Solo episode from Ant this week. Luke's back next week, but there was too much going on to wait.
We've got London phone thieves who aren't just stealing your iPhone anymore - they're coming after your family too. A fake UK visa website that left 100,000 passports in an open folder online. A criminal group physically walking into law firms dressed as IT support. California suing 23andMe over what happened after the breach, not just the breach itself. A ChatGPT vulnerability that lets attackers hide phishing links inside your AI responses. And researchers who hid commands inside audio that your AI assistant can hear but you can't.
Also, if you're at Infosecurity Europe at ExCeL, London this week, Ant will be there on Wednesday. Get in touch and say hello.
All of that is in this weeks The Awareness Angle!
Watch or listen to the episode today - YouTube | Spotify | Apple Podcasts
Visit riskycreative.com for past episodes, our blog, and our merch.
BIG ANNOUNCMENT
Official Media Partner of the SANS Security Awareness & Culture Summit 2026
Risky Creative is the official media partner of the SANS Workforce Security & Risk Training Security Awareness Summit in Las Vegas this August.
Ant will be there in person across both days - streaming live conversations, interviewing practitioners on the floor, and giving remote attendees access to what's happening at the summit in a way that hasn't really been done before. Last year he did some interviews. This year it's going to be bigger. We want to hear from the people in the room - what they're working on, what's changing in their programmes, what they're taking away.
If you're attending remotely and want to get your voice into the summit floor, there'll be an opportunity for that too. More details coming very soon.
More details on the SANS Summit is here
Breach of the Week
UK Visa Portal Leaks 100,000 Passports and Selfies
Someone built a third-party website to help people apply for UK travel authorisations. The problem is they stored everything users uploaded - full passport pages, identity selfies, home addresses, phone numbers - in a cloud storage folder with no password and a predictable web address. Anyone who knew the URL pattern could browse the contents.
What makes this one sting a bit more than usual is that the people caught up in it weren't being reckless. They were trying to navigate a government process and ended up on the wrong site. The most sensitive documents they own, handed over in good faith, left sitting in the open. As of 26 May the folder was still accessible.
UK Visa Portal is not the official UK government service. For anything involving government applications or travel documents, always start at gov[.]uk and work from there.
If you've used UK Visa Portal: keep an eye on your credit accounts and watch out for phishing emails about travel or passport renewals. They may not be real.
Watch on YouTube: https://youtu.be/iAZnb9A1PxQ?t=165 Read: https://www.techradar.com/pro/security/uk-visa-portal-website-leaks-thousands-of-user-passport-data-and-photos-online
This week's stories
London iPhone Theft - They're Now Coming After Your Family Too
Phone theft in London has evolved into a two-stage attack. Stage one is the physical grab. Stage two is the follow-up - victims and their families start getting threatening texts demanding the original owner removes the Apple ID from the device. Without that, a stolen iPhone can't be wiped or resold. So thieves are turning the victim into part of the attack.
We covered this a couple of episodes ago when someone shared their experience on Reddit. This week it made the New York Times. The Met Police gave Apple a deadline of 1 June to make stolen devices permanently unusable. That deadline is today.
In the episode I talk through a few practical things you can do right now - including one setting in the Find My app that most people don't know is handing thieves their contact details on a plate.
Awareness Angles:
- Don't leave your phone number in Lost Mode - put an email address there instead
- Threatening texts after theft are part of the attack - ignore them, block the number
- A strong passcode and short auto-lock timer is your best practical defence
23andMe - California Sues Over the Cover-Up, Not Just the Breach
We've covered the 23andMe breach before. This week California AG Rob Bonta filed a lawsuit against the company - now rebranded as Chrome Holding Co after filing for bankruptcy - and the focus isn't the breach itself. It's what came after.
The allegation is that while 23andMe was secretly negotiating with and paying the hacker to keep quiet, it was publicly telling customers there was no security incident. The attacker specifically targeted customers of Chinese and Ashkenazi Jewish ancestry. 23andMe didn't tell those customers their data was being sold on the dark web.
And then there's the bankruptcy fire sale. Fifteen million DNA profiles sitting in an auction. Health predispositions, ancestry, ethnicity, biological relatives. Data that can't be changed, doesn't expire, and implicates family members who never signed up for anything. Twenty-seven state AGs are fighting to block the sale. It isn't resolved yet.
In the episode I talk about why this one is different from most breach stories, and why paying a ransom to make a problem go away almost never actually makes it go away.
Awareness Angles:
- If you used 23andMe, request deletion of your data now through their website - do it before any sale completes
- Paying a ransom doesn't mean the data is gone - it means the attacker has been paid once
- DNA data is unlike any other data you've handed over - you can cancel a credit card, you can't cancel your DNA
ChatGPhish - Attackers Hiding Phishing Links Inside ChatGPT
Researchers at Permiso found a browser-based attack that turns ChatGPT's page summarisation feature into a phishing delivery surface. If an attacker has hidden instructions inside a webpage and you ask ChatGPT to summarise it, those instructions get processed. What comes back can include fake links, spoofed security alerts, and QR codes that point to attacker infrastructure - all looking completely native to ChatGPT.
