Hacking Humans

Bala Kumar of Jumio joins to discuss how travel companies can combat the exponential rise in fraud and ensure their traveler is who they say they are. Dave and Joe share some listener follow up, with the first from Matt, who writes in with a strange Dick's Sporting Goods story about gift cards and credit cards. Our second follow up comes from listener King, who writes in regarding the QR discussion in episode 243. Dave's story follows how almost every US state has sued a telecom company after being accused of routing billions of illegal robocalls to millions of US residents on the do not call list. Joe's story is about a family losing $730,000 in a wire fraud scam, but with a twist ending. Our catch of the day comes from listener William, who writes in with an email laced with so much fraud, Gmail didn't even want Joe to open it to read it for this episode. Links to stories: 48 states sue phone company that allegedly catered to needs of robocallers Family loses $730K in wire fraud scam ? and gets it all back Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A passwordless authentication protocol based on the FIDO2 standard. CyberWire Glossary link: https://thecyberwire.com/glossary/passkey Audio reference link: Summers, J., 2023. Google Passkeys Have Arrived (here?s how to use them) [All Things Secured Channel]. YouTube. URL https://www.youtube.com/watch?v=oFO7JgUx-bU.

The practice of crafting a fake online persona for malicious purposes. CyberWire Glossary link: https://thecyberwire.com/glossary/catfish Audio reference link: netbunny, 2013. Catfish - The Movie - Ending Scene [Movie Scene]. YouTube. URL https://www.youtube.com/watch?v=qR_NIN6zy0U

Nick Percoco from Kraken sits down to discuss the human factor of crypto scams, including going over common red flags and what to do when a third party is exerting pressure that taps into a human emotions. Listener Sean writes in with some follow up to discuss the increase in AI scams and if people would be more likely to talk about falling for these scams as AI becomes better and better. An anonymous listener also reached out with some follow up regarding there experience with corporate ID theft. Joe's story follows the report on "dark patterns," and what they are. Dave's story is on people who got hired as customer service reps, but instead helped lure in lonely and lovestruck through a network of dating and hookup sites. Our catch of the day comes from listener Gareth who shares his catch of a phishing scheme from the "NSA." Links to stories: Guide to Dark Patterns ? Terms and examples from the CCPA and the CPA Bringing Dark Patterns to Light This Is Catfishing on an Industrial Scale Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A type of phishing attack that uses QR codes as the lure. CyberWire Glossary link: https://thecyberwire.com/glossary/qr-code-phishing Audio reference link: KNR, 2018. Batman The Dark Knight Joker bomb blast by phone calls scene [Video]. YouTube. URL https://www.youtube.com/watch?v=qB_fXfzB4z0.

Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn and join us for some fantastic scams and frauds. Links to this episode's clips if you'd like to watch along: Dave's clip from the movie Out of Sight Rick's clip from the movie The Thomas Crown Affair

Our guest, Mark Kapczynski from OneRep, joins Dave to discuss what consumers should know about data privacy. Listener Jon writes in to the show with some follow-up with some thoughts on tap interface. Another anonymous listener wrote into the show discussing ethical hacking. Dave's story is on fake QR codes and how people are getting scammed out of money after receiving a fake QR code parking ticket survey. Joe's story follows an attempted attack at Dragos and what they didn't get. Our catch of the day comes from listener Richard who writes in with a fun scam he caught from the "Marine Corps." Links to stories: QR codes used in fake parking tickets, surveys to steal your money Deconstructing a Cybersecurity Event Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Definition one: The recognition of a set of repeatable attack patterns across the intrusion kill chain. Definition two: Determining the responsibility for offensive cyber operations. CyberWire Glossary link: https://thecyberwire.com/glossary/attribution Audio reference link: Nunnikhoven, M., 2018. Cybersecurity Basics #9 - Attack Attribution [Video]. YouTube. URL www.youtube.com/watch?v=rlyMz5jN_Vs

