Hacking Humans: "Lock your doors and check your URLs."
Podcast: Hacking Humans (N2K Networks)
Episode Date: October 2, 2025
Theme: Deception, influence, and social engineering in the world of cyber crime.
Episode Overview
In this episode, Dave Bittner and Joe Kerrigan, later joined by Maria Varmazes (post power outage!), dive into the latest scams, social engineering attacks, and news in cyber crime. They dissect a significant targeted crypto scam leveraging data breach info, explore impersonation of the FBI’s crime reporting portal, discuss classic “white van” sales cons, analyze regulatory pressure on dating apps to fight romance scams, and wrap up with a wry catch-of-the-day scam exchange. The episode highlights persistent attack vectors, evolving scam tactics, and the importance of skepticism and vigilance.
Key Discussion Points & Insights
1. October is Cybersecurity Awareness Month
- [01:31] Joe reminds listeners it's Cybersecurity Awareness Month, poking fun at the flood of PR emails that arise.
"At the Cyber Wire, where every month is Cybersecurity Awareness Month." – Joe Kerrigan [02:01]
- Warning: Don't abbreviate as "CSAM"—it's an unrelated, sensitive acronym.
2. Major Story: Targeted Cryptocurrency Scam in North Wales
The Scam:
- [04:09] Joe shares a BBC story: North Wales police warn of a sophisticated scam after a victim lost £2.1 million in Bitcoin.
- Attacker posed as a senior UK officer, convincing the victim (post-data breach) that his crypto wallet was at risk.
- The “officer” directed the victim to enter his wallet seed phrase on a phishing site, giving attackers full control.
The Data Breach Angle:
- Breach Source: Possibly linked to the August Coinbase breach (photo ID, last four SSN digits, email, phone harvested).
- [07:18] Seed phrase = full control:
"What you're doing when you enter your seed phrase is you are essentially giving the attackers access to the private keys of that wallet..." – Joe Kerrigan
Why This Matters:
- Attackers are leveraging just enough breached PII to craft believable pretexts.
- Most people underestimate how available their compromised data is:
"...it was alarming to me and to Tony that a lot of people did not know that their information had been breached." – Joe [08:48]
- Attackers can convincingly impersonate authorities, banking reps, or platform support.
Takeaways:
- Assume your data is in criminal hands.
- Never enter your crypto seed phrase online upon request, for any reason.
- [14:26] "If someone wants [your data] bad enough, they can get it." – Dave Bittner
3. FBI Portal Impersonation Scam ([14:43])
- [14:45] Dave describes adversaries publishing fake versions of the FBI’s Internet Crime Complaint Center (IC3) site.
- Victims report crimes, then scammers reach out for more sensitive info.
- [16:09] “The FBI says, please be vigilant and know that ic3.gov is the actual address...”
- Search results and ads can place fraudulent sites ahead of official ones.
- Memorable Quote:
"Ironically, if you find yourself falling victim to this, the FBI would like you to report it at the actual IC3." – Dave Bittner [16:09]
4. Classic White Van/Back-of-the-Truck Scam Evolves ([16:38])
- Dave recounts the “white van” scam:
- "Extra" goods (once stereo speakers, now projectors) "left over" from deliveries are sold at "deep discounts."
- His own son fell for this with a cut-rate projector.
- Fake "inventory manifests" are used for credibility; the goods are often worth much less than claimed, may stop working quickly.
- [20:28]
"He got off easy. This is a $300 educational experience." – Joe Kerrigan
Discussion: Buying Bootleg Goods
- Maria: Sometimes "bootlegs" are knowingly bought, but random solicitations (especially with urgency or an overly good deal) should raise red flags.
"Even if you know... this is still a bargain but I’m still getting ripped off..." – Maria Varmazes [22:51]
- With tight budgets, these scams are expected to surge.
5. Regulatory Spotlight: Romance Scams & Dating Apps ([27:32])
- [27:32] Maria covers bipartisan Senate pressure on Match Group (Tinder, Hinge, OkCupid, Match) to address romance scams.
