Hacking Humans

Taking a selfie with your ID.

Thu, 11 Jun 2020 05:00:00 -0000

Joe talks about HROs (High Reliability Organizations), Dave has a scam on Upwork gigs, The Catch of the Day talks about giving a scammer the runaround, and later in the show our interview with Sanjay Gupta from Mitek on how cybercriminals are capitalizing on the recently-deceased and creating synthetic identities.

Link to stories:

The Unaddressed Gap in Cybersecurity: Human Performance

People who turned to Upwork to find freelance gigs say they've lost thousands of dollars to scams

Catch of the Day:

Person Tests Scammer’s Patience By Pretending To Be Not The Sharpest Tool In The Shed

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Presenting: Ask more people to dance. - Career Notes

Tue, 09 Jun 2020 05:00:00 -0000

Introducing the newest podcast in the CyberWire family - Career Notes.

Each week we’re going to step inside the diverse and fascinating worlds of cybersecurity professionals around the globe and hear their personal stories in their own words. This will be a regular feature in our daily feed, but it will also have it's own feed wherever all the fine podcasts can be found.

This week, Tracy Maleeff shares her unexpected journey from the library to cybersecurity and offers advice for those both seeking to make a change and those doing the hiring. It's not just about the invitation, it's more than that.

Our thanks to Tracy for sharing her story with us.

Seniors and millennials more alike than people think.

Thu, 04 Jun 2020 05:00:00 -0000

Dave has a ransomware story from inside a virtual machine, Joe talks phishing with Google firebase storage URLs, some listener follow-up, The Catch of the Day comes from Joe's daughter and "Apple", and later in the show our interview with Paige Schaffer from Generali Global Assistance on the digital habits of seniors and millennials and the latest scams.

Link to stories:

The ransomware that attacks you from inside a virtual machine

Phishing in a Bucket: Utilizing Google Firebase Storage

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

HH Extra - Happy 100 shows!

Thu, 28 May 2020 05:00:00 -0000

We'd like to thank you, our dear listeners, for sticking with us and our podcast through thick and thin, bad accents and even worse ones, with this - a collection of some of our favorite Catch of the Day segments. From Australia to Brazil, Italy to the Oval Office, they're all here.

Here's to another 100 episodes.

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Wearing a mask in the Oval Office.

Thu, 28 May 2020 05:00:00 -0000

Joe shares his Classic Cons Part 3, Dave has an Apple device scam story, The Catch of the Day is your assassination heads-up, and later in the show our interview with Jonna Mendez, retired CIA intelligence officer and former Chief of Disguise.

Link to story:

Twitter

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

How scammers fill the gap.

Thu, 21 May 2020 05:00:00 -0000

Dave has a story on a possible Disney-styled phishing email, Joe has the skinny on a circular pyramid scheme, some listener follow-up, The Catch of the Day is a YouTube verification badge for you, and later in the show our interview with Neill Feather from SiteLock. He joins us to explain how scammers fill the gap when popular retail items are sold out.

Link to story:

New phishing/scam email attempt

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Every day you're a firefighter.

Thu, 14 May 2020 05:00:00 -0000

Dave and Joe have a follow up for a listener, Joe has two stories on different levels of effort of phishing schemes, The Catch of the Day is looking for a sugar baby, and later in the show our interview with Marcus Carey, enterprise architect at ReliaQuest. He’s the author of the book Tribe of Hackers, and he wonders if we are living in a cybersecurity groundhog day.

Links to stories:

Anatomy of a Well-Crafted UPS, FedEX, and DHL Phishing Email During COVID-19

Phishers target investment brokers, aim for Office, SharePoint login credentials

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Exploiting our distractions.

Thu, 07 May 2020 05:00:00 -0000

Dave has the story of PR firms selling lies online, Joe has the story of a sophisticated Business Email Compromise attack, The Catch of the Day advises you to update your account information IMMEDIATELY, and later in the show our interview with Dave Baggett, CEO and Founder of INKY. This will be a discussion of fake stimulus payment phishing scam recently found by INKY.

Links to stories:

Disinformation For Hire: How A New Breed Of PR Firms Is Selling Lies Online

IR Case: The Florentine Banker Group

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Passwords are the easiest things to steal.

Thu, 30 Apr 2020 05:00:00 -0000

Joe takes a look at a massive sextortion spam scheme, Dave has some advice for all of us, the Catch of the Day comes from down under, and later in the show our conversation with Andrew Shikiar, Executive Director and Chief Marketing Officer at FIDO Alliance on why phishing and passwords remain such a huge security problem and options for doing away with passwords.

Links to stories:

Following the money in a massive “sextortion” spam scheme

When in Doubt: Hang Up, Look Up, & Call Back

The Catch of the Day

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Wallet inspector.

Thu, 23 Apr 2020 05:00:00 -0000

Dave warns of fake QR code websites stealing Bitcoin, Joe has the return of classic cons, the Catch of the Day forgets one crucial element, and later in the show, our interview with Kurtis Minder. He’s with a company called Groupsense and they’ve been commemorating the 20th anniversary of the Dark Web.

Links to stories:

Network of fake QR code generators will steal your Bitcoin

Paris Gold Ring Scam

The Simpsons - Wallet Inspector

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

They're getting smart, but we're getting smarter.

Thu, 16 Apr 2020 05:00:00 -0000

Joe has the story of a cold-calling conman, Dave has a story of vindication for seniors who lost money in phone scams, the Catch of the Day has Joe doing his research, and later in the show my conversation with Dustin Warren from SpyCloud. His team has been monitoring criminal forums during the COVID-19 pandemic, and he’s here to share what they’ve been seeing.

Links to stories:

Coronavirus conman barges in on 83-year-old woman

Western Union Paying $153M In Compensation To Seniors Who Lost Money In Phone Scams

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Even famous people get scammed.

Thu, 09 Apr 2020 05:00:00 -0000

Dave has the story of a Walking Dead actress raising money for a scammer, Joe has an article warning of Government websites giving bad security advice, the Catch of the Day tries to put the fear of God in it's victim, and later in the show Carole Theriault returns with an interview with a couple of researchers from a firm called Lookout, who analyzed a phishing scam with over four thousand victims.

Links to stories:

Lehigh Valley cancer scammer ensnares ‘Walking Dead’ actress

US Government Sites Give Bad Security Advice

It’s Way Too Easy to Get a .gov Domain Name

The Catch of the Day:

https://twitter.com/thedave2006/status/1223736469568851969

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Shedding light on the human element.

Thu, 02 Apr 2020 05:00:00 -0000

Joe has the story of a very exposing scam, Dave has the scoop on a rare BadUSB attack, The Catch of the Day is a 'lame scammer who needs to get a life' and later in the show our conversation with Tom Miller from ClearForce on continuous discovery in the workplace, and the human side of protecting your business.

Links to stories:

‘What kind of breast check-up would need my face?’: Woman falls victim to Facebook Messenger scam

Rare BadUSB attack detected in the wild against US hospitality provider

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Paging Dr. Dochterman.

Thu, 26 Mar 2020 05:00:00 -0000

Dave shares an example of modern-day snake oil, Joe brings us his favorite old-time scams, the Catch of the Day is straight from Dr. Dochterman - you really can't make this stuff up - and later in the show Joe speaks with Scott Knauss - a security consultant who was targeted by scammers.

Links to stories:

Coronavirus Scam Alert: Beware Fake Fox News Articles Promising A CBD Oil Cure

Slowing the Scammers

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Disinformation vs. misinformation.