Our guest, CW Walker, Director of Security Product Strategy at SpyCloud, joins to discuss post-infection remediation and ransomware defense. Joe compliments one of his least favorite big tech companies. Joe and Dave share quite a bit of follow-up; one from listener Clayton who writes in about ?fast idiots? from a previous episode. The other is from listener Robert, who writes in about the wallet versus smart phone debate, and which is safer. Joe shares a few stories this week, all regarding ATM scams and lost or stolen credit cards including his own sons ATM nightmare. Dave's scary story is on the latest hot topic in the cyber industry: AI, and how families are being scammed by believable voice AI to sound like loved ones. Listener Michael shares this week's catch of the day on an IRS scam he came across in his email. Links to stories: Chase Bank didn't believe customers with accounts drained by ATM 'tap' feature scam Lost or Stolen Credit, ATM, and Debit Cards Family targeted by AI scam using loved one?s voice Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A type of cyber attack where an attacker sends a targeted and personalized email or other form of communication to a specific individual or a small group of individuals with the intention of tricking them into divulging sensitive information, such as a password, or convincing them to click a malicious link that will enable the attacker to take control of the victim's machine. CyberWire Glossary link: https://thecyberwire.com/glossary/spearphishing Audio reference link: Richardson, T., 2014. What is the difference between phishing and spear-phishing? [Video]. YouTube. URL www.youtube.com/watch?v=Wpx5IMduWX4.

Josh Yavor, CISO at Tessian, joins Dave to discuss a new report they released on cyber mistakes and why employees make them. Joe and Dave share a listener follow-up from Jon, who writes in about mental illness, a serious epidemic taking over the nation. Jon shares interesting tidbits on social media linking to mental illness and the impact it's creating. Dave's story is on hackers trying an old trick with new mechanics: impersonating well known companies. This time, hackers are posing as Quickbooks. Joe's story describes how LinkedIn users are being targeted yet again. These fraudsters are now creating significant threats to users, according to the FBI. Finally, our catch of the day comes from listener Jennifer, who writes in and shares her story of a scammer using SMS to tell her that her Venmo account was hacked, even though she does not have one. Links to stories: Sending Phishing Emails from QuickBooks FBI says fraud on LinkedIn a ?significant threat? to platform and consumers Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter

The ability to continuously deliver the intended outcome despite adverse cyber events. CyberWire Glossary link: https://thecyberwire.com/glossary/resiliency Audio reference link: Cameron, J., 1984. The Terminator [Movie]. IMDb. URL www.imdb.com/title/tt0088247/. Clip Nation, 2012. The Arnold Schwarzenegger ?I?ll Be Back? Supercut [Video]. YouTube. URL www.youtube.com/watch?v=-YEG9DgRHhA. Coops, C., 2013. Terminator 2 Theme [Video]. YouTube. URL www.youtube.com/watch?v=pVZ2NShfCE8.

This week, Carole Theriault, CW UK correspondent, sits down with Cisco Talos' Vanja Svacjer discussing if the security industry is ready for AI. Joe and Dave share some follow up regarding a new term, "yahoo boy" after reading it in an article. Joe's follows a story about a scam where five mastermind business men were able to scam ordinary investors out of a billion dollars. Dave's story is on a basic iPhone feature that is helping criminals steal your entire digital life. Our catch of the day comes from William who writes in about an email he received from "Bob William" who shares that he works at a law firm and one of his clients has an insurance policy where his client did not write a will. Bob wants to share the amount of $12,820,000 with charity and then split the rest of the funds. Links to stories: On the hunt for the businessmen behind a billion-dollar scam A Basic iPhone Feature Helps Criminals Steal Your Entire Digital Life Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A centralized facility or team responsible for monitoring, detecting, analyzing, and responding to cybersecurity incidents within an organization. CyberWire Glossary link: https://thecyberwire.com/glossary/security-operations-center Audio reference link: AT&T Tech Channel, 2012. A tour of AT&T?s Network Operations Center (1979) [Video]. YouTube. URL www.youtube.com/watch?v=cigc3hvMyWw.?

