Hacking Humans by N2K Networks

Episode: Seniors in Scam Crosshairs
Date: November 6, 2025
Theme:
This episode centers on the risks, tactics, and stories surrounding cybercrime, especially as it targets senior citizens. The hosts dissect the newest trends in deception, influence, and social engineering, drawing from the latest cybersecurity reports, scam case studies, and government advisories. By exploring both technical details and relatable anecdotes, the episode delivers practical guidance for listeners of all ages to recognize and resist scams.

Key Discussion Points & Insights

1. App Improvements to Counter Phone Scams

Timestamps: [00:46]-[03:07]

• Robinhood's New Banner:
  The hosts discuss a LinkedIn post highlighting Robinhood’s new interface improvement: when users open the app during a phone call, a banner warns, "We're not calling you. If the caller says they're from Robinhood, they're not. Hang up."

  • Maria: “Love it. Direct to the point.” [02:05]
  • Joe argues it is scalable, despite feedback to the contrary, and suggests every financial app should implement similar warnings, noting that Monzo bank did something similar in 2023.

• Myanmar Scam Centers Shutdown:
  Myanmar authorities are demolishing buildings used as scam centers, ensuring people are evacuated first and repatriated.

  • Dave: “I will add quickly that the people are out of them before they're blowing them up.” [03:29]

2. Listener Follow-Up and Terminology Fun

Timestamps: [04:02]-[09:01]

• CAC vs. “Cac” Debate:
  A listener challenges Joe’s pronunciation of CAC (Common Access Card), sparking a lighthearted debate.

  • Joe: “Four out of five people called it cac. One person said CAC card.” [05:28]
  • Jokes about redundant acronyms (e.g., “ATM machine”) and small sample sizes ensue.

• Chickens and Pup Cups:
  Listener Shannon shares a story about a chicken getting a “pup cup” at a drive-thru coffee spot—leading to humorous musings about pet ownership and animal behavior.

3. IoT Security Landscape: Bitdefender and Netgear 2025 Report

Timestamps: [10:02]-[23:33]
Host: Maria

• Smart Homes Under Attack:

  • Households now average 22 connected devices and face about 29 attacks daily—a dramatic increase from 10 attacks/day in 2024.
    • Maria: “Connected households like mine are under constant attack. Hooray.” [11:16]
  • Most attacks are “noisy,” often consisting of port scans and probing; homeowners are rarely aware.

• Device Types and Vulnerabilities:

  • Most common endpoints: mobile phones (20%), smart TVs (9.5%), and streaming devices (7.3%).
  • Over half of detected IoT vulnerabilities come from streaming devices, smart TVs, and IP cameras, mostly due to lack of patching.
    • Maria: “99.4% of IoT exploits target already known and fixed CVEs, not weak passwords.” [15:54]

• Severity and Attack Methods:

  • The average exploited vulnerability in consumer IoT is high: CVSS score of 7.8; not “critical” enough for vendor urgency, but ideal for attackers.
  • Buffer overflow and denial-of-service are most common; privilege escalation and code execution attacks are rare but catastrophic.

• Industrial IoT and Emerging Threats:

  • An expected shift toward industrial/commercial IoT attacks.
  • Widespread risk if attackers compromise shared libraries or over-the-air update services—e.g., cars or critical appliances.

• Protective Guidance:

  • Inventory all devices and disable unused ones.
  • Prioritize devices/brands with regular security patches.
  • Segment home network for IoT devices.
  • Patch devices promptly, keep an eye on available updates.
  • Avoid exposing devices directly to the internet wherever possible.
    • Maria: “My smart TV does not know the Internet exists and it never will. So it's a pretty dumb tv.” [22:58]

• Notable Quotes:

  • Dave: “Just because your device is working the way it should, it doesn't mean it hasn't been compromised.” [26:29]
  • Maria: “I genuinely don't know if there are signs your devices have been pwned anymore.” [27:52]

4. Personal Cloud Security Mishap – AWS Account Hack Story

Timestamps: [28:58]-[35:09]
Host: Dave

• Researcher’s Experience:
  A seasoned cloud architect details how his AWS account was compromised despite using multi-factor authentication, due to inadvertently exposing an access key in publicly accessible code.

  • Attackers created backdoor users, launched servers, and attempted to send phishing via the researcher’s domains.
  • Attackers flooded his inbox with spam as a distraction—so real AWS alerts would be buried.

