October 28, 2025 • 4 mins
# Scammed: Real People, Real Ripoffs - EP24: Campus Payroll Heists & Crypto Cons
Join cybersecurity expert Finn Hack as he dissects the latest digital dangers threatening everyday people. This episode explores the Storm-2657 university payroll attacks that compromised MFA systems, the rising trend of cryptocurrency pig-butchering romance scams, and the sophisticated WinRAR vulnerability exploited by the Gamaredon group. Learn practical defense strategies against social engineering tactics that bypass even advanced security systems. Essential listening for anyone who values their digital safety in 2025.
Some great Deals https://amzn.to/49SJ3Qs
For more check out http://www.quietplease.ai
This content was created in partnership and with the help of Artificial Intelligence AI
Join cybersecurity expert Finn Hack as he dissects the latest digital dangers threatening everyday people. This episode explores the Storm-2657 university payroll attacks that compromised MFA systems, the rising trend of cryptocurrency pig-butchering romance scams, and the sophisticated WinRAR vulnerability exploited by the Gamaredon group. Learn practical defense strategies against social engineering tactics that bypass even advanced security systems. Essential listening for anyone who values their digital safety in 2025.
Some great Deals https://amzn.to/49SJ3Qs
For more check out http://www.quietplease.ai
This content was created in partnership and with the help of Artificial Intelligence AI
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Thin hacks in the stack. Let's unpack the attack. Welcome
data streamers to scammed, real people, real ripoffs on finn haack,
meon green, harrow, blaze, trench coat, flickering, binary tattoos, pulsing,
and I'm on a mission. Spill the secrets of the
slickest scam snagging everyday folks. Sourced hot from Today's Digital Trenches.
(00:21):
Story one payroll piracy on campus. In March twenty twenty five,
universities across the US faced an invader not with black hoodies,
but browser tabs and cunning. A hacking group called Storm
two six five seven launched what Microsoft dubbed pirate payroll attacks.
Carefully crafted phishing emails impersonating HR or university brass warn
(00:44):
staff about emergencies, a campus illness, investigations, urgent documents. Click
the link, log in on the fake site, and boom,
your credentials and MFA codes beamed straight to the attacker.
They didn't just steal passwords, they rein rolled their own
phone as your multi factor authentication device. That's like letting
(01:04):
a burglar clone your house key while eating your favorite cereal.
From eleven cracked mailboxes at three campuses, the storm spread
sending six thousand fake emails to people in twenty five universities.
Using inbox rules, the attackers hid any payroll change alerts,
siphoning salaries into their own accounts. A digital heist nearly invisible,
(01:25):
all possible not by breaking workday, but by wielding the
dark arts of social engineering and exploiting human trust. Hook
line and scammer, Are you checking links? Or are you
the next star in a payroll horror show? Queue the
crypto craze. The year is twenty twenty five, and if
(01:49):
you blinked, you missed another million dollar rug. According to
crypto scam trackers and the California Department of Financial Protection
and Innovation, pig Butchering romance scams have spiked. Picture this,
You swipe right, you chat, you trust, and suddenly your
new partner wants you to invest together in hot new
coins through a special platform. You see real looking dashboards,
(02:12):
stage wins, urgent bonuses if you add more. When you
try to withdraw, hidden fees appear and poof. After enough
emotional and financial investment, that lover vanishes like a politician.
On November third, fake job offers are booming too with
crypto exchange Kraken warning that scammers clone official profiles on LinkedIn, discord, Telegram,
(02:35):
or email offering jobs or partnerships. They build rapport then
ask for crypto training, fees or seed phrases. Real employers
never ask for payments, and if they do, you better
run faster than my penguin packets sniffing a threat. Remember
when a scammer wants your keys, they want your treasure chest.
