Sponsored by

How 2M+ Professionals Stay Ahead on AI

AI is moving fast and most people are falling behind. 

The Rundown AI keeps you ahead of the curve. 

It's a free AI newsletter that keeps you up-to-date on the latest AI news, and teaches you how to apply it in just 5 minutes a day.

Plus, complete the quiz after signing up and they’ll recommend the best AI tools, guides, and courses — tailored to your needs.

Sign up to start learning.

ShinyHunters hit hundreds of companies this year without breaking a lock. They called employees and talked them through the door. Meanwhile, AI voice scams drained $893 million from victims, including $352 million from people over 60. The machine got too hard to hack, so the attackers went back to the oldest target there is: a human being who trusts the voice on the line.

THE DEAD DROP // ISSUE NO. 105 // 06.16.2026 EYES ONLY
 
The Dead Drop
FRAUD  ·  POWER  ·  PSYOPS
 
The lock got strong. So they called the voice that knows the password.

Before the file opens, picture two phones ringing on the same afternoon.

The first rings at a corporate help desk. The caller knows the employee’s name, badge format, and IT vendor. He sounds bored, competent, a little rushed.

There’s a problem with your multi-factor, he says. Read me the code so I can clear it.

The employee reads it.

No malware. No exploit. Just a 30-second conversation, and a company most of you have an account with is suddenly wide open.

The second phone rings in a kitchen.

It is a grandson’s voice, tight with panic. There has been an accident. There is a lawyer. Please do not tell Mom. I need the money today.

The voice cracks in exactly the right places.

It is not the grandson. It is a few seconds of his audio, scraped from a graduation video and run through software that costs less than lunch.

Two calls. One technique.

Neither picked a lock, because neither had to. The locks got stronger, so the attackers changed targets. They stopped attacking the system and started attacking the person the system trusts: the employee who can be hurried, and the grandmother who can be scared.

This week, the file is the phone in your hand.

Scene 1: The IT Call

Through the first half of 2026, a crew known as ShinyHunters ran the same play against company after company. Security researchers count the victims in the hundreds. Charter, the company behind Spectrum. ADT. Carnival. Instructure, the company behind Canvas, the grading platform used by schools across the country.

The method barely changed.

Someone called an employee, posed as an internal IT representative, and walked them through “fixing” their multi-factor authentication. The employee handed over a login or approved a prompt. The crew walked through the open door into the company’s cloud systems, copied the customer data, then sent the private note.

Pay us, or we publish.

No zero-day. No genius code. A phone call and a script.

Scene 2: The Grandchild Call

While crews worked the help desks, the same weapon was aimed at kitchens.

The FBI logged $893 million in losses to AI-assisted scams in a single year, with $352 million coming from people over 60. The signature version is the cloned voice of someone you love, calling with an emergency that cannot wait.

One mother told reporters she wired $5,400 after a voice she was sure belonged to her daughter begged her for bail money. Industry surveys say one in four Americans received a deepfake voice call in the past year, and that more than three-quarters of those who engaged with one lost money.

The tool that makes this possible used to belong to intelligence agencies.

Now it is a subscription, sold on the same forums as everything else.

Scene 3: The Same Call

Put the two calls side by side and they become the same heist at two price points.

Both skip the technology and go straight at the person. Both use authority, urgency, and fear to shut down the part of the brain that checks. Both work because the victim is trying to do the right thing.

The corporate version steals millions of records.

The kitchen version can steal a retirement in a single afternoon.

The lock on your accounts has never been stronger. That no longer matters as much as it should, because nobody is attacking the lock.

They are calling the person who holds the key.

And asking nicely.

GM, WELCOME BACK TO THE DEAD DROP.

Operatives, last week the file was the capital stack.

A chip sold once, leased back, financed by private credit, and parked on top of someone’s retirement. The risk was real, but it was paper. It lived on a balance sheet you would need a lawyer to read.

This week, the file drops off the balance sheet and lands in your hand.

No structure. No filing. Just a phone that rings, a voice that knows your name, and a request that feels reasonable for exactly as long as it takes to do damage.

If Dead Drop #104 was the fraud the rich commit with paperwork, Dead Drop #105 is the fraud anyone can commit with a microphone.

