This week on The Awareness Angle, Anthony Davis and Luke Pettigrew dig into everything from privacy holes in the UK’s Online Safety Act to deepfake diet scams and a ransomware payout denied over missing MFA. It’s a mix of policy, people, and pure cyber weirdness you won’t want to miss.
🇬🇧 UK Online Safety Act – New age verification rules put privacy on the line, with overseas firms handling sensitive data, no clear safeguards, and easy VPN workarounds.
🖥️ Microsoft Recall Risks – Despite Microsoft’s reassurances, Recall can still capture passwords, credit card details, and private chats—data that’s stored locally and vulnerable if your device is compromised.
💰 Hamilton’s Insurance Nightmare – A ransomware recovery claim denied because the city hadn’t implemented MFA as required by their cyber policy.
🛡️ Proton Authenticator Launch – Free, privacy-first 2FA app with encryption, cross-device sync, and no ads or tracking.
🛍️ Deepfake Diet Scams – Fake online health stores use AI-generated before/after shots and impersonate real dietitians to push unregulated products.
📞 Google Salesforce Breach – Voice phishing used to gain CRM access, proving social engineering still outpaces many technical controls.
🎧 Pandora Data Breach – Third-party platform compromise exposed customer names and emails—possible link to ShinyHunters.
📱 WhatsApp Scam Takedowns – 6.8M accounts shut down in six months, many tied to organised crime networks in Southeast Asia.
🖥️ Old Tech Risks – From Windows Server 2003 to WEP Wi-Fi, outdated systems are still in active use, posing massive security risks.
📧 Reply-All Apocalypse – The 2016 NHS mass email storm shows how human error can grind operations to a halt.
🕵️♂️ North Korean IT Workers – Thousands of covert contractors using fake IDs to funnel foreign pay back to the DPRK regime.
💬 Community & Social Reactions – From phishing test backlash to TikTok debates, we dive into what people are really saying about security awareness.
If you want the week’s big cyber stories distilled into practical takeaways—with a side of eyebrow-raising human behaviour—this one’s got it all.
🕒 Timestamps
00:00:00 – Intro & studio update
00:03:08 – VPN chaos & Online Safety Act
00:06:05 – Labour’s VPN warning
00:08:57 – Sims beat facial recognition
00:11:10 – Spotify’s age checks
00:12:42 – Funny VPN reel
00:16:08 – YouTube uses AI to guess age
00:17:16 – Google AI search shake-up
00:21:10 – Lovense email leak
00:23:31 – Copilot Mode & privacy
00:27:05 – Allianz breach
00:29:28 – St. Paul ransomware
00:32:53 – NASCAR ransom
00:35:31 – Orange France hack
00:36:42 – QR code TikTok goes viral
00:39:47 – Copilot Vision backlash
00:42:19 – CybSafe SebDB 4.0
00:44:42 – Free maturity model tool
00:48:58 – SANS Summit preview
00:52:53 – Shoutout to Dan Connolly
00:55:08 – Phishing test horror story
01:01:09 – Bin chaos = bad UX
01:04:40 – Bird audio encryption
01:08:58 – Fable Security debut
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle, Anthony Davis and Luke Pettigrew untangle the week’s biggest cybersecurity themes—from silent data breaches to AI tool mishaps and the slow-moving train of regulatory change. Whether it’s government policies, scam trends, or workplace surveillance, this episode covers the tensions between safety, privacy, and the real-world consequences of overlooked vulnerabilities.🔞 The UK Online Safety Act & Age Verification – Luke breaks down the new age checks for adult content in the UK. Will they work? Will people just use VPNs? We explore the privacy trade-offs, the rise in demand for incognito browsing, and what the law might mean for future content regulation.📈 VPN Usage Spikes – Anthony talks about the broader privacy impact, including a 30% spike in VPN signups, especially among iPhone users. Is this privacy-conscious behaviour—or just workarounds?🚗 Digital Surveillance Creep – From employer device monitoring to always-on productivity tools, we dive into how digital surveillance is quietly creeping into the workplace and public life—and how it's being normalised.🏁 NASCAR & Allianz Breaches – Luke highlights recent major data breaches in both the finance and sports sectors. Allianz Life’s 12-million user exposure shows just how fragile enterprise security postures can be, while NASCAR joins a growing list of entertainment brands hit by attackers.🧠 Phishing Tests Reconsidered – Are traditional phishing tests actually backfiring? We debate whether they build resilience or just resentment—and how security teams can rethink the human risk approach.🖥️ Microsoft Copilot Mode & Surveillance Concerns – Anthony explains how Microsoft’s “Copilot Vision” could log user activity in the name of productivity. We discuss where the line is between helpful automation and invasive oversight.📜 GDPR vs AI Regulation – The conversation shifts to Europe’s privacy regulation legacy. We compare GDPR’s maturity to newer AI regulations and ask whether privacy is still being prioritised as new tech emerges.🧑🎓 Youth & Cyber Literacy – What are schools actually teaching about cybersecurity and digital literacy? We explore the lack of early education on scams, security, and safe digital habits—and why that matters for the next generation.Whether you’re leading security comms, shaping policy, or just trying to stay one step ahead of the next privacy headache—this episode packs practical insights, candid takes, and a few unexpected side quests.
🕒 Timestamps00:00:00 – Intro & studio update
00:03:08 – VPN chaos & Online Safety Act
00:06:05 – Labour’s VPN warning
00:08:57 – Sims beat facial recognition
00:11:10 – Spotify’s age checks
00:12:42 – Funny VPN reel
00:16:08 – YouTube uses AI to guess age
00:17:16 – Google AI search shake-up
00:21:10 – Lovense email leak
00:23:31 – Copilot Mode & privacy
00:27:05 – Allianz breach
00:29:28 – St. Paul ransomware
00:32:53 – NASCAR ransom
00:35:31 – Orange France hack
00:36:42 – QR code TikTok goes viral
00:39:47 – Copilot Vision backlash
00:42:19 – CybSafe SebDB 4.0
00:44:42 – Free maturity model tool
00:48:58 – SANS Summit preview
00:52:53 – Shoutout to Dan Connolly
00:55:08 – Phishing test horror story
01:01:09 – Bin chaos = bad UX
01:04:40 – Bird audio encryption
01:08:58 – Fable Security debut
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle: Interviews, Anthony is joined by Harley Sugarman, co-founder of Anagram Security, a company taking a fresh, no-nonsense approach to security awareness. Think short, sharp challenges, real behaviour change, and zero tolerance for checkbox compliance.
We talk about why so much training still misses the mark—and how Harley’s background (which involves a surprising early career twist we won’t spoil here) helps him see awareness through a very different lens.
🧯 Smoke, Mirrors & Metrics – “Most training is built to satisfy auditors, not change behaviour.”
📉 Bad Metrics, Bad Decisions – “Completion rates aren’t proof of learning. They’re proof someone clicked play.”
🧠 Nudges, Not Magic – Nudges are useful, but they’re not the main event—and people can smell the white noise.