This week, our guests are Jean Lee and Geoff White from BBC and the Lazarus Heist talking about what is coming up in Season 2 of their show and how the Lazarus Group is evolving. Joe briefly discusses Generative AI before going into his stories for this week. Joe's first story comes from Lauren Jackson from WBRC who writes in with a disturbing tire scam causing businesses to lose thousands. Joe's second story is from David Sentendrey from KDFW, who shares a story about a woman who fell victim to a romance scam loosing $75,000. Daves story follows a casino scam in Colorado, which was the largest heist in the states history. Our catch of the day comes from listener Morten who received a confusing message regarding an inheritance payment fund. Links to stories: Cullman Police warn of returning scam that has local businesses out thousands of dollars Woman who lost $75K in worldwide online romance scam warning others of the danger Black Hawk casino heist is largest in Colorado history Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Defensive cyber operations carried out by U.S. Cyber Command's Cyber National Mission Force, CNMF at the request of allied nations. CyberWire Glossary link: https://thecyberwire.com/glossary/hunt-forward-operation Audio reference link: Paul Nakasone, G., 2022. Vanderbilt Summit Keynote [Video]. YouTube. URL www.youtube.com/watch?v=Axg4s9l9wi0.

Paul Dant, Illumio's Senior Director for Cybersecurity Strategy and Research, is sharing how his history as a child hacker informed his thinking today. Joe and Dave share some listener follow up from Anthony, who writes in about a scam from the app Nextdoor, regarding scammers trying to upgrade Xfinity customers using their computers rather than the usual method, which throws up red flags. Dave's story this week follows a principal from a Florida science and technology charter school who mistakenly wrote a check for $100,000 to an Elon Musk impersonator. Joe's story is on email compromise, and the increase we have seen in the last several months, including an "increase in ?novel social engineering attacks? across thousands of active Darktrace/Email customers from January to February 2023." Our catch of the day comes from listener JP, who writes in regarding a suspicious looking email they received from "Norton" saying they will increase the price of their service being used. Links to stories: School principal resigns after writing $100,000 check to Elon Musk impersonator Tackling the Soft Underbelly of Cyber Security ? Email Compromise Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

The invisible force that governs the movement of data across networks. Audio reference link: ?Things to Come 1936 - HG Wells.? YouTube, YouTube, 28 Sept. 2011, https://www.youtube.com/watch?v=atwfWEKz00U. 

Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn and join us for some fantastic scams and frauds. Links to this episode's clips if you'd like to watch along: Dave's clip from the movie The Princess Bride Rick's clip from the movie Now You See Me 2

Keith Houston, Chief prosecutor in financial cybercrimes at Harris County District Attorney's Office in Houston, TX, shares some scams that have come through his office and advice on how to protect yourself. Dave and Joe share some follow up from listener Nevile, who writes in about a news story he came across regarding pendrive bombs, wondering what do you do if you're a reporter and someone sends you a scoop in a pendrive? Joe has two stories regarding AI, and how scammers were able to use AI software to clone voices the victims would recognize and then con them out of thousands of dollars. Dave's story is on a new report stating that the most common combosquatting keyword is support. Our catch of the day comes from listener Shawn who writes in sharing an email they received from their companies HR team warning them of a suspicious package that has been circulating around the office. Links to stories: N.L. family warns of possible AI voice clone scam that cost them $10K How scammers likely used artificial intelligence to con Newfoundland seniors out of $200K The Most Common Combosquatting Keyword Is ?Support? Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter

The ability of computers to execute tasks typically associated with human intelligence, including natural language processing, problem solving, and pattern recognition. CyberWire Glossary link: https://thecyberwire.com/glossary/ai Audio reference link: Staff, 2016. Alan Turing - The Imitation Game - Can Machines Think? [YouTube Video]. Learn Understand Create. URL www.youtube.com/watch?v=Vs7Lo5MKIws.

Kathleen Smith, CMO from ClearedJobs.Net sits down with Dave to talk about how job seekers are susceptible to employment fraud. Joe and Dave share some listener follow up from Steve, who writes in to share a scary and frustrating story as hackers were able to scam their way into his and his wife?s Verizon Wireless account. Dave's story follows giveaway scams, which are scams that impersonate celebrities and brands, most notably Elon Musk and the companies he is associate with, to try and get victims to believe they have won a large sum of cryptocurrency. Joe's story is on a scary development in the AI world, regarding family emergency scams. Scammers are now using AI to enhance the believability. Our catch of the day comes from a listener named Jim who writes in about a scam he came across in his spam folder from a "Sgt. Nolla E. Donald" who wants to give him millions of dollars to keep safe while she fights over in Iraq. Links to stories: Chatbots, Celebrities, and Victim Retargeting: Why Crypto Giveaway Scams Are Still So Successful Scammers use AI to enhance their family emergency schemes Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter

A credential demonstrating an individual's knowledge in the field of cybersecurity, usually obtained by passing an exam or series of exams.  CyberWire Glossary link: https://thecyberwire.com/glossary/certification Audio reference link: Bombal, D., 2022. Are certifications important in Cybersecurity? [Video]. YouTube. URL www.youtube.com/watch?v=Zdgf_Wr82rs.

Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn and join us for some fantastic scams and frauds. Links to this episode's clips if you'd like to watch along: Dave's clip from the movie I dream of Jeannie Rick's clip from the movie Ant Man

On this episode, the CyberWire's UK Correspondent Carole Theriault talks with Iain Thomson from the Register about why he has no IoT in his house and what advice he offers for those who do. Joe's story features ten social engineering techniques. Dave has a story starts with an order by the FTC against Epic Games for tricking users to make in-game purchases in Fortnite using dark patterns. Our Catch of the Day comes from listener Lauren sharing a phishing attempt at her company where the scammers obviously did their homework on who to contact in the organization. Links to stories: Ten Social Engineering Techniques Used By Hackers FTC Finalizes Order Requiring Fortnite maker Epic Games to Pay $245 Million for Tricking Users into Making Unwanted Charges What are deceptive patterns? Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter

A technique used to create virtual networks within a shared physical network infrastructure. CyberWire Glossary link: https://thecyberwire.com/glossary/network-slicing Audio reference link: Whitehead, D.N., 2021. 5G Smart Networks Part 1: Network Slicing [Video]. YouTube. URL www.youtube.com/watch?v=dCt3rYODZ7g.

Eric Olden, Chief Executive at Strata, sits down with Dave to discuss the changing face of identity; where we?ve been, where are going, and the bumps along the way. Dave and Joe share some listener follow-up from Michael, who writes in about advertisements on YouTube and other social networks claiming magical results. Dave's story follows a new tool released by the National Center for Missing and Exploited Children (NCMEC) to help with slow and stop the spread of sextortion of minors. Joe's story is on a LinkedIn post by Gary Warner regarding why we have so much fraud. Our catch of the day is from listener Shon, who writes in about an email they received about ?Meta Resources Recruiter? informing them of an open ?CISO Lead role.? Links to stories: Teens can proactively block their nude images from Instagram, OnlyFans Why do we have so much fraud? Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter

The process of verifying that a device is known, secure, and uncompromised before allowing it to connect to a network or access resources. CyberWire Glossary link: https://thecyberwire.com/glossary/device-trust Audio reference link: ?Favorite Scene of Alan Rickman from Die Hard.? YouTube, YouTube, 14 Jan. 2016, https://www.youtube.com/watch?v=mklnXM3LIXo. 

Mallory Sofastaii from Baltimore's WMAR 2 News sits down with Joe to talk about some recent stories on scams she's covered on Matter for Mallory. Dave and Joe share some listener follow up from Robert who writes in about the technical means to protect phones from robocalls. He shares some insight on how carriers up in the north are able to protect phones. Dave shares a twitter thread from Brian Jay Jones, who is an author of biographies of Jim Henson, George Lucas and Dr. Seuss, who shares how he would have almost had his Twitter account hijacked if it weren't for 2-step verification. Joe's story is on a gentleman pleading guilty in PAC scams, raising almost 3.5 million by making false and misleading representations in the 2016 election. This week we have a string of catch of the days from different listeners sharing different SMS scams. Links to stories: Associate of scam PAC operator pleads guilty Twitter thread of Brian Jay Jones Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter

A technology set design to support the cybersecurity first principle strategy of zero trust, that limits device people and software component access to only designated authorized resources and nothing more. CyberWire Glossary link: https://thecyberwire.com/glossary/zero-trust-network-access Audio reference link: ?Zero Trust Explained by John Kindervag.? YouTube, YouTube, 2 Oct. 2022, https://www.youtube.com/watch?v=-LZe4Vn-eEo. 