Thu, 19 Mar 2020 05:00:00 -0000

Dave shares the story of a malicious website posing as a Coronavirus map supposedly from Johns Hopkins University, Joe has the story of an elderly woman who lost a lot of money to two men claiming her grandson was in a car accident, the Catch of the Day's dying wish is to give you money to build an orphanage, and later in the show Carole Theriault returns and speaks with Samuel C. Woolley from University of Texas at Austin on disinformation campaigns.

Links to stories:

the Botometer

The Catch of the Day:

Been going back and forth with these a-holes for a few weeks now. More pictures in comments.

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Winking emoji.

Thu, 12 Mar 2020 05:00:00 -0000

Joe shares the story of a phishing website posing as the Singapore Police site, Dave shares a harmful, simple little message, the Catch of the Day drags her scammer through the mud and asks if he wants his casserole dish back. Later in the show our conversation with Gretel Egan from Proofpoint on their 2020 State of the Phish report.

Links to stories:

SPF warns of phishing website posing as police site

Nemty Ransomware Actively Distributed via 'Love Letter' Spam

2020 State of the Phish Report

The Catch of the Day:

“My Wife Spent Three Days Trolling A Scammer”

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Don't go looking for morality here.

Thu, 05 Mar 2020 06:00:00 -0000

Dave has a story of an investment scam featuring celebrities, Joe warns of scams surrounding the Coronavirus, the Catch of the Day features Joe's son-in-law's adventure with thousands of bot infiltrations, and later in the show, Dave's extended interview with magicians and entertainers Penn and Teller at RSAC 2020 in San Francisco.

Links to stories:

Revealed: fake 'traders' allegedly prey on victims in global investment scam

Coronavirus: Scammers follow the headlines

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The art of cheating.

Thu, 27 Feb 2020 06:00:00 -0000

Joe shares some insights into the art of cheating travelers, Dave has a story of a woman facing drug charges trying to kidnap another woman's baby, an update on last week's bizarre phone scam, The Catch of the Day features otters, sexy ham, frustrated scammers and... you're just going to need to listen. Later in the show, our interview with Tim Sadler from Tessian on human element of cybersecurity and phishing schemes.

Links to stories:

The art of cheating travelers at dhabas

Woman who posed as baby photographer charged after drugging a mother and planning to steal her child, prosecutors say

The Catch of the Day

Inside a scam call center

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Hi, I'm trying to steal your money.

Thu, 20 Feb 2020 06:00:00 -0000

Dave shares the most bizarrely honest phone scam of all time, Joe has a pretend PayPal phishing scam, the Catch of the Day finally lets Dave show us his best Blanche Devereaux, and later in the show Christopher Hadnagy from Social Engineer LLC returns with an update on the trends he’s been tracking.

Links to stories:

Active PayPal Phishing Scam Targets SSNs, Passport Photos

Current PayPal phishing campaign or "give me all your personal information"

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Fake news and misplaced trust.

Thu, 13 Feb 2020 06:00:00 -0000

Joe shares a collection of romance scams from the great plains, Dave has a report which uncovered a root system of fake news, the catch of the day comes straight from... Warren Buffett? Later in the show Carole Theriault speaks with Lisa Forte from Red Goat on how her experiences working with the police have informed her perspective on the human factors in cyber security.

Links to stories:

Don't Get CatPhished This Valentine's Day By a Scammer

These Fake Local News Sites Have Confused People For Years. We Found Out Who Created Them.

Researchers propose detecting deepfakes with surprising new tool: Mice

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

I wouldn't want my computer to be disappointed.

Thu, 06 Feb 2020 06:00:00 -0000

Dave finally has good news. Joe shares a fake website created by the US Trading Commission... which doesn't exist. The catch of the day threatens FULL DATA LOSS! Later in the show, Anna Collard is the founder of security content publisher of Popcorn Training – a South African company that promotes Cyber Security awareness by using story-based techniques. Our conversation centers on the state of cyber security in Africa.

Links to stories:

DOJ sues US telecom providers for connecting Indian robocall scammers

The aforementioned DOJ complaint

Uncle Sam compensates you for data leaks (yeah, right)

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

They had no idea.

Thu, 30 Jan 2020 06:00:00 -0000

Dave shares a particularly exposing sextortion scam. Joe has a story of a million-dollar scam that targeted college students in Miami just trying to pay their tuition. The catch of the day comes straight from The U.S. President. Later in the show, part two of Carole Theriault's interview with Jamie Bartlett, the brains and host behind The Missing Cryptoqueen, an amazing BBC podcast about trying to get to the bottom of the OneCoin scam.

Links to stories:

Fresh New Nest Video Extortion Scam Plays Out Like a Spy Game

WeChat and stolen credit cards: How scammers victimized Miami Chinese college students

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Flipping the script.

Thu, 23 Jan 2020 06:00:00 -0000

Dave's phone is blowing up with smishing attempts. Joe shares a story about fake license renewal attempts from The New Zealand Transportation Agency. The catch of the day flips the script on their attacker. Later in the show Carole Theriault speaks with Jamie Bartlett, the brains and host behind The Missing Cryptoqueen, an amazing BBC podcast about trying to get to the bottom of the OneCoin scam.

Links to stories:

Fresh Apple #Phishing found

The catch of the day

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Life in the (second) age of pirates.

Thu, 16 Jan 2020 06:00:00 -0000

Dave has an account from a man who was almost scammed by an impersonation of his own close friend. Joe has the story of a sophisticated phishing scheme involving Microsoft Office 365. The catch of the day goes all the way back to the age of pirates. Carole Theriault interviews Andrew Brandt from Sophos regarding their 2020 threat report.

Links to stories:

Tricky Phish Angles for Persistence, Not Passwords

SophosLabs 2020 Threat Report

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Ransomware is a reality.

Thu, 09 Jan 2020 06:00:00 -0000

Dave has a master list of cyberbadness. Joe has some handy red flags this tax season straight from our beloved IRS. The catch of the day features an alluring proposition from someone who is probably not "Sofia". Our guest is Devon Kerr with Elastic Security Intelligence and Analytics who shares his insights about Ransomware.

Links to stories:

7 types of virus – a short glossary of contemporary cyberbadness

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Leading by example and positive reenforcement.

Thu, 02 Jan 2020 06:00:00 -0000

Dave has a warning from a galaxy far, far away. Joe has a report of a scam attempt on a listener who fancies fancy pens. The catch of the day features a Tinder dating app bot scam. Our guest is Dennis Dillman from Barracuda Networks, sharing his thoughts on employee training.

Links to stories:

https://www.bleepingcomputer.com/news/security/fake-star-wars-streaming-sites-steal-fans-credit-cards/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Telling The Truth In A Dishonest Way - Rebroadcast

Thu, 26 Dec 2019 06:00:00 -0000

Today's episode is a re-broadcast of an episode from August 2018.

Dave looks at Hollywood script pitch event scams. Joe describes a romance scam murder scheme. Spontaneously combusting ATM cards. Guest Jayson E. Street from SphereNY describes his security awareness engagements.

Links to stories mentioned in this week's show:

https://www.hollywoodreporter.com/news/why-are-wannabe-screenwriters-getting-scammed-1130919

https://nakedsecurity.sophos.com/2018/08/17/romance-scam-victim-allegedly-plotted-to-kill-her-mother-for-cash/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Managing access and insider threats.

