Hacking Humans – "When your AI gets scammed."
Podcast: Hacking Humans, N2K Networks
Air Date: September 4, 2025
Episode Theme: Deception, influence, and social engineering in the world of cyber crime, with a focus on how emerging AI technologies both enable and fall victim to scams.
Episode Overview
This episode delves into recent developments in social engineering and scam prevention—including a major scam bust targeting elderly victims, the vulnerabilities of agentic AI browsers to online scams, and an emerging luggage claim scam at airports. The hosts discuss how human intuition and skepticism still outperform current AI tools when it comes to spotting deception, and highlight surprising new vectors for social engineering. Listener feedback and a quirky "lawnmower scam" make for a lively show that balances cybersecurity best practices with personal anecdotes and humor.
Key Discussion Points & Insights
1. Listener Follow-Up & Quick Tips
- Caller Verification Tip:
If someone calls claiming to be from your bank, hang up and call your branch directly using the official number; don’t trust the initial call no matter how convincing.- “Tell the caller to make a note on your account, then disconnect and call the bank’s legit number from your bank card or visit in person.” – Dave (02:02)
- Animal Training Anecdotes:
Joe and a listener share stories about clicker training animals, training chickens, and the challenges/humor involved. (03:00-07:00) - Protecting Chickens:
Discussion about predatory birds and legalities around protecting livestock from hawks, including the surprising fact that harming hawks is illegal even if they attack your animals.- “The hawks are really well protected and your chickens are not.” – Joe (07:44)
2. Major Scam Ring Bust: Elderly Widow Targeted
Segment Starts: (09:08)
- Story Source: Joe cites an NBC San Diego story about a scam ring that bilked a 97-year-old Holocaust survivor’s widow out of her life savings.
- Ring Details:
- Over 20 people indicted; $67M stolen from elderly victims.
- Predominantly Chinese nationals, possibly connected to organized crime.
- Collaboration with scam call centers in India.
- Investigation:
Social engineering "scambaiter" YouTubers (e.g., Pierogi at Trilogy Media) aided federal law enforcement using reverse-ops and video evidence. - Enforcement Trends:
Discussion about increased criminal prosecutions, but doubts regarding their impact on the root problem:- “The little guys on the ground are getting caught, but the folks organizing it are still running.” – Maria (13:13)
- “It’s very similar to the war on drugs problem…the people at the bottom of that food chain suffer the most.” – Joe (13:20)
- Recovery for Victims:
Unlikely for victims to be fully reimbursed, but some recovered funds might be distributed.
3. Agentic AI Browsers Easily Fooled by Scams
Segment Starts: (15:12)
Main Topic of the Episode
- Guardio Security Analysis:
Guardio security researchers pitted AI-enhanced browsers—like Microsoft Copilot—against AI-generated scam websites. The results were alarming: AI agents consistently failed to recognize scams and entered sensitive data into fake sites. - Key Example:
- AI browser told to buy an Apple Watch on Walmart. It found a fake, AI-generated “Walmart” site via SEO-poisoned search, entered payment info, and completed the purchase promptly—with no human skepticism or safeguards. (16:48)
- “It’s not malice on the side of agentic AI browsers. It’s just…does not have the built-in skepticism…it just says I’m going to trust this thing automatically, like asking a five-year-old to do it.” – Maria (17:50)
- “Essentially like an infantile AI…smarter than an infant but not as smart as a five-year-old.” – Joe (18:55)
- “If there’s a phishing email…[the AI] goes, ‘Oh, your bank’s waiting for you, I took care of it for you’…and you did it in seconds.” – Maria (19:29)
- Prompt Injection Attack Risk:
- Malicious sites can include hidden instructions in code (prompt injections) that bypass all prior AI directives and extract credentials or other sensitive content.
- “We’ve given the five-year-old the keys to the kingdom. It’s not ready for that yet.” – Maria (21:09)
- Guardio's Recommendations:
- AI agents must inherit proven cyber guardrails—e.g., phishing detection, URL reputation checks, domain spoofing detection, behavioral anomaly detection.
