September 9, 2025 • 4 mins
In this episode of Hack Diaries, cybersecurity expert Finn Hack explores three devastating cyberattacks happening right now. Discover how North Korean hackers are targeting blockchain professionals with fake job interviews, learn why Baltimore lost millions to a simple email fraud scheme, and uncover the sophisticated OAuth phishing campaign affecting major platforms like Salesforce and Google. This eye-opening examination of social engineering tactics reveals how even tech-savvy victims fall prey to digital con artists - and what you can do to protect yourself in an increasingly deceptive online landscape.
Some great Deals https://amzn.to/49SJ3Qs
For more check out http://www.quietplease.ai
Some great Deals https://amzn.to/49SJ3Qs
For more check out http://www.quietplease.ai
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Finn Hack's in the stack. Let's unpack the attack. I'm
your gleaming glitch in the matrix narrator, Finn Hack, and
you've just jacked into hack Diaries. One victim story tonight.
I'm rolling up the trench coat sleeves and spilling bite
sized trews from the digital underworld. Ready to ride zeros
and ones with me. You'll want to double encrypt your snacks.
Our first story teleports us straight into the shadowy world
(00:23):
of crypto job scams, hook line and scammer. Imagine you're
a hotshot marketing manager in the blockchain scene. You get
an interview request from E Toro, and the next thing
you know, you're on a video call with a charming recruiter.
Mid interview, a pop up flashes camera error. The recruiter
calmly ask you to paste a quick command trick into
(00:44):
your terminal. One click later, your drive is ransomware City.
According to hack Read and Sentinel Labs, this is the
clickfix campaign masterminded by North Korea's Lazars group. Their code
even detects if you're on Mac, Linux or Windows, like
a digital Swiss army knife from malware. The hackers are
so sneaky. They even use cybersecurity sites meant to defend
(01:07):
us to help hide their tracks. One victim, let's call
them Alex, ended up with their whole portfolio frozen and
identity stolen, targeted just because they trusted what looked like
a real company. The twist hackers sometimes left clues behind,
like pop culture names and fake accounts. Shout out to
rock Lee, proving it just takes one slip for your
(01:30):
personal data to feel a global scam machine. Just goes
to show. Next time your camera nolfunctions, maybe the only
thing broken is trust. Our next tale vaults us into
city politics with a side of high stakes hacking. Baltimore,
February twenty twenty five. Picture city staff swamped and juggling invoices.
(01:56):
A routine email drops in. Looks official, but it's the
digital equivalent of a wolf in pinstripes. Someone posing as
a city vendor files a perfectly crafted request, Hey, can
we update our bank details? Internal controls more like Swiss cheese,
wholly and full of leaks. According to the latest Breached
news and mimecast, two city employees green lighted the changes,
(02:19):
and suddenly one dollar and five cents vanished. Faster than
you can say a cow compromised. The city recovered about half,
but the rest gone, and so is their peace of mind.
If you're thinking how the scammers slip past the gates,
Welcome to the wild world of IP spoofing. A hacker's
invisibility cloak. It's like sending a postcard from your neighbor's
(02:41):
mailbox wearing their perfume, signing with their dog's pawprint. The
oldest trick in the cyber con book, yet cities and
companies still get snared. The punchline Baltimore had been hit
twice before and still no upgrade. Bite me, scammers, this
one's for the good guys. Secure those processes, or history
repeats on moop. Our final bite of caution is fresh
(03:03):
from this summer's headlines. Salesforce exploit phishing, frenzy fishing calls.
Those fake tech support voices start targeting employees, luring them
with requests to authorize our tool for remote troubleshooting. One
wrong yes, and suddenly the attackers have O off access
and are siphoning business data like pros Opta and The
Verge report that from March twenty twenty five, this hustle
(03:26):
swept through Google and Workday, turning business contacts into prime
phishing bait. Now imagine Mila, a small business owner gets
a call. Hi, we're Google Support. Can you click this
link and log in to fix a system error? Mila obliges,
and within hours every major vendor contact is inundated with
scam requests. Here's the twist. These aren't junk messages. You're
(03:48):
directed to real login screens. The scammer's app just renovates
the lock while the door stays wide open. That's consent fishing,
where tech trust is weaponized. Moral of Myla's story. Even
digital fortresses crumble when human trust is unpatched, codes cracked,
cons are whacked. Each story tonight was a real world
(04:12):
firewall face plant. Painful, but each leaves us with a
patch note for the soul. Stay sharp, question everything, and
don't let your empathy e your exploit. Thanks for tuning
in me on Renegades. Subscribe, stay vigilant, and come back
next week for more tales that'll keep your cyber senses tingling.
