Hacking Humans — “When a scammer meets the Force”

Podcast: Hacking Humans (N2K Networks)
Date: January 15, 2026
Hosts: Dave Bittner (A), Joe Kerrigan (B)
Special Guest: Rishika Desai (C), Before AI

Episode Overview

This episode dives deep into the mechanics of deception, influence, and cutting-edge social engineering techniques that power today’s cybercrime. With co-host Maria Vermazes out, Dave and Joe explore fresh stories about human hacking, focusing on how scammers manipulate emotions for profit, and how technology and criminal business models adapt. A special interview with Rishika Desai dissects the growing trend of renting social media ad accounts for scams, followed by analysis of the latest CrowdStrike Global Threat Report and, as always, the fan-favorite “Catch of the Day,” featuring a Star Wars-themed scam bait exchange.

Key Discussion Points & Insights

1. Chicken Coop Updates and Ankle Injuries

Mostly banter and follow-up – skip to 04:16 for main content.

2. Reuters Report: “How Cybercriminals Plot to Rob a Target in a Week or Less”

[04:16 – 14:36]

The Mechanics of Social Engineering Playbooks

• Source: Reuters investigative article; police raids in the Philippines uncovered handbooks for online romance/investment scams.

• Handbook Content:

  • Detailed guides in Chinese and English teaching scammers to groom, build intimacy, and extract money.
  • Instructions on crafting believable personas (job, hobbies, zodiac signs).
  • Calculated manipulation depending on victim’s personality:
    • Middle-aged women: framed as “lonely and overburdened”
    • Career-focused: “admiration and confidence”
    • Conservative: “offer excitement and escape.”
    • Quote from manual: “A woman’s IQ is zero when in love.” ([06:41])
  • Mandatory daily messages, rapport-building via small requests (“Remind people to eat on time. Call me tonight. Trust me, follow my lead.”)

• Speed Matters: The Seven-Day Arc

  • Day 1: Make contact

  • Day 2: Introduce investing

  • Day 5: Establish romance

  • Day 7: Present fake investment platform

    “Seven days to the fake investment platform.”
    — Joe Kerrigan ([08:33])

• Victim Story:

  • Woman named Beth from Tinder; quickly engaged, sent tens of thousands. Financial advisor finally intervened.

• Psychological Tactics:

  • Withholding information keeps victims “on the hook” (information gap theory).

    “It’s like when you get a message from your boss that says ‘Can we talk?’” — Dave Bittner ([11:10])

• Sales Analogies:

  • Scammers mirror sales tactics—never focus on one target, “keep multiple balls in the air.”

    “This... sounds like a sales thing... Lead generation and business development.” — Joe Kerrigan ([13:43])

• Takeaway:

  • Scams are well-organized, iterative, and exploit basic human psychology and loneliness.

3. CrowdStrike 2025 Global Threat Report Highlights

[14:45 – 25:09]

Accelerating Cyber Threats and Data Points

• Cool Factor: Eye-catching cyberpunk style graphics on the report cover.
• Key Data:
  • Average breakout time: 48 minutes (time from first compromised machine to lateral movement).

    “48 minutes. The fastest observed breakout time was 51 seconds. That’s got to be an automated attack.” — Joe Kerrigan ([17:26])

  • Voice phishing attacks (vishing): Up 442% in 2024.
  • Initial access attacks: Account for 52% of vulnerabilities; access broker advertisements up 50% year-over-year.
  • Valid account abuse: 35% of cloud incidents.
  • Malware-free breaches: 79% of detections in 2024 involved no malware (vs. 40% in 2019).

    “So now, almost 80% of the time, no malware. We’re just getting the access and we’re socially engineering our way in...” — Joe Kerrigan ([20:23])

• Implications:
  • Social engineering is far outpacing technical means—attackers live off the land by abusing legitimate system tools.

    “PowerShell is not malware... I can run commands in that that do very malicious things.” — Joe Kerrigan ([21:50])

• Threat Actor Naming:
  • Different conventions (“Spider” for e-crime, “Panda” for China, “Ocelot” for Colombia, jokes about “Patriotic Eagle” for US).
• Case Study: Curly Spider
  • Technique: Targets via spam, then calls as “IT” and persuades victims to install remote access (RMM) tools for control.
  • Once in, can install persistent backdoors or use built-in command-line tools—no malware needed.

4. Interview: Rishika Desai (Before AI) — Renting Social Media Ad Accounts

[26:51 – 40:17]

A New Vector for Brand Impersonation and Criminal Advertising

Origin of Investigation

• Discovery of websites and Telegram channels advertising “rent a Facebook ad account” drew researchers into the underground market.