- Senators request details of anti-fraud policies and user protections by Oct 15th.
- The problem: $16 billion in cybercrime losses this year tied to romance scams on dating apps (FBI data).
- Industry response: Match says they have tools like “face check” (ID verification).
- Broader context:
- Past FTC accusations that Match inflated numbers with fake profiles (DOJ dropped case).
- Senate concern is ongoing, non-partisan.
- Personal Touch: Maria met her husband on OkCupid 15 years ago, noting it was much safer and less scam-prone then. Today, her friends recount frequent scam attempts, often by fake profiles:
"...it's just completely different...it might as well have been the Stone Age." – Maria [34:36]
Anecdotes about Online Dating Then vs. Now
- Joe (hypothetical): Would insist on a daytime coffee as the first step—Maria cautions this is now “a high bar” and most scammers never get that far due to increased sophistication.
- The panel acknowledges the emotional vulnerability (and thirst for connection) that scammers exploit.
6. Catch of the Day: "Sister Died" (A Scam Exchange Skit) [35:35]
Origin: r/scambait
- A scammer's wrong-number ploy gets subverted by the recipient repeatedly claiming their (imaginary) sister died.
- The scammer, exasperated, finally breaks character:
"You don't have a sister. You know how I know that? If you did, you wouldn't keep killing her over and over with your words just to get rid of me." – Scammer (Maria) [37:04]
- Everyone cracks up at the absurdity and the fourth-wall-breaking.
Notable Quotes & Memorable Moments
-
“At the Cyber Wire, where every month is Cybersecurity Awareness Month.”
– Joe Kerrigan [02:01] -
“Assume your information is breached. It’s all out there. It’s all on the Internet. These people know things like where you bank...”
– Joe Kerrigan [10:16] -
"Nothing is sacred to these people... Who should we imitate?... The FBI!"
– Dave Bittner [15:02] -
“He got off easy. This is a $300 educational experience.”
– Joe Kerrigan [20:28] -
“As for bootlegs... you can have a lot of fun looking at the bootleg markets in some places.”
– Maria Varmazes [23:44] -
"This is going to resurge like crazy."
– Maria, on the return of budget-driven scams [23:43] -
“It was alarming... that a lot of people did not know that their information had been breached.”
– Joe Kerrigan [08:48] -
"I just hope to never need to do it [online dating]."
– Dave Bittner [35:03] -
"If you keep sending [coffee] to him, he'll give it to me!"
– Joe Kerrigan (in lighter banter) [38:50]
Timestamps for Key Segments
- [01:31] Cybersecurity Awareness Month banter
- [04:09] N. Wales £2.1M Bitcoin scam details
- [07:18] Why seed phrases are all-powerful
- [08:48] People unaware their data is breached
- [14:43] Fake FBI IC3 site scam
- [16:38] “White Van” scam (modern projector version)
- [20:28] Son's scam: $300 “educational experience”
- [22:51] Maria on knowingly buying bootlegs
- [27:32] Senate grills Match Group on romance scam crackdown
- [34:36] Maria: Online dating now vs. then
- [35:35] Catch of the Day (“Sister Died” scam exchange)
Episode Tone and Style
Conversational, affable, and deeply knowledgeable, with the hosts trading jabs and personal anecdotes alongside practical, actionable advice. The trio blends dark humor and lived experience to ground complex cyber topics in real-world, relatable moments.
Conclusion: Practical Recommendations
- Be (healthily) skeptical: Never give out sensitive login credentials or seed phrases, no matter how compelling the pretext.
- Double-check URLs: Especially for reporting portals or anything "official" — stick to known .gov websites.
- Recognize your info is out there: Operate on the assumption attackers can present convincing details about you.
- Bootlegs and bargains: Too-good-to-be-true deals are almost always just that.
- Dating platform users: Stay wary—romance scams are a lucrative, evolving threat.
For further reading and referenced stories, see the episode’s show notes.