Dan Golden and Renee Dudley, reporters at ProPublica and authors of "The Ransomware Hunting Team: A Band of Misfits' Improbable Crusade to Save the World from Cybercrime," discuss their book. Dave and Joe share some follow up form listener Ignacio who writes in to share thoughts on Joe's preference to using open source options for password managers. Joe's story this week follows Coinbase, who recently had a cybersecurity breach but their cyber controls prevented the attacker from gaining direct system access and prevented any loss of funds or compromise of customer information. Dave's story is on people trying to gain cryptocurrency back after it was hacked and stolen from them, only to wait and receive nothing in the long run. Our catch of the day comes from listener Josh, who writes in about an email he received that stated that his wallet would be suspended if he did not download a verification link. Links to stories: Who You Gonna Call? The Ransomware Hunting Team. Social Engineering - A Coinbase Case Study These Companies Say They Can Recover Stolen Crypto. That Rarely Happens. Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A data privacy legal framework that applies to all countries in the European Union, regulating the transmission, storage, and use of personal data associated with residents of the EU.  CyberWire Glossary link: https://thecyberwire.com/glossary/general-data-protection-regulation Audio reference link: ?Mr. Robot Predicts JPM Coin!? YouTube, YouTube, 14 Feb. 2019, https://www.youtube.com/watch?v=1ee-cHbCI0s. 

Corie Colliton Wagner from Security.org joins to discuss the company?s research of password manager tools and their benefits, identity theft, and the market outlook for PW managers. Dave and Joe share quite a bit of follow up from listeners Mitch, Neville, and Richard. Mitch writes in to share about gift card scams, and Neville and Richard both share their thoughts on the pros and cons of having a cloud-based password manager. Dave's story is about employees around the globe and their internet habits inside the workplace. Joe's story follows a new release of data from the FTC on romance scams, including the top lies being told by scammers. Our catch of the day comes from listener Gordy, who writes in about an email he received regarding a new position scammers are trying to fill in an open job. Links to stories: Are Your Employees Thinking Critically About Their Online Behaviors? New FTC Data Reveals Top Lies Told by Romance Scammers Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A conversational language model developed by the company OpenAI.  CyberWire Glossary link: https://thecyberwire.com/glossary/chatgpt Audio reference link: jeongphill. ?Movie - Her, First Meet OS1 (Operation System One, Os One, OS1).? YouTube, YouTube, 29 June 2014, https://www.youtube.com/watch?v=GV01B5kVsC0. 

Mathieu Gorge from VigiTrust sits down to discuss the different ways that online attackers target younger and older generations, and what the cybersecurity industry can and should do to protect them. Dave and Joe share some listener follow up from Greg who writes in regarding porch pirates possibly finding a new way to steal packages. In Joe's story this week, we learn that while ransomware was down last year, more and more people are clicking on phishing emails. Dave's story follows Ahad Shams, the co-founder of Web3 metaverse gaming engine startup Webaverse, who ended up getting $4 million of his cryptocurrency stolen. Our catch of the day comes from listener Rodney who writes in about an email he received. The scammers were trying to collect information from him after saying he was already scammed out of money, when in fact he was not. Links to stories: New cybersecurity data reveals persistent social engineering vulnerabilities Scammers steal $4 million in crypto during face-to-face meeting Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A cyber attack technique where adversaries intercept communications between two parties in order to collect useful information or to sabotage or corrupt the communication in some manner. CyberWire Glossary link: https://thecyberwire.com/glossary/man-in-the-middle-attack

Welcome to Season 3 of Hacking Humans Goes to the Movies. Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn and join us for some fantastic scams and frauds. Links to this episode's clips if you'd like to watch along: Dave's clip from the movie Paper Moon Rick's clip from the movie Catch Me If You Can