🧍 Stop Calling People ‘Risks’ – “You can’t build trust while labelling people as the problem.”
📚 The Anagram Origin Story – From puzzle-based security training to bite-sized interactive learning—why they’re doing it differently.
🤖 The AI Bit – Why most “AI-powered training” isn’t as clever as it sounds, and what actually works.
🎩 The Secret Ingredient – Let’s just say Harley’s old job involved a bit of sleight of hand—and it explains a lot about how he thinks about engagement.
If you’re tired of awareness that ticks boxes but changes nothing, this one’s packed with ideas, honesty, and a few good laughs.
The Awareness Angle: Interviews is our ongoing series of honest, practical conversations with the people reshaping how we think about human risk, behaviour change, and learning that actually works.
🕒 Timestamps
00:00 Intro: Why Security Awareness Still Matters
00:35 How Awareness Training Has Evolved
03:52 Measuring Success: Metrics That Miss the Mark
09:58 Human Risk: What Are We Really Solving For?
15:34 Where AI Fits in Security Awareness
19:11 People Over Systems: A Needed Mindset Shift
25:05 Smarter, Fresher Training Approaches
30:41 What’s Next for Awareness Programs?
32:16 Compliance Isn’t Awareness (But It’s Changing)
34:54 Anagram’s Shift from Training to True Awareness
39:04 Standing Out in a Crowded Awareness Market
40:51 Reframing Human Risk Management
45:27 Real Change Requires behavioural Shifts
46:07 Diverse Paths into Security Awareness
50:34 Buzzwords We Need to Ditch
54:09 Human Risk + Communication = The Real Challenge
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle, Anthony Davis and Luke Pettigrew dig into everything from dodgy data startups to accidental database wipes by AI tools. Whether it’s passwords, passkeys, or privacy, this episode covers the real-world risks that slip through the cracks of digital life—and what security professionals can learn from them.
🔍 Farnsworth Intelligence & $50 Breach Data – A sketchy startup offers hacked data for pocket change. We unpack the ethical nightmare and what it says about the commodification of stolen info.
🔐 158-Year-Old Business Crushed by a Weak Password – Ransomware took down The Royal Mint’s paper supplier. One reused password triggered a chain reaction of damage.
🧽 Clorox Hit by “Just Asking” – Hackers used basic social engineering to trick staff into sharing passwords. The result? A lawsuit and $49M in damages.
📁 SharePoint Exploits Still Work – Legacy SharePoint systems are being targeted in the wild. We explain why updating your systems is table stakes—not optional.
🧠 Windows 11 Copilot Vision – Microsoft’s AI assistant watches how you work. We look at the privacy implications of system-level activity tracking.
🔑 Passkey Friction & Frustration – They're the future of authentication—but only if users understand them. We break down what’s working, and what’s still broken.
🇬🇧 UK Online Safety Act – New laws now require age verification for adult content in the UK. But what does that mean for privacy and enforcement?
🤖 AI Deletes a Database (Oops) – A dev tool gave one engineer too much power. We talk about guardrails, defaults, and the real risks of AI in production.
👾 Reddit Malware Ads – Malicious ads are sneaking through Reddit’s filters. We discuss the broken reporting flow and why community trust is on the line.
📉 QR Codes That Expire? – Ever scanned a QR code that no longer works? We explain why some codes time out—and what that means for security and UX.
📞 The Netstat Scam – Fake ISP reps use netstat commands to convince victims their connection is “compromised.” Old trick, still effective.
🪪 Fake IDs & Physical Access Risks – It’s not just digital anymore. We explore how low-tech social engineering can breach high-security environments.
🔁 Ring.com Login Confusion – A bug in Ring’s login system left users rattled. It’s a small issue, but a big reminder about user trust and account security.
📣 Bonus: Ant is heading to the SANS Security Awareness Summit in Chicago! Expect livestreams, interviews, and plenty of behind-the-scenes content.
🕒 Timestamps
00:00 Introduction and Overview
02:57 Breach Marketplace: Ethics & Stolen Data
05:53 One Weak Password Crashes 158-Year-Old Firm
09:12 Clorox Breach via Simple Social Engineering
11:57 SharePoint Exploits Still Active in the Wild
15:07 Windows Copilot: Privacy or Overreach?
17:57 Passkeys: Why Users Still Struggle
21:05 UK Age Checks: Safety vs. Privacy
24:01 AI Deletes Database: The Risks of Autopilot
37:44 Replit’s Data Loss Incident
39:11 What Is Vibe Coding?
42:08 Password Management Still a Mess
46:03 Reddit Malware Ads Slip Through
50:11 QR Codes That Expire? UX Meets Security
52:17 Netstat Scam: An Old Trick Returns
55:58 Phishing Emails from Local Councils
01:01:57 Gift Card Scams and Account Takeovers
01:03:23 Fake IDs and Physical Access Risks
01:10:39 Ring.com Login Bug Raises Trust Issues
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle, Anthony Davis and Luke Pettigrew dive into some of the most unexpected and revealing cyber stories of the week. From job offers to gym selfies to your dog’s microchip, this week’s stories prove no part of daily life is off-limits to cyber risk.
📸 Fitness App Photo Leak – A design flaw exposed thousands of users’ near-nude progress pics. We talk about the risks of default sharing settings and poor privacy design.
🐾 Pet Microchip Scams – Fraudsters are now using fake pet registry emails to phish for personal data. Yes, even your dog’s ID is fair game.
🛗 Windows Update Stalls Elevator – An elevator froze mid-floor during a Windows update. Embedded system risks are more common than you think.
📥 Phishing & New Hires – A new study suggests phishing simulations during onboarding may actually make things worse. We break down the nuance.
🤖 AI Prompt Abuse in Gemini – With the right input, scammers can weaponise AI responses. What does this mean for user trust and LLM safeguards?
🧳 Secret Government Breach – A low-profile government breach forced thousands to relocate. We discuss the hidden human cost of high-stakes incidents.
🧬 Reddit’s Selfie-Based Age Check – Reddit quietly rolled out biometric verification. Where do we draw the line between safety and privacy?
👜 Luxury Brands Breached – Another week, another fashion label hit. It’s a reminder that no amount of prestige protects poor security posture.
📞 The Persistence of Tech Support Scams – Fake warnings and rogue pop-ups are still fooling people. Why are they so effective—and what’s missing from awareness?
💬 Security Is Emotional – We close with a reminder: breaches impact people, not just systems. Awareness programs need empathy, feedback, and real-world context to work.
If you’re building awareness programs—or just trying to stay one step ahead—this episode is packed with stories that stick.
