Episode note - In this episode, we mention that 26,000 public sector devices were lost or stolen. That number isn’t accurate. The real figure is still shocking, with just over 2,000 devices in the past year, according to FOI-based reports. We caught the error before the episode went live, but since we recorded it, we’re calling it out here to keep things straight. Always better to be accurate.

This week’s episode of The Awareness Angle is a deep dive into the strange, risky, and often ridiculous world of cybersecurity – from QR code scams to phone network hacks, doxxing in a video game, and why Microsoft thinks black is the new blue.

We start with something that feels almost sci-fi: organised criminal gangs using fake cell towers, known as SMS blasters or Stingrays, to send malicious texts straight to your phone. These attacks don’t need your phone number or your network – they just broadcast to everything nearby. Google’s latest Android update, rolling out on newer Pixel devices, includes features that detect when you’ve connected to one of these rogue towers. iPhones, meanwhile, can’t even disable 2G, making them far more vulnerable. It’s a worrying gap in mobile security that most users don’t even realise exists.

From phones to cameras, the next story takes us to Canada, where the government has officially banned Chinese surveillance tech from Hikvision and Dahua. While the headlines focus on national security and state ownership, the deeper message is this: cybersecurity isn’t just about software. The physical devices we install – webcams, CCTV kits, smart monitors – all carry risks based on who made them and how they operate. This is especially relevant as Prime Day approaches and cheap tech floods the market. Saving a few pounds upfront can cost far more later if your footage ends up somewhere it shouldn’t.

Speaking of misplaced tech, a recent report revealed over thousands of UK public sector devices have been lost or stolen in the past two years. These aren’t just phones and laptops – they’re potentially loaded with confidential data from civil servants, government contractors, and national infrastructure teams. Worse still, many departments didn’t know if the lost devices were encrypted. It’s not about the cost of a laptop – it’s about the data, the access, and the delay in reporting that creates the real risk.

While organisations scramble to secure data, Cloudflare has launched a new defence on the content front. Their latest AI bot blocker quietly watches for suspicious behaviour and stops bots from scraping websites without permission. It’s a big moment for creators, writers, and businesses whose work has been silently consumed by AI tools without credit or consent. Protecting content isn’t just technical now – it’s ethical.

From global AI battles to one woman’s personal crime spree, another story this week was almost cinematic. A former electrical engineering student at Western Sydney University began by gaming the system for free parking. But her access grew – and with it, her ambition. She’s now facing 20 charges for unauthorised access, data theft, extortion, and more, having stolen over 100GB of student and staff data. The case is a harsh reminder that small misuse of access can escalate fast if left unchecked.

Scams using QR codes – known as quishing – have now cost victims in the UK over £3.5 million. These codes show up in emails, on fake parking signs, or stuck to public walls, often leading to malicious sites or malware downloads. The problem is, they’re easy to trust. That’s why IKEA’s new checkout warning is such a win – a simple, well-placed message that encourages people to stop and think before buying gift cards for strangers.

Insider threats were a recurring theme this week. One IT worker, suspended from a Huddersfield-based company, used his privileged access to wreak havoc across systems in the UK, Germany, and Bahrain – all before his credentials were revoked. He was jailed, but the disruption caused hundreds of thousands in losses. It’s a stark reminder that offboarding processes need to be instant, especially for people with elevated access.

Even long-standing tech traditions aren’t safe this week. Microsoft has officially retired the iconic Blue Screen of Death, replacing it with a sleeker, less alarming black version. It’s a small design change, but it raises a big question: are we softening the signals that tell users something has gone very wrong? Familiar signs of failure – like that blue screen – carried urgency. The new one might look calmer, but will people still take it seriously?

One of the strangest stories came from Reddit, where a gamer was playing CSGO when someone on the opposing team dropped his real name and LinkedIn profile into the chat. He hadn’t shared his name or city on Steam – but years of reused usernames and scattered online activity had left enough digital breadcrumbs to find him. It’s a perfect case study in digital footprint awareness. What you post, what you reuse, and what you think is hidden often isn’t.

That’s not the only personal story we saw this week. Ant received a scam message on his private Instagram – complete with a tear-jerking cancer backstory and a $7 million “legacy.” He ran it through ChatGPT, which immediately flagged the red flags: poor grammar, dramatic storytelling, a suspicious URL, and zero account followers. Yet despite how easily the scam was identified by AI, Instagram let the message land anyway. It’s another example of where tech platforms still fall short on user protection.

And finally, shout-out to IKEA again. That gift card warning we mentioned earlier? It might seem small, but placing it right in the checkout flow is a perfect example of human-centred security design. It nudges people in the moment that matters – and that’s exactly how we make real behavioural change.

