Claim OwnershipHacking Humans
Subscribed: 3,522Played: 140,579
Subscribe
© 2020 CyberWire, Inc.
Description
Deception, influence, and social engineering in the world of cyber crime.
265 Episodes
Reverse
Guest Dave Senci of Mastercard's NuData Security talks about the security issues with remote access and coaching frauds, Dave's got a story about receiving a "Best Buy gift card" and USB mailing, Joe's story is from the Better Business Bureau about their "12 Scams of Christmas," and our Catch of the Day is from our listener Henry who received an email that appeals to one's faith.
Links to stories:
PSA: If You Get a 'Best Buy Gift Card' on a USB Drive in the Mail, Don't Plug It Into Your PC
The Naughty List: BBB's 12 Scams of Christmas
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Guest Jay Radcliffe from Thermo Fisher Scientific shares his advice and security concerns with smart devices since the holiday gifting season is around the corner, Joe and Dave have some listener follow up about 2FA, Joe's got a story about the Robinhood breach, Dave's story is about numerous LinkedIn requests from HR specialists with GAN images (Generated Adversarial Network), and our Catch of the Day is from listener Michael who was just trying to sell his car and then he got a text message.
Links to stories:
Data Breach of Robinhood Trading Platform Blamed on Social Engineering, Similar to 2020 Twitter Breach
LinkedIn Fakes: A Wolf in Business Casual Clothing
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Guest Blake Hall, CEO and founder of a company called ID.me, discusses protecting your identity online, Dave and Joe have some follow up from listener Rafa on 2FA he uses, Dave has a story about bots that take advantage of 2FA to break into your payment accounts, Joe's story is about scams carried out through QR codes, and our COTD comes from listener Wyatt about an award-winning email from Warren Buffett.
Links to stories:
The Booming Underground Market for Bots That Steal Your 2FA Codes
Fake “Sugar Daddies” are cheating on Instagram
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Guest Dr. Jessica Barker from Cygenta talks with UK correspondent Carole Theriault about how every month should be cyber awareness month, Joe has a story about password spraying (kind of like a credential stuffing attack), Dave's story is about scams carried out through QR codes, and our COTD comes from listener Wyatt about an award-winning email from Warren Buffett.
Links to stories:
Microsoft warns over uptick in password spraying attacks
Scammers are emailing waves of unsolicited QR codes, aiming to steal Microsoft users' passwords
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
1Guest Brandon Hoffman from Intel 471 is back sharing some research on business email compromise, Dave's got a story on buying collectable sneakers and how bots make that really hard to do, Joe has two stories with different spins on romance scams: one notes they are the most prevalent scams targeting older adults; and the second is about a group of Nigerian men preying on women through money scams, and our Catch of the Day comes from reddit user steev p (Steve P) about a benefit scam from an impersonated Facebook friend.
Links to stories:
Bots have made it nearly impossible to buy hyped up shoes. What if they could be stopped?
FTC warns of increase in romance scams, especially targeting older adults
Nigerian romance scam suspects targeted 100 women - FBI
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
UK Correspondent Carole Theriault returns with an interview with Paul, a spam analyst, Dave and Joe have some follow-up, Joe revisits NFTs with rug pull scams, Dave's story is about phishers using a symbol in place of the Verizon logo, and our Catch of the Day comes from listener Rafael in Spain about a Steam account takeover scam attempt his son experienced on Discord.
Links to stories:
Phishers Get Clever, Use Math Symbols for Verizon Logo
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Guest Marina Ciavatta CEO at Hekate talks with Dave about some of her social engineering and pen testing experiences, Dave's got a story is about getting your family to use a password manager, Joe's story is about NFTs (non-fungible tokens) and scams that have arisen around them, and our Catch of the Day is from listener William and it turns out Dave is in trouble with the IRS again on this one.
Links to stories:
How to Get Your Family to Actually Use a Password Manager
THE NFT SCAMMERS ARE HERE
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Guest Zach Schuler of NINJIO joins Dave to discuss measuring the effectiveness of awareness training, Joe's got a story about a school nurse who was scammed with a "Bank of America" Zelle transaction, Dave's story is about a phone scam a therapist received from a local "Sheriff's office," and our Catch of the Day is from Hacking Humans Senior producer Jennifer Eiben about some pricey potatoes and chocolate chip cookies she "ordered."
Links to stories:
School nurse falls victim to scam targeting Bank of America and Zelle customers
'He held me hostage with no gun but with his words': The phone scam gaslighting therapists
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Guest Chris Kirsch, DefCon 25 Social Engineering Capture The Flag winner and Co-Founder and Chief Executive Officer at Rumble, talks with our UK Correspondent Carole Theriault about his experience at the event, Dave's story is about scammers bypassing social engineering and going directly to pitch employees to install ransomware, Joe's got a story about travel scams he came across while planning a recent trip, our Catch of the Day comes from Reddit about some text messages which cause emotions to flare.
Links to stories:
Nigerian Threat Actors Skip Social Engineering, Make Direct Pitches to Employees To Install Ransomware on Company Networks
15 Common Travel Scams (And How To Avoid Them)
Catch of the Day links:
Guess I made the scammer angry?