🕒 Timestamps
00:00:00 – Intro, newsletter & YouTube plug
00:02:25 – Laurie Steuart interview recap
00:03:34 – Fitify app leaks private user photos
00:09:01 – WeTransfer AI terms backlash
00:14:32 – US National Guard hacked by Salt Typhoon
00:17:42 – Reddit age verification and Online Safety Act
00:25:54 – Pet microchip renewal phishing scam
00:31:33 – Indian police raid tech support scam call centre
00:38:23 – Secret Afghan relocation after data breach
00:44:44 – Louis Vuitton customer data breach
00:48:02 – Keepnet report: new hires more likely to fall for phishing
00:53:20 – Listener email: Boris on scam victim impact
00:58:30 – Chris Stokel-Walker’s anti-phishing placebo post
01:03:03 – Windows update traps user in elevator
01:06:15 – Gemini phishing via AI summary exploit
01:13:09 – Announcement: Ant at SANS Chicago
01:14:06 – Outro and wrap-up
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle Interviews, Anthony chats with Lori Steuart—a cybersecurity marketer with a passion for storytelling, content that resonates, and turning awareness from a box-tick into something people actually care about.
From synthesisers to password managers, from yoga habits to ransomware planning, Lori brings a refreshingly human and honest perspective to what makes security communication land—or fall flat.
🔍 Cutting Through the Noise – Why most awareness content gets ignored, and how to make yours stick.
📖 Storytelling, Synths & Security – Lori shares how emotion and context help make complex topics relatable—even when they’re technical.
📣 Content People Want to Read – We talk about why trust beats fear, how to avoid “AI ick,” and why marketing is more about the reader than the writer.
🧠 Security as a Habit – What secure behaviours have in common with piano practice, bike training, and building any real muscle?
👀 Risk in Unexpected Places – Why marketing teams may be one of the riskiest parts of your org—and how to secure them without sounding like the fun police.
🛠️ From Small Teams to Strong Culture – Whether you’re a team of one or ten, Lori offers practical ways to build trust, reinforce secure habits, and communicate clearly (even on bad news days).
💬 A Thousand Seconds a Day – How small nudges and daily context can shape long-term behaviour, without resorting to doom and gloom.
If you’re looking to make your security messages more human, memorable, and effective, this one’s packed with perspective, laughs, and plenty of practical takeaways.
The Awareness Angle: Interviews is our series of real, candid conversations with the people reshaping security culture from the inside out, released alongside our regular episodes.
🕒 Timestamps
00:00 Introduction and Setting the Stage
03:00 Exploring Cybersecurity Marketing
05:59 The Importance of Authentic Content
08:58 Understanding Demand in Marketing
12:04 The Challenge of Awareness in Cybersecurity
14:56 Building Secure Habits
17:49 The Role of Password Managers
21:01 Ransomware Concerns for Small Businesses
23:56 The Impact of Ransomware on Operations
27:00 Storytelling in Marketing
29:56 Conclusion and Key Takeaways
34:51 Sensing the Unseen: The Art of Repair
36:52 Emotional Intelligence in Cybersecurity
38:54 Building Habits: The Power of Small Steps
40:55 Nudge Theory: Subtle Influences in Cybersecurity Awareness
42:22 Collaborative Content Creation: The Workshop Approach
44:23 The Importance of Feedback in Communication
48:59 AI in Content Creation: A Double-Edged Sword
53:37 Standing Out in a Crowded Market
56:41 Creating Trust Through Positive Engagement
01:02:58 Cross-Department Collaboration for Better Outcomes
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle, Anthony Davis and Luke Pettigrew dive into a week full of sharp turns—from a teen hacker forcing Microsoft to rethink its bounty program, to hackers hijacking a decades-old video game to take control of PCs. Also in the mix: 64 million job seekers exposed by a single password, suspicious Google Ads requests, Instagram flannel cons, and a football kit nod to Bletchley Park.
👾 Youth & Cybercrime – A UK teenager linked to major Microsoft and Nvidia breaches shows why digital ethics education can’t be optional for young, technically skilled individuals.
🎮 Old Games, New RCEs – Hackers exploited multiplayer game engines to gain remote access to PCs. Legacy software can create modern attack surfaces, on and off the clock.
📬 Phishing & Domain Abuse – The .es top-level domain is increasingly used in phishing scams. Help users decode domains and trust signals beyond just the brand name.
🔐 MFA Saves the Day – A spoofed Google Ads request almost succeeded—until MFA stepped in. A real-life reminder that layering defences works.
📄 AI Prompt Injection – Academic PDFs are being weaponised with hidden prompts to influence AI-generated outputs. It’s time to add LLM manipulation to your awareness radar.
📢 Emergency Alerts & Privacy – With government alert tests rolling out, employees with hidden phones (e.g., in domestic abuse cases) face real safety risks. Consider the human layer in crisis comms.
👚 Instagram Scams & Flannel Fraud – Niche cons on social media show how easy it is to mimic small businesses. Don’t forget brand impersonation when training around phishing.
🧑💼 Insider Threat Economics – A CNM insider sold credentials for just $300. Reinforce messaging around ethics, behaviour monitoring, and low-cost high-risk breaches.
🍟 Hiring Platform Data Leak – McDonald's and Paradox AI leaked data on 64M+ applicants—another reminder: third-party vendors aren’t automatically secure.
📊 Security Culture Benchmarks – Tools like KnowBe4’s Human Risk Maturity assessment help awareness pros evaluate where their culture stands and what needs improvement.
⚽ Bonus: Bletchley Park-Inspired Football Kit – What does a football shirt have to do with WWII codebreaking? A surprisingly wholesome win for security storytelling.
If you care about where behaviour, tech, and trust intersect, this one’s got it all.
🕒 Timestamps
00:00 Intro: A new intro and newsletter plug
02:53 Cyber Crime Developments: M&S and Co-op Attacks
05:56 Gaming Vulnerabilities: Call of Duty Incident
10:07 Young Innovators: Dylan's Microsoft Teams Hack
12:59 AI Manipulation in Academic Research
16:57 UK Emergency Alert System Testing
20:04 Phishing Trends: The Rise of .es Domains
24:59 Bribery in Cyber Crime: The Brazilian Bank Heist
27:58 Monzo's Fake Address Scandal
31:57 MK Dons Tribute to Bletchley Park
34:02 McDonald's AI Hiring Blunder
36:19 Paradox AI and Data Breach Concerns
37:35 Human Risk Management Insights
42:17 The Importance of Authentic Internal Communication
44:41 Deepfake Technology and Its Implications
49:34 Scams Targeting Consumers: Apple Pay Warning
53:26 Identifying Scams: The Dixon Shirt Fraud
01:00:14 Victor's Near Miss with a Scam
01:11:23 Weekly Wrap-up and Final Thoughts
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle, Anthony Davis and Luke Pettigrew unpack everything from text scams and AI scrapers to school shutdowns and insider threats. It’s a mix of the strange, the serious, and the preventable, plus a few thoughts on whether changing the Blue Screen of Death was really necessary.
Episode note - In this episode, we mention that 26,000 public sector devices were lost or stolen. That number isn’t accurate. The real figure is still shocking, with just over 2,000 devices in the past year, according to FOI-based reports. We caught the error before the episode went live, but since we recorded it, we’re calling it out here to keep things straight. Always better to be accurate.