Thu, 19 Dec 2019 06:00:00 -0000

Joe's wife has been getting suspicious shipping notices. Dave describes a phone scam where crooks intercept phone calls. The catch of the day turns the tables on a would-be scammer. Carole Theriault speaks with Peter Draper from Gurucul about their 2020 Insider Threat Report.

Links to stories:

https://www.ctvnews.ca/canada/police-warn-of-new-phone-scam-where-criminals-intercept-your-calls-1.4706758

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

If you didn't ask for it don't install it.

Thu, 12 Dec 2019 06:00:00 -0000

Dave describes a gas-pump hidden camera scam. Joe shares the story of a fraudulent Microsoft Windows Update notice. The catch of the day involves a scammer making use of an online celebrity's profile picture. Our guest is Karl Sigler from Trustwave with tips for staying safe online through the holidays.

Links to stories:

https://krebsonsecurity.com/2019/11/hidden-cam-above-bluetooth-pump-skimmer/

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/fake-windows-update-spam-leads-to-cyborg-ransomware-and-its-builder/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

I really wanted that shed.

Thu, 05 Dec 2019 06:00:00 -0000

Joe shares the story of a woman losing her life savings to a scammer claiming to be from the FBI. Dave describes the $139 shed scam. The catch of the day is another threat of revealing compromising photos. Carole Theriault speaks with Chris Bush from ObserveIT about security threats from employee burnout.

Links to stories:

https://www.wsj.com/articles/robocall-scams-exist-because-they-workone-womans-story-shows-how-11574351204

https://youtu.be/zFQUCCbodHc

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Security has to be friendly.

Thu, 21 Nov 2019 06:00:00 -0000

Dave wonders about Juice Jacking warnings. Joe shares findings from Agari's latest email fraud and identity deception report. The catch of the day promises romance in exchange for airline tickets. Our guests are David Spark and Allan Alford, cohosts of the Defense in Depth podcast.

Links to stories:

https://www.goodmorningamerica.com/travel/story/travelers-beware-juice-jacking-public-charging-stations-safely-67004765

https://www.agari.com/cyber-intelligence-research/e-books/q4-2019-report.pdf

https://cisoseries.com/introducing-defense-in-depth-podcast/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Skepticism is the first step.

Thu, 14 Nov 2019 06:00:00 -0000

Joe shares stories of typo-squatting. Dave reminds warns us against responding to malicious email, even just for fun. The catch of the day is from a listener, leading on a romance scammer. Carole Theriault returns with an interview with Chris Olson from The Media Trust on how targeted advertising can enable election interference.

Links from this week's stories:

https://www.securityweek.com/err-human-squat-criminal

https://info.phishlabs.com/blog/dont-respond-suspicious-emails

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

When you are the target, objectivity is gone.

Thu, 07 Nov 2019 06:00:00 -0000

Joe shares a report on who's more susceptible for scams. Dave shares a story from a listener who what hit by a scam attempt while staying at a hotel. Our catch of the day involves an attempt to scam someone selling a motorcycle. Our guest is Maria Konnikova, an award-winning author, journalist, and international champion poker player. Her latest book is The Biggest Bluff.

Links to stories:

https://www.washingtonpost.com/business/2019/10/28/this-might-surprise-you-seniors-are-not-more-susceptible-scams-younger-adults-are/

https://www.ftc.gov/system/files/documents/reports/protecting-older-consumers-2018-2019-report-federal-trade-commission/p144401_protecting_older_consumers_2019_1.pdf

https://twentytwowords.com/man-gets-revenge-on-craigslist-scammer-in-the-most-satisfying-way-imaginable/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The Malware Mash!

Thu, 31 Oct 2019 12:01:00 -0000

Happy Halloween from Joe, Dave, and everyone at the CyberWire!

Don't dismiss the fraudsters.

Thu, 31 Oct 2019 05:00:00 -0000

Dave describes a credential gathering scam targeting users of the Stripe online payment system. Joe responds to an email message from his boss, and learns a valuable lesson. Our catch of the day follows someone as they string along a text messaging scammer. Carole Theriault returns with an interview with J Bennett of Signifyd, an AI firm fighting romance scams.

Links to stories:

https://cofense.com/credential-phish-masks-scam-page-url-thwart-vigilant-users/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The ability to fundamentally deceive someone.

Thu, 24 Oct 2019 05:00:00 -0000

Joe has the story of a convincing scammer who makes an innocent woman doubt herself. Dave describes an online utility that helps users delete unwanted user accounts and also rates the difficulty of doing so. The catch of the day requests help in an investment scam (but lacks punctuation). Our guest is Henry Ajder from Deeptrace Labs on their research on Deep Fakes.

Links to stories:

https://www.walesonline.co.uk/news/wales-news/swansea-mum-scammed-out-1000-17065476

https://backgroundchecks.org/justdeleteme/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The fallacy of futility.

Thu, 17 Oct 2019 05:00:00 -0000

Dave describes a ponzi scheme that bought up legitimate investment firms. Joe shares research into deep fakes. The catch of the day includes an invitation to join the illuminati. Ray [REDACTED] returns with followup from his prior visit, along with new information to share.

Links to stories:

https://13wham.com/news/local/feds-in-rochester-to-detail-multi-million-dollar-ponzi-scheme

https://nakedsecurity.sophos.com/2019/10/09/deepfakes-have-doubled-overwhelmingly-targeting-women/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Don't trust ransomware to tell you its real name.

Thu, 10 Oct 2019 05:00:00 -0000

Joe describes online redirect scams, URL encoding and the clever combination of the two. Dave shares delightful satire about Russian brides and Nigerian princes, together at last. The catch of the day involves a student getting the best of scammers, getting them to send him money. Our guest is Fabian Wosar from Emsisoft, well-known for decrypting ransomware.

Links from today's stories -

https://waterfordwhispersnews.com/2019/09/25/hot-woman-in-your-area-marries-nigerian-prince-whos-email-you-ignored/

https://www.thesun.co.uk/tech/10052181/student-limerick-online-scammer-charity/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The ultimate hacking tool.

Thu, 03 Oct 2019 05:00:00 -0000

Joe reviews highlights from a Proofpoint report on the human aspects of cyber attacks. Dave describes the FTC's cases against online dating site Match.com. The catch of the day comes straight from Her Majesty the Queen. Carole Theriault returns with an interview with Corin Imai, Senior Security advisor at DomainTools, about phishing attacks they’ve been tracking in the UK.

Links to stories:

https://www.helpnetsecurity.com/2019/09/10/cyberattacks-human-interaction/

https://techcrunch.com/2019/09/26/dating-app-maker-match-sued-by-ftc-for-fraud/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The usefulness of single sign on.

Thu, 26 Sep 2019 05:00:00 -0000

Joe outlines online threats from social media. Dave shares a story of scammers try to scare a community into purchasing security products. The catch of the day features a promise of riches from Facebook's Mark Zuckerberg. Our guest is Yaser Masoudnia from LastPass who addresses listener questions about Single Sign On.

Links to stories:

https://info.phishlabs.com/blog/how-social-media-is-abused-for-phishing-attacks

http://www.pressandguide.com/news/police_fire/email-scam-trying-to-convince-dearborn-residents-crime-is-up/article_249b1f2c-cb34-11e9-a5b0-cf725769167a.html

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Algorithms controlling truth in our society.

Thu, 19 Sep 2019 05:00:00 -0000

Special guest host Graham Cluley joins Dave while Joe takes a short break. Dave shares the success of the FBI's reWired campaign which has apprehended alleged scammers around the world. Graham describes a website hoping to spare users the hardship of multifactor authentication. The catch of the day involves a generous soccer star. Our guest is Matt Price from ZeroFOX with insights on Deep Fake technology.

