# Scam Chronicles: A New Mark Every Week - Latest Digital Threats Decoded
Join cybersecurity expert Finn Hack for an eye-opening exploration of three sophisticated scams threatening users in 2025. This episode breaks down the evolving HR phishing campaigns using SVG attachments, the deceptive ClickFix technique that weaponizes CAPTCHA verification, and the targeted attacks against FTX creditors following the Kroll breach. With attacks becoming increasingly personalized and technically sophisticated, Finn delivers practical advice for spotting digital traps before they spring. Essential listening for anyone navigating our increasingly deceptive digital landscape.
Some great Deals https://amzn.to/49SJ3Qs
For more check out http://www.quietplease.ai
This content was created in partnership and with the help of Artificial Intelligence AI
Join cybersecurity expert Finn Hack for an eye-opening exploration of three sophisticated scams threatening users in 2025. This episode breaks down the evolving HR phishing campaigns using SVG attachments, the deceptive ClickFix technique that weaponizes CAPTCHA verification, and the targeted attacks against FTX creditors following the Kroll breach. With attacks becoming increasingly personalized and technically sophisticated, Finn delivers practical advice for spotting digital traps before they spring. Essential listening for anyone navigating our increasingly deceptive digital landscape.
Some great Deals https://amzn.to/49SJ3Qs
For more check out http://www.quietplease.ai
This content was created in partnership and with the help of Artificial Intelligence AI
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Fin hacks in the stack. Let's unpack the attack. Hey, listeners,
it's Finn Hack, your favorite binary blessed neonhired scam sentinel,
rocking the glitchy trench and bringing the hottest scam saga
straight from the net's bleeding edge. Welcome back to Scam Chronicles,
a new mark every week where every episode is a
wild ride through the digital shadows. Today, I've wrangled three
(00:21):
real life hacks that'll crank up your paranoia and your
phishing literacy. Buckle up, let's get bit first, mark the
HR heist, You open your inbox, and bam, an urgent
payroll update email from HR. Timestamped branded looks as real
as Finn's digital tattoos. Between January and March twenty twenty five,
(00:42):
these attacks spiked one hundred twenty percent, with predators timing
their lures for financial cycles to stoke panic. But here's
where they went next level personalized subjects, slick HTML templates
and thirty SVG attachments hiding credential theft traps. Imagine an
SVG not the kind you'd use for icons, but one
(01:04):
riddled with stealthy JavaScript lurking to harvest loggins. Y SVG
like using an invisibility cloak layered with an exploding birthday cake.
Payloads slip past secure gatelays undetected until cook line and
scammer your date is gone. So next time that HR
contract drops in your inbox, pause, is your payroll department
(01:27):
spelling your name right? Or is there a mysterious link
begging for a click spot the spoof dodge, the doom
second mark the clickfix con According to Microsoft Securities August
twenty twenty five analysis, a fresh social engineering technique called
clickfix is flipping the phishing script. Attackers drop emails with
(01:48):
URL's pointing to legitimate looking human verification pages, sometimes bouncing
you through Google Ads redirects, shuffling away your suspicions like
a card trick at a cyber casino. The scam reached
fever pitch in March when criminals masquerading as the US
Social Security Administration sent out bulletproof official looking emails photo links.
(02:10):
In all, they're landing a flawless copycats say site where
the user face to capture. But this human check was
a trojan horse, ultimately hurting you into running a poor
whole script that downloaded remote hyphen access spyware. Think of
IP spoofing here as digital cosplay, like me changing my
trench coat's glitches to match your favorite superhero. It's a
(02:33):
fraudster blending in with trusted pixels to steal your show.
So next time your finger hovers over that download statement,
ask yourself is this security or security fear codes? Cracked
cons are racked. Story three, the FTX fallout, fresh off
the March twenty twenty five crawl breach. FTX creditors are
(02:57):
fending off a tsunami of phishing emails, all sparked by
sloppy email only communications and a Swiss hyphen cheese verification process.
Court filing shows scammers exploiting leaked info to send personalized emails,
your full name, your case file, all served cold to
intensify trust and urgency. Crypto folks opened inboxes to authentic
(03:22):
looking requests. Meanwhile, their reimbursement rounds stalled their patients fried.
Imagine every email as a trapdoor in a funhouse. One
wrong click and you slide into credential chaos. Data poisons everywhere,
and when the system's gatekeeper glitches, hackers slip in like clockwork.
Turns out even the shiniest exchanges, need rock solid operational hygiene.
