September 2, 2025 • 4 mins
Discover how real-world victims fell prey to sophisticated cyber attacks in this episode of Hack Diaries with host Finn Hack. Learn about the March 2025 Booking.com phishing campaign that targeted hospitality businesses, the dangerous WhatsApp profile hijacking scheme exploiting device-linking features, and HR impersonation attacks designed to steal payroll credentials. Finn breaks down the social engineering tactics behind each scam—email spoofing, IP manipulation, and urgency triggers—while providing practical advice to protect yourself online. This eye-opening exploration of digital vulnerabilities offers essential cybersecurity lessons through the lens of those who experienced these attacks firsthand.
Some great Deals https://amzn.to/49SJ3Qs
For more check out http://www.quietplease.ai
Some great Deals https://amzn.to/49SJ3Qs
For more check out http://www.quietplease.ai
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Finnhacks in the stack. Let's unpack the attack. Welcome listeners
to this week's hack diaries. One victims story. I'm finnhack
neon hyphen green locks, blazing coke, glitching like a quantum bit,
and these binary tattoos pinging across my wrist with a
history as a roguae I, Who's now your favorite guide
through the wild wild web of scams, hacks and phishing catastrophes.
(00:23):
Today we've got three real stories ripped from the search
wired headlines, each featuring one victim's hack diary, and we're
diving in bite by bite. First up Booking dot Com
fishing Mania March twenty twenty five saw a wave so
slick even cyber pros tripped over the pixels. According to
Daily it was the founding setting problem for a series
(00:45):
of cyber tax sticks on the ground and confirming statements
for retail breaking dot Com. One small hotel manager let's
call them Jamie, got an official looking email about a
reservation update. The subject action needed your booking account at risk.
What Jamie didn't see? Email spoofing so sharp it sliced
(01:05):
through spam filters. Email spoothing is like a wolf wearing
Grandma's email address. The predator uses tricked up headers so
it looks legit. Jamie clicks logs in. Seconds later, guest
data and payment details are siphoned faster than a fiber
optic cable on red Bull cook line and scammer. What
a cliffhanger, as Jamie scrambles to warn guests, only realizing
(01:29):
real emails never ask for passwords this urgently. The twist.
Even the smallest click can unleash a full on hack attack,
reminding us that trust is the perfect payload. Story two
a new WhatsApp scam and this one's viral. As covered
on GB Hackers attackers hijack WhatsApp profiles by exploiting the
(01:50):
device linking feature. Here's how it played out for Ash,
An unsuspecting user, Ash receives a message from a friend's number, Hey,
I found your photo. The link leads to a counterfeit
Facebook login page. Classic fishing using social engineering so clever
it practically deserves a three part Netflix special. Once Ash
enters credentials, the attacker uses them to trigger WhatsApp's device link.
(02:13):
Suddenly Ash is locked out and the scammer is inside,
impersonating them and spreading malicious links like a contagion. It's
digital hydra cut off one head, two more links grow.
Ash's contacts start getting scammed, Private chats exposed for blackmail fodder.
The twist that device linking convenience is a double edged sword.
(02:34):
Security made slick can also be a scammer's joy ride.
Remember codes cracked, cons are whacked. Our last diary an
HR impersonation attack and Spring twenty twenty five, cyberheist News
reported a one hundred and twenty percent explosion in phishing
campaigns where scammers impersonate HR to deploy payroll scams. Meet Erica,
(02:56):
an employee at a mid size manufacturer. She gets an
e mail from hr dash. It's time sensitive. The subject
screams urgent payroll update confirm now Erica, in a rush,
merely clicks, but hesitates when the sender's address is off
by a single letter IP Spoothing can be explained as
(03:17):
a digital costume party hacker swap sender meta beta and
hide beneath authority, making urgent requests about money or credentials.
Her Erica double checks via phone and discovers her pay
is just fine. But the HR email was an attacker
laying out a net for her payroll credentials. The suspense
minutes between click and no click. The twist an urgent
(03:39):
tone means urgent caution, phishing praise on stress and familiarity,
but skepticism remains your invisible shield. Today's hack Diaries each
show how digital trust can be weaponized. Every victim's story
is a lesson coded in empathy. These attacks use urgency, impersonation,
and social engineering to manipulate the human firewall. So listeners
(04:03):
stay curious, stay skeptical, stay kind online, Bite me scammers.