Links to today's stories:

https://www.fbi.gov/news/stories/operation-rewired-bec-takedown-091019

https://dontduo.com/

https://www.smashingsecurity.com/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

An ethical hacker can be a teacher.

Thu, 12 Sep 2019 05:00:00 -0000

A listener updates us on "notice of arrest" policies. Dave notes increased instances of Google Calendar spam. Joe shares a claim that AI voice mimicry was used to dupe a company out of nearly a quarter million dollars. (Dave is skeptical.) The catch of the day accuses the target of naughty behavior. Carole Theriault interviews ethical hacker Zoe Rose.

Links to stories:

https://www.popsci.com/google-calendar-spam-what-to-do/

https://www.wsj.com/articles/fraudsters-use-ai-to-mimic-ceos-voice-in-unusual-cybercrime-case-11567157402

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Think before you post.

Thu, 05 Sep 2019 05:00:00 -0000

Follow-up from down under. Joe shares the story of a Mom scammed out of Gaelic Football League tickets. Dave describes a bounty hunter hoaxing suicide threats to get location information from mobile providers. The catch of the day requires a response from the grave. Our guest is Ben Yelin, senior law and policy analyst from the University of Maryland Center for Health and Homeland Security. He digs in to a particular Facebook scam that refuses to die.

Links to stories:

https://m.independent.ie/irish-news/news/im-just-broken-up-mother-devastated-as-shes-scammed-out-of-money-while-trying-to-buy-allireland-final-tickets-38446401.html

https://www.thedailybeast.com/feds-say-bounty-hunter-matthew-marre-used-suicide-hoax-to-con-verizon-t-mobile-out-of-customer-data

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Securing your SMS.

Thu, 29 Aug 2019 05:00:00 -0000

Dave shares a story of digital voice assistants being channeled toward scammers. Joe tracks scammers taking advantage of social tools on the Steam gaming platform. The catch of the day involves South African kickbacks. Our guest is researcher/technologist Ray [REDACTED], who shares his expertise on scammers targeting SMS.

Links to stories:

https://nakedsecurity.sophos.com/2019/08/20/scammers-use-bogus-search-results-to-fool-voice-assistants/

https://www.bleepingcomputer.com/news/security/steam-accounts-being-stolen-through-elaborate-free-game-scam/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Backups backups backups.

Thu, 22 Aug 2019 05:00:00 -0000

Joe describes a primitive (but effective) phishing scheme being tracked by Bleeping Computer. Dave shares news from a Black Hat presentation on phishing stats from Google. The catch of the day is a friendly invitation from Hawaii. Our guest is Michael Gillespie from Emsisoft describing the ID Ransomware project.

Links from today's stories:

https://www.bleepingcomputer.com/news/security/beware-of-emails-asking-you-to-confirm-your-unsubscribe-request/

https://www.fastcompany.com/90387855/we-keep-falling-for-phishing-emails-and-google-just-revealed-why

https://id-ransomware.malwarehunterteam.com/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Swamping search results for reputation management.

Thu, 15 Aug 2019 05:00:00 -0000

Dave shares the story of a small community hospital dealing with a ransomware attack. Joe reviews the different types of extortion emails. The catch of the day is an inheritance scam from Canada. Carole Theriault interviews Craig Silverman from Buzzfeed about online reputation management companies.

Links to stories:

https://www.azcentral.com/story/news/local/arizona/2019/07/30/how-4-technicians-saved-arizona-hospital-hacker-ransomware-wickenburg-community-hospital/1842572001/

https://www.bleepingcomputer.com/news/security/extortion-emails-on-the-rise-a-look-at-the-different-types/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Positive pretexting on the rise.

Thu, 08 Aug 2019 05:00:00 -0000

Joe shares a cautionary Facebook tale from his own life. Dave has the story of an Australian IT company put out of business by scammers. The catch of the day tracks the response writer and comedian Dave Holmes had to scammers pretending to be from the IRS. Rachel Tobac from Social Proof Security returns with voting security information and the latest scams she's been tracking.

Links to today's stories:

https://www.crn.com.au/news/it-suppliers-forced-to-close-after-procurement-scam-528609

https://cheezburger.com/719877/troll-comedian-gets-a-scam-call-and-decides-to-play-along

https://www.vampirecaveman.com/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Images are the language of the brain.

Thu, 01 Aug 2019 05:00:00 -0000

Dave outlines a church donation scam. Joe shares reporting from Ars Technica on romance scams coming out of Africa. The catch of the day is courtesy of London comedian James Veitch Our guest is Garry Berman from Cyberman Security who's developed a cyber security comic book series to help raise awareness.

Links to this week's stories:

https://www.churchlawandtax.com/blog/2018/june/what-to-know-about-new-donation-scam.html

https://arstechnica.com/information-technology/2019/07/im-not-100-with-anybody-ars-dissects-a-nigerian-twitter-catfish-scam/

https://www.boredpanda.com/funny-phishing-scam-emails-dot-con-james-veitch/

https://www.cyberheroescomics.com/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Looking after Dad.

Thu, 25 Jul 2019 05:00:00 -0000

Joe shares a story on the market economy of phishing. Dave explains how gamers are being taken advantage of on popular chat app Discord. The catch of the day included a little bit of showbiz razzle-dazzle. Our anonymous guest this week shares his efforts to keep his father from falling for online scams.

Links to stories:

https://blogs.akamai.com/sitr/2019/06/phishing-factories-and-economies.html

https://twitter.com/Splatter_Shah/status/1143556723266994176

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The skills gap disconnect.

Thu, 18 Jul 2019 05:00:00 -0000

Dave shares a listener story of scammers calling drug stores to try to gather customer rewards points. Joe describes federal contractors being scammed out of over $10 million of hardware, some of it classified communications equipment. The catch of the day starts with a bank email scam and ends with a Rick roll. Carole Theriault speaks with Michael Madon, head of security at Mimecast about the cyber security skills gap.

Links to stories -

https://qz.com/1661537/us-defense-contractor-falls-for-3-million-email-scam/

https://www.newshub.co.nz/home/entertainment/2018/01/man-sets-up-rick-astley-hotline-to-rescue-people-from-annoying-salespeople.html

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Know and spot the patterns.

Thu, 11 Jul 2019 05:00:00 -0000

Joe shares the heartbreaking tale of a catphishing case that leads to murder. Dave describes a shoe company using an unusual method to trick engagement with an online ad. The catch of the day engages a Nigerian scammer promising a fortune in precious minerals. Dave interview Michael Coates, head of Altitude Networks and former CISO at Twitter.

Links to this week's stories -

https://www.nbcnews.com/news/us-news/after-alaska-teen-s-murder-cybersecurity-experts-warn-catfishing-predators-n1019536

https://medium.com/shanghaiist/chinese-shoe-company-tricks-people-into-swiping-instagram-ad-with-fake-strand-of-hair-54d8a2d8ec1d

https://www.419eater.com/html/user_subs/godfather/godfather.htm

https://altitudenetworks.com/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Encore — Separating fools from money.

Thu, 04 Jul 2019 05:00:00 -0000

We're taking a break for the Independence Day holiday in the US, so enjoy this episode from the early days of our show.

