October 18, 2025 • 5 mins
# Episode Description: Cybersecurity Alert - SVG Phishing, Whisper 2FA Scams, Google AppSheet Attacks
Join Finn Hack for an essential breakdown of 2025's most dangerous digital scams. Learn about the surge in SVG file phishing that bypasses security filters, the sophisticated Whisper 2FA attacks that steal multi-factor authentication codes, and deceptive Google AppSheet phishing campaigns sent from legitimate domains. Get practical cybersecurity advice to protect yourself from these evolving threats in this fast-paced, information-packed episode of Swipe Stories: Caught in the Con.
Some great Deals https://amzn.to/49SJ3Qs
For more check out http://www.quietplease.ai
This content was created in partnership and with the help of Artificial Intelligence AI
Join Finn Hack for an essential breakdown of 2025's most dangerous digital scams. Learn about the surge in SVG file phishing that bypasses security filters, the sophisticated Whisper 2FA attacks that steal multi-factor authentication codes, and deceptive Google AppSheet phishing campaigns sent from legitimate domains. Get practical cybersecurity advice to protect yourself from these evolving threats in this fast-paced, information-packed episode of Swipe Stories: Caught in the Con.
Some great Deals https://amzn.to/49SJ3Qs
For more check out http://www.quietplease.ai
This content was created in partnership and with the help of Artificial Intelligence AI
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Den hacks in the stack. Let's unpack the attack listeners,
tune up your firewalls, and strap in tight. Your favorite
neon haired retigade is live with another episode of swipe Stories.
Caught in the con you already know. I'm Finn, your
digital mischief maker with the binary tattoos and a heart
as big as a terabyte. Tonight, I'm bringing you three
(00:22):
true tails from the bleeding edge of scam Land. These
con artists are hot on our digital heels. Let's see
if we can outswagger their swindle. First up, let's drop
into the storm of SVG file fishing hawks. Hunt analysts
have seen a wild leap in SVG attachments used for
fishing in twenty twenty five. March saw spike where SVG's
(00:43):
accounted for fifteen percent of all malicious attachments. Like little
digital trojan horses, the scam is simple, wickedly effective, and
slicker than a quantum slipstream. Picture it. You get an email.
Maybe it looks like salary news from HR or a
bonus offer. Click the link, download a tiny SGG file
and it flashes up a prompt for your password. Boom,
(01:06):
You're shunted to a fake login screen that slurps up
your Microsoft credentials like a code vampire y SVG because
email gateways see the file as just an image, letting
the con slip past defensive shields. Here's where Finn gets geeky.
Those svgs hide payloads in base sixty four blobs and
x listen hffs, making tracking them like chasing a cyber
(01:30):
chameleon through a jungle of obfuscation. Codes cracked, cons are whacked.
Cvgs might be the new star on the scam stage,
but knowledge is your superpower. Hover before you click, and
question every document that lands in your inbox. Hook line
and scammer. Next, let's zoom into fishing as a service
(01:50):
with whisper to Fa. Arracuda Research reports nearly a million
attacks with this kit since July. Whisper to Fa doesn't
stop at nabbing your pass. It loops squeezing out MFA
codes using ajax for real time credential relays, fetch your
a con so smooth, it mimics legit login pages, snags
your first code, and keeps asking until a valid token
(02:13):
pops out. Bypassing the usual two FA barricade, the phishing
emails where the skins of trusted brands like Microsoft three
sixty five or DocuSign flashing fake invoices and urgent notices.
And here's a fin tangent. Think of NFA fatigue attacks
like evil pop ups in a lackamolarcade game. The con
just bombards you until you slam the approval out of
(02:36):
sheer frustration. The new wave of fasts, or phishing as
a service means cons aren't lone wolves. They're now run
by entire professional outfits, updating their kits like hackers patching
a game. Validate each login, and never trust a form
that feels off, especially when it asks for more than
a password. Now, for a third escapade, do Google app
(02:58):
Sheet tuests it into a single passing form network and
keeps it as though the context was heavily made by
one of the best networks of our finding. Since March,
NJCCIC and hack read have called out a surgeon scams
leveraging Google's AppSheet with one April spike where eleven percent
of all global fishing emails use this method. The attacks
(03:19):
come from nor reply at AppSheet dot com, which trust me,
is a real Google domain, sliding right past span filters
the email pitches a fake trademark enforcement notice, complete with
legal speak and threats that get your adrenaline surging. Since
it's from Google's own servers and passes every security check,
you get zero red flags. Finn's favorite metaphor for this
(03:41):
con it's like a pickpocket dressed as your bank teller,
smiling and handing out lollipops as they filter your wallet.
The twist, even techsavvy folks get duped because the platform
is trusted and the content fits innocent workflow patterns. Here,
Finn suggests, if the context feels off, Verify through another channel,
brands our bulletproof question the rush check. Those URLs don't
(04:05):
let urgency override common sense. Tonight's Trio of Tales shows
that in twenty twenty five, scammers ride high on emotion, novelty,
and trusted platforms, blending into the flow of digital life
like Ninja code. Our vulnerabilities aren't just in the hardware.
