The LinkedIn ‘Open to Work’ Trap: How Scammers Target Job...

This week on The Awareness Angle:

Unity vulnerability – A flaw in the game engine leaves millions of devices open to attack.
AI creativity panic – MrBeast and others warn that generative video tools could reshape content creation.
LinkedIn scams – Fake recruiters target people who’ve gone “Open to Work,” turning desperation into data theft.

Plus: Two teenagers arrested for hacking a London nursery, an author loses six years of work after his iPad is stolen, and Discord confirms a breach exposing thousands of ID photos. Plus, DraftKings faces another password reuse incident, and a reminder from HuFiCon and Layer 8 that community and champions matter more than ever.

Listen on your favourite podcast platform - Spotify, Apple Podcasts and YouTube

Listen Now

Podcast · Risky Creative

Cyber Security Awareness Month videos with Hoxhunt

We’ve teamed up with Hoxhunt again this year to create a series of short, snappy videos for Cyber Security Awareness Month. Each one is just one to two minutes long and covers social engineering in messaging apps, the psychology behind social engineering, how AI is powering spear phishing, and how to spot deepfakes. They’re quick, practical, and perfect for sharing with your colleagues, friends, or family. You can grab them directly from the Hoxhunt toolkit, and there are unbranded versions if you’d like to use them in your own awareness programmes.

Get the toolkit here - https://hoxhunt.com/cybersecurity-awareness-month-toolkit-2025

This week's stories...

Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Risk

Watch the discussion - https://youtu.be/Sp5kaCAexJ4?t=225

A serious flaw in the Unity game engine has left millions of games open to attack. The issue lets hackers run malicious code through the way Unity handles certain commands, putting devices at risk across Windows, macOS, Android and more.

Microsoft and Valve have already stepped in to block vulnerable titles while developers rush to rebuild and patch. It sounds simple, but when one shared tool like Unity is hit, the ripple spreads fast. Every game, every player, every update depends on that same foundation.

It is a solid reminder of how connected we all are. Shared tools mean shared risk, and when something breaks, it is not just one app or studio that feels it. Keeping software updated is a team effort between developers and users, even when the update notifications start to feel endless.

∠The Awareness Angle

Shared platforms, shared risk – When one tool fails, the impact spreads far beyond its users.
Patch fatigue – The fixes will come, but that lag time keeps exposure alive.
Supply chain dependency – Modern games rely on layers of software that all need to be secure.

AI and Creators: MrBeast Warns of “Scary Times” Ahead

Watch the discussion - https://youtu.be/Sp5kaCAexJ4?t=470

MrBeast, the world’s biggest YouTuber, says he’s genuinely worried about what AI means for content creators. With tools like OpenAI’s Sora and Google’s Veo now able to turn short text prompts into full, realistic videos, the internet is about to get flooded with machine-made content.

It’s not just about deepfakes or fake news anymore. The real question is what happens to creativity when anyone can generate polished videos in seconds. Robin Williams’ daughter has already pleaded with people to stop sending her AI clips of her dad, while Hollywood studios are pushing back against AI tools trained on copyrighted work.

The technology is incredible, but it is also unsettling. Authenticity is becoming the new currency online, and the creators who can stay human in a world full of fakes will stand out the most.

"Now you almost want to cut less and go for long meaningful shots, just to add authenticity and make it look more real to prove we’re not AI.”

∠The Awareness Angle

Creative authenticity – As AI content grows, human emotion and originality matter more than ever.
Ethical AI use – Training models on other people’s work without permission crosses a line.
Adapt or vanish – The creators who learn to work with AI, not against it, will define what comes next.

Teenagers Arrested After Cyber Attack on London Nurseries

Watch the discussion - https://youtu.be/Sp5kaCAexJ4?t=763

Two 17-year-olds have been arrested after a cyber attack on Kido, a chain of London nurseries, exposed the personal details of around 8,000 children. The hackers reportedly stole names, photos, and addresses, and even tried to post them online to demand ransom payments.

The data came from a third-party platform used to share updates and photos with parents. The company insists its own systems weren’t breached, but it shows how easily sensitive data can be exposed when multiple services are connected.

It’s a story that hits differently when it involves children. Parents expect trust, not threats. These incidents remind us that cybersecurity is more than systems and passwords. It’s about protecting people, especially those who can’t protect themselves.

∠The Awareness Angle

Third-party exposure – Even trusted software can become a weak link.
Emotional impact – Breaches involving children leave lasting fear and mistrust.
Trust by design – When handling family or child data, transparency and strong safeguards are everything.

Do you have something you would like us to talk about? Are you struggling to solve a problem, or have you had an awesome success? Reply to this email telling us your story, and we might cover it in the next episode!

Awareness Awareness

Security Champions Research Project

If you run or support a Security Champions or Ambassador Programme, this one’s for you. The team at Layer 8 are running an open-source research project throughout October to better understand what makes these programmes work.