Dave shares a story of airport penetration testing with high degree of yuck-factor. Joe explores research on protecting passwords from social engineering. The catch-of-the-day comes courtesy of Graham Cluley's email spam box. Dave interviews Wired's Security Staff Writer Lily Hay Newman on her article tracking Nigerian email scammers.

Thanks to our show sponsor KnowBe4.

Be wary of all emails.

Thu, 27 Jun 2019 05:00:00 -0000

Dave shares the story of one Katie Jones, the fake online persona used to gain the confidence of high-status individuals. Joe describes the tragic case of Christine Lu, a Harvard Medical professor who was scammed out of her life savings. The Catch of the Day warns recipients not to trust the FBI. Carole Theriault interviews Akamai's Larry Cashdollar about scammers using Google Translate to obfuscate web sites.

Links to this week's stories:

https://www.apnews.com/bc2f19097a4c4fffaa00de6770b8a60d

https://thispersondoesnotexist.com/

https://www.nbcboston.com/on-air/as-seen-on/Woman-Scammed-Into-Giving-Away-Life-Savings_NECN-511108952.html

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The knowledge / intention behavior gap.

Thu, 20 Jun 2019 05:00:00 -0000

Joe shares the story of an elaborate check fraud scam involving HR impersonators. Dave reads an email from a listener who got phished by his own company, and has questions about authorization app vs. hardware keys. Our catch of the day involves an orphan looking to share her inheritance. Dave interviews author Perry Carpenter, who's new book is Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us about Driving Secure Behaviors.

Links to stories:

https://twitter.com/sigalow/status/1138918411394781185?s=12

https://www.yubico.com/2019/01/yubico-launches-the-security-key-nfc-and-a-private-preview-of-the-yubikey-for-lightning-at-ces-2019/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Just because I trusted you yesterday doesn't mean I trust you today.

Thu, 13 Jun 2019 05:00:00 -0000

Dave describes researchers spotting scammers on dating sites using AI. Joe shares a phishing scheme that asks users to manage undelivered mail. The catch of the day involves cute puppies and Mogwai meat. Dave interview Avi Solomon, director of information technology for Rumberger, Kirk and Caldwell, an Orlando, Florida litigation firm.

Links to today's stories:

https://www.bbc.com/news/technology-48472811

https://arxiv.org/pdf/1905.12593.pdf

https://www.bleepingcomputer.com/news/security/new-phishing-scam-asks-you-to-manage-your-undelivered-email/

https://www.419eater.com/html/tommy_mark.htm

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The best way to break in is to walk through the front door.

Thu, 06 Jun 2019 05:00:00 -0000

Joe describes one of history's great con artists, Victor Lustig, who sold the Eiffel Tower. Twice. Dave shares a story from a listener involving a UPS tracking number scam. The catch of the day involves am attempted romance scam on the XBOX platform. Dave interviews Sherri Davidoff, CEO of LMG Security and is the hacker named "Alien" in Jeremy Smith's book, "Breaking and Entering." She has her own book coming out this summer, "Data Breaches: Crisis and Opportunity."

Links to this week's stories:

http://mentalfloss.com/article/12809/smooth-operator-how-victor-lustig-sold-eiffel-tower

https://community.ebay.com/t5/Archive-Shipping-Returns/Seller-Scam-UPS-Tracking-Shows-Delivered/td-p/26206551

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Be willing to admit you don't know everything.

Thu, 30 May 2019 05:00:00 -0000

Dave reviews Google's recent security report on basic account hygiene. Joe describes passive social engineering, including USB charging stations at airports. The catch of the day exposes a trunk box scam involving ill-gotten war profits. Carole Theriault speaks with the head of a group that call themselves Scam Survivors.

Links to stories:

https://security.googleblog.com/2019/05/new-research-how-effective-is-basic.html

https://www.forbes.com/sites/suzannerowankelleher/2019/05/21/why-you-should-never-use-airport-usb-charging-stations/#4116498a5955

https://scamsurvivors.com/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

People aren't perfectly rational.

Thu, 23 May 2019 05:00:00 -0000

A listener writes in with the results of his phishing attempt on his wife. Joe describes research from F-Secure on the most dangerous email attachment types. Dave shares the story of scammers impersonating local hospitals to scare a response from their victims. Our catch of the day involves a LinkedIn scam impersonating a fighter pilot.

Joe interviews Elissa Redmiles, an incoming assistant professor of computer science at Princeton University. She studies behavioral modeling to understand why people behave the way they do online.

Links to stories from today's show:

https://labsblog.f-secure.com/2019/05/08/spam-trends-top-attachments-and-campaigns/

https://www.nbc15.com/content/news/Text-message-scam-impersonates-local-hospitals-509615981.html

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Live at KB4CON 2019.

Thu, 16 May 2019 05:00:00 -0000

It's a special edition of the Hacking Humans show recorded live at the KB4CON conference in Orlando, FL. Join Joe, Dave and their special guests Stu Sjouwerman, KnowBe4's CEO, and Kevin Mitnick, world-famous hacker and KnowBe4's chief hacking officer, as they discuss malicious scams making the rounds and how to protect yourself and your organization against them.

Dave describes a late-night phone call scam, Joe explains a Social Security scheme, Stu shares deadly catch of the day, and Kevin shares stories from his own hacking experience, and takes questions from the audience.

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A data-driven approach to trust.

Thu, 09 May 2019 05:00:00 -0000

Joe describes a church scammed out of millions of dollars. Dave shares good news about a group of scammers being apprehended and arrested. The catch of the day involves a Vietnamese investment offer that's almost too good to pass up on. Dave speaks with Dr. Richard Ford from Forcepoint about the models of trust.

Links to stories in today's show:

https://www.grahamcluley.com/hackers-steal-1-75-million-from-catholic-church-in-ohio/

https://www.justice.gov/usao-sdny/pr/nine-defendants-arrested-new-york-florida-and-texas-multimillion-dollar-wire-fraud

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Twitter bots amplifying divisive messages.

Thu, 02 May 2019 05:00:00 -0000

Followup from listeners on Google search result scams. Dave describes the city of Ottawa sending $100K to a fraudster. Joe shares results from the FBI's Internet Crime Report. The catch of the day involves a dating site and an offer to be someone's "sugar daddy." Our guest is Andy Patel from F-Secure, describing how Twitter bots are amplifying divisive messages.

Links to storys:

https://www.cbc.ca/news/canada/ottawa/city-treasurer-sent-100k-to-fraudster-1.5088744

https://threatpost.com/fbi-bec-scam-losses-double/144038/

https://www.ic3.gov/media/annualreport/2018_IC3Report.pdf

https://labsblog.f-secure.com/2019/04/03/discovering-hidden-twitter-amplification/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Let's play, "Covered by cyber insurance — true or false?"

Thu, 25 Apr 2019 05:00:00 -0000

Dave and Joe answer a listener question about a mysterious Netflix account. Dave describes a service for Airbnb scammers. Joe explains a particularly "nasty" Instagram scam. Carole Theriault interviews cyber insurance expert Martin Overton from OMG Cyber.

Links to stories:

https://www.bleepingcomputer.com/news/security/the-nasty-list-phishing-scam-is-sweeping-through-instagram/

https://krebsonsecurity.com/2019/04/land-lordz-service-powers-airbnb-scams/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

I have been practicing honesty and truthfulness my whole life.

Thu, 18 Apr 2019 05:00:00 -0000

Followup from an Australian listener. Dave shares a Paypal scam leveraging Google ads. Joe describes TechCrunch reporting on a spam service that was left out in the open. The catch of the day promises a lifetime supply of gold. Dave interviews Asaf Cidon from Barracuda Networks

https://techcrunch.com/2019/04/02/inside-a-spam-operation/

https://www.barracuda.com/spear-phishing-report

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Scammers have no ethics whatsoever.