Don't hand them the loot. Bite me, scammers, This one's
(02:57):
for the good guys for techno files. Here's a third twist,
government fishing Win Raw edition. The notorious Gannareton group cooked
up clever scams targeting government entities using a fresh win
RAAR vulnerability patched only recently. Here's the trick. Victims received
emails with benign looking PDF files inside a compressed archive,
(03:20):
but hiding under the hood was a payload exploiting CVE
DASH two zero two five DASH eight zero eight eight
a path traversal bug. Picture your ZIP file as a
magician's hat. Reach in, and you accidentally unleash a malware
rabbit right into your system startup without any obvious sleight
of hand. All victims had to do was open, the
document inside, and a hidden htmail application file nestled into
(03:44):
the startup folder, launching data stealer bots. After the next READEID,
governments and enterprises relying on outdated win rar versions found
themselves exposed, with attackers able to deploy malware and swipe keystrokes, passwords,
and sensit files, all without triggering security alarms. Codes cracked,
cons are whacked the lesson patch your software like you'd
(04:07):
update your firewall. Tattoos often and with gusto. These tales
aren't just cautionary, they're a wake up call. Social engineering
is the real code exploit, human error, the real root vulnerability,
whether it's payroll pirates, cryptocons, or zip file trickery. Awareness
is the only upgrade that never faces obsolescence. Thanks for
(04:29):
tuning into scammed, real people, real ripoffs. Join me next
week for another bite sized dive into digital danger. Don't
forget to subscribe and spread the word. Finn hacks watching
the stack so you won't be the next hack. This
has been a quiet please production. For more check out
Quiet Please dot ai
Thin hacks in the stack. Let's unpack the attack. Welcome
data streamers to scammed, real people, real ripoffs on finn haack,
meon green, harrow, blaze, trench coat, flickering, binary tattoos, pulsing,
and I'm on a mission. Spill the secrets of the
slickest scam snagging everyday folks. Sourced hot from Today's Digital Trenches.
(00:21):
Story one payroll piracy on campus. In March twenty twenty five,
universities across the US faced an invader not with black hoodies,
but browser tabs and cunning. A hacking group called Storm
two six five seven launched what Microsoft dubbed pirate payroll attacks.
Carefully crafted phishing emails impersonating HR or university brass warn
(00:44):
staff about emergencies, a campus illness, investigations, urgent documents. Click
the link, log in on the fake site, and boom,
your credentials and MFA codes beamed straight to the attacker.
They didn't just steal passwords, they rein rolled their own
phone as your multi factor authentication device. That's like letting
(01:04):
a burglar clone your house key while eating your favorite cereal.
From eleven cracked mailboxes at three campuses, the storm spread
sending six thousand fake emails to people in twenty five universities.
Using inbox rules, the attackers hid any payroll change alerts,
siphoning salaries into their own accounts. A digital heist nearly invisible,
(01:25):
all possible not by breaking workday, but by wielding the
dark arts of social engineering and exploiting human trust. Hook
line and scammer, Are you checking links? Or are you
the next star in a payroll horror show? Queue the
crypto craze. The year is twenty twenty five, and if
(01:49):
you blinked, you missed another million dollar rug. According to
crypto scam trackers and the California Department of Financial Protection
and Innovation, pig Butchering romance scams have spiked. Picture this,
You swipe right, you chat, you trust, and suddenly your
new partner wants you to invest together in hot new
coins through a special platform. You see real looking dashboards,
(02:12):
stage wins, urgent bonuses if you add more. When you
try to withdraw, hidden fees appear and poof. After enough
emotional and financial investment, that lover vanishes like a politician.
On November third, fake job offers are booming too with
crypto exchange Kraken warning that scammers clone official profiles on LinkedIn, discord, Telegram,
(02:35):
or email offering jobs or partnerships. They build rapport then
ask for crypto training, fees or seed phrases. Real employers
never ask for payments, and if they do, you better
run faster than my penguin packets sniffing a threat. Remember
when a scammer wants your keys, they want your treasure chest.
Don't hand them the loot. Bite me, scammers, This one's
(02:57):
for the good guys for techno files. Here's a third twist,
government fishing Win Raw edition. The notorious Gannareton group cooked
up clever scams targeting government entities using a fresh win
RAAR vulnerability patched only recently. Here's the trick. Victims received
emails with benign looking PDF files inside a compressed archive,
(03:20):
but hiding under the hood was a payload exploiting CVE
DASH two zero two five DASH eight zero eight eight
a path traversal bug. Picture your ZIP file as a
magician's hat. Reach in, and you accidentally unleash a malware
rabbit right into your system startup without any obvious sleight
of hand. All victims had to do was open, the
document inside, and a hidden htmail application file nestled into
(03:44):
the startup folder, launching data stealer bots. After the next READEID,
governments and enterprises relying on outdated win rar versions found
themselves exposed, with attackers able to deploy malware and swipe keystrokes, passwords,
and sensit files, all without triggering security alarms. Codes cracked,
cons are whacked the lesson patch your software like you'd
(04:07):
update your firewall. Tattoos often and with gusto. These tales
aren't just cautionary, they're a wake up call. Social engineering
is the real code exploit, human error, the real root vulnerability,
whether it's payroll pirates, cryptocons, or zip file trickery. Awareness
is the only upgrade that never faces obsolescence. Thanks for
(04:29):
tuning into scammed, real people, real ripoffs. Join me next
week for another bite sized dive into digital danger. Don't
forget to subscribe and spread the word. Finn hacks watching
the stack so you won't be the next hack. This
has been a quiet please production. For more check out
Quiet Please dot ai
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies!
The Breakfast Club
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!