Full Report
In this special live episode of Hacking Humans, recorded at ThreatLocker’s Zero Trust World 2025 conference in Orlando, Florida, Dave Bittner is joined by T-Minus host Maria Varmazis. Together, they explore the latest in social engineering scams, phishing schemes, and cybercriminal exploits making headlines. Their guest, Seamus Lennon, ThreatLocker’s VP of Operations for EMEA, shares insights on Zero Trust security and the evolving threat landscape. Maria's story this week follows the IRS warning about a fake “Self Employment Tax Credit” scam on social media, urging taxpayers to ignore misinformation and consult professionals. Dave's got the story of the Better Business Bureau’s annual Scam Tracker report, revealing that online shopping scams continue to top the list for the fifth year, with phishing and employment scams remaining major threats, while fraudsters increasingly use AI and deepfake technology to deceive victims. Our catch of the day comes from Diesel in West Virginia, and features a scammer who tried to panic their target with a classic “We’ve frozen your account” scam—only to get hilariously mixed up with actual embryo freezing.
Analysis Summary
# Main Topic
Summary of Cyber Threats Discussed on Hacking Humans Live from ThreatLocker Zero Trust World 2025
## Key Points
- The episode focused on recent social engineering scams, phishing schemes, and cybercriminal exploits discussed by Dave Bittner, Maria Varmazis, and Seamus Lennon (ThreatLocker VP of Operations for EMEA).
- Seamus Lennon contributed insights regarding Zero Trust security models in the context of the evolving threat landscape.
- The Better Business Bureau’s (BBB) annual Scam Tracker report indicated that **online shopping scams** have topped the list for the fifth consecutive year.
- Phishing and employment scams remain significant threats in the current threat environment.
- Fraudsters are increasingly leveraging **AI and deepfake technology** to enhance deception tactics.
## Threat Actors
- Threat actors are generally motivated by financial gain (as seen in scams like the IRS and online shopping fraud).
- No specific APT or named group was attributed in the context provided, but general cybercriminals employing social engineering are the focus.
## TTPs
- **Social Engineering:** General reliance on creating psychological pressure or urgency to manipulate victims.
- **Phishing/Vishing:** Use of deceptive communications (implied via IRS text scam mention).
- **Impersonation:** Fraudsters impersonate legitimate entities (e.g., the IRS).
- **Emerging TTPs:** Increasing use of **AI and deepfake technology** to create more convincing scams.
- **Specific Reported Scams:**
1. **Fake IRS "Self Employment Tax Credit":** Scams distributed via social media targeting tax implications.
2. **"We’ve frozen your account" scam:** A classic panic-inducing technique where scammers claim immediate action is needed regarding a financial account.
3. **Online Shopping Scams:** Ranked as the number one scam type by the BBB for five years.
## Affected Systems
- **Victims/Targets:** Taxpayers (specifically regarding the IRS scam) and general consumers/shoppers (regarding online shopping scams).
- **Platforms:** Social media (vector for the IRS scam) and potentially banking/financial systems (in the account freezing scam).
## Mitigations
- **IRS Scam Mitigation:** Taxpayers are explicitly urged to **ignore misinformation** regarding tax credits/rebates and **consult accredited professionals** for tax advice.
- **General Security Posture:** Discussion highlights the need for Zero Trust security principles (as championed by ThreatLocker), implying a need to enforce least privilege and boundary control.
- **Consumer Vigilance:** Increased awareness regarding top scam types identified by the BBB (online shopping, phishing, employment scams).
## Conclusion
The threat landscape is characterized by persistent, high-volume scams (like online shopping fraud) coupled with an increasing sophistication derived from the adoption of AI and deepfakes. Defenses must focus both on foundational security models (Zero Trust) and increased public awareness regarding specific, high-profile impersonation campaigns, particularly those targeting financial confidence like the IRS text scams.