They're in our habits, our trust, and the everyday chaos
(04:27):
of emails, pop ups, and alerts. If you take one
thing for me, Tonight, it's this Bite me scammers. This
one's for the good guys. Stay sharp, share your stories
and never act in fear or haste. Thanks for tuning
in to Slipe stories cotting the con with your host
(04:49):
Finn Hack. Subscribe to stay ahead of the curve and
come back next week for more real tales ripped from
the Internet's darkest corners. This has been a quiet Please
production for if your check out quiet Please got a
EE
Den hacks in the stack. Let's unpack the attack listeners,
tune up your firewalls, and strap in tight. Your favorite
neon haired retigade is live with another episode of swipe Stories.
Caught in the con you already know. I'm Finn, your
digital mischief maker with the binary tattoos and a heart
as big as a terabyte. Tonight, I'm bringing you three
(00:22):
true tails from the bleeding edge of scam Land. These
con artists are hot on our digital heels. Let's see
if we can outswagger their swindle. First up, let's drop
into the storm of SVG file fishing hawks. Hunt analysts
have seen a wild leap in SVG attachments used for
fishing in twenty twenty five. March saw spike where SVG's
(00:43):
accounted for fifteen percent of all malicious attachments. Like little
digital trojan horses, the scam is simple, wickedly effective, and
slicker than a quantum slipstream. Picture it. You get an email.
Maybe it looks like salary news from HR or a
bonus offer. Click the link, download a tiny SGG file
and it flashes up a prompt for your password. Boom,
(01:06):
You're shunted to a fake login screen that slurps up
your Microsoft credentials like a code vampire y SVG because
email gateways see the file as just an image, letting
the con slip past defensive shields. Here's where Finn gets geeky.
Those svgs hide payloads in base sixty four blobs and
x listen hffs, making tracking them like chasing a cyber
(01:30):
chameleon through a jungle of obfuscation. Codes cracked, cons are whacked.
Cvgs might be the new star on the scam stage,
but knowledge is your superpower. Hover before you click, and
question every document that lands in your inbox. Hook line
and scammer. Next, let's zoom into fishing as a service
(01:50):
with whisper to Fa. Arracuda Research reports nearly a million
attacks with this kit since July. Whisper to Fa doesn't
stop at nabbing your pass. It loops squeezing out MFA
codes using ajax for real time credential relays, fetch your
a con so smooth, it mimics legit login pages, snags
your first code, and keeps asking until a valid token
(02:13):
pops out. Bypassing the usual two FA barricade, the phishing
emails where the skins of trusted brands like Microsoft three
sixty five or DocuSign flashing fake invoices and urgent notices.
And here's a fin tangent. Think of NFA fatigue attacks
like evil pop ups in a lackamolarcade game. The con
just bombards you until you slam the approval out of
(02:36):
sheer frustration. The new wave of fasts, or phishing as
a service means cons aren't lone wolves. They're now run
by entire professional outfits, updating their kits like hackers patching
a game. Validate each login, and never trust a form
that feels off, especially when it asks for more than
a password. Now, for a third escapade, do Google app
(02:58):
Sheet tuests it into a single passing form network and
keeps it as though the context was heavily made by
one of the best networks of our finding. Since March,
NJCCIC and hack read have called out a surgeon scams
leveraging Google's AppSheet with one April spike where eleven percent
of all global fishing emails use this method. The attacks
(03:19):
come from nor reply at AppSheet dot com, which trust me,
is a real Google domain, sliding right past span filters
the email pitches a fake trademark enforcement notice, complete with
legal speak and threats that get your adrenaline surging. Since
it's from Google's own servers and passes every security check,
you get zero red flags. Finn's favorite metaphor for this
(03:41):
con it's like a pickpocket dressed as your bank teller,
smiling and handing out lollipops as they filter your wallet.
The twist, even techsavvy folks get duped because the platform
is trusted and the content fits innocent workflow patterns. Here,
Finn suggests, if the context feels off, Verify through another channel,
brands our bulletproof question the rush check. Those URLs don't
(04:05):
let urgency override common sense. Tonight's Trio of Tales shows
that in twenty twenty five, scammers ride high on emotion, novelty,
and trusted platforms, blending into the flow of digital life
like Ninja code. Our vulnerabilities aren't just in the hardware.
They're in our habits, our trust, and the everyday chaos
(04:27):
of emails, pop ups, and alerts. If you take one
thing for me, Tonight, it's this Bite me scammers. This
one's for the good guys. Stay sharp, share your stories
and never act in fear or haste. Thanks for tuning
in to Slipe stories cotting the con with your host
(04:49):
Finn Hack. Subscribe to stay ahead of the curve and
come back next week for more real tales ripped from
the Internet's darkest corners. This has been a quiet Please
production for if your check out quiet Please got a
EE
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies!
The Breakfast Club
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!