No cameras, no crew—just code.

Summary

Podcast Summary: Hacking Humans Episode: No Cameras, No Crew—Just Code Release Date: June 5, 2025 Host: Maria Varmazes & Joe Kerrigan

Introduction

In this episode of Hacking Humans, hosted by Maria Varmazes and Joe Kerrigan from N2K Networks, the hosts delve into the evolving landscape of cyber threats, focusing on sophisticated phishing scams, the rise of AI-generated deceptive content, and employment scams targeting unsuspecting individuals. The discussion is enriched with real-world examples, listener interactions, and expert insights, providing listeners with a comprehensive understanding of the current cyber threat landscape.

Verifying Class Action Notices

Maria begins the episode by addressing a listener's concern regarding the authenticity of class action lawsuit notices—a common phishing tactic aimed at extracting personal information.

Notable Quote:

Maria Varmazes [04:57]: "The best way to verify whether a class action notice is real is to contact the firm that represents the class, that is the attorneys, that represents the plaintiffs."

Key Points:

Identification of Scams: Many fake class action notices promise money in exchange for personal information, often amounting to negligible sums (e.g., 50 cents).
Verification Steps:
- Contact the Law Firm Directly: Legitimate notices will provide contact information linked to actual legal documents.
- Check for Legal Documentation: Authentic class actions will reference court documents like complaints or settlement agreements.
Misconceptions Addressed: Attorneys responding to these queries clarify that they do not receive the funds directly; instead, funds are distributed appropriately.

Phishing Through Calendar Invitations

The hosts discuss the growing trend of phishing attempts using calendar invites, particularly within email clients like Microsoft Outlook and Gmail.

Notable Quote:

Joe Kerrigan [08:28]: "I have not seen this happen, but I've heard about this happening like in Gmail, that you can get a Gmail calendar invite and what happens is that that's a way to get around spam filters."

Key Points:

Mechanism of Attack: Cybercriminals send malicious calendar invites that, when interacted with, can compromise the user's system or validate active email addresses for further attacks.
User Mitigation Strategies:
- Avoid Interacting with Suspicious Invites: Simply deleting the email without responding can prevent further engagement.
- Configure Email Settings: Adjust settings to prevent automatic addition of calendar events unless explicitly approved.
- Consult IT Administrators: Organizations can implement stricter filtering and user education to handle such threats effectively.

The Rise of AI-Generated Deceptive Content

A significant portion of the episode is dedicated to the advancements in AI-generated videos and their implications for cybersecurity and misinformation.

Notable Quotes:

Maria Varmazes [22:15]: "So I guess a spoiler alert for our listeners is that when we do this show, we have a script where we share links as we're talking."

Joe Kerrigan [27:33]: "The reason I say that one is because there's one up here about a news footage about Russia invading the United States."

Key Points:

Advancements in AI Video Production: Tools like Google's VO3 have reached a level of realism that makes AI-generated content nearly indistinguishable from genuine footage.
Potential Misuses:
- Misinformation Campaigns: Realistic fake news videos can spread false information rapidly, causing public panic or manipulating opinions.
- Influencer Imitation: AI can create convincing videos of influencers performing dangerous or nonsensical stunts, potentially leading to real-world imitation with harmful consequences.
Listener Concerns: Both hosts express worry about the societal impact, especially on younger audiences who may be more susceptible to believing such content.
Handling AI Content:
- Critical Viewing: Encouraging skepticism and verification when encountering video content that seems unusual.
- Regulatory Measures: The need for stricter controls and verification mechanisms to combat the spread of AI-generated misleading content.

Employment Scams: A Modern Threat

The episode also highlights the prevalence of employment scams, where fraudsters pose as recruiters offering enticing job opportunities to extract personal information or exploit individuals.

Notable Quote:

Joe Kerrigan [37:20]: "I don't know what the, what the end game is here. Maybe it's a, maybe it's an employment scam where, you know, an advanced, an advanced check scam."

Key Points:

Characteristics of Scams:
- Generic Job Offers: Offers encompassing a wide range of roles (e.g., data entry, project management) without specificity.
- Suspicious Communication Channels: Legitimate companies typically use corporate email addresses, not generic ones like Gmail, for recruitment.
- Unrealistic Job Descriptions: Positions that are vague or require minimal qualifications often signal fraudulent intent.
Red Flags Identified:
- Overly Broad Job Listings: Legitimate job postings usually target specific roles with clear responsibilities.
- Verification Requests: Emails asking for personal information without a formal application process.
Preventive Measures:
- Research the Employer: Verify the company's official contact channels and legitimacy before responding.
- Avoid Sharing Sensitive Information: Refrain from providing personal data until the authenticity of the job offer is confirmed.

Conclusion

In this episode, Maria Varmazes and Joe Kerrigan shed light on the sophisticated methods cybercriminals employ to deceive and exploit individuals and organizations. From verifying the legitimacy of class action notices and safeguarding against phishing via calendar invites to understanding the dangers posed by AI-generated content and employment scams, the hosts provide invaluable insights and practical advice to help listeners navigate and mitigate these evolving threats. The discussion underscores the importance of vigilance, continuous education, and proactive measures in the face of advancing cyber deception techniques.

Additional Resources

Listeners’ Engagement: The hosts encourage listeners to share their experiences and tips regarding phishing scams and employment frauds.
Sponsor Information: While sponsorship messages are interspersed, the focus remains on delivering actionable cybersecurity knowledge to the audience.