(03:45):
Bite me, scammers, This one's for the good guys. Each
story today dares you to rethink what safe looks like
on the web. Dodgy file formats, mimicry so perfect it's uncanny.
Verification steps that devil is compromised. Code the battlefield everywhere,
Stay curious, stay skeptical, and scan for those digital fingerprints.
(04:06):
Finnhack's heart pumps pure empathy for every mark and every
would be target. We don't shame because every click is
a lesson your best shield, guts, wit, and a double
helping of skepticism. You survived another wild episode of scam
chronicles a new mark every week. Thanks for tuning into
my gata driven mayhem. Subscribe for next week's bonanza of hacks,
(04:29):
tricks and hacker tails. Let's keep punching up together for more.
This has been a quiet please production check out Quiet
please dot ai
Fin hacks in the stack. Let's unpack the attack. Hey, listeners,
it's Finn Hack, your favorite binary blessed neonhired scam sentinel,
rocking the glitchy trench and bringing the hottest scam saga
straight from the net's bleeding edge. Welcome back to Scam Chronicles,
a new mark every week where every episode is a
wild ride through the digital shadows. Today, I've wrangled three
(00:21):
real life hacks that'll crank up your paranoia and your
phishing literacy. Buckle up, let's get bit first, mark the
HR heist, You open your inbox, and bam, an urgent
payroll update email from HR. Timestamped branded looks as real
as Finn's digital tattoos. Between January and March twenty twenty five,
(00:42):
these attacks spiked one hundred twenty percent, with predators timing
their lures for financial cycles to stoke panic. But here's
where they went next level personalized subjects, slick HTML templates
and thirty SVG attachments hiding credential theft traps. Imagine an
SVG not the kind you'd use for icons, but one
(01:04):
riddled with stealthy JavaScript lurking to harvest loggins. Y SVG
like using an invisibility cloak layered with an exploding birthday cake.
Payloads slip past secure gatelays undetected until cook line and
scammer your date is gone. So next time that HR
contract drops in your inbox, pause, is your payroll department
(01:27):
spelling your name right? Or is there a mysterious link
begging for a click spot the spoof dodge, the doom
second mark the clickfix con According to Microsoft Securities August
twenty twenty five analysis, a fresh social engineering technique called
clickfix is flipping the phishing script. Attackers drop emails with
(01:48):
URL's pointing to legitimate looking human verification pages, sometimes bouncing
you through Google Ads redirects, shuffling away your suspicions like
a card trick at a cyber casino. The scam reached
fever pitch in March when criminals masquerading as the US
Social Security Administration sent out bulletproof official looking emails photo links.
(02:10):
In all, they're landing a flawless copycats say site where
the user face to capture. But this human check was
a trojan horse, ultimately hurting you into running a poor
whole script that downloaded remote hyphen access spyware. Think of
IP spoofing here as digital cosplay, like me changing my
trench coat's glitches to match your favorite superhero. It's a
(02:33):
fraudster blending in with trusted pixels to steal your show.
So next time your finger hovers over that download statement,
ask yourself is this security or security fear codes? Cracked
cons are racked. Story three, the FTX fallout, fresh off
the March twenty twenty five crawl breach. FTX creditors are
(02:57):
fending off a tsunami of phishing emails, all sparked by
sloppy email only communications and a Swiss hyphen cheese verification process.
Court filing shows scammers exploiting leaked info to send personalized emails,
your full name, your case file, all served cold to
intensify trust and urgency. Crypto folks opened inboxes to authentic
(03:22):
looking requests. Meanwhile, their reimbursement rounds stalled their patients fried.
Imagine every email as a trapdoor in a funhouse. One
wrong click and you slide into credential chaos. Data poisons everywhere,
and when the system's gatekeeper glitches, hackers slip in like clockwork.
Turns out even the shiniest exchanges, need rock solid operational hygiene.
(03:45):
Bite me, scammers, This one's for the good guys. Each
story today dares you to rethink what safe looks like
on the web. Dodgy file formats, mimicry so perfect it's uncanny.
Verification steps that devil is compromised. Code the battlefield everywhere,
Stay curious, stay skeptical, and scan for those digital fingerprints.
(04:06):
Finnhack's heart pumps pure empathy for every mark and every
would be target. We don't shame because every click is
a lesson your best shield, guts, wit, and a double
helping of skepticism. You survived another wild episode of scam
chronicles a new mark every week. Thanks for tuning into
my gata driven mayhem. Subscribe for next week's bonanza of hacks,
(04:29):
tricks and hacker tails. Let's keep punching up together for more.
This has been a quiet please production check out Quiet
please dot ai
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.