Keith Jarvis, Senior Security Researcher from Secureworks Counter Threat Unit (CTU), shares his thoughts on the alarming rise of infostealers and stolen credentials. Dave and Joe share some listener follow-up from Ron who writes in about a book, entitled "Firewalls Don't Stop Dragons" by Carey Parker, which he finds as a helpful resource when it comes to cybersecurity. Dave's story follows password management companies and how they might not be as safe as what we presume them to be, most notably the LastPass breach in the last month. Joe has two stories this week, his first on a 19 year old TikToker who was arrested for running a GoFundMe scam while portraying on the popular social media app that she was diagnosed with 3 different types of cancer. Joe's second story is on Marines outsmarting artificially intelligent security cameras by hiding in a clever way that the AI could not recognize. Our catch of the day comes from listener Tim, who writes in about an old scam with a new twist, and how he was able to figure it out. Links to stories: Password Managers: A Work in Progress Despite Popularity 19-YEAR-OLD TIKTOKER ARRESTED FOR RUNNING GOFUNDME SCAM... Over Fake Cancer Diagnosis U.S. Marines Outsmart AI Security Cameras by Hiding in a Cardboard Box Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A branch of the US Department of Commerce whose stated mission is to ?promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.? CyberWire Glossary link: https://thecyberwire.com/glossary/national-institute-of-standards-and-technology Audio reference link: Center, M.I., 2022. 2022 Meridian Summit: Cultivating Trust in Technology with NIST Director Laurie Locascio [WWW Document]. YouTube. URL https://www.youtube.com/watch?v=o43Y9Tk8ZVA (accessed 1.26.23).

J. Bennett from Signifyd discusses the fraud ring that has launched a war on commerce against US merchants over the past few months. Joe and Dave share some listener follow up from Jon who writes in about an email he almost fell victim to. Joe shares two stories this week, the first on how scammers were seen posing as tech support at two US agencies in an attempt to hack their employees. Joe's second story is on a woman trying to steal 2.8 million for an elderly Holocaust survivor. Dave's story follows how an ad scam was able to break through over 11 million phones. Our catch of the day comes from husband and wife, Chad and Jen, who write in sharing a scam that Jen almost fell for. An email from "iTunes" confirming a payment of over $100 hit the music lover's inbox that she didn't authorize. The scammers went on to explain the rules behind the payment, making sure to include that if she did not make this purchase to notify them immediately. Links to stories: Scammers posed as tech support to hack employees at two US agencies last year, officials say 36-Year-Old Woman Accused of Using Romance Scam to Swindle $2.8M from Elderly Holocaust Survivor A Sneaky Ad Scam Tore Through 11 Million Phones Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A team responsible for responding to and managing cybersecurity incidents involving computer systems and networks in order to minimize the damage and to restore normal operations as quickly as possible. CyberWire Glossary link: https://thecyberwire.com/glossary/cirt Audio reference link: Avery, B., 2017. 24 TV May 05 Season4 [WWW Document]. YouTube. URL https://www.youtube.com/watch?v=Gq_2xPuqI-E&list=PLGHedLavrFoGsea1ZCHBm9-nK5FdM3_Kd&index=10.

Cybersecurity interview with ChatGPT. In part one of CyberWire?s Interview with the AI, Brandon Karpf interviews ChatGPT about topics related to cybersecurity. Rick Howard joins Brandon to analyze the conversation and discuss potential use cases for the cybersecurity community. ChatGPT is a chatbot launched by OpenAI and built on top of OpenAI?s GPT-3 family of large language models. Cyber questions answered by ChatGPT in part one of the interview. What were the most significant cybersecurity incidents up through 2021? What leads you to characterize these specific events as significant? What were the specific technical vulnerabilities associated with these incidents? Who were the cyber actors involved in each of these attacks? Do you think it's valuable to attribute cyber attacks to specific actors?

Nadine Michaelides from Anima People sits down with Dave to discuss preventing insider threat using behavioral science and psych metrics. Joe and Dave share some follow up regarding a Facebook scammer who is targeting Joe, as well as a letter from listener Richard who write in about business emails and the compromised warning signs they send about dangerous emails coming from outside the company. Dave shares a story about hackers who are setting up fake websites to promote malicious downloads through advertisements in Google search results. Joe's has two stories this week, one is about the latest scam in the parking ticket realm, and the second story follows West Virginia police warning residents of a Walmart scam where the scammer send you a "free 50 dollar Walmart gift card." The catch of the day comes from Penny who writes in about a scam that almost sucked her in through an email from "McAfee." Links to stories: Hackers push malware via Google search ads for VLC, 7-Zip, CCleaner That Surprisingly Real Looking Parking Ticket May Be Fake! Don?t Fall for Latest Scam McMechen Police issue warning about Walmart scam in area Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A software program installed unintentionally by a user that typically performs tasks not asked for by the installer.  CyberWire Glossary link: https://thecyberwire.com/glossary/potentially-unwanted-program Audio reference link: Butler, S., 2022. Potentially Unwanted Programs (PUPS) EXPLAINED [Video]. YouTube. URL https://www.youtube.com/watch?v=5L429Iahbww (accessed 1.6.23).