📱 SMS Blasters & Android Security – Low-cost tools are sending out spoofed texts by the thousands. Meanwhile, Android 16 adds cellular warnings—so why doesn’t iPhone
🎥 The Hikvision Ban – Canada pulls the plug on Hikvision over national security concerns. We talk cheap CCTV, surveillance tech, and where other countries stand.
💻 26,000 Lost Devices – UK government departments lost thousands of laptops and phones. We dig into unencrypted risks and the shadow IT no one talks about.
🧠 Cloudflare vs AI Bots – New protections aim to stop AI from scraping websites—but are some tools are already mimicking humans to sneak past?
🎓 University Parking Hack – A former student manipulates grades, parking, and more. It started small… and escalated fast.
🏫 Cyberattacks on Schools – Another UK school forced to close after a ransomware attack. 60% of secondary schools were hit last year—why are they such a soft target?
📲 QR Code Phishing (Quishing) – A new warning on fake parking signs and QR scams. We ask: is it time to fix the mess that is parking apps?
👨💻 Insider Threats – A suspended IT worker wipes systems, costing £200k. A reminder: always revoke access before the fallout.
🖥️ The Death of the Blue Screen – Microsoft ditches the iconic BSOD for a black version. It’s a small change—but raises big questions about user trust and clarity.
If you care about human risk, digital culture, and the strange places security slips through, this episode’s got something for you.
🕒 Timestamps
00:00 – Intro: A new intro and newsletter plug
01:30 – AJ King interview highlights
03:26 – SMS Blasters and Google’s Pixel 10 protection
09:27 – Canada bans Hikvision over national security risks
15:04 – 26,000 public sector devices lost or stolen
20:39 – Cloudflare launches AI bot blocker
24:28 – Ex-student hacks university over parking, triggers breach
27:41 – Cornwall school cyberattack and UK education stats
31:13 – £3.5m lost to quishing (QR phishing)
35:20 – IT worker jailed for revenge attack after suspension
38:23 – Microsoft kills the Blue Screen of Death
42:00 – Awareness events: SANS Summit, IASAP, and Huficon
46:01 – Can we teach our mums to spot fake AI videos?
48:06 – IKEA gift card checkout scam warning
50:27 – WHSmith rebrands as TG Jones – phishing vibes
54:07 – Instagram inheritance scam analysed by ChatGPT
57:51 – TikTok strikes vs Meta’s scam filtering
59:15 – AI chatbots recommending phishing links
01:04:09 – CSGO player doxxed via Steam OSINT
01:08:47 – Digital footprints and parenting in a connected world
01:11:16 – Local business cyber day preview
01:12:11 – Weekly wrap-up and final thoughts
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle Interviews… Anthony sits down with AJ King, a UX researcher and behavioural science expert, to explore what it really takes to change security behaviour.
Forget check-the-box training and flashy nudges—this episode gets into the messy, human side of behaviour change, why habits are hard to break, and how your gym routine might just explain why people keep clicking phishing links.
🧠 Why People Don’t Remember Training – AJ breaks down the cognitive reasons annual awareness programs often fall flat.
🎯 Nudges Aren’t Enough – We explore why simple prompts can help—but won’t fix—behavioural gaps without deeper engagement.
💪 The Gym Metaphor – Building secure habits is like fitness: it takes consistency, relevance, and personal motivation.
📈 Beyond Compliance – Compliance might drive reporting, but it rarely changes how people actually act.
🔁 Repetition & Real Life – Training sticks when it reflects daily behaviour—not once-a-year reminders.
📣 Speaking Their Language – Why tailoring awareness efforts to people’s lived experience matters more than security buzzwords.
🤝 Behavioural Science Meets UX – AJ shares how user research and human-centred design can elevate your awareness program from frustrating to effective.
💬 Feedback as a Force Multiplier – What users tell you (and what they don’t) can reshape how you teach security.
⚖️ Fear vs. Motivation – We talk about the psychology of risk, and why scaring people isn’t a sustainable strategy.
🔄 Security is a Human System – Tools help, but behaviour drives outcomes. Awareness needs to meet people where they are.
If you're trying to move the needle on secure behaviour—not just track who opened the training email—this one's packed with fresh thinking, honest insights, and practical ways to rethink your approach.
The Awareness Angle: Interviews is our ongoing series of real, no-fluff conversations with the people reimagining how we approach security, risk, and human behaviour.
🕒 Timestamps
00:00 Fashion Essentials and Personal Style
02:57 Behavioural Science Insights
06:03 Understanding Human Behaviour
09:05 The Role of Training in Behaviour Change
11:53 The Impact of Compliance Culture
15:08 Reframing Security Awareness Training
17:59 The Challenge of Changing Behaviours
20:58 Nudge Theory and Behavioural Change
30:36 Understanding Nudges in Behavioural Economics
39:38 Present Bias and Its Implications
48:07 The Importance of Naming in Security Awareness
55:30 Framing Risks for Leadership Engagement
01:05:09 Customer Loyalty vs. Price Sensitivity
01:06:01 Behavioural Change: Fear vs. Reward
01:09:26 Primal Instincts and Behavioural Change
01:12:24 The Role of Positive Reinforcement
01:15:53 Fear and Reward in Cybersecurity Training
01:18:01 Creating Engagement Through Education
01:21:27 The Challenge of Standing Out
01:24:21 The Impact of Consistent Communication
01:29:28 Recommended Reads on Human Behaviour
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle, Anthony Davis and Luke Pettigrew break down the biggest cyber stories, from smishing attacks in car parks to leaked US military secrets on gaming forums. It’s all about what slipped through the cracks, and what to watch for next.
🛡️ Mass Claims & M&S Breach – Legal firms swarm the M&S data breach. Who really benefits: victims or opportunists?
🎮 Nexus Mods Ownership Shift – A quiet change sparks questions about transparency on one of gaming’s most trusted mod sites.
🌐 Record-Breaking DDoS Attack – 37 million requests per second. The new HTTP/2 “rapid reset” exploit shows how attacks keep evolving.
🍕 OSINT & Pizza Orders – Can pizza deliveries reveal classified military ops? A deep dive into how open-source intel can be weaponized.
✈️ Military Secrets Leaked on Forums – War Thunder players keep spilling classified info. Why does this keep happening?
🏥 AI in GP Clinics – UK doctors use unapproved AI transcription tools. What are the privacy risks of this shadow IT?
📂 New ClickFix Variant: FileFix – A stealthy Windows Explorer exploit you need to know about. Don’t blindly paste code.
📱 SMS Blasters Deployed – Low-cost devices send spoofed texts by the thousands. Just because it looks real, doesn’t mean it is.
💉 Ransomware Linked to NHS Death – The human cost of cybercrime grows as a Synnovis attack ties to a patient fatality.
🧰 Windows 10 Extended Support – Staying on Windows 10 past October 2025 comes with hidden costs. Is it worth it?