The Crews: ShinyHunters, now operating alongside the group researchers call Scattered Spider under the loose umbrella known as The Com, spent 2026 proving that the front door of almost any company is a tired employee on a phone call. They got past text-message codes, authenticator apps, and the little “approve” button on your phone, not by breaking them, but by getting a human to use them for them.

The Reach: The same technique, scaled down and aimed at the public, is the voice-clone scam. It does not care whether you are technical. It cares whether you love someone.

That is the part the headlines miss.

This is not really a hacking story. It is a story about the one security control nobody can patch: the human reflex to trust a familiar voice in a moment of fear.

Same architecture as always. A defense sized for the public. A bypass sized for the house.

This week, the bypass is a phone call.

And the door it opens is the oldest one there is

 

The Operative's Observation

◆ THE OPERATIVE'S OBSERVATION

For ten years, the industry told you the answer was multi-factor authentication. Add a second step. A code. An app. A tap. And it worked. It worked so well that breaking the math stopped being worth the trouble. So the attackers adapted. They did what water does when it meets a wall. They went around.

Multi-factor did not fail. It succeeded so well that the weak point moved. The soft target is no longer the password. It is the person standing beside it, the one who can be called, hurried, frightened, or flattered into using their own credentials for someone else. You cannot patch that person. You can only teach them to pause.

Every lock we build teaches the thief where the real key is: not in the system, but in the voice we trust enough to obey.

That is why this issue is not really about hackers. It is about the conversation. The breach and the bail-money call are the same crime seen from two angles: a stranger, wearing a voice you trust, asking you to do one small thing that opens everything.

The Mechanism

Start with the corporate side, because simplicity is the point.

The crew picks a target, then finds an employee through information that is already public, already leaked, or already stolen. They call. They sound like the help desk. They invent a small, boring problem: a login that needs to be re-verified, a security update that has to be approved, a code that expires in the next few minutes.

The employee, trying to be a good employee, reads back the code or taps approve.

Notice what happened. The text-message code worked. The authenticator app worked. The push notification worked. Every layer did exactly what it was designed to do, because the real user operated all of them. The attacker did not beat the security. He borrowed the person.

Once inside, the work gets quiet. These crews favor cloud platforms where companies store customer records because one valid login can expose millions of people at once. Researchers have tied the 2026 wave to intrusions at Charter, ADT, Carnival, Instructure’s Canvas, and others. The reported numbers vary and should be treated carefully. Charter’s breach has been described as more than forty million customer records in a class-action filing, but roughly five million accounts in technical write-ups. ADT has been reported at around five and a half million, while the attacker claimed more.

Treat the exact counts as contested. Treat the pattern as settled.

Now look at the consumer side, which runs on the same logic with cheaper tools. Modern voice-cloning software needs only a few seconds of someone’s recorded voice, the kind of clip that lives on any public video, to produce new speech on demand. The scammer pairs the clone with urgency and secrecy, the two oldest levers in fraud.

An accident. An arrest. A lawyer who needs cash now. Do not tell anyone.

The victim hears a voice they would know anywhere, in a moment of fear, and the part of the brain that would normally pause is exactly the part the script is built to shut down.

The connective tissue between the corporate breach and the family emergency scam has a name: Fraud-as-a-Service. The cloning tools, scripts, stolen contact lists, call spoofing, and payment channels are now packaged and rented like ordinary software, with support desks and pricing tiers. A capability that once required a state intelligence budget now requires a credit card.

That is the real news. Not that the trick exists. That it has been industrialized, productized, and put on a self-serve menu.

There is one defensive reflex worth naming, because it beats both versions.

Hang up and call back on a number you already trust.

The corporate breach dies when the employee says, “I’ll call IT back on the internal line.” The bail-money scam dies when the grandmother hangs up and dials her grandson directly. Urgency is the weapon. The pause is the counter. Everything in the script exists to stop you from taking it.

The most advanced attack of 2026 is a stranger with a familiar voice asking you to skip the one step that would save you.

The defense is not a product. It is a habit. And you can install it tonight.

   

The Pattern

Why the human voice is the last unpatched protocol, and why arrests don't stop it.

 

Every other layer of your security has been hardened by a decade of paranoia.

