The many faces of fraud.

Summary

Podcast Summary: Hacking Humans – "The Many Faces of Fraud"

Podcast Information:

Title: Hacking Humans
Host/Author: N2K Networks
Description: Deception, influence, and social engineering in the world of cybercrime.
Episode: The Many Faces of Fraud
Release Date: June 26, 2025

1. Introduction and Listener Interaction (00:02 - 09:57)

Dave Bittner and Joe Kerrigan open the episode, welcoming listeners to "Hacking Humans," a podcast dedicated to uncovering social engineering schemes and cybercrimes affecting organizations globally.

Listener Message from Abdusaboor (00:51 - 08:00): Abdusaboor writes in about suspicious text messages received by him and his wife, urging them to meet at a specific address in Marietta, Georgia. Concerned about a possible data breach, he questions whether phone numbers, addresses, and zip codes were compromised.

Joe Kerrigan advises:

"Don't go to the address. It kind of goes without saying." [00:51]

Maria Varmazes reveals:

"It's an Ollie's Bargain Outlet." [03:27]

The hosts discuss the possibility of the message being an advertising scam linked to Ollie's, a deep discount store. They explore how scammers might exploit familiar brands to gain trust, emphasizing skepticism towards unsolicited messages.

2. Phishing Attempt on Hosts (09:09 - 10:07)

Maria Varmazes shares a personal experience of receiving a phishing attempt:

"Someone attempted to phish us, so it kind of made me feel a little indignant, like, who's doing this? How dare you?" [09:16]

She describes a fake DocuSign contract sent to their email, highlighting the importance of vigilance even among cybersecurity professionals.

3. Identity Theft and Student Loan Fraud (10:52 - 19:00)

Joe Kerrigan presents a story reported by Sharon Lurie at The AP and ABC about identity theft targeting community college students.

Case of Heather Brady (10:52 - 12:04): Heather Brady from San Francisco finds unauthorized student loan applications and $9,000 loans taken out in her name at Western Arizona College. She discovers this when reviewing her financial aid records, leading to concerns about data breaches and identity theft.
Use of AI and Ghost Students (12:04 - 15:46): The episode delves into how scammers exploit AI to create "ghost students" who enroll in classes and apply for financial aid, thereby siphoning funds from government programs. These fake identities generate student loans that are misappropriated for personal gain.

Joe Kerrigan emphasizes:

"They have chatbots go so far as to join the classes." [13:11]

Maria Varmazes questions the system:

"Since when does a loan go okay? We trust you to just take as much money as you want." [14:51]
Impact and Legal Considerations (15:13 - 19:00): The Department of Education acknowledges the severe threat posed by such fraud. The hosts discuss the challenges victims face in disputing fraudulent loans and the potential legal avenues available to them.

Joe Kerrigan advises:

"Don't, under any circumstances, agree to any part of any loan that you've ever been that has ever been fraudulently taken out in your name." [17:24]

4. Cybercriminals Posing as Job Seekers on LinkedIn (20:52 - 26:00)

Dave Bittner introduces a story from The Record by Recorded Future about recruiters on LinkedIn receiving deceptive messages from fake job seekers.

Sophisticated Scam Tactics (20:52 - 25:45): Scammers send messages that appear legitimate but lack clickable links, forcing recruiters to manually enter URLs. These websites employ guardrails to filter out security tools and non-Windows users, ensuring only targeted victims download malicious files.

Dave Bittner highlights:

"There’s no link. So if you do type in the URL bobbyweissman.com you will go to a site that looks like a real site." [21:29]

Joe Kerrigan notes the irony:

"They're taking advantage of all of that training and reinforcement that folks like us are giving people saying, don't click on links." [24:27]
Malware Deployment and Consequences (24:00 - 25:45): Downloading the provided zip file installs "More Eggs," a JavaScript-based backdoor malware capable of stealing passwords, downloading additional malicious code, and enabling ransomware attacks.

Maria Varmazes humorously reflects:

"How are you going to be on this show if all your machines are bricked?" [25:56]

5. Case Study: Fraudulent Accountant and Money Launderer (27:48 - 35:05)

Maria Varmazes recounts a high-profile case involving Margo Ann Williams, an accountant and adjunct business professor convicted of money laundering.