🧪 Fake Interviews, Real Malware – Developers targeted via NPM packages during bogus test tasks. Beware offers that seem too good to be true.
🎁 Scam of the Week – Anthony’s mum nearly falls for a fake M&S hamper giveaway. Funny but also a sharp warning.
🔍 Tool of the Week: Metomic – A clever, nudge-based DLP platform that helps teams catch oversharing before it turns into a breach.
If you care about real-world threats, human behavior, and how security can slip through everyday cracks, this episode has plenty to chew on.
🕒 Timestamps
00:00 Introduction to Cybersecurity News
04:01 M&S Claims and Ethical Concerns
06:14 Record-Breaking DDoS Attack
10:02 OSINT and Pizza Intelligence
14:27 Military Secrets Leaked on Gaming Forums
18:02 Doctors Using Unapproved AI Tools
22:08 New FileFix Attack in Cybersecurity
26:08 SMS Blasters and Smishing Attacks
30:12 Ransomware Impact on Healthcare
33:04 Cybersecurity Compliance Risks
36:02 Fake Interviews and Malware Distribution
39:04 Public Reactions to Data Breaches
44:09 Innovative Cybersecurity Tools
49:07 Evaluating Discount Software Purchases
55:02 Identifying Scams and Phishing Attempts
01:01:00 Password Security and Data Breaches
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle, Anthony Davis and Luke Pettigrew explore a special episode on what it really takes to build meaningful cybersecurity awareness, as part of preparing for Cybersecurity Awareness Month.
📢 Beyond the Poster Campaign – Open communication channels and positive reinforcement are key to building trust and encouraging people to speak up.
🏆 Recognize What’s Working – Highlighting good security behavior can do more than just raise morale—it can shift culture.
🎮 Learning That Actually Lands – Interactive, gamified, and story-driven training creates better retention than outdated tick-box modules.
💥 When Breaches Get Real – Relatable consequences make cybersecurity more than just a theoretical concern.
🧾 Policies That People Can Understand – Security guidelines should be accessible, not buried in jargon.
🔐 MFA: Still Not Universal – Despite being one of the most effective defences, many organisations still don’t enforce multi-factor authentication. We unpack why that’s a problem
🔑 The Password Problem – Forget confusing complexity rules—focus on uniqueness and usability to reduce risky habits.
🎣 Simulated Phishing Isn’t a Silver Bullet – We break down the mixed results and why real engagement beats gotcha tactics.
🧠 Good Training Changes Behavior – If your awareness program isn’t shifting how people act, it’s time to rethink the strategy.
If you're re-evaluating how to engage employees, boost awareness, and change behaviour, this episode is packed with honest insights and practical takeaways.
🕒Timestamps
00:00 Episode Introduction
01:28 Key Strategies for Boosting Awareness
03:14 Keeping Communication Open
08:02 Rewarding Positive Security Habits
11:48 Making Learning Interactive
16:06 Showing Real-World Cyber Impacts
19:00 Setting Clear Security Guidelines
23:01 Creating a Culture of Awareness
26:42 Using MFA to Strengthen Security
29:51 Building Better Password Habits
35:59 Simulated Phishing: Pros and Cons
41:09 Reinventing Cybersecurity Training
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle Interviews… Anthony sits down with Terry McCorkle, co-founder of PhishCloud, to rethink everything you think you know about phishing training. From military discipline to startup innovation, Terry brings decades of experience—and strong opinions—on what’s broken in phishing awareness, and how real-time data and human-first thinking can fix it.🐟 Why Phishing Simulations Miss the Mark – Terry explains how traditional simulations often create resentment, not resilience, and what a more thoughtful approach looks like.📡 The Power of Real-Time Data – Static reports don’t cut it. Terry breaks down how live metrics and immediate feedback can make awareness training actually stick.🧠 Users Are Not the Problem – It's time to stop blaming the human. We talk about how involving users in the solution builds stronger defenses and better culture.💡 PhishCloud’s Fresh Take – From just-in-time training to behavioural insights, Terry walks us through how his platform flips phishing awareness on its head.🎮 Gamified, Personalised, Seamless – Why training that’s fun, tailored, and delivered in the moment beats compliance tick-boxes every time.🔄 Test the Process, Not Just the People – Phishing attacks test systems too. Terry shares why focusing only on individual clicks misses the bigger risk.🤖 AI Meets Awareness – How automation, workflow integration, and smarter tooling can enhance—not replace—the human role in security.🏗️ Culture Change Over Compliance – We unpack how to build a learning culture that sees awareness as part of everyday work, not an annual chore.Whether you’re rethinking your phishing program or just tired of gotcha-style training, this conversation offers practical insights with real impact.The Awareness Angle: Interviews brings you candid, real-world conversations with the people transforming how we approach security, behavior, and risk. New interviews drop alongside our Thursday episodes.
🕒 Timestamps
00:00 Episode Introduction
03:03 How Phishing Simulations Impact Behavior
06:13 Terry’s Path into Cybersecurity
09:06 Why the Human Element Still Matters
12:12 Inside FishCloud’s Approach
15:05 Real-Time Protection Against Phishing
17:58 What User Behavior Reveals
20:50 Balancing Privacy in Phishing Tools
27:51 Smarter Security Awareness Training
30:01 Making Compliance Training Engaging
33:03 From Reactive to Proactive Phishing Defense
36:29 How AI is Enhancing Security
39:14 Tackling Human Risk in Cyber
43:29 Building a Security-First Culture
46:20 Military Experience in Cyber Careers
48:10 Learning Resources & Recommendations
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week, The Awareness Angle dives into NHS breaches, dodgy shortcut files, and why fake CAPTCHAs are the new phishing frontier.
🧑⚕️ NHS Professionals Breached – Attackers spent 13 months undetected inside the UK’s largest NHS staffing agency. We break down how they got in, why Active Directory matters, and what took so long to tell anyone.
🖥️ Shortcut Files Can Bite – Microsoft warns that LNK files can trigger attacks just by being viewed. No patch yet, and antivirus alone might not be enough.
🛑 ClickFix Strikes Again – A new macOS malware campaign tricks users into running terminal commands. It’s sloppy but effective, and it’s targeting creatives.
🔒 End of Windows 10 – As support ends in October, the EndOf10 movement wants you to install Linux instead of upgrading. We look at the pros, the problems, and whether it's realistic.
📱 WhatsApp vs UK Gov – WhatsApp backs Apple in the fight against encryption backdoors. What’s at stake for private communication?
🌫️ From Surface to Atmosphere – Forget attack surfaces—modern threats are everywhere. We explore why security needs to focus more on behaviour and environment.
Plus: a pigeon gets into Ant’s house and becomes a case study in incident response. Obviously.