How the Scam Works

• Market Need:
  • Some legitimate (but non-compliant) businesses seek advertising despite platform bans (crypto, gambling, fake health products).
• Account Sources:
  • 1. Compromised real accounts via data breaches and fake KYC (synthetic identities).
  • 2. Manually created fake accounts using AI-generated documents (SSNs, licenses).

    “There was this one website...with an embedded service of generating fake documents such as driving license SSN details for random customers.” — Rishika Desai ([29:00])

• Account Rentals:
  • Businesses rent these pre-aged, trusted accounts for brief campaigns—ads are non-compliant and quickly banned.

Impact on Victims and Business

• Fast, Targeted Reach:
  • Scammy ads can reach millions in a 1-hour window, thanks to social media algorithms.

    “Even a one-hour ad could reach millions of people in no time.” — Rishika Desai ([33:26])

• Severe Consequences for the Real Owner:
  • Legit business accounts—sometimes long-standing and reputable—get banned. Entities are blacklisted (names, domains, business details), making recovery almost impossible.

Typical Campaigns

• Example: Indian gambling/crypto websites banned by law, so criminals rent accounts for brief, high-impact ad blitzes.

How Victims Experience It

• Ads appear legitimate (even blue-checked) but redirect to phishing or malware domains.

Advice for Users

• Be extremely cautious with social media ads—especially from new, low-follower accounts or those unrelated to the promoted offer.

  “If you’re scrolling through... assume that the ad is malicious. And if it’s something you’re interested in, just go look it up yourself.” — Dave Bittner ([39:31])

• Look up products independently rather than clicking.

5. Catch of the Day: “When a Scammer Meets the Force” (Scambait / Star Wars Edition)

[41:47 – 48:19]

A playful and creative scambait conversation, posted on Reddit, where a scammer is unwittingly drawn into a Star Wars-themed fantasy. The victim assumes the persona of Han Solo, complete with references and images:

• Scammer (“Valentina”) begins with a classic “mistaken number” script.
• “Han” (the scambaiter) plays along, using numerous Star Wars references:
  • Claims to be Han Solo (“chauffeur for a royal family, long ago, far away”)
  • Talks about Chewbacca, the Falcon, and son “Ben’s incident with his uncle” (Kylo Ren).
• Scammer adapts, showing their unfamiliarity with the reference (“I don't quite understand what that is.”)
• Climax: As the scammer tries to pivot to WhatsApp/Telegram, “Han” posts an image of Han being impaled by a lightsaber.
• Scambaiter flips the script, asking for Apple gift cards.
• End: “May the Force be with you, dumbass. Star Wars is great. You should watch them sometime.”

“This is the scam bait that I wish I had come up with myself.”—Dave Bittner ([47:39])

Notable Quotes & Memorable Moments

• “A woman’s IQ is zero when in love.” — Quoted from scammer playbook ([06:41])
• “The average breakout time was 48 minutes. The fastest observed breakout time was 51 seconds.” — Joe Kerrigan ([17:26])
• “79% of the detections in 2024 were malware free detections.” — Joe Kerrigan ([20:23])
• “You don’t even know where you’re going to land.” — Rishika Desai, on ad redirects ([39:44])
• “May the Force be with you, dumbass. Star Wars is great. You should watch them sometime.” — Reddit scambaiter as Han Solo ([47:30])

Important Timestamps

• 00:31 – 04:16: Intro and banter (skip for main content)
• 04:16 – 14:36: Reuters report on scammer handbooks and playbooks
• 14:45 – 25:09: CrowdStrike Global Threat Report
• 26:51 – 40:17: Rishika Desai interview: Renting ad accounts
• 41:47 – 48:19: Catch of the Day – Star Wars scam bait exemplar

Structure & Flow

The episode flows from light banter, into an analytical breakdown of scammer playbooks uncovered by Reuters, drawing parallels between sales psychology and scammer techniques. The discussion segues naturally into the CrowdStrike Global Threat Report, which underscores the increasing dominance of non-malware, social engineering-based attacks. The interview with Rishika Desai is both investigative and practical, providing clear recommendations for users and businesses. The “Catch of the Day” brings a humorous capstone, highlighting how scam-baiting can be creative, entertaining, and a light-hearted way to expose scammer ignorance.

Summary

This episode spotlights the industrialization of social engineering—where scammers use step-by-step guides, psychology, and speed to turn emotion into income. The latest data shows that attackers are shifting to these tactics because they bypass the improved technical defenses many organizations now have. Meanwhile, new criminal business models (like ad account rentals) allow for potent, short-lived, high-impact campaigns that leave both customers and legitimate businesses in the lurch. And sometimes, a little laughter (and a lot of Star Wars references) is the best antidote to scam fatigue.

For more details and resources, check the episode show notes.