author scam story
- [24:09] — Academic scam extension and Nature journal expose
- [31:16] — Gold Bar Scam crackdown story begins
- [34:09] — Details of gold melting operations and legal nuances
- [46:11] — Catch of the Day: Keanu Reeves imposter scam
Catch of the Day
- Keanu Reeves Impersonation Scam
[46:11–53:09]
Maria and Dave perform a scammer exchange where a fraudster, posing as Keanu Reeves, awkwardly flatters and attempts to build rapport with a potential victim, eventually asking personal questions while mangling English and missing basic facts about the real actor.- “I am Keanu Reeves, a Canadian actor, musician, and producer renowned for my best roles in major action franchises like the Matrix and John Wick…” – “Keanu Reeves” scammer (47:26)
- “Keanu Reeves has zero social media presence deliberately…if you ever get anything on social media from somebody claiming to be Keanu Reeves, it is not Keanu Reeves.” – Joe Kerrigan (52:38)
Key Takeaways
- Identity is Now the Prime Vector: As technical barriers grow, social engineering increasingly exploits trusted identities and human processes.
- Personalization Elevates Scams: AI allows threats to be hyper-tailored, making even obscure creatives and professionals vulnerable.
- Old Scams, New Tricks: Classic scams (e.g., gold cons, vanity press) are being revitalized and scaled by technology and globalized fraud networks.
- Vigilance is Paramount: Both individuals and organizations must reevaluate processes and maintain skepticism—especially when flattery, urgency, or unexpected windfalls arrive.
- Critical Controls: Treat changes to sensitive information (like payroll or deposits) as high-risk financial events needing extra verification.
- No One is Above Social Engineering: From doctors to authors to academics—anyone with an ego or reputation to defend is a target.
For full stories and resources, see linked show notes from the episode.