Rohit Dhamankar from Fortra?s Alert Logic joins Dave to discuss the decline in ransomware attacks and lessons learned from the front lines. Dave and Joe share some listener follow up from Keith regarding Dave's story from last episode and how he recognizes the scams being mentioned and offers his opinions on the matter. Joe shares two stories this week, one about his ironclad gift he gave to his wife, with his second story following the buzz surrounding OpenAI, creators of ChatGPT, their new interface for their Large Language Model (LLM) and how it works. Dave's story also follows ChatGPT in a different direction. His story is on the latest popular app and its rise to fame in the app store, now charging users almost 8 dollars to use the AI technology. Our catch of the day comes from listener and friend of the show Joel who writes in about how he was contacted at his place of business by a "DEA agent" who claims Joel was committing malpractice, and if he wanted these charges to go away he would need to pay $2500. Links to stories: OPWNAI: AI THAT CAN SAVE THE DAY OR HACK IT AWAY Sketchy ChatGPT App Soars Up App Store Charts, Charges $7.99 Weekly Subscription [Update: Removed] Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Malware that disables a system in exchange for a ransom, usually by encrypting the system's data until the user pays for the decryption key. CyberWire Glossary link: https://thecyberwire.com/glossary/ransomware Audio reference link: https://watch.amazon.com/detail?gti=amzn1.dv.gti.d6a9f744-47b0-ac70-aa56-b31fd0f58482&territory=US&ref_=share_ios_season&r=web

Chip Gibbons, CISO at Thrive, sits down with Dave to talk about how to defend against social engineering attacks in banking. Dave starts us off this week with a story about Amazon opening up its selling market to Pakistani residents, and what consequences that led to for the organization?s business. Joe's story follows a scam targeting soldiers in the Army. The Army warns against unknown individuals purporting to be noncommissioned officers that are calling said soldiers and asking them for money to fix a "pay problem" and, if questioned, threatening them with a punishment. Our catch of the day comes from listener Manie who writes in about a scam found when trying to download a HDRI (High Dynamic Range Image). The scam involves a fake ad asking for people?s cell phone numbers as soon as they click on a button that reads "download here". Manie shares how after she clicked the ad, she realized the mistake and immediately researched more before proceeding further. Links to stories: Amazon finally authorized Pakistani sellers. A wave of scammers followed Army Warns of Scam Targeting New Soldiers Have a Catch of the Day you'd like to share? Email it to us at h[email protected] or hit us up on Twitter.

The name of a wireless access point. CyberWire Glossary link. Audio reference link: SSID Management - CompTIA Security+ SY0-401: 1.5, Professor Messer, uploaded August 3rd, 2014.

Guest Eric Levine, Co-founder and CEO at Berbix, joins Dave to discuss identity fraud. Dave and Joe share comments from listener Chris on a series of SMS messages he got from "Wells Fargo." Joe's story previews what is coming for social engineering attacks in 2023 and how to prepare to improve your safety online, while Dave's story is about sextortion scammers in rural India and how they are blackmailing victims. Our catch of the day comes from listener George who's been receiving a lot of scam messages via WhatsApp and how he played along with one of them. Links to stories: Social Engineering Attacks: Preparing for What?s Coming in 2023 The sextortion scammers of rural India Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A U.S. Government specification for data encryption using an asymmetric key algorithm. CyberWire Glossary link: https://thecyberwire.com/glossary/advanced-encryption-standard Audio reference link: papadoc73. ?Claude Debussy: Clair De Lune.? YouTube, YouTube, 6 Oct. 2008.