They’re looking to uncover:

What the most successful programmes have in common
The biggest challenges and how organisations are overcoming them
How teams measure the impact of their champions
What real-world results these programmes are delivering

The goal is to create a shared, open dataset that anyone in the community can use. Your contribution is completely anonymous, and the insights could help raise the bar for champion networks everywhere.

Take a few minutes to add your experience at the link below -

https://layer8champions.scoreapp.com/

Watch the discussion – https://youtu.be/Sp5kaCAexJ4?t=2059

Human Firewall Conference

The Human Firewall Conference (HuFiCon) takes place in Cologne this November, bringing together awareness professionals, behaviour experts, and security leaders from across Europe. Hosted by SoSafe, it’s all about the human side of cyber — how we engage, motivate, and influence secure behaviour at scale.

Ant will be there, contributing to one of the sessions, and the line-up looks brilliant: from industry researchers to F1’s Ralf Schumacher. The event blends talks, panels, and interactive experiences in one of the most creative security awareness gatherings of the year.

If you work anywhere near human risk, culture, or awareness, this is one to get to.

Watch the discussion - https://youtu.be/Sp5kaCAexJ4?t=1919

SANS Summit Awareness Chats

The chats we recorded at the SANS Security Awareness Summit are proving to be a goldmine for awareness professionals. They capture real stories from people working in the field, talking openly about what works, what doesn’t, and the challenges they face day to day.

These conversations aren’t polished keynote moments. They’re honest, useful, and full of practical ideas you can take back to your own programme. From how to handle security fatigue, to adapting based on feedback, to making awareness feel personal, they’re a reminder that our best learning often comes from each other.

You can now watch the videos from the summit, short, focused, and designed to inspire your next step. The last few will be released this week so subscribe to the YouTube channel to find out when it lands.

You can watch the chats we've already released on YouTube - https://youtube.com/playlist?list=PLEsOj51Q0PfBkhHwg2BTlxB6kfutJO1c3&si=NX6fTLIZbWWgGB_E

This Week's Discussion Points...

Main stories

Microsoft and Steam take action as Unity vulnerability puts games at risk
Watch | Read

MrBeast warns AI could spell “scary times” for creators
Watch | Read

Zelda Williams slams AI videos of her dad, calling them disrespectful
Watch | Read

OpenAI releases Sora 2 and faces backlash over content control
Watch | Read

Two teenagers arrested after cyber attack on London nurseries
Watch | Read

Charlie Mackesy reveals much of his new book was lost when iPad was stolen
Watch | Read

Puffin author website hijacked and replaced with adult content
Watch | Read

Discord confirms data breach after hackers steal ID photos
Watch | Read

DraftKings warns of account breaches in credential stuffing attacks
Watch | Read

Salesforce ransom deadline hits as hackers claim 1.5B records
Watch | Read

Awareness Awareness

HuFiCon – Human Firewall Conference, Cologne
Watch | Read

Who Are The Champions? – Security Champions research project (Layer8)
Watch | Read

Ant’s Topics

LinkedIn Recruiter Scams – Fake job offers and open-to-work bots
Watch

AI Storytelling for Awareness – CyberGal Swati’s password story video
Watch | Read

Hifo.co – Search and compare cybersecurity vendors
Watch | Read

Luke’s Topics

Instagram Maps – New feature raises privacy concerns
Watch | Read

Subscribe to the Newsletter

https://www.riskycreative.com

Thanks for reading! If you’ve spotted something interesting in the world of cyber this week — a breach, a tool, or just something a bit weird — let us know at hello@riskycreative.com. We’re always learning, and your input helps shape future episodes.

And finally…Ant's LinkedIn Recruiter Scams

Watch the discussion - https://youtu.be/Sp5kaCAexJ4?t=2517

The moment Ant switched his LinkedIn status to Open to Work, the messages started flooding in. Within seconds, supposed “recruiters” were reaching out, complete with slick banners, impressive titles, and zero followers.

One was a “Chief HR Officer in Japan,” another an “Executive Director of Recruiting Operations” from Texas, all with the same pattern: no network, no real posts, and a suspiciously fresh #OpenToWork tag. When Ant checked back a week later, most had vanished, deleted by LinkedIn’s cleanup systems.

“Within seconds I got one of them. It’s not even possible for you to have read my post before notifying me.”

These fake profiles are part of a growing wave of recruitment scams that prey on people at vulnerable moments in their careers. They look legitimate, mimic real job titles, and often evolve into fake interview or verification requests that steal data or money.

If you’re job hunting, stop and verify before engaging. Check for mutual connections, profile history, and real company links. No legitimate recruiter will ask you for personal documents, money, or to move the conversation off-platform.

Luke summed it up best: “Must be just bots and scraping stuff.”

It’s a simple reminder that even the most professional-looking inbox can be full of traps.

∠The Awareness Angle

Pause before you trust – A professional title and friendly tone don’t make someone real.
Verify outside the message – Check company pages, connection history, and real contact details.
Scammers exploit emotion – Job searching can make people act fast; slow down and question the rush.