From rogue phones to phishing QR codes, university hacks to helpdesk revenge, this episode had it all. If you’ve ever worried about AI scraping your work, someone digging through your online past, or losing a government laptop full of secrets – you’re not alone. Stay aware, stay secure.

AJ King interview highlights

Watch – https://youtu.be/JTXkkILEW6Y?t=90
Read – https://riskycreative.com/podcast/aj_king_on_phishing_present_bias_and_purple_cows

SMS Blasters and Google’s Pixel 10 protection
Watch – https://youtu.be/JTXkkILEW6Y?t=206
Read – https://www.forbes.com/sites/zakdoffman/2025/06/27/googles-next-pixel-update-apples-iphone-falls-behind/

Canada bans Hikvision over national security risks
Watch – https://youtu.be/JTXkkILEW6Y?t=567
Read – https://www.securityweek.com/canada-gives-hikvision-the-boot-on-national-security-grounds/

Thousands of UK public sector devices lost or stolen
Watch – https://youtu.be/JTXkkILEW6Y?t=904
Read – https://www.techradar.com/pro/security/thousands-of-pcs-phones-and-tablets-stolen-and-lost-by-uk-public-sector-bodies-prompting-fears-of-huge-national-security-risk

Cloudflare launches AI bot blocker
Watch – https://youtu.be/JTXkkILEW6Y?t=1239
Read – https://www.bbc.co.uk/news/articles/cvg885p923jo

Ex-student hacks university over parking, triggers breach
Watch – https://youtu.be/JTXkkILEW6Y?t=1468
Read – https://www.bleepingcomputer.com/news/security/ex-student-charged-over-hacking-university-for-cheap-parking-data-breaches/

Cornwall school cyberattack and UK education stats
Watch – https://youtu.be/JTXkkILEW6Y?t=1641
Read – https://www.bbc.co.uk/news/articles/clyz81k05l8o
Read – https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2025/cyber-security-breaches-survey-2025-education-institutions-findings

£3.5m lost to quishing (QR phishing)
Watch – https://youtu.be/JTXkkILEW6Y?t=1873
Read – https://www.linkedin.com/posts/national-economic-crime-centre-necc_new-quishing-alert-35-million-lost-last-activity-7343222030034456576-Py3T/

IT worker jailed for revenge attack after suspension
Watch – https://youtu.be/JTXkkILEW6Y?t=2120
Read – https://www.dewsburyreporter.co.uk/news/crime/batley-it-worker-jailed-after-revenge-cyber-attack-costs-huddersfield-company-ps200000-in-lost-business-5198303

Microsoft kills the Blue Screen of Death
Watch – https://youtu.be/JTXkkILEW6Y?t=2303
Read – https://techcrunch.com/2025/06/26/windows-killed-the-blue-screen-of-death/

Awareness events: SANS Summit, IASAP, and Huficon
Watch – https://youtu.be/JTXkkILEW6Y?t=2520
Read – https://www.sans.org/cyber-security-summit/security-awareness/
Read – https://iasapgroup.org/
Read – https://humanfirewallconference.com/

Can we teach our mums to spot fake AI videos? (Corridor Crew)
Watch – https://youtu.be/JTXkkILEW6Y?t=2761
Read – https://www.youtube.com/watch?si=G8okAHs3_B_CjnVN&v=M4TXO4kQwSQ

Adaptive Security demo and the un-drinkable Yeti mug
Watch – https://youtu.be/JTXkkILEW6Y?t=4055
Read – https://www.adaptivesecurity.com/

IKEA gift card checkout scam warning
Watch – https://youtu.be/JTXkkILEW6Y?t=2886

WHSmith rebrands as TG Jones – phishing vibes
Watch – https://youtu.be/JTXkkILEW6Y?t=3027

Instagram inheritance scam analysed by ChatGPT
Watch – https://youtu.be/JTXkkILEW6Y?t=3247

AI chatbots recommending phishing links
Watch – https://youtu.be/JTXkkILEW6Y?t=3555
Read – https://www.theregister.com/2025/07/03/ai_phishing_websites

CSGO player doxxed via Steam OSINT
Watch – https://youtu.be/JTXkkILEW6Y?t=3849
Read – https://www.reddit.com/r/Steam/s/qXWYBdnH42

Digital footprints and parenting in a connected world
Watch – https://youtu.be/JTXkkILEW6Y?t=4127

Local business cyber day preview
Watch – https://youtu.be/JTXkkILEW6Y?t=4276
Read – https://www.hertsgrowthhub.com/events/07-2025/cyber-confidence-protecting-your-business-in-a-digital-age/

Weekly wrap-up and final thoughts
Watch – https://youtu.be/JTXkkILEW6Y?t=4331