Modus Operandi (27:48 - 33:07): Williams manipulated client emails to redirect payments from genuine contractors to her-controlled shell companies. Over six months, she laundered over $800,000 from victims, including churches and businesses across various states.

Maria Varmazes explains:

"She was convicted on eight federal charges including bank fraud, money laundering, and conspiracy for a scam that ran for about half a year." [29:09]
Romance Scam Element (30:52 - 34:30): Interestingly, Williams claimed she was manipulated by someone she believed to be a famous British actor, suggesting she might have been a victim of a romance scam herself. Despite her professional expertise as a CPA, she profited minimally from her fraudulent activities.

Joe Kerrigan speculates:

"CPA certification too, you think?" [31:49]

Maria Varmazes adds:

"Does one have scruples when hacking into someone else's emails?" [33:07]

6. Listener's "Catch of the Day" – Traffic Fine Scam (35:05 - 40:11)

Joe Kerrigan shares a scam message received by a listener, detailing a fake traffic fine threatening suspension of driver's licenses and vehicle registrations.

Analyzing the Scam (35:22 - 38:38): The message cites a non-existent Florida administrative code and employs authoritative language to intimidate the recipient into complying. The hosts debunk the legitimacy of such messages, emphasizing that official communications from agencies like the DMV do not operate in this manner.

Joe Kerrigan advises:

"You just delete this message when you get it." [38:38]

Dave Bittner adds practical advice:

"These are generated by kits. The bad guys, they buy an online kit and they pay a certain amount of money, and it just generates these things and spits them out." [38:51]

7. Conclusion and Final Remarks (40:11 - End)

The hosts wrap up the episode by reiterating key points and thanking listeners. They emphasize the importance of staying vigilant against diverse and evolving fraud tactics.

Notable Quotes:

Joe Kerrigan:

"Don't go to the address. It kind of goes without saying." [00:51]
Maria Varmazes:

"It's an Ollie's Bargain Outlet." [03:27]
Joe Kerrigan:

"They have chatbots go so far as to join the classes." [13:11]
Maria Varmazes:

"I'm just surprised the amounts don't match." [14:51]
Joe Kerrigan:

"Don't, under any circumstances, agree to any part of any loan that you've ever been that has ever been fraudulently taken out in your name." [17:24]
Dave Bittner:

"There's no link. So if you do type in the URL bobbyweissman.com you will go to a site that looks like a real site." [21:29]
Maria Varmazes:

"Does one have scruples when hacking into someone else's emails?" [33:07]
Joe Kerrigan:

"You just delete this message when you get it." [38:38]

Key Takeaways:

Diversified Fraud Tactics: Cybercriminals are increasingly sophisticated, leveraging AI and social engineering to perpetrate identity theft, financial fraud, and malware distribution.
Targeted Vulnerabilities: Community colleges and their financial aid systems are prime targets for fraudulent activities, exploiting the accessibility and lower tuition fees.
Human Element in Security: Despite extensive training, human curiosity and trust in recognizable brands or authoritative entities can be exploited by scammers.
Importance of Vigilance: Continuous awareness and skepticism towards unsolicited communications, even from seemingly legitimate sources, are crucial in preventing fraud.
Legal Recourse and Support: Victims of such fraud should be aware of their rights and the available legal avenues to contest fraudulent claims and protect their financial standing.

For more insights and to stay updated on the latest in social engineering and cyber threats, visit hackinghumans2k.com.

Summary

Podcast Summary: Hacking Humans – "The Many Faces of Fraud"

Podcast Information:

Title: Hacking Humans
Host/Author: N2K Networks
Description: Deception, influence, and social engineering in the world of cybercrime.
Episode: The Many Faces of Fraud
Release Date: June 26, 2025

1. Introduction and Listener Interaction (00:02 - 09:57)

Listener Message from Abdusaboor (00:51 - 08:00): Abdusaboor writes in about suspicious text messages received by him and his wife, urging them to meet at a specific address in Marietta, Georgia. Concerned about a possible data breach, he questions whether phone numbers, addresses, and zip codes were compromised.

