September 4, 2025 • 4 mins
# Scam Chronicles: Inside the Latest PayPal, Apple Pay & Baltimore BEC Attacks
Join cybersecurity expert Finn Hack as he breaks down three sophisticated scams trending in March 2025. Discover how criminals are using IP spoofing to create convincing PayPal phishing emails that trick users into adding unauthorized secondary accounts. Learn about the dangerous Apple Pay Phantom Invoice scheme using fake DocuSign credentials, and examine how Baltimore lost $1.5 million through a business email compromise attack. Get practical defense strategies against these evolving threats in this high-energy, information-packed episode that goes beyond the basics of cybersecurity awareness.
Some great Deals https://amzn.to/49SJ3Qs
For more check out http://www.quietplease.ai
This content was created in partnership and with the help of Artificial Intelligence AI
Join cybersecurity expert Finn Hack as he breaks down three sophisticated scams trending in March 2025. Discover how criminals are using IP spoofing to create convincing PayPal phishing emails that trick users into adding unauthorized secondary accounts. Learn about the dangerous Apple Pay Phantom Invoice scheme using fake DocuSign credentials, and examine how Baltimore lost $1.5 million through a business email compromise attack. Get practical defense strategies against these evolving threats in this high-energy, information-packed episode that goes beyond the basics of cybersecurity awareness.
Some great Deals https://amzn.to/49SJ3Qs
For more check out http://www.quietplease.ai
This content was created in partnership and with the help of Artificial Intelligence AI
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Finnhacks in the stack. Let's unpack the attack. Welcome digital
thrill seekers to scam chronicles, a new mark every week
where your high voltage host finhack that's me dives into
text shady shadows, spotlights the crooks, and rewires your brain
for cyber hyphen smarts. Pour yourself a neon shot of caution.
(00:21):
Because tonight's stories flicker straight from the freshest Internet search trends,
social posts and knowledge feeds. Timestamped March seventeenth, twenty twenty five.
Ready for a triple byte showdown, Let's go story the
first the PayPal panic button. Last month, a phishing scheme
surged through inboxes across the globe, all dressed up in
(00:42):
digital sheep's clothing. According to gb hackers, the message looked
ultra official, like it teleported straight from service at PayPal
dot com dash but with a sneaky subject line. Set
up your account profile inside panic fuel a nine hundred
and ten dollars and forty five cents charge at krakend
(01:03):
dot com. Listeners. That's not just a number, it's an
emotional hack. You click the link thinking you're protesting the charge,
but plot twist the url leads to the real PayPal site,
subtly guiding you to add a secondary user. That user
(01:24):
are scammer, who now empties your wallet using legit access
you unwittingly gave classic fishing with five dimensional chests. Here's
the tech behind the trick IP spoofing. Imagine a hacker
wearing an invisibility cloak that fools airport security into thinking
they're your grandma. It's that deceptive hook line and scammer
(01:46):
best defense. Ignore the link. Go to payall dot com
yourself and log in fresh. But hang tight because next
is the Apple pay phantom invoice, and it's a doozy
as reported by web prone US, and blast it across
x by cybersecurity watchers. Scammer's masquerade as DocuSign to send
emails mimicking Apple pay disputes the email flawless. The attached
(02:11):
pdf captured lost, captured, meat, captured lost, so perfect you'd
hang it on your fridge if it weren't poisonous. The
fake number connects you to support aka high pressure fraudsters
who vacuum your bank details or demand cryptotainments. Think you're
safe if you see DocuSign branding. Not anymore these crooks
(02:34):
are exploiting APIs. Think of it like building a knockoff
spaceship that docs right into NASA undetected. One X user
describe watching an acquaintance as Wallach get drained within minutes.
Cook line and scammer pro move. If you get a
notification about an unexpected charge, always call Apple or the
bank directly, never the number in the email. Ready for
(02:56):
the third act. Baltimore's megabec bust. This isn't a password fish.
This is a full blown boardroom heist. According to Security Affairs,
the city of Baltimore lost over one dollar and five
cents after scammers impersonated a legit contractor using fake forms
and emails. It started with a subtle social engineering tap,
(03:17):
a request to change bank details. No alarms triggered. Two
payments eight hundred three thousand and seven hundred twenty one
thousand vanished into the scammer's ether account. The city scrambled
and recovered only half. I call this a low and
slow hack. Its brisket on the barbecue, not a quick
zap the lesson. Even big institutions with firewalls dicker than
(03:39):
my glitchy trench coat can fold with zero verifications and
staff untrained in the fine art of digital skepticism. Codes cracked,
cons are whacked? Want to stay out of these headlines?
