Can Hackers Hijack Your Device With A Zoom Call?
This episode is packed with real-world cybersecurity stories, retail disruptions, clever scams, and some big questions about resilience and trust.
We start with the Marks & Spencer cyber incident, which caused major disruption to contactless payments and Click & Collect services. While some praised their communication, we discussed how real questions about the root cause and customer data remain unanswered. With reports that remote workers were also locked out, it highlights the human pressure that sits behind every cyber incident. Our thoughts are genuinely with the teams at M&S working through what must be an incredibly challenging time.
We also look at a clever abuse of Zoom’s remote control feature, where attackers trick victims into handing over screen control during meetings, leading to stolen crypto funds. It is a perfect example of how trust in technology can be turned against users.
Stephen Bartlett’s experience with AI deepfakes is another reminder that scams are evolving fast. As deepfake technology becomes more accessible, verifying requests and setting up trusted backchannels is becoming critical.
Elsewhere, we talk about mystery USB sticks left on cars and handed out in public, and why plugging unknown devices into trusted systems can have real-world consequences. Plus, we highlight a warning about fake recruiter scams on LinkedIn, where attackers target job seekers to harvest personal data.
This week’s stories all point to the same reality: cybersecurity is no longer just about systems, it is about people. How we communicate, how we build trust, and how we react in the moment matters more than ever.
Sign up for The Awareness Angle Newsletter today and get notified every time a new episode is released. Each newsletter contains details of the topics discussed and more from the world of Security Awareness.
You're almost there!
To confirm your subscription, please check your inbox for a confirmation email. Click the link in the email to complete your signup and start receiving our newsletter!
If you don’t see the email within a few minutes, check your spam or junk folder, just in case.
Thank you for subscribing!
💬 Episode 24 Discussion Points
M&S Cyber Incident Update – Official Statement
https://corporate.marksandspencer.com/media/press-releases/cyber-incident-further-update
M&S Incident Coverage – The Register
https://www.theregister.com/AMP/2025/04/24/marks_spencer_outage_ongoing/
Risky Business Bulletin – Zoom Remote Control Abuse
https://risky.biz/risky-bulletin-zoom-has-a-remote-control-feature-and-crypto-thieves-are-abusing-it/
Google OAuth Loophole – Gbhackers Coverage (Ad Warning)
https://gbhackers.com/cybercriminals-exploit-google-oauth/
Sexploitation Up 43% – Good Morning Britain Clip
https://x.com/gmb/status/1914566485051056366?s=46
Windows 11 Recall – Ars Technica Deep Dive
https://arstechnica.com/gadgets/2025/04/in-depth-with-windows-11-recall-and-what-microsoft-has-and-hasnt-fixed/?utm_source=tldrinfosec
OpenAI Wants to Buy Chrome – Ars Technica Report
https://arstechnica.com/ai/2025/04/chatgpt-head-tells-court-openai-is-interested-in-buying-chrome/?utm_source=tldrmarketing
Interlock Ransomware Claims DaVita Attack – Bleeping Computer
https://www.bleepingcomputer.com/news/security/interlock-ransomware-claims-davita-attack-leaks-stolen-data/
Cookie Bite Attack on Microsoft 365 – Dark Reading
https://www.darkreading.com/remote-workforce/cookie-bite-entra-id-attack-exposes-microsoft-365
Stephen Bartlett AI Deepfake Warning – LinkedIn Post
https://www.linkedin.com/posts/stevenbartlett-123_ai-scams-activity-7321170901146783744-mH2A?utm_source=share&utm_medium=member_ios&rcm=ACoAAAUeqPUBaQ3cKS5lS2Jhty_E8O_cJBZ5gik
FOG Gang Ransomware – PCM UK Coverage
https://uk.pcmag.com/security/157683/ransomware-gang-takes-page-from-elons-what-did-you-do-this-week-doge-emails
Missed the episode? Watch it below!