The Art of the Innocent Ask: How Threat Actors Use Benign Conversations
Hello to all our Cyber Spring Chickens! Join host Selena Larson and guest hosts, Tim Kromphardt and Sarah Sabotka, both Senior Threat Researchers at Proofpoint. These top sleuths crack open Proofpoint’s new Human Factor series and explore one of the most deceptively dangerous tactics in a threat actor’s playbook: the benign conversation.What exactly is a benign conversation—and why is it anything but harmless? Whether it’s a simple “Do you have a minute?” or a seemingly legit job offer, these messages are often the opening moves in complex social engineering attacks used for fraud, malware delivery, and even nation-state espionage.The team dives into:The top five fraud-related benign conversation themes, including the rise of advanced fee fraudReal-world examples of job scams, gift card requests, and a Taylor Swift-themed lureThe difference between financially motivated lures and espionage-style social engineeringHow Iranian and North Korean threat actors are perfecting the art of trust-building through impersonation and tailored messagesTOAD scams (Telephone-Oriented Attack Delivery) and the power of fear and urgencyThe critical role of spoofing in making these attacks believableThe human toll and psychological manipulation behind scams like pig butchering—and why acknowledging the abuse behind them mattersFrom hijacked contact forms and fake antivirus invoices to AI-generated phone calls and scam compounds, this episode blends serious security insight with Friday vibes and candid discussion. Whether you're a seasoned threat analyst or just here for the “lure-palooza,” you’ll walk away with a sharper eye for red flags—and a deeper understanding of the evolving cyber threat landscape. Resources Mentioned:🔍 [Read the full report] https://www.proofpoint.com/us/resources/threat-reports/human-factor-social-engineering For more information about Proofpoint, check out our website. Subscribe & Follow:Stay ahead of emerging threats, and subscribe! Happy hunting!
--------
58:09
Diving Into Cyber Journalism: FOIA, Fraud, and the Fight Against Online Threats
Hello to all our Cyber Cherry Blossoms! Join host Selena Larson and guest host, Tim Kromphardt, a Senior Threat Researcher, as they chat with Andrew Couts, Senior Editor, Security and Investigations at WIRED.Andrew shares insights into his work overseeing cybersecurity coverage and investigative reporting, collaborating with newsrooms, and uncovering the hidden threats lurking in the digital world.We dive into how cybersecurity and privacy reporting has evolved, the growing risks posed by data collection and surveillance, and the challenges of informing the public around security experimentation. We also discuss:Recent investigations on ad tech, police drone surveillance, and the unintended consequences of data trackingThe rise of "pig butchering" scams and the difficulties in shutting them downHow the Freedom of Information Act (FOIA) serves as a powerful tool for uncovering hidden government actionsThe real-world dangers journalists face when reporting on cybercriminals—such as swatting and online retaliationThe double-edged sword of privacy—how encryption and digital anonymity can both protect individuals and make it harder to track cybercriminalsJoin us for a fascinating deep dive into the world of digital security, investigative journalism, and the real-life implications of living in an era where our data is constantly at risk. Resources Mentioned:Leveling Up Your Cybersecurity–WIRED Guidehttps://www.wired.com/story/phone-data-us-soldiers-spies-nuclear-germany/https://www.wired.com/story/the-age-of-the-drone-police-is-here/https://www.wired.com/story/starlink-scam-compounds/https://www.wired.com/story/alan-filion-torswats-swatting-arrest/https://www.wired.com/story/no-lives-matter-764-violence/ (Content warning: self-harm, violence) https://www.wired.com/story/the-wired-guide-to-protecting-yourself-from-government-surveillance/https://www.wired.com/story/how-to-take-photos-at-protests/ For more information about Proofpoint, check out our website. Subscribe & Follow:Stay ahead of emerging threats, and subscribe! Happy hunting!
--------
46:35
RMM Tools: The New Cybercrime Trick?