Bite me, scammers, This one's for the good guys. This
(04:35):
has been a quiet please production. For more check out
Quiet Please dot ai
Finn Hack's in the stack. Let's unpack the attack. I'm
your gleaming glitch in the matrix narrator, Finn Hack, and
you've just jacked into hack Diaries. One victim story tonight.
I'm rolling up the trench coat sleeves and spilling bite
sized trews from the digital underworld. Ready to ride zeros
and ones with me. You'll want to double encrypt your snacks.
Our first story teleports us straight into the shadowy world
(00:23):
of crypto job scams, hook line and scammer. Imagine you're
a hotshot marketing manager in the blockchain scene. You get
an interview request from E Toro, and the next thing
you know, you're on a video call with a charming recruiter.
Mid interview, a pop up flashes camera error. The recruiter
calmly ask you to paste a quick command trick into
(00:44):
your terminal. One click later, your drive is ransomware City.
According to hack Read and Sentinel Labs, this is the
clickfix campaign masterminded by North Korea's Lazars group. Their code
even detects if you're on Mac, Linux or Windows, like
a digital Swiss army knife from malware. The hackers are
so sneaky. They even use cybersecurity sites meant to defend
(01:07):
us to help hide their tracks. One victim, let's call
them Alex, ended up with their whole portfolio frozen and
identity stolen, targeted just because they trusted what looked like
a real company. The twist hackers sometimes left clues behind,
like pop culture names and fake accounts. Shout out to
rock Lee, proving it just takes one slip for your
(01:30):
personal data to feel a global scam machine. Just goes
to show. Next time your camera nolfunctions, maybe the only
thing broken is trust. Our next tale vaults us into
city politics with a side of high stakes hacking. Baltimore,
February twenty twenty five. Picture city staff swamped and juggling invoices.
(01:56):
A routine email drops in. Looks official, but it's the
digital equivalent of a wolf in pinstripes. Someone posing as
a city vendor files a perfectly crafted request, Hey, can
we update our bank details? Internal controls more like Swiss cheese,
wholly and full of leaks. According to the latest Breached
news and mimecast, two city employees green lighted the changes,
(02:19):
and suddenly one dollar and five cents vanished. Faster than
you can say a cow compromised. The city recovered about half,
but the rest gone, and so is their peace of mind.
If you're thinking how the scammers slip past the gates,
Welcome to the wild world of IP spoofing. A hacker's
invisibility cloak. It's like sending a postcard from your neighbor's
(02:41):
mailbox wearing their perfume, signing with their dog's pawprint. The
oldest trick in the cyber con book, yet cities and
companies still get snared. The punchline Baltimore had been hit
twice before and still no upgrade. Bite me, scammers, this
one's for the good guys. Secure those processes, or history
repeats on moop. Our final bite of caution is fresh
(03:03):
from this summer's headlines. Salesforce exploit phishing, frenzy fishing calls.
Those fake tech support voices start targeting employees, luring them
with requests to authorize our tool for remote troubleshooting. One
wrong yes, and suddenly the attackers have O off access
and are siphoning business data like pros Opta and The
Verge report that from March twenty twenty five, this hustle
(03:26):
swept through Google and Workday, turning business contacts into prime
phishing bait. Now imagine Mila, a small business owner gets
a call. Hi, we're Google Support. Can you click this
link and log in to fix a system error? Mila obliges,
and within hours every major vendor contact is inundated with
scam requests. Here's the twist. These aren't junk messages. You're
(03:48):
directed to real login screens. The scammer's app just renovates
the lock while the door stays wide open. That's consent fishing,
where tech trust is weaponized. Moral of Myla's story. Even
digital fortresses crumble when human trust is unpatched, codes cracked,
cons are whacked. Each story tonight was a real world
(04:12):
firewall face plant. Painful, but each leaves us with a
patch note for the soul. Stay sharp, question everything, and
don't let your empathy e your exploit. Thanks for tuning
in me on Renegades. Subscribe, stay vigilant, and come back
next week for more tales that'll keep your cyber senses tingling.
Bite me, scammers, This one's for the good guys. This
(04:35):
has been a quiet please production. For more check out
Quiet Please dot ai
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
The Herd with Colin Cowherd
The Herd with Colin Cowherd is a thought-provoking, opinionated, and topic-driven journey through the top sports stories of the day.