• Key Lessons Learned:

  • Quick containment is critical: reset credentials, shut down rogue instances, contact the platform's support.
  • Never hardcode or expose secret keys in public code; use secure vaults.
  • Don’t trust AI/chatbots to verify the legitimacy of security alerts.
    • Dave: “Security isn't a feature you tack on later. It is a habit… If it can happen to someone who does this for a living, it can happen to anyone.” [33:00]

5. FTC Spotlight: How Scammers Target Seniors

Timestamps: [36:56]-[41:37]
Host: Joe

• Focus:
  FTC’s “False Alarm, Real Scam – How Scammers Are Stealing Older Adults’ Life Savings.”
  Older adults lose the most in financial terms per scam, but all ages are victims.

• Three Common Lies from Scammers:

  1. “Someone is using your accounts.”
     Fake “bank” or “Amazon” warnings about suspicious activity.
  2. “Your information is being used to commit crimes.”
     Callers pretend to be police/FBI, allege involvement in money laundering, CSAM, etc.
     • Joe: “Law enforcement doesn't work this way… they usually show up at your house.” [39:18]
  3. “There’s a security problem with your computer.”
     In-browser popups and fake support numbers.

• Statistics (2024, Reported Losses):

  • Under $10k: $41 million
  • $10k–$100k: $214 million
  • Over $100k: $445 million

• Prevention Tips:

  • Never move money under scammer instructions.
  • Always hang up and verify callers using real numbers.
  • Use call-blocking tools for spam calls.

• Quote:

  • Joe: “Hang up and verify.” [41:13]
  • Dave: “The phone doesn't even ring… Nobody calls anymore, you get a text!” [41:22]

6. Catch of the Day: Scambaiter Turns the Tables

Timestamps: [41:54]-[46:52]

• Scambait Subreddit Example:
  The hosts adapt a scambaiting text exchange between a supposed remote job recruiter and a savvy mark who derails the scam with absurdity and humor.
  • The “spammer” persists despite wild digressions, sending a photo and attempting to keep up the ruse.
  • The hosts play out the dialogue, ultimately warning listeners:
    • Dave: “We don’t recommend wasting scammers' time—these guys are good at their jobs!” [46:22]
    • Maria: (On scambaiting) “At the same time, it's fun to see when someone is able to keep them away from the rest of us.” [46:25]

Notable Quotes & Moments

| Timestamp | Speaker | Quote | |---------------|-------------|-----------| | 02:05 | Maria | “Love it. Direct to the point.” (On Robinhood’s banner) | | 05:28 | Joe | “Four out of five people called it cac. One person said CAC card.” | | 11:16 | Maria | “Connected households like mine are under constant attack. Hooray.” | | 15:54 | Maria | “99.4% of IoT exploits target already known and fixed CVEs, not weak passwords.” | | 22:58 | Maria | “My smart TV does not know the Internet exists and it never will. So it's a pretty dumb tv.” | | 26:29 | Dave | “Just because your device is working the way it should, it doesn't mean it hasn't been compromised.” | | 33:00 | Dave | “Security isn't a feature you tack on later. It is a habit… If it can happen to someone who does this for a living, it can happen to anyone.” | | 39:18 | Joe | “Law enforcement doesn't work this way… they usually show up at your house.” | | 41:13 | Joe | “Hang up and verify.” | | 41:22 | Dave | “The phone doesn't even ring… Nobody calls anymore, you get a text!” | | 46:22 | Dave | “We don’t recommend wasting scammers' time—these guys are good at their jobs!” |

Episode Flow

1. Listener feedback and follow-ups (App security improvements, Myanmar scam center news, funny animal stories)
2. Major Report Discussion: Bitdefender/Netgear IoT threat landscape
3. Real-World Scams:
   • Researcher’s AWS compromise due to an exposed access key
   • FTC advice for seniors on top scam tactics and defense
4. Scambaiting Segment: Humorous take on engaging with scammers, with a word of caution

Final Takeaways

• Senior Citizens Are Major Scam Targets: Scammers prey on older adults using proven psychological tricks and lies; awareness and verification are crucial.
• IoT Devices Increase Household Attack Surfaces: Most successful attacks leverage known vulnerabilities and the difficulty regular users have tracking and updating their devices.
• Security Hygiene Is for Everyone: Even experts fall victim when habits—like hardcoding secrets—slip.
• Stay Skeptical: Trust your gut, defend first, and investigate later if something feels off.
• Humor Helps, But Don’t Try This at Home: Disrupting scammers can be risky; prioritize your safety and security.

Useful Timestamps

• 00:46 – Robinhood anti-scam banner
• 10:02 – IoT security report breakdown (Maria)
• 28:58 – AWS compromise real-life case study (Dave)
• 36:56 – FTC scam spotlight on seniors (Joe)
• 41:54 – Scambaiting role play (all hosts)

For further resources, see the show notes for links to discussed articles, reports, and the scambait Reddit thread.