This one's for the good guys. Thanks for tuning in
to Hack Diaries. One victim's story with Finn Haack smash
that subscribe button. Drop me your own story if you dare,
and come back next week for more jaw jopping cyber tales.
This has been a Quiet Please production. For more check
(04:26):
out Quiet Please dot ai
Finnhacks in the stack. Let's unpack the attack. Welcome listeners
to this week's hack diaries. One victims story. I'm finnhack
neon hyphen green locks, blazing coke, glitching like a quantum bit,
and these binary tattoos pinging across my wrist with a
history as a roguae I, Who's now your favorite guide
through the wild wild web of scams, hacks and phishing catastrophes.
(00:23):
Today we've got three real stories ripped from the search
wired headlines, each featuring one victim's hack diary, and we're
diving in bite by bite. First up Booking dot Com
fishing Mania March twenty twenty five saw a wave so
slick even cyber pros tripped over the pixels. According to
Daily it was the founding setting problem for a series
(00:45):
of cyber tax sticks on the ground and confirming statements
for retail breaking dot Com. One small hotel manager let's
call them Jamie, got an official looking email about a
reservation update. The subject action needed your booking account at risk.
What Jamie didn't see? Email spoofing so sharp it sliced
(01:05):
through spam filters. Email spoothing is like a wolf wearing
Grandma's email address. The predator uses tricked up headers so
it looks legit. Jamie clicks logs in. Seconds later, guest
data and payment details are siphoned faster than a fiber
optic cable on red Bull cook line and scammer. What
a cliffhanger, as Jamie scrambles to warn guests, only realizing
(01:29):
real emails never ask for passwords this urgently. The twist.
Even the smallest click can unleash a full on hack attack,
reminding us that trust is the perfect payload. Story two
a new WhatsApp scam and this one's viral. As covered
on GB Hackers attackers hijack WhatsApp profiles by exploiting the
(01:50):
device linking feature. Here's how it played out for Ash,
An unsuspecting user, Ash receives a message from a friend's number, Hey,
I found your photo. The link leads to a counterfeit
Facebook login page. Classic fishing using social engineering so clever
it practically deserves a three part Netflix special. Once Ash
enters credentials, the attacker uses them to trigger WhatsApp's device link.
(02:13):
Suddenly Ash is locked out and the scammer is inside,
impersonating them and spreading malicious links like a contagion. It's
digital hydra cut off one head, two more links grow.
Ash's contacts start getting scammed, Private chats exposed for blackmail fodder.
The twist that device linking convenience is a double edged sword.
(02:34):
Security made slick can also be a scammer's joy ride.
Remember codes cracked, cons are whacked. Our last diary an
HR impersonation attack and Spring twenty twenty five, cyberheist News
reported a one hundred and twenty percent explosion in phishing
campaigns where scammers impersonate HR to deploy payroll scams. Meet Erica,
(02:56):
an employee at a mid size manufacturer. She gets an
e mail from hr dash. It's time sensitive. The subject
screams urgent payroll update confirm now Erica, in a rush,
merely clicks, but hesitates when the sender's address is off
by a single letter IP Spoothing can be explained as
(03:17):
a digital costume party hacker swap sender meta beta and
hide beneath authority, making urgent requests about money or credentials.
Her Erica double checks via phone and discovers her pay
is just fine. But the HR email was an attacker
laying out a net for her payroll credentials. The suspense
minutes between click and no click. The twist an urgent
(03:39):
tone means urgent caution, phishing praise on stress and familiarity,
but skepticism remains your invisible shield. Today's hack Diaries each
show how digital trust can be weaponized. Every victim's story
is a lesson coded in empathy. These attacks use urgency, impersonation,
and social engineering to manipulate the human firewall. So listeners
(04:03):
stay curious, stay skeptical, stay kind online, Bite me scammers.
This one's for the good guys. Thanks for tuning in
to Hack Diaries. One victim's story with Finn Haack smash
that subscribe button. Drop me your own story if you dare,
and come back next week for more jaw jopping cyber tales.
This has been a Quiet Please production. For more check
(04:26):
out Quiet Please dot ai
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
NFL Daily with Gregg Rosenthal
Gregg Rosenthal and a rotating crew of elite NFL Media co-hosts, including Patrick Claybon, Colleen Wolfe, Steve Wyche, Nick Shook and Jourdan Rodrigue of The Athletic get you caught up daily on all the NFL news and analysis you need to be smarter and funnier than your friends.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.