Thu, 11 Apr 2019 05:00:00 -0000

Joe describes a study of people's perceptions when presented with a magic trick. Dave shares the story of fake boyfriend app. Our catch of the day involves the promise of millions from a bank in Africa. Dave interviews Chris Parker from WhatIsMyIPaddress.com.

Links to stories:

http://nautil.us/issue/70/variables/a-magician-explains-why-we-see-whats-not-there

https://youtu.be/vJG698U2Mvo

https://www.pedestrian.tv/tech/fake-boyfriend-app/

https://whatismyipaddress.com/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Girl Scouts empowering cyber security leaders.

Thu, 04 Apr 2019 05:00:00 -0000

Dave describes a survey of call center security methods. Joe explains a spam campaign raising the specter of a flu pandemic to scare people into enabling macros in an Office document. The catch of the day highlights a Facebook scammer promising a prize-winning windfall. Carole Theriault returns with a story about special badges Girls Scouts can earn for cyber security.

Links to stories:

https://marketing.trustid.com/acton/attachment/32513/f-0039/1/-/-/-/-/TRUSTID_2018_State_of_Call_Center_Authentication_Survey.pdf

https://www.bleepingcomputer.com/news/security/fake-cdc-emails-warning-of-flu-pandemic-push-ransomware/

http://blog.girlscouts.org/2018/07/girl-scouts-introduces-30-new-badges-to.html

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Pick a persona to match the goal.

Thu, 28 Mar 2019 05:00:00 -0000

Followup on remotely previewing websites. Joe has the story of scammer bilking Facebook and Google out of millions. Dave reviews best practices for deleting data on devices you dispose of. The catch of the day is an offer of criminal partnering with the CIA. Our guest is Jeremy N. Smith, author of the book Breaking and Entering - the extraordinary story of a hacker called Alien.

Links from today's stories:

https://urlscan.io/

https://www.theregister.co.uk/2019/03/21/facebook_google_scam/

https://blog.rapid7.com/2019/03/19/buy-one-device-get-data-free-private-information-remains-on-donated-devices/

https://www.amazon.com/dp/B0789KP775

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Kids are a great target.

Thu, 21 Mar 2019 05:00:00 -0000

A listener recommends an online tool for safely previewing web sites. Dave shares research on what time of the work week is best for scams. Joe explains credential stuffing. Our guest is Frances Dewing, the CEO and co-founder of Rubica. They recently published a report on how crooks are accessing parents’ mobile devices via apps their kids load.

Links to stories mentioned in today's show:

https://screenshot.guru/

https://www.aarp.org/money/scams-fraud/info-2019/phone-scams-peak-time.html

https://www.digitalnewsasia.com/insights/how-lose-money-credential-stocking-stuffers

https://rubica.com/wp-content/uploads/2019/02/Rubica-Report-Cyber-Crime-Privacy-Risks-in-Free-Mobile-Kids-Apps.pdf

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

When we rush we make bad decisions.

Thu, 14 Mar 2019 05:00:00 -0000

Joe tracks the surprising number of malicious links hosted on legit websites and why it's dangerous. Dave describes an extortion scheme targeting podcasters. Our catch of the day involves a lonely Russian woman promoting a dating site. Dave interviews Gary Noesner, author of Stalling for Time: My Life as an FBI Hostage Negotiator.

Links to stories mentioned in today's show:

https://www-cdn.webroot.com/9315/5113/6179/2019_Webroot_Threat_Report_US_Online.pdf

https://rebelbasemedia.io/podcast-review-extortion/

https://www.amazon.com/Stalling-Time-Life-Hostage-Negotiator/dp/1400067251

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Don't assume younger people get it.

Thu, 07 Mar 2019 06:00:00 -0000

Followup on last week's TLD discussion. Dave shares a sextortion scam with a tragic ending. Joe highlights conveyance scams that rely on certain days of the week. Our catch of the day features a wealthy Londoner hoping to pass on her fortune. Guest Dale Zabriskie from Proofpoint has results from their State of the Phish report.

Links to stories:

https://www.dailymail.co.uk/news/article-6744421/Army-veteran-PTSD-committed-suicide-targeted-prison-inmates-sextortion-scam.html

https://www.todaysconveyancer.co.uk/main-news/law-firms-wising-up-conveyancing-scams/

https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/45597.pdf

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Delivering yourself to a kidnapper.

Thu, 28 Feb 2019 06:00:00 -0000

Joe describes fraudsters taking advantage of top-level domain name confusion. Dave explains how a Google Nest security system shipped with an undocumented microphones. Our catch of the day involves a postcard missed package campaign. Our guest is Matt Devost from OODA LLC describing their work protecting high-net-worth individuals.

Links to today's stories:

https://rebootcamp.militarytimes.com/news/your-air-force/2019/02/13/watch-out-for-fake-dod-websites-like-this/

https://nakedsecurity.sophos.com/2019/02/21/sorry-we-didnt-mean-to-keep-that-secret-microphone-a-secret-says-google/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Stop and think before you click that link.

Thu, 21 Feb 2019 06:00:00 -0000

We've got followup from a listener on cognitive dissonance and behavioral science. Dave shares a listener story about a University Dean's List scam. Joe shares statistics from a government agency phishing test. Our catch of the day involves funds from the FBI, the IMF, and yes, Nigeria. Dave interviews Crane Hassold from Agari with phishing trends they've been tracking, plus his experiences as a former FBI agent.

Links to stories in today's show:

https://fcw.com/articles/2019/02/11/cyber-phishing-oig-fhfa.aspx

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The trauma is multifactored.

Thu, 14 Feb 2019 06:00:00 -0000

On this Valentines Day edition of Hacking Humans, Joe and Dave examine romance scams, including the sad tale of woman bilked out of hundreds of thousands of dollars. There's a silly, non-murdering catch of the day, and Dave interviews Max Kilger from UTSA on the six motivations of bad actors.

Links to today's stories:

https://www.bbb.org/article/news-releases/17057-online-romance-scams-a-bbb-study-on-how-scammers-use-impersonation-blackmail-and-trickery-to-steal-from-unsuspecting-daters

https://www.aarp.org/money/scams-fraud/info-2015/online-dating-scam.html

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Make it seem like the real answer is impossible to know.

Thu, 07 Feb 2019 06:00:00 -0000

Dave shares a bank spoofing scam with a reminder to mind those links, especially on mobile devices. Joe describes a case of someone turning the tables on a Twitter scammer. Our catch of the day involves a clumsy claim of physical harm. Dave interviews author Dave Levitan about his book Not a Scientist: How politicians mistake, misrepresent and utterly mangle science.

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The excitement of tricking someone wears off quickly.

Thu, 31 Jan 2019 06:00:00 -0000

We've got followup on bank scams and ransomware. Joe describes a highly sophisticated multinational business scam. Dave shares a story about private school parents falling for a Bitcoin discount scam. Our guest is Jordan Harbinger, host of The Jordan Harbinger Show, with insights on influence and social engineering.

Links to this week's stories:

https://www.cpomagazine.com/cyber-security/cyber-fraud-by-chinese-hackers-makes-headlines-in-india/

https://www.bbc.com/news/uk-england-tyne-46920810

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Opening your eyes to the reality in which we live.