Passwords got longer. Devices got encrypted. Networks got watched. The one layer that has not changed in a hundred thousand years is the human instinct to trust a familiar voice.

That instinct kept us alive.

Now it is the softest target in the system, and the only one that cannot be upgraded.

Notice that the criminals went looking for it on purpose. They did not fall back on social engineering because they failed at code. They chose it because it is cheaper, faster, more reliable, and easier to scale.

The same crew can vish a Fortune 500 help desk on Tuesday and rent the cloning kit to a 100 small-time scammers by Friday. The wholesale and retail versions run on the same insight:

The machine is hard now.

The person in front of it is still human.

And arrests do not end it. Four members of ShinyHunters were arrested in 2025. By January 2026, the campaigns were running again, busier than before.

That is the tell of industrialized crime. It is not just a gang. It is a market. And you cannot arrest a market.

You can take a name off the board, and the technique keeps trading because the technique is the asset. The technique is what is for rent.

The con artist never needed a computer.

The computer just gave him a perfect impression of someone you love, and a phone book the size of the country.

   

Field Manual

Five controls for the one security layer that has no patch: you.

01 Set a family safe word before the next call comes. Pick a word or short phrase a scammer could not guess and a public post would not reveal. Not a pet’s name. Not a birthday. Not the street you grew up on. Teach it to your parents, your kids, your spouse, and anyone who might get pulled into a panic call. The rule is simple: if someone calls claiming an accident, arrest, hospital visit, or urgent need for money, they must give the safe word, and you still call them back on a number you already trust. A cloned voice can copy the sound of someone you love. It cannot survive a shared secret and a second channel.
02 Make the call-back your reflex. No legitimate emergency falls apart because you hung up and called back on a number you already trust. If “IT” calls about your login, end the call and dial the real help-desk line. If a “relative” calls in crisis, hang up and call that person directly. If the “bank” calls about fraud, use the number on your card or in the official app. The sentence that defeats this whole play is simple: “I’m going to call you right back on the number I have.” A real person will understand. A scammer will try to keep you on the line. That pressure is the tell.
03 Learn the three words that mean fraud. Almost every version of this scam, corporate or personal, runs on the same three signals. Train yourself to hear them as alarms:
  • Urgent. It has to happen now, in the next few minutes, before something bad happens. Real institutions and real relatives can survive a call-back.
  • Secret. Do not tell IT. Do not tell Mom. Do not tell anyone. Secrecy is not a feature of legitimate help. It is the scammer cutting you off from the people who would slow you down.
  • Irreversible. Wire it. Buy the gift cards. Send the crypto. Move the money in a way that cannot be pulled back. That is not an accident. It is the whole point.
When all three show up in one call, you are not in an emergency. You are inside a script.
04 Upgrade to MFA that cannot be talked out of you. Vishing works because codes and approval taps can be relayed by a confused human in real time. A passkey or physical security key is different. It is tied to your device and the real website, which means there is no code to read aloud and no stranger’s prompt to approve. Where your bank, email, password manager, and work accounts offer passkeys or hardware keys, turn them on. They will not stop every con, but they close one of the main doors these crews keep walking through.
05 Have the awkward talk with the people you love. The people most at risk are often the least likely to read a security newsletter. That makes this your job. Call your parents, grandparents, kids, or anyone who might answer a panic call in your name. Tell them plainly: if you ever hear my voice asking for money in a hurry, hang up and call me back, no matter how real it sounds, because my voice can be f
◆ THE FRAUDFATHER BOTTOM LINE

They stopped breaking in because they learned it was easier to be invited. The invitation is a phone call. The doorman is trust.

Every dollar spent on stronger locks was spent well. It made the old attacks harder, then pushed the crime one step sideways onto the only part of the system that does not ship with a software update: us. The fix is not heroic, expensive, or complicated. It is a pause, a call-back, and a secret word shared with the people you would do anything to protect. I spent two decades watching criminals dress the same old con in better technology. The technology keeps improving. The con has not changed. Slow down. Verify. Call them back. The voice on the phone is no longer proof, and the sooner the people you love believe that, the cheaper this gets for all of us.

◆ OPERATIVE TIP

Run the 10-minute safe-word drill tonight. One call. No app. No account setup. Just a family rule that is ready before the panic starts.

