Hacking Humans – “Scammers are recruiting.”

Podcast: N2K Networks – CyberWire
Date: September 18, 2025
Hosts: Dave Bittner, Joe Kerrigan, Maria Varmazes
Theme: Deception, influence, and social engineering in cyber crime: how scammers recruit, manipulate, and entrap victims using evolving psychological and technological tactics.

Episode Overview

This episode explores the growing sophistication of social engineering scams, specifically focusing on how criminals recruit both victims and unwitting accomplices. Highlights include a breakdown of the “scammer psychological kill chain,” an analysis of recruitment scams preying on job seekers, and a case study of an investment scam that morphed into a Ponzi scheme.

Key Discussion Points and Insights

Conference Scam Warning

[00:38–02:06]

• Listener McCall warns about a scam targeting conference speakers.
  • Scammers scrape conference websites, impersonate organizers or booking agents, and lure speakers to book accommodation through bogus sites.
  • Red flags: unsolicited communication, urgency, requests for up-front payment, and “official” looking but unverified contacts.
• Joe Kerrigan: “How do they find out if you’re going to go to the conference? … You could just go after the speaker list.”
  (00:31–01:41)
• Maria Varmazes: “Get them to log into a fake site with travel information and profit. Yeah, that’s a new one.”
  (01:41)

Takeaway: Always verify directly with organizers before taking action on unsolicited booking emails.

The Scammer Psychological Kill Chain & Counter-Rules

[03:19–10:51]

• Shared by an anonymous former federal law enforcement officer, this model likens scam operations to military strategy: “Instead of seizing territory, they’re capturing trust.” (03:31–03:38)

The Kill Chain Stages:

1. Stage 0 — Reconnaissance:
   • Preparation: fake websites, spoofed numbers, scripts. Victim unaware.
2. Stage 1 — Initial Contact:
   • Tactical outreach—text, email, or call—crafted to seem innocuous and gain attention.
3. Stage 2 — Pretext:
   • Emotional hooks: stories about banking, taxes, romance, etc.
4. Stage 3 — Trust Building:
   • Scammer becomes confidant/mentor, eroding skepticism.
5. Stage 4 — Foothold Establishment:
   • Victim is directed to comply with small actions (installing apps, following protocols).
6. Stage 5 — Escalation:
   • Larger asks; limited choices; victim feels trapped.
7. Stage 6 — Execution:
   • The scammer extracts money, data, etc., while keeping the victim within their control.
8. Stage 7 — Aftermath Control:
   • Scammer either vanishes or continues to manipulate for potential further exploitation.

• Joe Kerrigan:
  “By the time you get contacted in like stage one…they've already done a lot of legwork. So that legwork helps them seem legitimate.” (06:10–07:07)
• Maria Varmazes:
  “It's that asymmetry…you're in a way almost outgunned from the beginning.” (07:13–08:14)
• Dave Bittner:
  “Scammers don’t just improvise. They operate with a precision that looks a lot like military doctrine.” (03:33–03:37)

Counter-Rules (Defensive Behaviors):

• Never trust incoming calls or texts.
• Never click on unknown links.
• Never pay with gift cards, crypto, or wire transfers.
• Never allow remote access to your device.
• Hang up if told to keep things secret or to “stay on the line.”
• Caller ID can be faked; urgency is the scammer’s “sharpest weapon.”

Levels of Scams:

• Level 1: Quick hits (smishing, QR code traps, antivirus scams)
• Level 2: Structured authority (fake IRS, bank, tech support)
• Level 3: Emotional manipulation (romance, “pig butchering”)
• Level 4: Synthetic reality (AI group chats, fake dashboards, deepfakes)
• Level 5: Closed world (completely immersive scam universe)

Quote:
“Urgency – that’s the scammer’s sharpest weapon.”
— Dave Bittner (09:00)

Discussion: The Evolution and Dangers of Modern Scams

[10:51–13:51]

• Level 4 (AI-driven, synthetic reality) scams are now trivial to execute due to technology, making comprehensive closed-world scams (Level 5) more common and dangerous.
• Maria Varmazes:
  “Level 4 is becoming much more commonplace. …I’m really worried. I’m not trying to freak people out, but…I’m just going. This, this actually kind of scares me right now thinking about it in this way.” (11:05–11:56)

The Rise and Mechanics of Job Recruitment Scams

[13:51–24:23]

• Job scams are surging — up 1000% according to a McAfee/Newsweek report.
• Multi-channel attacks: scammers target job-seekers via email, text, WhatsApp.
• Case (Lisa Owens):
  • Received an unsolicited check for $2,864 after being “hired” as a personal assistant; it was fraudulent.
  • Was recruited to repost legitimate apartment listings with fake security deposit amounts and contact info: effectively, she was being groomed as a “money mule.”
  • Maria Varmazes:
    “She was doing the legwork. She was the mule. …Her legitimate Facebook account…made it look super legit. Isn’t that nice for the scammers?” (17:29–17:54)
• Key warning signs: Offers that are too good to be true, up-front money, redirection to third-party services, high urgency, and being asked to “help” with other transactions.