Notable Mentions:

ThreatLocker: The episode includes promotional segments by ThreatLocker, highlighting their Zero Trust Endpoint Protection platform, emphasizing the importance of allowing only trusted applications and blocking all others to safeguard against cyber threats.

For more insights and updates on cybersecurity threats and social engineering tactics, subscribe to "Hacking Humans" on your preferred podcast platform and stay informed to keep your digital environments secure.

Summary

Podcast Summary: Hacking Humans Episode: No Cameras, No Crew—Just Code Release Date: June 5, 2025 Host: Maria Varmazes & Joe Kerrigan

Introduction

Verifying Class Action Notices

Maria begins the episode by addressing a listener's concern regarding the authenticity of class action lawsuit notices—a common phishing tactic aimed at extracting personal information.

Notable Quote:

Maria Varmazes [04:57]: "The best way to verify whether a class action notice is real is to contact the firm that represents the class, that is the attorneys, that represents the plaintiffs."

Key Points:

Identification of Scams: Many fake class action notices promise money in exchange for personal information, often amounting to negligible sums (e.g., 50 cents).
Verification Steps:
- Contact the Law Firm Directly: Legitimate notices will provide contact information linked to actual legal documents.
- Check for Legal Documentation: Authentic class actions will reference court documents like complaints or settlement agreements.
Misconceptions Addressed: Attorneys responding to these queries clarify that they do not receive the funds directly; instead, funds are distributed appropriately.

Phishing Through Calendar Invitations

The hosts discuss the growing trend of phishing attempts using calendar invites, particularly within email clients like Microsoft Outlook and Gmail.

Notable Quote:

Joe Kerrigan [08:28]: "I have not seen this happen, but I've heard about this happening like in Gmail, that you can get a Gmail calendar invite and what happens is that that's a way to get around spam filters."

Key Points:

Mechanism of Attack: Cybercriminals send malicious calendar invites that, when interacted with, can compromise the user's system or validate active email addresses for further attacks.
User Mitigation Strategies:
- Avoid Interacting with Suspicious Invites: Simply deleting the email without responding can prevent further engagement.
- Configure Email Settings: Adjust settings to prevent automatic addition of calendar events unless explicitly approved.
- Consult IT Administrators: Organizations can implement stricter filtering and user education to handle such threats effectively.

The Rise of AI-Generated Deceptive Content

A significant portion of the episode is dedicated to the advancements in AI-generated videos and their implications for cybersecurity and misinformation.

Notable Quotes:

Maria Varmazes [22:15]: "So I guess a spoiler alert for our listeners is that when we do this show, we have a script where we share links as we're talking."

Joe Kerrigan [27:33]: "The reason I say that one is because there's one up here about a news footage about Russia invading the United States."

Key Points:

Advancements in AI Video Production: Tools like Google's VO3 have reached a level of realism that makes AI-generated content nearly indistinguishable from genuine footage.
Potential Misuses:
- Misinformation Campaigns: Realistic fake news videos can spread false information rapidly, causing public panic or manipulating opinions.
- Influencer Imitation: AI can create convincing videos of influencers performing dangerous or nonsensical stunts, potentially leading to real-world imitation with harmful consequences.
Listener Concerns: Both hosts express worry about the societal impact, especially on younger audiences who may be more susceptible to believing such content.
Handling AI Content:
- Critical Viewing: Encouraging skepticism and verification when encountering video content that seems unusual.
- Regulatory Measures: The need for stricter controls and verification mechanisms to combat the spread of AI-generated misleading content.

Employment Scams: A Modern Threat

The episode also highlights the prevalence of employment scams, where fraudsters pose as recruiters offering enticing job opportunities to extract personal information or exploit individuals.

Notable Quote:

Joe Kerrigan [37:20]: "I don't know what the, what the end game is here. Maybe it's a, maybe it's an employment scam where, you know, an advanced, an advanced check scam."

Key Points:

Characteristics of Scams:
- Generic Job Offers: Offers encompassing a wide range of roles (e.g., data entry, project management) without specificity.
- Suspicious Communication Channels: Legitimate companies typically use corporate email addresses, not generic ones like Gmail, for recruitment.
- Unrealistic Job Descriptions: Positions that are vague or require minimal qualifications often signal fraudulent intent.
Red Flags Identified:
- Overly Broad Job Listings: Legitimate job postings usually target specific roles with clear responsibilities.
- Verification Requests: Emails asking for personal information without a formal application process.
Preventive Measures:
- Research the Employer: Verify the company's official contact channels and legitimacy before responding.
- Avoid Sharing Sensitive Information: Refrain from providing personal data until the authenticity of the job offer is confirmed.

Conclusion

Additional Resources

Listeners’ Engagement: The hosts encourage listeners to share their experiences and tips regarding phishing scams and employment frauds.
Sponsor Information: While sponsorship messages are interspersed, the focus remains on delivering actionable cybersecurity knowledge to the audience.

Notable Mentions:

ThreatLocker: The episode includes promotional segments by ThreatLocker, highlighting their Zero Trust Endpoint Protection platform, emphasizing the importance of allowing only trusted applications and blocking all others to safeguard against cyber threats.

wavePod

Powered by Wave AI

Summary

Introduction

Verifying Class Action Notices

Phishing Through Calendar Invitations

The Rise of AI-Generated Deceptive Content

Employment Scams: A Modern Threat

Conclusion

Additional Resources

Summary

Introduction

Verifying Class Action Notices

Phishing Through Calendar Invitations

The Rise of AI-Generated Deceptive Content

Employment Scams: A Modern Threat

Conclusion

Additional Resources