Thu, 24 Jan 2019 06:00:00 -0000

Dave reviews tips on protecting yourself from ransomware. Joe describes a clever way to trick people into enabling macros. An attempt at celebrity friendship is our catch of the day. Carole Theriault returns and speaks with Dr. Jessica Barker from Cygenta about effective training techniques.

Links to stories mentioned:

https://www.csoonline.com/article/3331981/ransomware/how-to-protect-backups-from-ransomware.html

https://myonlinesecurity.co.uk/agent-tesla-reborn-via-fake-order/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Prisoners have nothing but time.

Thu, 17 Jan 2019 06:00:00 -0000

Joe shares the tale of a prisoner running a variety of romance scams from the inside. Dave outlines direct deposit scams. The catch of the day is a clever variation from (where else?) Nigeria. Our guest is Sam Small from ZeroFox.

Links to stories:

https://hubpages.com/politics/The-Games-That-Inmates-Play

https://ogletree.com/shared-content/content/blog/2018/january/diverting-employees-payroll-direct-deposits-the-latest-wave-of-phishing-scams

https://www.kansas.com/news/local/crime/article223873805.html

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Trained humans are your strongest link.

Thu, 10 Jan 2019 06:00:00 -0000

Dave warns of scammers gaining access to homes by pretending to be workers from the local utility company. Joe shares a story of a sophisticated bank transfer scam in the UK. Our catch of the day outlines an attempted email scam targeting an architectural firm. Carole Theriault is back with the second part of her interview with the pen tester who goes by the name freaky clown.

Links to today's stories:

https://www.wxyz.com/news/michigan-energy-company-warns-of-increase-in-imposters-trying-to-enter-homes

https://inews.co.uk/inews-lifestyle/money/lost-19960-life-savings-phone-scam-natwest

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

At some point you're probably going to have to do some running.

Thu, 03 Jan 2019 06:00:00 -0000

Joe describes a reply-all scenario gone wrong. Dave explains the criminal use of steganography in memes as a command and control technique. Our catch-of-the-day features alluring photos texted to an unimpressed listener. Carole Theriault interviews physical pen tester Freaky Clown.

Links to stories mentioned in this week's show:

https://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-use-malicious-memes-that-communicate-with-malware/

https://www.cygenta.co.uk/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter

Truth emerges from the clash of ideas.

Thu, 20 Dec 2018 06:00:00 -0000

We follow up on critical feedback of last week's show. Dave describes how online extortionists have pivoted from sex to explosives. We've got an auto-responding catch of the day from one of Joe's colleagues. Guest is Sean Brooks, Director of the Citizen Clinic and a Research Fellow at the Center for Long-Term Cybersecurity at UC Berkeley. He shares their research into online attacks of politically vulnerable organizations.

From our EV certs follow-up:

https://www.troyhunt.com/extended-validation-certificates-are-dead/

https://casecurity.org/2018/12/06/ca-security-council-casc-2019-predictions-the-good-the-bad-and-the-ugly/

Bomb threat catch of the day:

https://www.zdnet.com/article/extortion-emails-carrying-bomb-threats-cause-panic-across-the-us/

Sean Brooks interview:

Report: http://cltc.berkeley.edu/defendingpvos/

Clinic: http://cltc.berkeley.edu/citizen-clinic/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A pesky problem that doesn't go away.

Thu, 13 Dec 2018 06:00:00 -0000

Joe describes a Nigerian gang called London Blue that focuses on business email compromise. Dave shares surprising Cyber Monday phishing statistics. Guest Chris Bailey from Entrust Datacard teaches us how to detect lookalike sites online and better protect ourselves from fraud.

Links to today's stories:

https://www.agari.com/insights/whitepapers/london-blue-report/

https://www.zscaler.com/blogs/research/cyber-monday-biggest-day-cyberattacks-not-long-shot

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Bringing trust to a trustless world.

Thu, 06 Dec 2018 06:00:00 -0000

Listener follow-up on a URL issue. Dave describes an elderly couple scammed out of savings. Joe wonders if it's wise to unsubscribe. Guest Andre McGregor from TLDR Capital describes his work as a former FBI agent, and his experience consulting on Mr. Robot.

Bank account transfer scam:

https://abc11.com/troubleshooter-durham-couple-loses-$8900-in-computer-virus-scam/4782799/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Be very aware of your desire to be right.

Thu, 29 Nov 2018 06:00:00 -0000

Joe explains URLs and DNS. Dave has tips to prevent holiday skimming. A bogus bank barrister is the catch of the day. Writer Ben Yagoda explains cognitive biases.

Links:

Wikipedia page on URLs -

https://en.wikipedia.org/wiki/URL

Tips to prevent skimming -

https://www.social-engineer.org/newsletter/social-engineer-newsletter-vol-07-issue-96/

Ben Yagoda's article from the Atlantic -

https://www.theatlantic.com/magazine/archive/2018/09/cognitive-bias/565775/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

CEOs can be the weakest link.

Thu, 15 Nov 2018 06:00:00 -0000

Listener feedback on the "Can you hear me?" scam. Dave shares an ongoing Elon Musk Bitcoin giveaway scam. Joe describes the malicious use of a compromised DHL email address. This week's catch of the day comes from down under. (Apologies to the fine citizens of Australia.) Carole Theriault returns with an interview with MimeCast's Matthew Gardiner.

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Human sources are essential.

Thu, 08 Nov 2018 06:00:00 -0000

Joe gathers open source information online. Dave wonders if a tow truck driver got the better of him. A listener shares a possible custom app scam. Former FBI agent Dennis Franks shares his experience developing human intelligence sources.

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Scams are fraud and fraud is crime.

Thu, 01 Nov 2018 05:00:00 -0000

We get listener followup on the church pastor scam. Dave explores a phony investment web site. Joe explains phishing, spear phishing and whaling. Fake federal agents are featured in our catch of the day. Carole Theriault interviews Max Bruce from Action Fraud UK.

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Fear, flattery, greed and timing.

Thu, 25 Oct 2018 05:00:00 -0000

We get followup feedback on gift cards. Joe describes a banking payment scam on a Canadian university. Dave reveals some sneaky apps. A reader shares a story worth its weight in gold. Jenny Radcliffe from Human Factor Security shares her insights on social engineering.

Links to stories in this episode:

https://www.thestar.com/edmonton/2018/10/09/how-a-fraudster-got-12-million-out-of-a-canadian-university-they-just-asked-for-it.html

https://www.forbes.com/sites/johnkoetsier/2018/10/04/app-scams-cheap-utility-apps-are-stealing-260-2500-or-even-4700-each-year-per-user/#9de2b67162ac

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Waste my time and I'll waste yours back.

Thu, 18 Oct 2018 05:00:00 -0000

Dave reveals a stealthy trademark scam. Joe describes the invocation of a judge's name to lure a victim. A listener shares a business scam from India. Joe interviews "Shannon," a listener who enjoys wasting phone scammer's time.

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Information is the life blood of social engineering.

Thu, 11 Oct 2018 05:00:00 -0000

Joe ponders how a phone number is obtained. Dave's friend avoids a Google gift card scam. Christopher Hadnagy returns with an update to his book, The Science of Social Engineering.

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Easier to trick than to hack.

Thu, 04 Oct 2018 05:00:00 -0000

Dave dodges a local theater scam. Joe shares survey results from Black Hat attendees. A listener's calendar pops up alluring invitations. Carole Theriault interviews Sophos Naked Security writer Mark Stockley about password shortcomings.

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Kidnappers, robots and deep fakes.

