Hacking Humans – Scams That Steal More Than Money
Podcast: Hacking Humans, N2K Networks
Episode: Scams that steal more than money
Date: October 16, 2025
Hosts: Dave Buettner, Joe Kerrigan, Maria Varmazes
Episode Overview
This episode dives into the latest evolutions in scams and social engineering attacks, drawing from real news stories and listener submissions. The hosts explore how cybercriminals leverage human psychology to deceive, exploit, and steal—not just money, but also digital identities and trust. Highlighted are modeling scams targeting seniors, the meteoric rise of Bitcoin ATM fraud, and a particularly icky WhatsApp scam exploiting parental empathy. The team remains conversational and playful, but keeps a sharp focus on practical advice and red flags listeners should watch for.
Key Discussion Points & Insights
1. Modeling Scams Targeting Seniors
[03:08 – 12:23]
-
Shift in Target Audience
- Modeling scams, traditionally aimed at young hopefuls, are now increasingly targeting senior citizens.
- Example cases: 79-year-old Judy Corker and 73-year-old Roland Parker responded to ads searching for "mature models" (primarily on Facebook).
- Victims were enthusiastically accepted, then instructed to pay upfront for "professional photo portfolios" (£200–£300).
-
Scam Execution
- Victims told to visit legitimate photo studios—but the studios had no record of these bookings.
- Roland lost about £1,000 via PayPal’s "friends and family" payment, eliminating his ability to reclaim funds.
- Judy, however, used PayPal’s "goods and services" option and got her money back.
-
Payment Protections & Tricks
- Merchants pushing "friends and family" payments is a major red flag—these payments have no buyer protection and violate PayPal’s terms of service.
- Small businesses may encourage this to avoid fees, but it’s against policy and eliminates recourse for customers.
-
Prevention Tips
- Never pay upfront for work opportunities.
- Always verify the agency or recruiter.
- Use secure, protected payment methods.
- Avoid making rushed decisions.
- Report fraud (in the UK: Action Fraud; US: IC3).
-
Memorable Quote:
- “When a merchant says, ‘Hey, just send it friends and family,’ you tell them, ‘No, I’m sending it with the merchant thing because I want my protections.’” – Joe Kerrigan [08:03]
-
Anecdotes & Humor
- Maria recalls similar scams from her teenage years—a routine targeting girls turning 16 with “modeling cards.”
- Dave shares a tongue-in-cheek story about being cast for a charity shoot as a child, which thankfully never materialized.
2. Bitcoin ATMs as a Scam Vector
[13:26 – 29:00]
-
Explosive Use by Scammers
- Scammers stole nearly $250 million in 2024 using Bitcoin ATMs.
- These ATMs (often in gas stations and convenience stores) are disproportionately used as tools in scams, especially targeting older adults.
-
Legal & Regulatory Backlash
- DC (Washington) and Iowa have initiated lawsuits against major operators like Athena Bitcoin, Bitcoin Depot, and Coin Flip. Allegations include excessive, undisclosed fees and negligence towards scam use.
- In DC, 93% of transactions on Athena’s machines were linked to fraud; median victim age: 71.
-
Scammer Tactics
- Victims are directed (by scammers impersonating authorities or tech support) to deposit money at a Bitcoin ATM. The cash is irretrievable once converted to cryptocurrency.
- Real incident: A bystander, previously scam-victimized herself, prevented an elderly woman from losing $23,000.
-
Why Are These ATMs Problematic?
- Fees as high as 30% make legitimate consumer use unattractive.
- Despite claims of security checks (photo ID, phone verification), they remain a favorite channel for laundering funds and executing scams.
-
Host Insights
- Joe: “The majority of the purpose of these things is helping people commit scams or helping people launder money…” [21:17]
- Maria: “Every bitcoin ATM I have seen… is in the seediest, nastiest place. So, like, nothing about it engenders confidence that this is a good idea.” [25:14]
-
Potential Solutions
- Outlawing or strictly regulating Bitcoin ATMs in certain jurisdictions.