🕒 Timestamps
01:02 Awards Night & Behind the Scenes at Infosec
06:15 M&S Back Online After Breach
08:39 Whole Foods Supplier Cyberattack
10:14 British Horseracing Authority Breach
11:45 NHS Professionals Breach Timeline
17:56 ClickFix Malware Hits macOS
20:36 Microsoft Patch Tuesday Breakdown
23:00 Shortcut File (.LNK) Threats
27:10 The Pigeon Breach Story
31:00 TikTok Comments – Passkeys & Signal
35:00 Interview Preview – Terry from PhishCloud
37:00 FAA Still Running Windows 95
39:30 WhatsApp Joins Apple in Encryption Fight
41:50 EndOf10 Campaign & Linux Migration
48:00 Attack Atmosphere Explained
54:58 Metrics That Matter in Awareness
56:00 Phishing Invoice Spam in Gmail
1:00:00 Wrap-Up & Next Week Preview
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week, The Awareness Angle celebrates a big win—taking home two awards at InfoSecurity Europe! Anthony and Luke dive into a packed episode covering everything from retail breaches to the shifting world of passwordless authentication.
🏬 Retail Under Attack – From North Face to Cartier and M&S, cyber incidents continue to rock the retail sector. M&S now faces a class action lawsuit over a major breach.
🔑 Passwordless Progress – Microsoft is pushing the future of secure logins, and Gen Z seems ready to ditch passwords entirely. But is the wider public ready?
🔐 Signal vs Recall – Signal is blocking Microsoft’s new Recall feature from capturing chats, raising important questions about privacy in AI-powered tools.
🚗 Cars and Weak Credentials – The automotive industry is falling behind on password hygiene, exposing a surprising new attack vector.
🌏 Ransomware Rules in Australia – The country is rolling out mandatory disclosure laws, aiming to increase transparency around ransom payments.
🎭 Narratives That Stick – Clear, engaging communication is critical, not just for users, but for threat intelligence too. We unpack Microsoft and CrowdStrike’s effort to standardize naming conventions.
🎣 New Malware Tactics – Cybercriminals are embedding malware into creative tools, showing how attacks are evolving beyond the usual methods.
🗣️ Why Awareness Still Matters – Whether it’s media miscommunication or confusing tech rollouts, clear storytelling and community engagement remain essential for building trust and resilience.
From cutting through the jargon to making security feel more human, this episode is full of sharp insights, strong opinions, and a few laughs along the way.
🕒Timestamps
01:02 Awards Night & Behind the Scenes at Infosec
14:11 The North Face & 💍 Cartier Breaches
16:23 M&S Class Action Lawsuit
18:51 Microsoft Authenticator Password Deletion
20:47 Signal Blocks Windows Recall
23:31 Smart Cars, Dumb Passwords
28:08 Australia Ransomware Disclosure Law
30:39 Gen Z and Passkey Adoption
35:00 Threat Actor Naming – Periwinkle Tempest
42:17 The Future Of Cybersecurity Virtual Event
43:25 The Comments Section
51:47 WhatsApp £8k Job Scam (spotted by Hayden Taylor)
57:36 Meta AI on WhatsApp
59:25 🪑 Blender File Malware Warning
1:02:53 Triage Tools and Creative Risks
1:05:22 Comments & Wrap-Up
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle Interviews… Anthony sits down with Sara Carty, the founder of UNBORING, to explore why so much cybersecurity marketing feels stale—and what we can do to change it. From drama school to startup life, Sara’s journey is anything but conventional, and her marketing approach is bold, honest, and refreshingly human.
🎭 From Drama to Data Breaches – Sara shares how her background in performance gave her the confidence to challenge industry norms and connect with audiences in a real way.
📉 Ditching Fear-Based Marketing – Scare tactics are out. Sara explains why trust, clarity, and relevance are far more powerful than doom and gloom.
🧠 Tech Doesn’t Have to Be Boring – We talk about the balance between getting the technical details right and actually engaging the people who matter.
📣 Marketing is Storytelling – Great cybersecurity campaigns aren’t about features—they’re about people. Sara explains how to make messages stick.
🚫 No More Blaming the Audience – If people aren’t listening, maybe the message is the problem. We unpack how to create content that meets users where they are.
🎨 The Human Behind the Hack – Good marketing understands human risk. Sara shares how empathy and creativity build stronger campaigns (and cultures).
🧩 Insights from the Marketing Team – From product design to user adoption, marketing can be a strategic partner—not just the team that “makes it pretty.”
🗣️ Why UNBORING Matters – Whether it’s refusing to use AI-generated content or calling out jargon-filled nonsense, Sara’s mission is clear: make cybersecurity feel human again.
If you’ve ever zoned out during a “cyber comms campaign” or wondered how to make people actually care about security—this conversation is for you.
🕒 *Timestamps*
*Introduction & Mission*
00:00 Introduction to Unboring and Its Mission
06:10 The Impact of Drama School on Professional Skills
*Marketing & Messaging*
11:49 The Importance of Marketing in Cybersecurity
18:09 Standing Out in a Sea of Sameness
23:53 The Future of Cybersecurity Marketing
28:02 The Role of Women in Cybersecurity Awareness
31:46 Touch Points in Marketing and Engagement
34:58 The Role of Storytelling in Marketing and Cybersecurity
35:56 Communicating with Human Touch
37:06 The Disconnect Between Marketing and Cybersecurity
*Human Element & Awareness*
38:03 The Impact of Social Engineering on Cybersecurity
39:00 The Role of AI in Marketing and Cybersecurity
40:07 The Importance of Relatable Communication
40:57 The Human Element in Cybersecurity Awareness
41:58 The Disconnect in Cybersecurity Messaging
42:57 The Importance of Engagement in Cybersecurity
43:54 The Need for Top-Down Support in Cybersecurity Awareness
*Espionage & Storytelling*
45:03 Exploring Cyber Espionage and Marketing
46:00 Lessons from Espionage for Marketers
47:12 The Connection Between Storytelling and Marketing
47:51 The Role of Human Stories in Marketing
49:03 The Importance of Understanding Audience Needs
50:08 The Need for Authentic Marketing
50:57 Storytelling Lessons from Popular Culture
52:45 The Power of Relatable Storytelling
*Trends & Takeaways*
55:21 Tech vs. Human Connection in Cybersecurity
01:00:42 Marketing Buzzwords to Ban
01:02:28 Admiring Innovative Marketing Campaigns
01:05:44 The Importance of Storytelling in Communication
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
In this episode of The Awareness Angle, Anthony and Luke unpack a fresh wave of cybersecurity stories affecting both individuals and organisations:
🛍️ Retailers in the Firing Line – Major high-street brands are once again the target of serious cyber incidents, raising questions about resilience in the sector.
🎭 Social Engineering Stays on Top – From fake IT support to urgent command prompts, attackers continue to exploit human trust as their primary attack vector.
🪛 Microsoft & Apple Tweak the Basics – Microsoft announces updates to streamline patching, while Apple shifts its versioning system to reflect the calendar year.
🧠 Phishing Evolves Again – These attacks are becoming harder to spot and more convincing. We talk tactics for staying ahead.
🔐 Training, But Make It Useful – We highlight why modern awareness programs must go beyond compliance to truly change behaviour.