Hello to all our Remote Cyber Pals! Join host Selena Larson and guest host, Tim Kromphardt, a Senior Threat Researcher, as they chat with Staff Threat Researcher, Ole Villadsen, from Proofpoint. They explore the broader shift from traditional malware to commercially available tools that fly under the radar and how cybercriminals are increasingly abusing Remote Monitoring and Management (RMM) tools (sometimes called Remote Access Software) to gain initial access in email-based attacks. Topics Covered:The growing use of such tools like ScreenConnect, Atera, and NetSupport in cyberattacksHow threat actors are shifting from traditional malware loaders to commercially available toolsTA583’s adoption of RMM tools as a primary attack methodThe role of social engineering in phishing lures, including Social Security scamsThe impact of cybersecurity influencers and scam-baiting YouTubers on threat awarenessThe ongoing arms race between cybercriminals and defendersFrom stealthy intrusions to shifting cybercrime trends, this conversation uncovers the critical threats organizations face in 2025. Resources Mentioned: https://www.proofpoint.com/us/blog/threat-insight/remote-monitoring-and-management-rmm-tooling-increasingly-attackers-first-choice For more information about Proofpoint, check out our website. Subscribe & Follow:Stay ahead of emerging threats, and subscribe! Happy hunting!
--------
37:38
Your Best Defense against Social Engineering: The Gray-Matter Firewall
Hello to all our Cyber Pals! Join host Selena Larson and guest hosts, Sarah Sabotka and Tim Kromphardt, both Senior Threat Researchers from Proofpoint, as they dive into the realities of current social engineering schemes —especially during high-risk times like tax season. Cybercriminals exploit fear, urgency, and excitement to manipulate victims, from IRS impersonation scams and fraudulent tax payment requests to deepfake cons and TikTok frauds.Our hosts dive into real-world examples, including:tax-themed phishing attackstech support scams targeting the elderlyjob scams leveraging Taylor Swift’s tourThey explore how AI is reshaping fraud tactics, why scammers still rely on outdated schemes like overseas financial windfalls, and how platforms like WhatsApp and Telegram play a role in modern cybercrime.Tune in to learn how these scams work, why they succeed, and—most importantly—how you can protect yourself. Check out our show notes for additional resources, and don’t forget to share this episode with friends and colleagues!For more information about Proofpoint, check out our website.Subscribe & Follow:Stay ahead of emerging threats, and subscribe! Happy hunting!
--------
51:06
Hiding in Plain Sight: How Defenders Get Creative with Image Detection
Hello to all our Cyber Pals! Join host Selena Larson and guest host, Sarah Sabotka, as they speak with Kyle Eaton, Senior Security Research Engineer at Proofpoint.They explore the evolving world of image-based threat detection and the deceptive tactics cybercriminals use to evade defenses. From image lures embedded in emails, PDFs, and Office documents to the surprising ways attackers reuse visuals across campaigns, this conversation break down how detection engineering is adapting to counter new threats.There is also examination of how AI is shaping both cyber deception and detection, raising the question of how generative AI is influencing image-based security.Listeners will gain insights into real-world detection successes, persistent threats like TA505 and Emotet, and the role of instincts in cybersecurity—because, as Selena notes, sometimes good detection is all about the vibes. Key Topics Covered:Characteristics of Image-Based ThreatsGroups like TA505 and Emotet historically using recognizable image luresOneNote-Based Malware Detection (2023) & the Challenges with OneNoteShift to PDF-Based ThreatsPDF Object Hashing for Attribution & DetectionImage-Based Threat Detection InsightsGenerative AI’s Impact on Image-Based ThreatsJoin us as we uncover real-world detection wins, explore persistent threats like TA505 and Emotet, and dive into the importance of instincts in cybersecurity—because, as our guest puts it, sometimes good detection is all about the vibes.Resources mentioned:https://github.com/target/halogenhttps://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malwareFor more information about Proofpoint, check out our website.Subscribe & Follow:Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.
About DISCARDED: Tales From the Threat Research Trenches
DISCARDED: Tales from the Threat Research Trenches is a podcast for security practitioners, intelligence analysts, and threat hunters looking to learn more about the threat behaviors and attack patterns. Each episode you’ll hear real world insights from our researchers about the latest trends in malware, threat actors, TTPs, and more.Welcome to DISCARDED
UK