Advice:

• Always verify job offers with the company directly.
• Don’t trust unsolicited messages.
• Avoid third-party check-cashing services; ideally, use your own bank and await funds clearance.

Quote:
“A lot of these job offers may have you do something quasi legit-ish, but you’re helping to run fraud. So then you could be implicated in fraud. …That’s wicked, wicked bad bad.”
— Maria Varmazes (19:49)

Analysis: Are Check-Cashing Services a Protective Shield?

[20:49–23:19]

• The hosts discuss whether check-cashing services, frequently targeted by fake check scams, have stronger fraud detection than banks, concluding that while they may be more skeptical and see more bad checks, they are not a recommended shield for consumers.

Case Study: The Forex Investment Scam That Became a Ponzi (With a Twist)

[25:52–37:41]

• Story:
  Two men (Rodriguez & Carrion) created Technical Trading Team LLC, promising safe, high-yield returns (18–24%) using “safeguards” that didn’t exist.
  • Made false claims (reserve accounts, promises not to risk more than 1% of funds, etc.).
  • When investment losses mounted, they began paying old investors using money from new investors, making it a Ponzi scheme.
• Joe Kerrigan (on promises made):
  “Here is where I would start having a question... You're gonna get me 18 to 24% return on my investment by only putting in 1% of what I'm giving you? Why do you need the other 99% of my money?” (32:01–32:43)
• The twist: The scam started as a high-risk (but not outright fraudulent) fund and only turned into a Ponzi scheme later to cover losses.
• Key Red Flags:
  • Unusually high, “guaranteed” returns.
  • Claims of safety with no actual safety nets.
  • Nonexistent or unverifiable reserve accounts.
• Practical lesson: If someone promises guaranteed high returns with no risk—run.

Catch of the Day: Amazon Recall Text Scam

[38:01–43:16]

• Example Scam: Group SMS claims an “Amazon recall” for a product purchased in August 2025.
  • Lures with urgency and lack of details (“your product has been recalled, click here for a refund”), prompting recipients to recall every item they might have ordered.
• Maria Varmazes:
  “I’ve gotten actual recall notices and they do email you and they tell you what the product is.” (39:54–40:04)
• Dave Bittner:
  “That is actually a really good point in that we have so many things on auto renew at this point for Amazon.” (39:26–39:37)
• Analysis: The scam leverages anxiety (“safety concern”) and ambiguity to prompt hasty, risky clicks.

Notable Quotes

• “Scammers don’t just improvise. They operate with a precision that looks a lot like military doctrine. But instead of seizing territory, they’re capturing trust.”
  — Dave Bittner (03:33–03:38)

• “It’s that asymmetry…you’re almost outgunned from the beginning.”
  — Maria Varmazes (07:13–08:14)

• “Urgency – that’s the scammer’s sharpest weapon.”
  — Dave Bittner (09:00)

• “A lot of these job offers may have you do something quasi legit-ish, but you’re helping to run fraud. …That’s wicked, wicked bad bad.”
  — Maria Varmazes (19:49)

• “Here is where I would start having a question. …You’re gonna get me 18 to 24% return on my investment by only putting in 1% of what I’m giving you? Why do you need the rest…?”
  — Joe Kerrigan (32:01–32:43)

Timestamps for Key Segments

• Conference scams & warning: 00:38–02:06
• Scammer psychological kill chain: 03:19–10:51
• Scam levels & trends: 10:51–13:51
• Job scam surge analyzed: 13:51–24:23
• Check-cashing defense discussion: 20:49–23:19
• Forex/Ponzi investment scam: 25:52–37:41
• Catch of the Day (Amazon recall scam): 38:01–43:16

Conclusion

This episode underscores the rapid evolution and diversification of scams—from the social engineering “kill chain” and high-tech synthetic scams to the recruitment of unwitting job seekers as accomplices. The hosts stress vigilance, skepticism of urgency and “too good to be true” offers, and the importance of sharing stories to keep everyone alert. Listeners are encouraged to send in their own scam stories to help educate the community.