Thu, 27 Sep 2018 05:00:00 -0000

Joe shares a kidnapping scam targeting foreign students. Dave describes social engineering involving robots. Our guest is Robert Anderson from the Chertoff Group, discussing Deep Fake technology and how it erodes trust.

Links to stories mentioned in this week's show:

https://searchsecurity.techtarget.com/news/252448458/Robot-social-engineering-works-because-people-personify-robots

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Stringing along a scammer.

Thu, 20 Sep 2018 05:00:00 -0000

Dave warns of scammers taking advantage of hurricane Florence, both on the phone and in person. Joe shares a scheme targeting the kindness of local churchgoers. A cosmic variation on the Nigerian email scam. Joe interviews his Johns Hopkins University colleague Chris Venghaus, who leads a tech support scammer on a wild goose chase.

Links to stories mentioned in this week's show:

https://www.13newsnow.com/video/weather/hurricanes/hurricane-florence/hurricane-scammers-target-hampton-roads/291-8250736

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Influence versus manipulation.

Thu, 13 Sep 2018 10:00:00 -0000

Joe describes a law firm impersonating a rival to funnel business away from them. Dave has a story of pontiff impersonation. Our guest is Joe Gray from Advanced Persistent Security.

Links to stories mentioned in this week's show:

https://www.theregister.co.uk/2018/08/27/lawyers_impersonating_rivals/

https://www.ccn.com/pope-francis-latest-target-of-twitter-crypto-scam/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Real estate transactions in the crosshairs.

Thu, 06 Sep 2018 10:00:00 -0000

Dave gets scammed on an exit ramp. Joe describes real estate transaction scams. Is LinkedIn moonlighting in Himalayan tourism? Guest Asaf Cidon from Barracuda Networks shares social engineering trends his team is tracking.

Links to stories mentioned in this week's show:

http://www.baltimoresun.com/news/maryland/crime/bs-md-ramp-scam-20161018-story.html

https://www.cyberradio.com/2018/08/threat-actors-targeting-homebuyers-with-phishing-attacks/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Red teaming starts with research.

Thu, 30 Aug 2018 10:00:00 -0000

Joe describes an Office 365 phishing campaign. Dave warns of dangerous USB cables. A listener shares a fax from the UK. Joe interviews security consultant and pen tester Justin White.

Links to stories mentioned in this week's show:

https://www.helpnetsecurity.com/2018/08/15/office-365-phishing-sharepoint/

https://srlabs.de/bites/usb-peripherals-turn/

https://www.bleepingcomputer.com/news/security/usbharpoon-is-a-badusb-attack-with-a-twist/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Telling the truth in a dishonest way.

Thu, 23 Aug 2018 10:00:00 -0000

Links to stories mentioned in this week's show:

https://www.hollywoodreporter.com/news/why-are-wannabe-screenwriters-getting-scammed-1130919

https://nakedsecurity.sophos.com/2018/08/17/romance-scam-victim-allegedly-plotted-to-kill-her-mother-for-cash/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Sometimes less is more.

Thu, 16 Aug 2018 10:00:00 -0000

Joe shares the story of a retiree scammed by a clever scheme. Dave describes a tech-support scam with a Russian twist. Our Catch of the Day features an adorable puppy. Guest Michael Murray from Lookout explains mobile device vulnerabilities.

Links to stories mentioned in this week's show:

https://www.scamwatch.gov.au/get-help/real-life-stories/investment-scam-how-steve-lost-200-000-to-an-investment-scam

https://www.grahamcluley.com/phone-scam-exploits-russian-hacking-fears/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Focus, technology, and training fight phishing.

Thu, 09 Aug 2018 10:00:00 -0000

Dave describes a phishing attempt to infiltrate U.S. election systems. Joe shares a story of government agencies receiving malicious CDs in the mail. University employees are lured by greed. And David Baggett from Inky joins us to describe phishing techniques they are seeing and offers ways to best protect yourself and your organization.

Links to stories mentioned in this week's show:

https://theintercept.com/2018/06/01/election-hacking-voting-systems-email/

https://krebsonsecurity.com/2018/07/state-govts-warned-of-malware-laden-cd-sent-via-snail-mail-from-china/

http://hci2018.bcs.org/prelim_proceedings/papers/Work-in-Progress%20Track/BHCI-2018_paper_95.pdf

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Luring unsuspecting money mules.

Thu, 02 Aug 2018 10:00:00 -0000

Joe describes clever gift card scams. Dave follows up on last week's proposal to waste phone scammer's time. A more plausible phishing scheme comes through. Guest David Shear from Flashpoint describes methods scammers use to lure people into being money mules.

Links:

https://securelist.com/giftcard-generators/86522/

https://jollyrogertelephone.com/

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Nothing up my sleeve.

Thu, 26 Jul 2018 10:00:00 -0000

Dave shares a story of deception right out of Hollywood.

https://www.hollywoodreporter.com/features/hunting-con-queen-hollywood-1125932

Joe proposes changing the financial incentives for scammers.

A porn-shaming catch of the day courtesy of Johannes Ulrich.

An interview with atomic physicist and close-up magician Adam West.

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Think like an attacker.

Thu, 19 Jul 2018 11:00:00 -0000

Joe describes a con law enforcement agencies use to lure crooks. Dave shares a tech support scan spreading in chat forums. A listener from Dublin has a fake email from Apple. We welcome Rachel Tobac, CEO of SocialProof Security.

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Presidential prank, pensioner pilfered.

Thu, 12 Jul 2018 11:00:00 -0000

Dave recounts the news that US President Trump likely fell for a prank phone call. Joe outlines the sad story of a woman robbed of her retirement savings. Twitter account recovery scams. Charles Arthur, author of Cyber Wars - Hacks that Shocked the Business World, joins us for an interview.

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Phone scams, phantom employees and sitting Ducks.

Thu, 05 Jul 2018 11:00:00 -0000

Joe warns of a harrowing phone scam technique, Dave reveals an alternate persona, a listener tries to sell a truck, and Carole Theriault from the Smashing Security Podcast interviews Sophos' Paul Ducklin.

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Separating fools from money.

Thu, 28 Jun 2018 11:00:00 -0000

Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Playing on kindness.

Thu, 21 Jun 2018 05:00:00 -0000

Joe explains the Ben Franklin effect. Dave describes job applicants tricked unto money laundering. A listener tells a tale of being fooled by an appeal to greed. Joe interviews Stacey Cameron from DirectDefense about her physical penetration testing work.

Gaming pro athletes online.

Thu, 14 Jun 2018 05:00:00 -0000

Joe warns of scammers taking advantage of natural disasters, Dave explores romance scams, and gets a strange voice mail.

Stephen Frank from the National Hockey League Players Association joins us to share how professional athletes protect themselves from online scams.

A flood of misinformation and fake news.

Thu, 07 Jun 2018 05:00:00 -0000

In this episode, Joe examines the anatomy of a phishing attack, Dave explores pretexting, and a scammer targets real estate agents.

Professor Stephen Lewandowsky from the University of Bristol joins us to share his research on misinformation, fake news, and inoculating people against them.

Social Engineering works because we're human.

Wed, 30 May 2018 05:00:00 -0000

In this premier episode of the Hacking Humans podcast, cohosts Dave Bittner from the CyberWire and Joe Carrigan from the Johns Hopkins University Information Security Institute discuss noteworthy social engineering schemes and ways to detect them.

Author Christopher Hadnagy discusses his book The Art of Human Hacking.