Joe Kerrigan advises:

"Don't go to the address. It kind of goes without saying." [00:51]

Maria Varmazes reveals:

"It's an Ollie's Bargain Outlet." [03:27]

The hosts discuss the possibility of the message being an advertising scam linked to Ollie's, a deep discount store. They explore how scammers might exploit familiar brands to gain trust, emphasizing skepticism towards unsolicited messages.

2. Phishing Attempt on Hosts (09:09 - 10:07)

Maria Varmazes shares a personal experience of receiving a phishing attempt:

"Someone attempted to phish us, so it kind of made me feel a little indignant, like, who's doing this? How dare you?" [09:16]

She describes a fake DocuSign contract sent to their email, highlighting the importance of vigilance even among cybersecurity professionals.

3. Identity Theft and Student Loan Fraud (10:52 - 19:00)

Joe Kerrigan presents a story reported by Sharon Lurie at The AP and ABC about identity theft targeting community college students.

Case of Heather Brady (10:52 - 12:04): Heather Brady from San Francisco finds unauthorized student loan applications and $9,000 loans taken out in her name at Western Arizona College. She discovers this when reviewing her financial aid records, leading to concerns about data breaches and identity theft.
Use of AI and Ghost Students (12:04 - 15:46): The episode delves into how scammers exploit AI to create "ghost students" who enroll in classes and apply for financial aid, thereby siphoning funds from government programs. These fake identities generate student loans that are misappropriated for personal gain.

Joe Kerrigan emphasizes:

"They have chatbots go so far as to join the classes." [13:11]

Maria Varmazes questions the system:

"Since when does a loan go okay? We trust you to just take as much money as you want." [14:51]
Impact and Legal Considerations (15:13 - 19:00): The Department of Education acknowledges the severe threat posed by such fraud. The hosts discuss the challenges victims face in disputing fraudulent loans and the potential legal avenues available to them.

Joe Kerrigan advises:

"Don't, under any circumstances, agree to any part of any loan that you've ever been that has ever been fraudulently taken out in your name." [17:24]

4. Cybercriminals Posing as Job Seekers on LinkedIn (20:52 - 26:00)

Dave Bittner introduces a story from The Record by Recorded Future about recruiters on LinkedIn receiving deceptive messages from fake job seekers.

Sophisticated Scam Tactics (20:52 - 25:45): Scammers send messages that appear legitimate but lack clickable links, forcing recruiters to manually enter URLs. These websites employ guardrails to filter out security tools and non-Windows users, ensuring only targeted victims download malicious files.

Dave Bittner highlights:

"There’s no link. So if you do type in the URL bobbyweissman.com you will go to a site that looks like a real site." [21:29]

Joe Kerrigan notes the irony:

"They're taking advantage of all of that training and reinforcement that folks like us are giving people saying, don't click on links." [24:27]
Malware Deployment and Consequences (24:00 - 25:45): Downloading the provided zip file installs "More Eggs," a JavaScript-based backdoor malware capable of stealing passwords, downloading additional malicious code, and enabling ransomware attacks.

Maria Varmazes humorously reflects:

"How are you going to be on this show if all your machines are bricked?" [25:56]

5. Case Study: Fraudulent Accountant and Money Launderer (27:48 - 35:05)

Maria Varmazes recounts a high-profile case involving Margo Ann Williams, an accountant and adjunct business professor convicted of money laundering.

Modus Operandi (27:48 - 33:07): Williams manipulated client emails to redirect payments from genuine contractors to her-controlled shell companies. Over six months, she laundered over $800,000 from victims, including churches and businesses across various states.

Maria Varmazes explains:

"She was convicted on eight federal charges including bank fraud, money laundering, and conspiracy for a scam that ran for about half a year." [29:09]
Romance Scam Element (30:52 - 34:30): Interestingly, Williams claimed she was manipulated by someone she believed to be a famous British actor, suggesting she might have been a victim of a romance scam herself. Despite her professional expertise as a CPA, she profited minimally from her fraudulent activities.