- “[We’re] not asking AI to generate a human brain…these are all technical tools. This feels like a surmountable problem—it just needs to be built in.” – Maria (21:09)
- Summary and Philosophy:
- All hosts agree that AI-powered automation could be useful, but for now AI needs human oversight—a “trust but verify” approach.
- “I often describe the AI as a tireless intern…you also wouldn’t bet the company on an intern.” – Dave (23:44)
- “There needs to be a step—just like with an intern—where it brings to me the things it’s going to do and I okay them.” – Dave (24:20)
4. Quirky AI: Taco Bell’s AI Drive-Thru Fails
Starts: (25:09)
- Taco Bell canceled an AI-powered drive-thru trial after someone successfully ordered 18,000 glasses of water (water is free)—a lighthearted example of how literal and non-skeptical AI can be.
- “I would like a Nachos Bell Grande and 18,000 glasses of water.” – Joe (25:51)
5. Airport Luggage Tag Scam
Segment Starts: (28:09)
- New Social Engineering Tactic:
- Scammers dumpster-dive for discarded luggage tags at airports/hotels, then file fraudulent missing baggage claims using the information on those tags (names, itineraries, frequent flyer numbers).
- “You rip off the sticker, you toss it in the trash. Now we’ve got people dumpster diving collecting the tags, and they use the tags to file fraudulent reimbursement claims with the airline.” – Dave (29:40)
- Tips for Protection:
- Never discard tags/boarding passes in public.
- Secure (shred) bag tags when you get home.
- “Hold on to your luggage tags. Just stuff them inside your suitcase until you get home and then destroy them.” – Dave (34:21)
- Comparison to Overseas Practice:
- In Japan, airports provide secured disposal bins for bag tags—U.S. airlines may need to adopt similar measures.
6. Catch of the Day: “Borrow Your Lawnmower?” Facebook Scam
Segment Starts: (36:26)
- Listener Chad Receives Odd Facebook Message:
An unknown person asks to borrow his lawnmower, as if continuing a conversation:- “May I borrow your lawnmower? Hey, I borrowed it as you mentioned I could…let me know if you want gas for it.”
- Hosts’ Analysis:
- This type of cold-contact message is designed to provoke a response and start a conversation, possibly leading to social engineering (phishing, credential theft, or relationship scams).
- “They just want to get you talking. You might be talking to the wrong person. And then some kind of scam—this is the tip of the scam spear, if you will.” – Joe (37:42)
- Advice: Ignore, block, and delete any similar unsolicited messages from strangers.
Notable Quotes & Memorable Moments
- On AI’s current reliability for sensitive tasks:
“It sounds to me like it’s not time to trust AI with your financial information yet. Is that the lesson?” – Joe (20:06) - On integrating AI into daily life:
“There needs to be a step…where it brings to me the things it’s going to do and I okay them.” – Dave (24:20) - On evolving scams with new technology:
“The little guys on the ground are getting caught, but the folks organizing it are still running.” – Maria (13:13) - On the lesson from newly discovered luggage tag scams:
“Never discard tags/boarding passes in public. Secure (shred) bag tags when you get home.” – Dave (34:21) - On AI’s lack of skepticism:
“We’ve given the five-year-old the keys to the kingdom. It’s not ready for that yet.” – Maria (21:09)
Timestamps for Important Segments
- Listener follow-up and animal training stories: 02:00 – 08:00
- Scam ring bust involving elderly victims: 09:08 – 15:04
- AI browsers vulnerable to scams (main segment): 15:12 – 25:09
- Taco Bell AI drive-thru mishap: 25:09 – 26:28
- Luggage tag scam at airports and hotels: 28:09 – 36:04
- Catch of the Day – Facebook lawnmower scam: 36:26 – 41:17
Host Personalities & Tone
The show is a mix of expert analysis and relatable humor, pairing actionable cybersecurity advice with accessible analogies (“AI as a five-year-old,” “scam spear”), entertaining personal stories, and playful banter about lawnmowers, pet chickens, and nostalgic travel anecdotes. Hosts encourage critical thinking, skepticism, and proactive cybersecurity habits while keeping discussions grounded and engaging for all listeners.
Summary by [Your AI Podcast Summarizer] – Bringing cybersecurity podcasts to life for everyone!