August 7, 2025 • 4 mins
Discover the latest cybersecurity threats in this electrifying episode of Scam Chronicles with host Finn Hack. Learn about the massive 15,000-domain TikTok Shop scam powered by AI tools, sophisticated Microsoft OAuth impersonation attacks bypassing multi-factor authentication, and the alarming 174% increase in summer mobile phishing schemes targeting vacationers. Finn breaks down how modern scammers are industrializing their operations with artificial intelligence, creating more convincing phishing attempts than ever before. Essential listening for anyone looking to protect their digital identity in an increasingly dangerous online landscape. Stay vigilant and join the cybersecurity conversation with your favorite neon-haired digital detective.
Some great Deals https://amzn.to/49SJ3Qs
For more check out http://www.quietplease.ai
This content was created in partnership and with the help of Artificial Intelligence AI
Some great Deals https://amzn.to/49SJ3Qs
For more check out http://www.quietplease.ai
This content was created in partnership and with the help of Artificial Intelligence AI
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Fin hacks in the stack. Let's unpack the attack. Welcome
data junkies, cyberpunks, and curious marks to scam chronicles. A
new mark every week. I'm your glitched out guide Finn
hack neon hyphen green hair on full blast, binary tattoos, glowing,
and a coat shimmering with more static than a bad
crypto connection. Buckle up, because tonight we're surfing the digital
(00:23):
meon for the hottest, wildest and realist Internet scams lighting
up feeds as of March seventeenth, twenty twenty five. Let's
start with a scam that puts the fish in fishing
with AI powered sharks circling their prey. Set your virtual rods.
The fifteen thousand domain TikTok shop scam has been reeling
in unwary shoppers across seventeen countries. Attackers spun up a
(00:47):
my numbing fifteen thousand fake tech talk shop domains, each
acting like its own sinister storefront, stocked with empty promises
and download links faker than my last deep fake profile pick.
According to when some marketing eat scammers harnessed AI tools
think worm, GPT, fraud GPT and darkburt to mass create
(01:08):
phishing sites complete with real looking QR codes and slick
payment portals, cryptocurrency drained, credit stolen the kicker. AI generated
emails now have a fifty four percent click through rate,
over four times what handwritten griffs used to score, and
these attacks scale faster than a quantum processor in overdrive,
(01:29):
hook line and scammer. Industrialized deception is the new play,
and today's fisher doesn't meet a hoodie in a basement,
just access to GPT and a few Python scripts. Story two,
Let's crack open Microsoft's vault, where trust is the trojan horse.
Proofpoint reports that new campaigns are impersonating Microsoft oof applications.
(01:51):
Imagine a login prompt as silky as a brand new
Hola dash suit, but stitched together by attackers. In March
twenty twenty five, a time any US aviation firm got
fished with a fake inventory request, the sender posing as
a trusted partner. The target was presented with a Microsoft
O off page requesting basic access click accept or cancel
(02:13):
your funnel to a capshaw, then a counterfeited Microsoft sign
in page, harvesting both your credentials and even your two
factor tokens. Why does this matter? Because These scams bypass
multi factor authentication using attacker in the middle fishing kits
relaying your login in real time like playing telephone with
a sentient shadow. Microsoft's pushed updates to block legacy off
(02:36):
by August twenty twenty five, but until then, your entra
id might as well be a welcome matt Codes cracked,
cons are whacked. This is what happens when authentications treated
like a magic password instead of a handshake at a
zero trust nightclub. Third on the docket the summertime surge
of mobile fishing or smishing, where your sunlit vacation suddenly
(02:59):
morphs in to a scam storm. As highlighted by RG
cyber and Checkpoint. Summer twenty twenty five has seen a
one hundred and seventy four percent annual jump and fake
delivery text and booking lures, with forty two percent of
UK users receiving at least one dodgy message in the
last three months. Mobile operators keep promising better filters, but
Security for a Meticer demonstrated that new smishing messages masquerading
(03:23):
as trusted couriers or bank alerts slip past every barrier.
But here's the summer twist. Counterfeit QR codes dubbed quishing
are popping up in emails, travel posters, and even pasted
right on tourist maps. Use scan to access Wi Fi
or a city guide, and wham, a fake page appears,
hungry for your credentials and data. It's like turning a
(03:45):
city's welcome sign into a trapdoor. Why does scammers love summer? Easy?