Joe Kerrigan speculates:

"CPA certification too, you think?" [31:49]

Maria Varmazes adds:

"Does one have scruples when hacking into someone else's emails?" [33:07]

6. Listener's "Catch of the Day" – Traffic Fine Scam (35:05 - 40:11)

Joe Kerrigan shares a scam message received by a listener, detailing a fake traffic fine threatening suspension of driver's licenses and vehicle registrations.

Analyzing the Scam (35:22 - 38:38): The message cites a non-existent Florida administrative code and employs authoritative language to intimidate the recipient into complying. The hosts debunk the legitimacy of such messages, emphasizing that official communications from agencies like the DMV do not operate in this manner.

Joe Kerrigan advises:

"You just delete this message when you get it." [38:38]

Dave Bittner adds practical advice:

"These are generated by kits. The bad guys, they buy an online kit and they pay a certain amount of money, and it just generates these things and spits them out." [38:51]

7. Conclusion and Final Remarks (40:11 - End)

The hosts wrap up the episode by reiterating key points and thanking listeners. They emphasize the importance of staying vigilant against diverse and evolving fraud tactics.

Notable Quotes:

Joe Kerrigan:

"Don't go to the address. It kind of goes without saying." [00:51]
Maria Varmazes:

"It's an Ollie's Bargain Outlet." [03:27]
Joe Kerrigan:

"They have chatbots go so far as to join the classes." [13:11]
Maria Varmazes:

"I'm just surprised the amounts don't match." [14:51]
Joe Kerrigan:

"Don't, under any circumstances, agree to any part of any loan that you've ever been that has ever been fraudulently taken out in your name." [17:24]
Dave Bittner:

"There's no link. So if you do type in the URL bobbyweissman.com you will go to a site that looks like a real site." [21:29]
Maria Varmazes:

"Does one have scruples when hacking into someone else's emails?" [33:07]
Joe Kerrigan:

"You just delete this message when you get it." [38:38]

Key Takeaways:

Diversified Fraud Tactics: Cybercriminals are increasingly sophisticated, leveraging AI and social engineering to perpetrate identity theft, financial fraud, and malware distribution.
Targeted Vulnerabilities: Community colleges and their financial aid systems are prime targets for fraudulent activities, exploiting the accessibility and lower tuition fees.
Human Element in Security: Despite extensive training, human curiosity and trust in recognizable brands or authoritative entities can be exploited by scammers.
Importance of Vigilance: Continuous awareness and skepticism towards unsolicited communications, even from seemingly legitimate sources, are crucial in preventing fraud.
Legal Recourse and Support: Victims of such fraud should be aware of their rights and the available legal avenues to contest fraudulent claims and protect their financial standing.

For more insights and to stay updated on the latest in social engineering and cyber threats, visit hackinghumans2k.com.

wavePod

Powered by Wave AI

Summary

1. Introduction and Listener Interaction (00:02 - 09:57)

2. Phishing Attempt on Hosts (09:09 - 10:07)

3. Identity Theft and Student Loan Fraud (10:52 - 19:00)

4. Cybercriminals Posing as Job Seekers on LinkedIn (20:52 - 26:00)

5. Case Study: Fraudulent Accountant and Money Launderer (27:48 - 35:05)

6. Listener's "Catch of the Day" – Traffic Fine Scam (35:05 - 40:11)

7. Conclusion and Final Remarks (40:11 - End)

Notable Quotes:

Key Takeaways:

Summary

1. Introduction and Listener Interaction (00:02 - 09:57)

2. Phishing Attempt on Hosts (09:09 - 10:07)

3. Identity Theft and Student Loan Fraud (10:52 - 19:00)

4. Cybercriminals Posing as Job Seekers on LinkedIn (20:52 - 26:00)

5. Case Study: Fraudulent Accountant and Money Launderer (27:48 - 35:05)

6. Listener's "Catch of the Day" – Traffic Fine Scam (35:05 - 40:11)

7. Conclusion and Final Remarks (40:11 - End)

Notable Quotes:

Key Takeaways: