Episode Description

Join Noel Bradford and Graham Falkner for another cybersecurity hot take as they dive into the alarming world of help desk social engineering attacks. This episode exposes how the notorious Scattered Spider group has weaponized basic human helpfulness to devastating effect, turning your friendly IT support into the front door for ransomware attacks.

From MGM's $100 million disaster to the recent wave of UK retail breaches (M&S, Co-op, Harrods), discover how teenagers armed with nothing more than convincing accents and sob stories are outsmarting million-pound security systems. Spoiler alert: it's not the tech that's failing us.

Key topics

• The Scattered Spider Phenomenon: Meet the English-speaking teenagers who graduated from Roblox to ransomware
• Help Desk Horror Stories: Why your MFA reset process is probably easier than ordering a dodgy kebab
• The MGM Masterclass: How one phone call led to 10 days of casino chaos
• UK Retail Ransomware Wave: The domino effect that took down half the high street
• Sandra's 3AM Security Failures: Why verification questions like "favourite biscuit" aren't cutting it
• Real Solutions That Actually Work: Beyond useless training modules to proper phishing-resistant MFA

Notable Quotes

"You can get your entire digital life reset with less hassle than ordering a dodgy kebab after the pub."

"The help desk culture these days - it's like the Wild West, but with more hold music and less gunfire."

"If your help desk can be outwitted by someone who sounds like they're late for a Fortnite tournament, you've got bigger problems than patching Windows."

"It's not hacking, it's just really, really good acting."

What You'll Learn

• How Scattered Spider targets help desk processes with surgical precision
• Why traditional security questions are laughably inadequate
• The real-world impact of social engineering attacks on major retailers
• Practical defenses that actually work (hint: it's not more training)
• Why your business might be the stepping stone, not the target

Solutions Discussed

• Video verification for all MFA resets
• Phishing-resistant MFA (FIDO2 keys, smart cards, PKI certificates)
• Proper RMM tool controls with device whitelisting and geographic restrictions
• Zero unauthenticated resets policy
• Monitoring for unusual authentication patterns

Episode Hightlights

• The career trajectory from Minecraft to MGM hacking
• Why "favouri