People's guards are down, shopping is up, and that urgent
text about a delivery feels real when you're expecting a
holiday package. The perfect storm for social engineering. So net runners,
what's the bite sized lesson Every trusted icon, every QR code,
(04:06):
and even your sun splashed SMS feed can mask a
con if AI is industrializing scams. The only counter is
constant vigilance, a dash of healthy paranoia, and maybe a
friend like me watching your digital six Bite me, scammers,
this one's for the good guys. Stay sharp, don't click
unknown links, and triple check that next e commerce deal
(04:28):
thin hack out. Catch you next week for another audacious
exploit on scam chronicles a new mark every week. Thanks
for tuning in, listeners, smash that subscribe, Invite your squad,
and keep your data close This has been a quiet
please production. For more check out quite Please dot ai
Fin hacks in the stack. Let's unpack the attack. Welcome
data junkies, cyberpunks, and curious marks to scam chronicles. A
new mark every week. I'm your glitched out guide Finn
hack neon hyphen green hair on full blast, binary tattoos, glowing,
and a coat shimmering with more static than a bad
crypto connection. Buckle up, because tonight we're surfing the digital
(00:23):
meon for the hottest, wildest and realist Internet scams lighting
up feeds as of March seventeenth, twenty twenty five. Let's
start with a scam that puts the fish in fishing
with AI powered sharks circling their prey. Set your virtual rods.
The fifteen thousand domain TikTok shop scam has been reeling
in unwary shoppers across seventeen countries. Attackers spun up a
(00:47):
my numbing fifteen thousand fake tech talk shop domains, each
acting like its own sinister storefront, stocked with empty promises
and download links faker than my last deep fake profile pick.
According to when some marketing eat scammers harnessed AI tools
think worm, GPT, fraud GPT and darkburt to mass create
(01:08):
phishing sites complete with real looking QR codes and slick
payment portals, cryptocurrency drained, credit stolen the kicker. AI generated
emails now have a fifty four percent click through rate,
over four times what handwritten griffs used to score, and
these attacks scale faster than a quantum processor in overdrive,
(01:29):
hook line and scammer. Industrialized deception is the new play,
and today's fisher doesn't meet a hoodie in a basement,
just access to GPT and a few Python scripts. Story two,
Let's crack open Microsoft's vault, where trust is the trojan horse.
Proofpoint reports that new campaigns are impersonating Microsoft oof applications.
(01:51):
Imagine a login prompt as silky as a brand new
Hola dash suit, but stitched together by attackers. In March
twenty twenty five, a time any US aviation firm got
fished with a fake inventory request, the sender posing as
a trusted partner. The target was presented with a Microsoft
O off page requesting basic access click accept or cancel
(02:13):
your funnel to a capshaw, then a counterfeited Microsoft sign
in page, harvesting both your credentials and even your two
factor tokens. Why does this matter? Because These scams bypass
multi factor authentication using attacker in the middle fishing kits
relaying your login in real time like playing telephone with
a sentient shadow. Microsoft's pushed updates to block legacy off
(02:36):
by August twenty twenty five, but until then, your entra
id might as well be a welcome matt Codes cracked,
cons are whacked. This is what happens when authentications treated
like a magic password instead of a handshake at a
zero trust nightclub. Third on the docket the summertime surge
of mobile fishing or smishing, where your sunlit vacation suddenly
(02:59):
morphs in to a scam storm. As highlighted by RG
cyber and Checkpoint. Summer twenty twenty five has seen a
one hundred and seventy four percent annual jump and fake
delivery text and booking lures, with forty two percent of
UK users receiving at least one dodgy message in the
last three months. Mobile operators keep promising better filters, but
Security for a Meticer demonstrated that new smishing messages masquerading
(03:23):
as trusted couriers or bank alerts slip past every barrier.
But here's the summer twist. Counterfeit QR codes dubbed quishing
are popping up in emails, travel posters, and even pasted
right on tourist maps. Use scan to access Wi Fi
or a city guide, and wham, a fake page appears,
hungry for your credentials and data. It's like turning a
(03:45):
city's welcome sign into a trapdoor. Why does scammers love summer? Easy?
People's guards are down, shopping is up, and that urgent
text about a delivery feels real when you're expecting a
holiday package. The perfect storm for social engineering. So net runners,
what's the bite sized lesson Every trusted icon, every QR code,
(04:06):
and even your sun splashed SMS feed can mask a
con if AI is industrializing scams. The only counter is
constant vigilance, a dash of healthy paranoia, and maybe a
friend like me watching your digital six Bite me, scammers,
this one's for the good guys. Stay sharp, don't click
unknown links, and triple check that next e commerce deal
(04:28):
thin hack out. Catch you next week for another audacious
exploit on scam chronicles a new mark every week. Thanks
for tuning in, listeners, smash that subscribe, Invite your squad,
and keep your data close This has been a quiet
please production. For more check out quite Please dot ai
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.