September 18, 2025 • 4 mins
# Finn Hack's Scam Chronicles: The Evolution of Trust Exploitation
In this pulse-pounding episode, cybersecurity expert Finn Hack dissects three sophisticated scams that bypass traditional security measures. Discover how criminals leverage Google AppSheet's legitimate email servers for phishing, analyze Michigan Treasury impersonation schemes, and explore state-sponsored semiconductor industry espionage. Finn reveals why trust has become our greatest vulnerability in an age where authentication systems themselves are weaponized against users. Learn practical defense strategies against social engineering tactics that exploit human psychology rather than technical vulnerabilities.
Some great Deals https://amzn.to/49SJ3Qs
For more check out http://www.quietplease.ai
This content was created in partnership and with the help of Artificial Intelligence AI
In this pulse-pounding episode, cybersecurity expert Finn Hack dissects three sophisticated scams that bypass traditional security measures. Discover how criminals leverage Google AppSheet's legitimate email servers for phishing, analyze Michigan Treasury impersonation schemes, and explore state-sponsored semiconductor industry espionage. Finn reveals why trust has become our greatest vulnerability in an age where authentication systems themselves are weaponized against users. Learn practical defense strategies against social engineering tactics that exploit human psychology rather than technical vulnerabilities.
Some great Deals https://amzn.to/49SJ3Qs
For more check out http://www.quietplease.ai
This content was created in partnership and with the help of Artificial Intelligence AI
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Finn hacks in the stack. Let's unpack the attack. Welcome
back to scam chronicles, a new mark every week with
your favorite digital dynamo, Finn Hack helsing Neon Green and
streaming that pixel perfect energy through your speakers. Slide into
your VPNs, zip up those firewalls, because tonight I'm serving
you three mind blowing real world tales where scammers out
(00:23):
fox the usual defenses, each scheme more devious than the last.
Are you ready for the ride? Bite by bite, Let's
get into it. First up, picture this trusted platforms, zero
code dreams, and a phishing nightmare. According to the latest
report from hack read and Nobe four threat Labs, scammers
in twenty twenty five have gone full white collar cyber illusionist,
(00:46):
riding Google appshet like it's their own getaway drone. Here's
how they did it using real authenticated apsheet email servers
think digital wolves draped in Sheep's encryption that they sent
out trademark enforceant notices through actualapsheet dot com addresses, totally
authentic headers SPF dk M, the whole geek alphabet soup
(01:09):
passed like a pro Recipients lulled by brand familiarity, clicked
through to slickly forged login pages, funneled through tricky URL shorteners,
handing over credentials on a platinum platter, hook line and scammer.
It was fishing, but not like Grandma's email spam. A
social engineering ballet where trust itself becomes the trojan horse
(01:31):
the techie twist. As security systems lean on authentication, the
bad actors leverage cloud legitimacy, hitching a ride on the
very rails meant to keep us safe. Makes you wonder
if legitimacy isn't enough, what's left to trust in your inbox?
(01:51):
Now slide into story two, a classic case of digital
identity of duction, straight out of Michigan's headlines this September.
Imagine your phone chirping the text from the Department of Treasury.
Your refund's ready, but wait, we need your bank info
or you lose it. Sounds urgent. That's the master stroke.
(02:11):
According to the Michigan Department of Treasury, scammers are sending
out urgent texts, mimicking state agencies, pushing targets to click
links or cough up sensitive data. Here's the kicker. The
real Treasury never text for banking info only legit snail
mail baby, Yet the scam sweeps across the state because
urgency hacks the brain bypassing logic with that Tetris block
(02:35):
fit anxiety. When you get these, think if the government's
pinging you out of the blue, is it really the government?
Codes cracked, cons are whacked. But for our grand finale,
let's jump straight into the semiconductor Twilight War, where state
level hackers blur the line between espionage and extortion. This
(02:55):
summer proof Point reports that the Chinese aligned group TA
four one five, known as Wicked Panda APT four one
let's call them the multimat with APT four to one,
went after US and Taiwan E semiconductor organizations with spearfishing
stunts fit for a heist flick. Their secret weapon legendary impersonations.
(03:17):
Emails appeared from real high ranking officials think US China
Business Council, Congressional Committee chairs, polling in targets for exclusive
briefings or urgent law drafts. The payload links to malware
infected archives stashed on dropbox, Zoho or OpenDRIVE, with all
communication masked behind real sounding individuals, and even IP addresses
(03:40):
tricked through cloud flare, warp vp ends, it's IP spoofing.
Imagine putting a sticker over your car's plates as you
whizz through toll boots. Only you're zooming through the Internet's heart,
invisible to most gatekeepers. For hackers, the goal wasn't just money,
but strategic data fueling global competition. Suspenseful, oh you bet,
(04:02):
but also a chilling look at just how high stakes
social engineering has become. I want every listener to remember,
the oldest vulnerability isn't in your code, it's thing your trust.