- Capping transaction amounts per day, though scammers could adapt to limits.
-
Host Recommendations
- If you see someone (especially elderly) making a large transaction at a Bitcoin ATM, consider checking in or alerting staff.
- Avoid using Bitcoin ATMs unless absolutely necessary; traditional exchanges are cheaper and safer.
3. WhatsApp “Vote for My Child” Scam
[30:11 – 37:48]
-
Scam Details
- Emerged in Central and Eastern Europe; not yet widespread in the US.
- Victims receive WhatsApp messages (often from friends’ accounts, already compromised) asking for help voting for a child in a scholarship contest.
- Phishing site requests the user's phone number and WhatsApp verification code.
-
Consequences
- Giving away the verification code hands control of your account to scammers.
- Compromised accounts spread the scam further, and subsequently may be used to solicit money from your contacts—often in small sums (€400).
-
Why It Works
- Leverages empathy for children and comes from trusted contacts.
- Well-localized: Messages tailored to native languages; realistic contest sites and photos make the scam convincing.
-
Business Impact
- In Europe, WhatsApp is a principal channel for personal and business communication—account loss can be devastating.
-
Preventive Advice
- Never share your WhatsApp verification code with anyone—ever.
- Enable two-step verification in WhatsApp for extra security.
-
Memorable Quote:
- "The pictures of these largely little girls are just like... it just gives me the ick. I don’t know if they’re real photos or not… but it’s just icky.” – Maria Varmazes [31:14]
4. Catch of the Day: The Barack Obama SEO Scam
[38:20 – 40:48]
-
Listener Submission
- Host reads a scam email allegedly from “Barack Obama” offering SEO services to get your website to the top of search results.
- Amusing banter as Dave attempts an Obama impression.
-
Scam Mechanism
- Impersonal, generic SEO pitches are rampant—beware any out-of-the-blue offers promising quick ranking boosts or website fixes, especially if they feign high familiarity or important-sounding senders.
-
Memorable Moment:
- "As the former leader of the free world, I can help get your webpage first.” – Dave Buettner (in Obama cadence) [40:48]
Notable Quotes & Memorable Moments
-
On PayPal Protections:
"When you send using the merchant thing, you get purchaser protections like a credit card… When you send as friends and family, you don’t get that protection. That money is gone." – Joe Kerrigan [07:09] -
On Bitcoin ATM Fees:
"I put five dollars in and got $3.50 in Litecoin… that’s 30% in fees. Took me years to break even. There may be no legitimate business purpose behind these ATMs." – Joe Kerrigan [18:57] -
On WhatsApp Verification:
"You definitely never want to share your WhatsApp verification codes, ever, ever, ever. Not even with friends or family." – Maria Varmazes [35:15]
Timestamps for Important Segments
| Segment | Timestamps | Key Topics | |------------------------------- |---------------|-------------------------------------------------| | Modeling Scams Overview | 03:08–12:23 | Seniors targeted, payment pitfalls, prevention | | Bitcoin ATM Scams | 13:26–29:00 | Regulatory action, scam mechanics, red flags | | WhatsApp "Vote for My Child" | 30:11–37:48 | Account takeover, empathy exploitation | | Catch of the Day: SEO Scam | 38:20–40:48 | Fake Obama email, SEO pitch scams |
Key Takeaways
- Always verify agencies and job offers—never pay upfront for "opportunities."
- Use protected payment methods. Decline requests to use “friends and family” for purchases.
- Be extremely wary of Bitcoin ATMs due to high fraud rates and fees.
- Never share account verification codes, especially for apps like WhatsApp.
- Empathy is weaponized in scams—pause before responding emotionally to “urgent” requests involving children, animals, or friends in need.
- Report scams to the appropriate authorities (Action Fraud, IC3).
For more resources and to report a scam, see the show notes or visit the official N2K CyberWire website.