Minute 0 to 3: Pick the word. Two or three syllables. Easy for your people to remember, impossible for a stranger to find. Not a name, birthday, school, street, team, pet, or anything that lives in a public post.

Minute 3 to 7: Say the rule out loud. Any call about an accident, arrest, hospital visit, password, bank problem, or urgent money has to produce the word. No word, no action. No exceptions, even if the voice is crying.

Minute 7 to 10: Add the call-back. Everyone agrees to hang up and dial the known number directly. Practice the sentence once: “I’m going to hang up and call you right back.”

You are not being paranoid. You are giving the people you love a script of their own. When a familiar voice asks them to panic, they will have something stronger to reach for than fear.
GRAY MATTERS  ·  THE OLDEST EXPLOIT

The Oldest Exploit Learned to Speak.

 

In 1849, a man in New York named William Thompson walked up to well-dressed strangers, struck up a pleasant conversation, and asked a small, absurd favor: “Have you confidence in me to trust me with your watch until tomorrow?”

Astonishingly, they did. They handed a stranger their watch because he was calm, polished, and certain. When the papers wrote him up, they gave the world a phrase. They called him the confidence man.

The crime was never really the watch. The crime was the confidence, taken first and spent after.

Every con since has been a rewrite of Thompson’s question. The wire fraud. The fake inheritance. The romance scam. The help-desk call. The cloned grandchild. The tools change. The ask does not.

Trust me for one minute. Trust me with this code. Trust me with this transfer. Trust me when I say there is no time to call anyone else.

That is the whole art. Make the unreasonable feel reasonable for the length of one decision.

What changed in 2026 is not the con. It is the evidence. For all of human history, a familiar voice was proof. If it sounded like your daughter, it was your daughter, because nothing else could sound like her. We built trust on that rule without ever noticing the rule was there.

This year, quietly, the rule broke. A familiar voice is no longer proof of identity. It is only proof that someone found enough audio.

The confidence man used to need your trust. Now he can manufacture the thing your trust was built on.

That is why the fix cannot be only technical. You can give someone a passkey, but you cannot give them a new instinct. What you can give them is a smaller rule to hold when the old instinct fails.

The voice is not enough anymore. Use the word. Hang up. Call back. Make the emergency survive a second channel.

That is not paranoia. It is what every generation has to do when the old con finds a new disguise. We notice the disguise out loud, and we warn each other before it knocks.

Thompson took the watch. The crews take the records. The cloned voice takes the savings.

It was always the same theft. They were only ever after your confidence.

So make the call you have been putting off. Set the word. Teach the pause. Not because the world is ending, but because the disguise got good very fast, and the people who love you deserve to know what changed before the phone rings.

Stay sharp. Trust slowly. Verify everything.
The Fraudfather
ARRESTS THAT STOPPED THE CAMPAIGN
0
Four ShinyHunters members were arrested in 2025. By January 2026 the vishing campaigns were running again, busier than before.
STOLEN FROM AMERICANS 60+
$352M
The FBI's one-year tally of AI-assisted scam losses among victims over 60, out of $893M in AI-scam losses overall.

The Ledger exists because the record is the only thing that reliably keeps count. This week the record makes a quieter point than usual.

The parallel. We are used to documenting impunity at the top, the financial-crime conviction quietly erased, the connected name that never sees a courtroom. This week the impunity is structural in a different way. You can arrest the people, and the crime continues, because the crime has been turned into a product that anyone can rent. The four arrests were real. The campaigns came back anyway. When the technique outlives the technicians, prosecution stops being a cure and becomes a line item. The Ledger keeps the count so the rest of us remember that the absence of a perp walk is not the absence of a crime.

◆ SPREAD THE SIGNAL

The person this scam is built for is not reading this. You are.

The victims skew toward the people least likely to see a security newsletter and most likely to trust a familiar voice. That makes you the early-warning system for everyone you love. Forward this, then make the call and set the safe word tonight. Ninety seconds now is cheaper than a wire transfer later.

SEND THEM THE DEAD DROP
EYES ONLY.
FORWARD WITH CARE.

This newsletter is for informational purposes only and promotes ethical and legal practices.

Keep Reading

© 2026 The Fraudfather's Dead Drop.
beehiivPowered by beehiiv