Bite me, scammers, this one's for the good guys. Be wary,
be weird, be wary about what you click, and be
wonderfully skeptical when a government official or trusted brand slides
(04:25):
into your DMS. If it sounds too real to be true,
maybe it's a high red simulation engineered to fit your
blind spots. That's all for tonight's scam chronicles, a new
mark every week. Thanks for tuning in, Digital Defenders. Come
back next week, keep your guard up, and don't forget
to subscribe. This has been a quiet please production. For
(04:47):
more check out Quiet please dot ai
Finn hacks in the stack. Let's unpack the attack. Welcome
back to scam chronicles, a new mark every week with
your favorite digital dynamo, Finn Hack helsing Neon Green and
streaming that pixel perfect energy through your speakers. Slide into
your VPNs, zip up those firewalls, because tonight I'm serving
you three mind blowing real world tales where scammers out
(00:23):
fox the usual defenses, each scheme more devious than the last.
Are you ready for the ride? Bite by bite, Let's
get into it. First up, picture this trusted platforms, zero
code dreams, and a phishing nightmare. According to the latest
report from hack read and Nobe four threat Labs, scammers
in twenty twenty five have gone full white collar cyber illusionist,
(00:46):
riding Google appshet like it's their own getaway drone. Here's
how they did it using real authenticated apsheet email servers
think digital wolves draped in Sheep's encryption that they sent
out trademark enforceant notices through actualapsheet dot com addresses, totally
authentic headers SPF dk M, the whole geek alphabet soup
(01:09):
passed like a pro Recipients lulled by brand familiarity, clicked
through to slickly forged login pages, funneled through tricky URL shorteners,
handing over credentials on a platinum platter, hook line and scammer.
It was fishing, but not like Grandma's email spam. A
social engineering ballet where trust itself becomes the trojan horse
(01:31):
the techie twist. As security systems lean on authentication, the
bad actors leverage cloud legitimacy, hitching a ride on the
very rails meant to keep us safe. Makes you wonder
if legitimacy isn't enough, what's left to trust in your inbox?
(01:51):
Now slide into story two, a classic case of digital
identity of duction, straight out of Michigan's headlines this September.
Imagine your phone chirping the text from the Department of Treasury.
Your refund's ready, but wait, we need your bank info
or you lose it. Sounds urgent. That's the master stroke.
(02:11):
According to the Michigan Department of Treasury, scammers are sending
out urgent texts, mimicking state agencies, pushing targets to click
links or cough up sensitive data. Here's the kicker. The
real Treasury never text for banking info only legit snail
mail baby, Yet the scam sweeps across the state because
urgency hacks the brain bypassing logic with that Tetris block
(02:35):
fit anxiety. When you get these, think if the government's
pinging you out of the blue, is it really the government?
Codes cracked, cons are whacked. But for our grand finale,
let's jump straight into the semiconductor Twilight War, where state
level hackers blur the line between espionage and extortion. This
(02:55):
summer proof Point reports that the Chinese aligned group TA
four one five, known as Wicked Panda APT four one
let's call them the multimat with APT four to one,
went after US and Taiwan E semiconductor organizations with spearfishing
stunts fit for a heist flick. Their secret weapon legendary impersonations.
(03:17):
Emails appeared from real high ranking officials think US China
Business Council, Congressional Committee chairs, polling in targets for exclusive
briefings or urgent law drafts. The payload links to malware
infected archives stashed on dropbox, Zoho or OpenDRIVE, with all
communication masked behind real sounding individuals, and even IP addresses
(03:40):
tricked through cloud flare, warp vp ends, it's IP spoofing.
Imagine putting a sticker over your car's plates as you
whizz through toll boots. Only you're zooming through the Internet's heart,
invisible to most gatekeepers. For hackers, the goal wasn't just money,
but strategic data fueling global competition. Suspenseful, oh you bet,
(04:02):
but also a chilling look at just how high stakes
social engineering has become. I want every listener to remember,
the oldest vulnerability isn't in your code, it's thing your trust.
Bite me, scammers, this one's for the good guys. Be wary,
be weird, be wary about what you click, and be
wonderfully skeptical when a government official or trusted brand slides
(04:25):
into your DMS. If it sounds too real to be true,
maybe it's a high red simulation engineered to fit your
blind spots. That's all for tonight's scam chronicles, a new
mark every week. Thanks for tuning in, Digital Defenders. Come
back next week, keep your guard up, and don't forget
to subscribe. This has been a quiet please production. For
(04:47):
more check out Quiet please dot ai
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.