Verify changes by an old fashioned phone call to a
NO number. A little analog can go a long way.
Who listeners? What a stack? What are these stories have
(04:00):
in common? Simple? Scams evolve, but vigilance is your best firewall.
Fishing isn't just about bad spelling and pixelated logos anymore.
It's about psychological games, technical slights of hand, and exploiting
your trust in the big names you love, but fear not.
Armed with suspicion, two factor authentication and a dash of
(04:20):
Finn's mischief, you'll send these scammers packing. Bite me, scammers,
This one's for the good guys. Thanks for tuning in
to scam Chronicles a new mark every week. Remember subscribe
wherever you get your podcasts and slide back next time
for more digital danger. This has been a quiet please production.
For more check out Quiet Please dot ai
Finnhacks in the stack. Let's unpack the attack. Welcome digital
thrill seekers to scam chronicles, a new mark every week
where your high voltage host finhack that's me dives into
text shady shadows, spotlights the crooks, and rewires your brain
for cyber hyphen smarts. Pour yourself a neon shot of caution.
(00:21):
Because tonight's stories flicker straight from the freshest Internet search trends,
social posts and knowledge feeds. Timestamped March seventeenth, twenty twenty five.
Ready for a triple byte showdown, Let's go story the
first the PayPal panic button. Last month, a phishing scheme
surged through inboxes across the globe, all dressed up in
(00:42):
digital sheep's clothing. According to gb hackers, the message looked
ultra official, like it teleported straight from service at PayPal
dot com dash but with a sneaky subject line. Set
up your account profile inside panic fuel a nine hundred
and ten dollars and forty five cents charge at krakend
(01:03):
dot com. Listeners. That's not just a number, it's an
emotional hack. You click the link thinking you're protesting the charge,
but plot twist the url leads to the real PayPal site,
subtly guiding you to add a secondary user. That user
(01:24):
are scammer, who now empties your wallet using legit access
you unwittingly gave classic fishing with five dimensional chests. Here's
the tech behind the trick IP spoofing. Imagine a hacker
wearing an invisibility cloak that fools airport security into thinking
they're your grandma. It's that deceptive hook line and scammer
(01:46):
best defense. Ignore the link. Go to payall dot com
yourself and log in fresh. But hang tight because next
is the Apple pay phantom invoice, and it's a doozy
as reported by web prone US, and blast it across
x by cybersecurity watchers. Scammer's masquerade as DocuSign to send
emails mimicking Apple pay disputes the email flawless. The attached
(02:11):
pdf captured lost, captured, meat, captured lost, so perfect you'd
hang it on your fridge if it weren't poisonous. The
fake number connects you to support aka high pressure fraudsters
who vacuum your bank details or demand cryptotainments. Think you're
safe if you see DocuSign branding. Not anymore these crooks
(02:34):
are exploiting APIs. Think of it like building a knockoff
spaceship that docs right into NASA undetected. One X user
describe watching an acquaintance as Wallach get drained within minutes.
Cook line and scammer pro move. If you get a
notification about an unexpected charge, always call Apple or the
bank directly, never the number in the email. Ready for
(02:56):
the third act. Baltimore's megabec bust. This isn't a password fish.
This is a full blown boardroom heist. According to Security Affairs,
the city of Baltimore lost over one dollar and five
cents after scammers impersonated a legit contractor using fake forms
and emails. It started with a subtle social engineering tap,
(03:17):
a request to change bank details. No alarms triggered. Two
payments eight hundred three thousand and seven hundred twenty one
thousand vanished into the scammer's ether account. The city scrambled
and recovered only half. I call this a low and
slow hack. Its brisket on the barbecue, not a quick
zap the lesson. Even big institutions with firewalls dicker than
(03:39):
my glitchy trench coat can fold with zero verifications and
staff untrained in the fine art of digital skepticism. Codes cracked,
cons are whacked? Want to stay out of these headlines?
Verify changes by an old fashioned phone call to a
NO number. A little analog can go a long way.
Who listeners? What a stack? What are these stories have
(04:00):
in common? Simple? Scams evolve, but vigilance is your best firewall.
Fishing isn't just about bad spelling and pixelated logos anymore.
It's about psychological games, technical slights of hand, and exploiting
your trust in the big names you love, but fear not.
Armed with suspicion, two factor authentication and a dash of
(04:20):
Finn's mischief, you'll send these scammers packing. Bite me, scammers,
This one's for the good guys. Thanks for tuning in
to scam Chronicles a new mark every week. Remember subscribe
wherever you get your podcasts and slide back next time
for more digital danger. This has been a quiet please production.
For more check out Quiet Please dot ai
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.