ClickFix attacks are now using fake Windows updates to install malware. And a government budget was leaked because someone guessed the URL.
This week’s episode looks at why the smallest human shortcuts still create the biggest openings. From predictable web addresses to fake update screens that look almost real, Ant breaks down why attackers keep coming back to the same ideas. Because they work.
Also this week, London councils face a major cyber incident, the US emergency alert system is disrupted by ransomware, and Harvard reveals a vishing breach that exposed donor data. Mix in AI voice scams and a coffee machine admin menu that uses 1111 as the password, and you get a perfect snapshot of where human security habits really are.
Watch or Listen to the episode today - YouTube | Spotify | Apple Podcasts
Visit riskycreative.com for past episodes, our blog, and our merch.
Breach Watch
London councils hit by severe cyber incident
Several London boroughs, including Kensington and Chelsea and Westminster City Council, are dealing with a major incident affecting services and phone lines. They have notified the ICO and are working with the NCSC. Councils hold some of the most sensitive personal data in the country, which makes this a serious situation for anyone living in those areas.
∠The Awareness Angle
- Sensitive data attracts attention - People often forget how valuable council records can be for profiling and scams.
- Service disruption hurts fast - When core services pause, the ripple effect hits vulnerable people first.
- Partnerships matter - Fast support from NCSC shows how important joined up response is.
US emergency alert system disrupted after ransomware attack
The OnSolve Code Red platform, which powers emergency notifications across the United States, was taken offline after a ransomware attack. Agencies temporarily lost the ability to send weather alerts and critical warnings. They are restoring the system from a backup more than six months old.
∠The Awareness Angle
- Backups only help if they are recent - Restoring from half a year ago shows why recovery needs routine testing.
- Criminals do not care about impact - Even life-saving systems are targets.
- Ransomware is still a supply chain problem - One compromised provider can hit thousands of communities.
Harvard reports vishing breach exposing alumni data
Attackers used voice phishing to access Harvard’s alumni and donor systems. Emails, phone numbers, addresses and donation details were exposed. No payment data was taken, but the personal context is sensitive enough to power convincing social engineering attempts.
∠The Awareness Angle
- Phone calls bypass many controls - People trust a real voice more than an email.
- Context is power - Donation history and relationships make scams far more believable.
- Vishing is rising fast - It is still one of the easiest entry points for attackers.
OBR budget leaked because the URL was predictable
Journalists accessed the UK budget forty minutes early by guessing the link. It was a near copy of last year’s URL. No hack. Just poor digital housekeeping.
∠The Awareness Angle
- Predictability is a vulnerability - If someone can guess it, they will.
- Security by obscurity does not work - Publishing sensitive material without protection is never safe.
- Randomising filenames is basic hygiene - Fundamentals still matter.
This Week's Stories...
SIM swap story shows how quickly attackers can take over everything
The BBC shared the story of a woman whose number was hijacked. Attackers took over her Gmail, locked her out of her bank, opened a credit card, broke into her WhatsApp and even threatened groups she was part of. All powered by old breach data and a SIM swap request.
∠The Awareness Angle
- Your phone number is an identity key - If someone controls it, they can reset almost anything.
- Old breach data still matters - Information from years ago can fuel modern scams.
- SIM swap alerts must not be ignored - If your phone suddenly loses signal, call your provider fast.
Fake Windows update uses ClickFix to deliver malware
A fake Windows update page tells people to press Windows and R, then paste code they did not type. It looks convincing enough to fool anyone who is not deeply familiar with update screens. This continues the wider ClickFix trend attackers have been using all year.
∠The Awareness Angle
- No one should ever paste code from a pop up - This is a simple behaviour that is easy to teach.
- Interfaces can be faked - People trust what looks familiar.
- Run box attacks are everywhere - Microsoft needs to address this, but organisations can help by educating.
Black Friday scam wave hits with polished fake surveys
Malwarebytes found more than one hundred domains pushing fake rewards for Lego, Yeti, Louis Vuitton and more. It starts with a survey and ends with a request for a small shipping fee. That final step steals payment details.
∠The Awareness Angle
- Big brands equal big trust - Scammers lean on names people recognise.
- Shipping fee scams are everywhere - Small payments feel harmless, which is the point.
- Holiday pressure lowers caution - Urgency and excitement make mistakes more likely.
This Week's Discussion Points...
Breach Watch
London councils cyber incident Watch | Read - The Guardian
OnSolve CodeRED emergency alert outage Watch | Read - BleepingComputer
Harvard vishing breach exposing alumni and donor data Watch | Read - BleepingComputer
OBR budget leak caused by a guessable URL Watch | Read - The Register
The News
SIM swap story and why old breach data still matters Watch | Read - BBC News
New ClickFix wave using fake Windows updates Watch | Read - Malwarebytes
Black Friday fake brand giveaways and survey scams Watch | Read - Malwarebytes
AI kidnapping scam using a cloned voice Watch | Read - FOX 5 NY
Corridor Crew test AI shopping scams Watch | Read - YouTube
Gmail smart features and email scanning correction Watch | Read - Malwarebytes
Awareness Awareness
Layer 8 Champions Impact Report early look Watch | Read - CIISec and Layer 8
And Finally...
A free coffee machine hack thanks to a default password
Luke found a video of someone double-tapping a Frankie coffee machine and entering 1111 to unlock the admin panel. You can edit drinks, change settings or run a free taste cycle. A perfect example of why default passwords create easy wins for attackers.
∠The Awareness Angle
- Anything with a screen needs a new password - Even a coffee machine.
- Defaults stay forever unless someone changes them - Build this into onboarding.
- Physical access still matters - Small devices can cause big problems.
Thanks for reading! If you’ve spotted something interesting in the world of cyber this week, a breach, a tool, or just something a bit weird, let us know at hello@riskycreative.com. We’re always learning, and your input helps shape future episodes.
Ant Davis and Luke Pettigrew write this newsletter and podcast.
The Awareness Angle Podcast and Newsletter is a Risky Creative production.