📲 SIM Swaps & Password Fails – From account takeovers to careless password habits, we explore some of the weakest links in digital security.
🧬 Gen Z & Data Trade-Offs – Would you sell your personal data for perks? A surprising number already do. We unpack the implications.
🗣️ AI Voice Cloning Raises Red Flags – As synthetic audio gets more realistic, concerns around consent and misuse are growing louder.
📢 Cybersecurity Awareness Month – A perfect moment to reflect on what’s working (and what’s not) in promoting safe online habits.
Whether you're an IT leader or just trying to dodge the next phishing scam, this episode is packed with insights to help you stay sharp in an evolving threat landscape.
🕒 Timestamps
00:00 – Intro and European Cybersecurity Blogger Awards update02:29 – Victoria’s Secret breach: US website taken down03:10 – Adidas cyber attack: Third-party helpdesk access06:24 – AI-generated TikTok videos pushing PowerShell malware08:43 – Microsoft’s new unified Windows update platform12:03 – Apple renaming iOS/macOS to iOS 26/macOS 2613:41 – Five fast phishing stories (starts mini round-up)14:07 – Tajikistan targeted via macro Word templates16:36 – Fake Cloudflare page tricks users into running malware18:00 – Fake Google Meet page runs PowerShell command20:14 – Coursera phishing scam uses fake Meta certificate26:09 – InfoSec Europe event details27:41 – Upcoming virtual event: The Future of Cyber Security29:00 – Listener comments: Old tech and Skarda29:45 – Upcoming interview: Sara Carty from Unboring31:45 – Digital Safety Checklist from digital.lead.org.uk35:43 – Homebrew devs targeted via fake Google Ads redirect38:42 – OceanGate implosion video leaks sticky note password41:30 – EE SIM swap incident and SMS 2FA vulnerability48:11 – Gen Z selling their data for $50/month with verb.ai52:13 – ScotRail AI voice controversy: real-world “likeness” misuse58:25 – Use AI to analyse terms & conditions (TOSDR.org)01:01:00 – WhatsApp now supports passkeys01:02:53 – Phishing email spoofing Luke hits Ant’s inbox01:06:34 – Final takeaway: Never run commands from a website prompt
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week, The Awareness Angle hits its 30th episode milestone—and we’re marking it with a deep dive into the latest in cybersecurity, awareness, and digital risk:
🎉 30 Episodes In – A huge thank you to our growing community! We reflect on how far we’ve come and why your feedback keeps this show thriving.
💥 £300M Cyber Hit for M&S – We unpack the staggering cost of the retailer’s recent breach—and what it signals for cyber resilience in retail.
🧠 The Rise of Social Engineering – Forget firewalls—humans are the target. We explore how attackers are using trust, urgency, and voice phishing to break in.
📍 O2’s Location Leak – A major privacy flaw exposed users' whereabouts. The fix is in, but the questions around data handling remain.
🧩 One Parking App to Rule Them All? – The UK government plans a single solution for public parking. We discuss the potential risks (and benefits) of centralised services.
🧯 Fake Chrome Extensions – These silent threats steal data and spread malware. We look at what users can do to protect themselves.
📚 Billions of Discord Messages Scraped – Researchers hoovered up massive amounts of user content. We examine the ethics and implications of academic surveillance.
🖥️ Legacy Tech Still Lurking – From NHS infrastructure to XP-powered systems, outdated tech continues to expose critical services to modern threats.
🗣️ Deepfakes & Voice Scams – AI is enabling more convincing fraud. We break down how realism is raising the stakes for impersonation attacks.
💡 Why Awareness Still Matters – From the classroom to the boardroom, education remains the best defence. We highlight how organisations can move from reactive to resilient.
Thanks for joining us—whether you’re here for episode one or thirty. Let’s keep learning, sharing, and staying one step ahead together.
Timestamps00:00 – Intro and episode milestone03:20 – Interview plug: Amy Stokes-Waters on Cyber Escape Rooms04:08 – European Cybersecurity Blogger Awards (vote now!)05:32 – Monday newsletter reminderMain Stories
06:13 – M&S cyber attack update: £300m cost and third-party access10:02 – Tesco & Sainsbury’s supplier ransomware incident12:59 – 3AM ransomware: fake IT calls and email bombing15:37 – HSBC CEO: “Cyber threats keep me up at night”18:19 – O2 bug leaking mobile user location (now patched)22:18 – UK govt to unify parking apps, reduce QR code risk24:37 – 100+ fake Chrome extensions stealing data29:30 – Researchers publish 2 billion Discord messagesAwareness & Community
32:30 – Future of Cybersecurity event (June 12)34:27 – SANS 2025 Security Awareness SurveyComments & Community Reactions
36:36 – TikTok/Instagram virality, OneDrive sync backlash, NHS tech39:43 – Spam call surge after M&S breach – or Baader-Meinhof effect?Bonus Deep Dives
41:54 – Ancient Windows still running in 2025 (BBC Future article)47:10 – Live demo of Vishr.ai – AI-powered vishing simulator52:15 – Deepfake investment scam featuring fake Anthony Bolton57:04 – Google Veo AI video generation with audio01:04:18 – Notebook LM: Generate podcast-style conversations from transcripts
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle Interviews… Anthony has a brilliant chat with Amy Stokes-Waters from The Cyber Escape Room Co. They talk about ditching dull training, making awareness genuinely fun, and how escape rooms, storytelling, and a bit of chaos can actually change behaviour. Loads of laughs, loads of good ideas, and a few dodgy password stories thrown in—plus the occasional strong word or two (in the best possible way).
Amy brings fresh energy to the security awareness world—cutting through the buzzwords and showing how relatable, interactive, and human training can make a real difference.
🔓 Escape the Boring Stuff – Amy breaks down how escape rooms turn passive training into memorable, meaningful experiences.
📚 From Storytelling to Swearing – Awareness doesn’t have to be corporate. It just has to connect.
🛠️ Lessons from the Hard Way – The founder journey isn’t always smooth, but the bumps come with big takeaways.
♻️ Beyond the Annual Box-Tick – Awareness should be continuous, creative, and part of everyday culture.
🎯 Phishing Isn’t the Whole Game – Simulations matter, but they’re just one tool. Amy shares what else should be in your kit.
📢 Awareness is Marketing – Brand, tone, and message consistency matter. Sell it like you mean it.
🧍♂️ Security Champions & Culture Change – Find your internal allies and give them the tools to drive change.
🤖 Looking Ahead – AI, behavioural science, and why the future of training still needs a human touch.
Whether you’re in security, L&D, comms—or just fed up with boring training—this one’s full of practical inspiration and plenty of personality.
The Awareness Angle: Interviews is our ongoing series of honest, practical conversations with the people reshaping security culture from the inside out.
