UnHacked #80: The Truth About Email Scams, Phishing, and the Human Risk You're Ignoring. (Employees)

UnHacked the podcast with hosts Justin Shelley, Bryan Lachapelle, and Mario Zaki.

What does it take to lose $50,000 in a single email? Not much. A spoofed address. A busy CFO. A wire transfer that clears before anyone realizes what happened.

In Episode 80 of UnHacked, Justin Shelley, Mario Zaki, and Bryan Lachapelle dig deep into one of the most financially devastating threats facing businesses today: Business Email Compromise (BEC). This is Episode 6 of their ongoing 12-part series on Security Basics, and this one hits close to home for every business owner who relies on email to run their company - which is all of them.

The guys break down exactly how BEC attacks work in two primary forms: lookalike domains designed to trick you letter by letter, and fully compromised email inboxes where a hacker is literally sitting inside your vendor's or employee's account, reading everything and waiting for the right moment to strike. Using AI, attackers can now download entire mailboxes, study communication patterns, and pick up mid-conversation with chilling accuracy.

But the scariest part of this episode isn't the technology - it's the human element. From new employees targeted on LinkedIn within days of posting about their new job, to companies that actively silenced their own IT teams who flagged security gaps (and paid dearly for it), the hosts make a compelling case that people - not software - are both the biggest vulnerability and the most powerful defense a company has.

You'll learn:

• The two types of Business Email Compromise and why one is nearly impossible to stop with technology alone
• The one phone call that could have saved a $50,000 wire transfer - and why most companies don't make it
• Why punishing employees who report mistakes is one of the most dangerous things a company can do
• How attackers use LinkedIn to target new hires and exploit their eagerness to impress leadership What "zero trust" really means in the context of email - and how to build it into your team's daily behavior
• How to report lookalike domains and get them taken down Why a culture of security awareness is more valuable than any software tool you can buy

This episode is a wake-up call. Email is not safe by default. Your vendors can be compromised. Your new hires are being targeted. And if you don't have written policies and a culture that rewards vigilance, no firewall in the world will save you.