The QR code angle is the bit that really sticks. Every layer of desktop protection - hovering over links, browser blocklists, password manager domain checks - is bypassed the moment you scan a QR code on your phone. The destination only reveals itself on a second device.
Reported to OpenAI in April. Told it couldn't be reproduced. Resubmitted with full proof of concept. Marked as a duplicate of a known issue. Still unfixed.
Awareness Angles:
- What you see in a ChatGPT response isn't necessarily from ChatGPT - if it's summarising web content, that content can be manipulated
- Treat unexpected links and alerts inside AI responses with the same scepticism you'd apply to email
- QR codes skip every safety check your desktop has - pause before scanning anything unexpected
Silent Ransom Group - Criminals Walking Into Law Firm Offices
The Silent Ransom Group has been targeting US law firms since 2023. The FBI issued a FLASH alert this week - their second warning about this group in twelve months and first at FLASH severity. More than 38 firms have had data posted on SRG's public leak site, with researchers estimating over a hundred attacks in total.
The attack starts with phishing or phone calls posing as IT support. If that fails, they send someone in person. A person turns up at reception, says they're from IT, says they need to image a device or run a backup after a phishing attempt, plugs in a USB drive, and walks out.
What makes it so hard to catch is what it doesn't do. No encryption. No alerts. Your systems keep running normally. The first sign something has gone wrong is a ransom email - or worse, a client calling to ask why their data is on a public website.
In the episode I talk about why IT support is the new high-vis jacket, and what happened at a previous employer of mine that made me realise just how easy this kind of thing is to pull off.
Awareness Angles:
- IT support showing up unannounced should always be verified - call back on a number you find yourself, not one they give you
- No encryption doesn't mean no threat - data theft with no lockout is invisible until the extortion starts
- Every organisation needs a clear process for how IT support proves who they are
AudioHijack - The AI Commands Hidden in Sounds You Can't Hear
Research presented at the IEEE Symposium on Security and Privacy this week showed that attackers can embed completely inaudible instructions into any audio - music, podcasts, YouTube videos, Zoom calls - and AI voice assistants will process those hidden instructions as legitimate commands. You hear nothing. The AI hears everything.
The Zoom scenario is the one to sit with. An employee joins a call with background music playing. Hidden inside is a command targeting the AI meeting transcriber. While everyone discusses quarterly results, the transcriber is quietly being told to find sensitive files and email them to an attacker.
No evidence of it being used in the wild yet - but it's passed peer review at one of the most respected security conferences in the world. In the episode I talk about a real-world example from a previous workplace that shows exactly why this matters, and why the tools we're integrating AI into are the problem.
Awareness Angles:
- If your AI can hear it, it can potentially be controlled by it
- The more permissions you give an AI assistant, the bigger the blast radius if something finds a way to instruct it
- Least privilege applies to AI tools just as much as it applies to people
Security Socials
Amber Alert Accidental Phishing (Ant's Topic)
A real Amber Alert sent by the California Highway Patrol this week contained a bit.ly link instead of the official URL - because the message exceeded the character limit and the real address got clipped. Someone posted it on Reddit's r/phishing after clicking it and landing on an MP3 converter site. It wasn't phishing. It was a human error that looked exactly like one.
The system should make this impossible, not rely on the person sending the message to count characters under pressure. And in a situation involving someone's life, a message that looks like phishing doesn't just fail - it probably does less good the second time it gets sent.
Tom the Tech Chap - Your Phone Screen Is An OSINT Report (Luke's Topic)
Luke shared a video from Tom the Tech Chap on TikTok this week. Tom had shown his phone home screen on social media, and his banking app icons were visible. That was enough for scammers to know which bank to impersonate when they called him. They built a profile from his public content and caught him jet lagged and vulnerable late at night.
You don't need to be famous for this to happen. You just need to be visible enough for someone to run the process - and increasingly that process is automated.
Watch Ant's Reaction | Watch on TikTok
Last week on The Awareness Practitioners
Doesn't Ant look great dressed as a Traffic Warden. This is probably the last ChatGPT thumbnail we'll be using!
Nobody runs out of their house to thank a traffic warden.
They're doing a job most people would agree with, in theory. But every single interaction happens at the worst possible moment of someone's week. The parking ticket lands when you're already late. The fine drops through the door when you've already forgotten the infraction. There's no version of that story where the traffic warden is the hero.
Sound familiar?
Episode four of The Awareness Practitioners looks at the perception of security teams and asks an uncomfortable question: what are we actually broadcasting? Not what we think we're broadcasting. What the person on the receiving end actually experiences.
Perception isn't something that happens to your team. It's something your team creates, every day, through every blocked request, every automated warning, every email that lands in someone's inbox at the worst possible moment.
This one doesn't need a budget. It needs honesty.
THE TRAFFIC WARDEN PROBLEM is out now. Find it wherever you listen to podcasts.
Listen on Spotify, Apple Podcasts, and YouTube.