🕒 Timestamps
00:00 Introduction to Amy
03:06 Engaging Training Methods: Escape Rooms
05:56 The Importance of Relatability in Training
09:03 The Journey to Cyber Escape Rooms
12:04 Learning Through Engagement
14:59 Challenges and Mistakes in the Business
17:49 Impactful Moments in Training
21:08 The Evolving Security Awareness Landscape
24:31 Engaging Security Training through Creative Scenarios
25:21 Building a Continuous Learning Framework
26:56 Rethinking Phishing Simulations
28:41 The Marketing of Security Awareness
30:40 Consistency in Messaging and Engagement
32:11 The Importance of Brand Voice in Security
35:42 Authenticity in Communication
38:22 Expanding Horizons: New Ventures in Security Training
40:17 The Future of Security Awareness Training
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle, we break down the biggest stories in cybersecurity, awareness, and human risk:
🖥️ Windows 10 Lives On – Microsoft has extended support until 2028, giving users and IT teams more breathing room before the jump to Windows 11.
🎮 Steam Account Scare – Reports of leaked accounts raised alarms, but no sensitive info was exposed. Still, it’s a reminder of the real-world value behind in-game assets.
👜 Dior Data Breach – A cyber attack exposed customer details, but not payment info. We explore the implications for brand trust and customer confidence.
🛒 Co-op vs M&S Cyber Response – Co-op contained their breach swiftly. M&S is still in recovery mode. We discuss why crisis response makes or breaks reputations.
🧑💻 North Korea’s Remote Job Scam – Hackers stole $88M by posing as U.S. tech workers. We dive into this elaborate social engineering scheme and its growing threat.
📹 Malware Masquerading as AI Tools – A fake AI video generator is spreading malware. Don’t trust the ads, especially on social media.
🏥 Outdated Public Sector Systems – Shockingly, some UK government systems still run on Windows 3.1. We talk about why legacy tech is a silent cybersecurity risk.
🔐 Passkeys & Android 16 – Passwordless logins and Android’s new security features signal a shift in how we protect our devices and data.
🎓 AI + Awareness Training – Used well, AI can level up security training, helping personalise content and increase retention.
🧠 Education Over Trickery – Whether it’s phishing simulations or awareness content, the goal should be genuine understanding, not catching people out.
Stay informed, stay aware—and as always, thanks for tuning in.
🕒 Timestamps00:00 Introduction to Cybersecurity News04:50 Microsoft Extends Windows 10 Support to Ease Transition07:40 Steam Data Leak Raises Account Security Concerns10:46 Dior Cyber Attack Exposes Customer Information12:09 Co-op and M&S Respond to Targeted Cyber Attacks18:20 North Korean Hackers Exploit Remote Work Job Fraud21:32 Fake AI Video Generators Deliver Malware Payloads25:36 UK Government Faces Scrutiny Over Outdated Systems28:48 Moving Toward Passwordless Authentication30:58 Android 16 Introduces New Security Enhancements32:37 Security Gaps Remain Despite Passkey Advancements34:15 Rethinking the Effectiveness of Security Awareness Training38:08 Preview of Upcoming Cybersecurity Conference38:50 The Social Comments Section43:03 Security and Scam Challenges in the Healthcare Sector44:19 AI Impersonation Scams Complicate Identity Trust48:18 Angry Birds IMEI Tracking Led To Global Surveillance49:11 Social Engineering Continues to Drive Modern Scams51:30 Booking.com Scams Highlight Travel Security Gaps58:10 Social Engineering Simulation Warning From The Experts
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
📙 About The Awareness Angle
A CYBERSECURITY PODCAST where we talk about SECURITY AWARENESS and security education. We are professionals in HUMAN RISK and Information Security Awareness. We know PHISHING CAMPAIGNS, we know PHISH. We have done annual SECURITY TRAINING. We have sent NEWSLETTERS and made videos. We have created security awareness CULTURE STUDIES and are passionate about HUMAN BEHAVIOURS. Whether you're a CYBER Security Awareness professional or simply curious about HUMAN RISK, this podcast is your go-to resource for fresh perspectives and creative solutions.
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle, we dive into some of the latest developments shaping cybersecurity, human risk, and digital trust:
🏆 Podcast Nominated! – The Awareness Angle is up for two industry awards—thank you for the support!
🛍️ Retail Cyber Incidents – Both M&S and Co-op are dealing with serious cyber issues, but the silence is raising more questions than answers.
🎙️ AI Voice Scams on WhatsApp – Scammers are now using AI-generated voice notes to impersonate loved ones. We unpack how this works and what to look out for.
☁️ OneDrive Exfiltration Risk – A new feature in OneDrive could be exploited to leak sensitive files. Here’s what IT teams need to know.
🦠 LockBit Gets Hacked – The infamous ransomware group has been breached themselves, revealing infighting and surprising insights into how these criminal gangs operate.
🔑 Passkeys Gain Momentum – Microsoft and other major players are pushing passwordless logins. We explore why passkeys might finally stick—and what it means for user adoption.
📲 Clipboard Security Warning – Samsung devices may be leaking sensitive data through clipboard functions. We talk about how this works and why it matters.
📦 Brushing Scams & Fake Reviews – Random parcels might seem harmless, but these scams are about manipulating trust and inflating seller reputations.
⚠️ Massive Phishing Campaigns – The volume and sophistication of phishing attacks are spiking again. We break down why it's happening and how to stay ahead.
Whether deep in the security world or just trying to stay safer online, this episode is packed with practical takeaways and fresh insights.
🕒 Timestamps
00:00 Intro
01:18 The Awareness Angle Podcast Gets Award Nominations
05:28 M&S and Co-op Hit by Major Cyber Incidents
09:33 AI Voice Notes Fuel Evolving WhatsApp ‘Hi Mum’ Scams
18:13 OneDrive’s New Feature Could Enable Data Leaks
22:53 Lockbit Ransomware Gang Breached by Rivals
29:08 Passkeys: Microsoft’s Push Toward Passwordless Security
36:58 Why Passwordless Authentication Is the Future
39:18 Ransomware Risks and the Need for Recovery Planning
43:43 NHS Transparency Issues Undermine Staff Confidence
45:22 CoGUI - Phishing Campaigns Surge — User Awareness Is Vital
47:40 AI in the Courtroom: Ethical and Legal Questions
51:42 The Comments Section
55:58 Cybersecurity Awareness Relies on Better Communication
57:45 Clipboard Vulnerabilities Expose Samsung Users
59:47 Brushing Scams Undermine Trust in Product Reviews
01:03:14 SMS Scams Exploit User Trust Through Malicious Links
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
📙 About The Awareness Angle
A CYBERSECURITY PODCAST where we talk about SECURITY AWARENESS and security education. We are professionals in HUMAN RISK and Information Security Awareness. We know PHISHING CAMPAIGNS, we know PHISH. We have done annual SECURITY TRAINING. We have sent NEWSLETTERS and made videos. We have created security awareness CULTURE STUDIES and are passionate about HUMAN BEHAVIOURS. Whether you're a CYBER Security Awareness professional or simply curious about HUMAN RISK, this podcast is your go-to resource for fresh perspectives and creative solutions.
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
