2.5 billion daily account-takeover attempts.

That’s one every 34 microseconds.

Damian, Troy & Fern go full send-it mode on the 2025 ATO playbook: SIM swaps, session-token theft, MFA fatigue bombing, rogue QR codes, deep-fake family scams, and the OAuth tokens you granted in 2017 that are still wide open.

Timestamps

00:00 – Intro

05:20 – SIM swaps & losing your phone number in minutes

09:40 – Why password resets are useless (session tokens survive)

14:20 – MFA fatigue / push-notification bombing

19:10 – OAuth & old third-party app tokens nobody revokes

24:30 – Rogue QR codes at restaurants & hotels

30:15 – Enterprise reality – weekly O365 token theft

37:40 – Non-human identities & service-account sprawl

44:50 – Passkeys in 2026 – will increase ATO risk if misconfigured

51:00 – Public Wi-Fi, juice jacking & QR code myths

58:00 – Closing thoughts

Discord (coming soon)

#AccountTakeover #SIMSwap #MFAFatigue #CyberSecurity #Infosec #ZeroTrust

https://www.fcc.gov/consumers/scam-alert/grandparent-scams-get-more-sophisticated

https://newsroom.servicenow.com/press-releases/details/2025/ServiceNow-to-Expand-Security-Portfolio-With-Acquisition-of-Vezas-Leading-AI-native-Identity-Security-Platform/default.aspx

https://thehackernews.com/2025/04/customer-account-takeovers-multi.html

https://www.gartner.com/reviews/market/identity-threat-detection-and-response-itdr

http://cyberpodcast.net

Spotify: http://spotify.cyberpodcast.net

Apple: http://apple.cyberpodcast.net

X: https://x.com/dtfcyberpodcast

IG: https://www.instagram.com/dtfcyberpodcast/

Linkedin:

DTF: https://www.linkedin.com/company/dtf-cyber-podcast/

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

Everything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned.