Who is winning the scam game?

In this episode of Hacking Humans, hosts Dave Bittner, Joe Kerrigan, and Maria Vermazis explore the evolving landscape of social engineering scams, emphasizing that while attackers are leveraging AI and sophisticated techniques like deepfakes, the core vulnerabilities remain human psychology. The episode opens with a real-world case of a man on a U.S. work visa arrested in Louisiana for attempting to collect $800,000 in gold as part of a widespread scam where victims were tricked into transferring funds to purchase gold, which was then sold by complicit jewelry stores. The hosts break down the physical reality of that amount—equivalent to about the size of a bowling ball—highlighting the tangible risk behind digital fraud. They then shift focus to a new threat group targeting BPOs (Business Process Outsourcers) using phishing kits to bypass multi-factor authentication via fake Okta login pages, underscoring the need for hardware-based FIDO2 keys like YubiKeys. A compelling interview with CISO and psychology professor Sean Colicchio follows, where he reveals how AI is amplifying social engineering but not changing the underlying psychological triggers—authority, urgency, familiarity. He advocates for training that balances novelty with fundamentals, encourages slowing down, trusting instincts, and using peer consultation to counteract manipulation. The episode closes with a list of '10 Hard Stop Rules' for online scams, including never sharing credentials, avoiding QR codes, and recognizing secrecy as a red flag. The hosts reflect on how simple, human-centered behaviors—like pausing before acting—remain the most effective defense.