He blocked me before I could really mess with him, unfortunately
Did I win?
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Guest Alex Hinchliffe, Threat Intelligence Analyst from Unit 42 at Palo Alto Networks joins Dave to talk about some of his team's ransomware research, Joe's story is about a new jury duty scam that is out there (hint, they will not call you on the phone), Dave's got a story about Microsoft rolling out passwordless login options, our Catch of the Day comes from a listener named Lucio who shared several social engineering ploys with us.
Links to stories:
Brand New Jury Duty Scam
You Can Now Ditch the Password on Your Microsoft Account
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Guest Etay Maor of Cato Networks joins Dave Bittner to discuss the impact that deepfakes will have on our society, we share some fun feedback on the Lightning Rod story edit, Dave's story talks about how some of the most successful and lucrative online scams employ a “low-and-slow” approach, Joe's story is about 2 Arkansas farmer that scammed investors out of money for wind turbines, but used it for houses, cars and Disney World, and our Catch of the Day is from an unnamed listener with a supposed iPhone invoice.
Links to stories:
Gift Card Gang Extracts Cash From 100k Inboxes Daily
Arkansas wind farmers claimed their technology was more efficient than turbines — then spent investors’ money on houses, cars and at Disney World
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Guest Gil Friedrich from Avanan joins Dave to discuss how collaboration platforms, like Microsoft Teams, Slack and others, opened up a new gateway to ransomware attacks, Joe's story comes from listener Matt shared as a COTD candidate that's a phishing scam, Dave's got a story about China and Russia trying to turn your employees into spies, and our Catch of the Day comes from a listener named Iain with a timely story "from" Afghanistan.
Links to stories:
Guarding Against the Chinese Domain Name Email Scam
The FBI’s warning to Silicon Valley: China and Russia are trying to turn your employees into spies
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Note: Microsoft is a sponsor of the CyberWire, however, we cover them as we would any other company.
Guest Javvad Malik from KnowBe4 shares his thoughts on bad security training with the CyberWire's UK correspondent Carole Theriault, Dave's story is about deepfake technology being used for business cases, Joe's gives a synopsis of Proofpoint's most recent State of the Phish report, our very first Catch of the Day about Discord comes from a listener named Henning.
Links to stories:
Deepfakes Are Now Making Business Pitches
Proofpoint's 2021 State of the Phish Report
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Guest Brandon Hoffman from Intel 471 joins Dave to talk about how cybercriminals are going after large retail and hospitality companies, Joe shares some advice for college students to avoid scams and ID theft, Dave got an edit to the tale of the lightning rod, our Catch of the Day comes from listener Shannon who received a beneficiary scam email.
Links to stories:
BBB Scam Alert: 6 Scams for College Students to Avoid
BBB Tip: 9 Tips for college students to avoid ID theft
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Guest Jann Yogman, entertainment industry veteran and writer of Mimecast Awareness Training, joins Dave to share his thoughts on the ransomware epidemic and the cybersecurity awareness training problem, Joe's got a story about scams targeting families eligible for the IRS' child tax credit, Dave's story is about scams and fraud experienced by US military veterans, personnel, and their families, our Catch of the Day comes from listener Sawyer Dicky on Reddit who insists he's not the right guy.
Links to stories:
IRS warns of child tax credit scams
US military personnel lost over $822 million to scams since 2017
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Guest Andrew Rubin, CEO and co-founder of Illumio, joins Dave to discuss Zero Trust, Dave and Joe share some follow-up from several listeners including one with a variation on prison pen pals we discussed some time ago and some advice on Dave's Google Authenticator issue he mentioned last week, Dave's story is about non-delivery scams, Joe's got a story on Imperial Kitten doing some catphishing, and our Catch of the Day comes from listener Timothy about with a sextortion campaign.
Links to stories:
5 reasons non-delivery scams work
I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Guest Darren Shou, Chief Technology Officer of NortonLifeLock, shares insight on some of the scams he and his colleagues have been tracking, Joe and Dave share some follow up from listener Robert about free learning resources, Joe's story comes from listener Sedric who is new to real estate Investing and was looking for a hard money loan, rather than a story, Dave continues the conversation on passwords and multi-factor authentication with comments from listener Coinsigliere, and our Catch of the Day, well "catches" of the day since we have two, include one from Pryce on a smishing scam and the second from Ronald with a subscription email scam..
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Guest Dr. Charles Chaffin, author of the book "Numb: How the Information Age Dulls Our Senses and How We Can Get them Back," joins Dave this week, we have some listener follow up from John with a tip on ATM security, Dave's got a two-fer this week including a useful site called www.shouldiclick.org and a Twitter report on multi-factor authentication thanks Rachel Tobac for calling our attention to it, Joe's story is from Microsoft on trends in tech support scams, and our Catch of the Day is from a listener on Twitter called @DoNoEvilMan about a payout from the Federal Reserve via the FBI.
Links to stories:
Should I click or not?
Twitter Account Security report
Tech support scams adapt and persist in 2021, per new Microsoft research
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Guest Gil Friedrich from Avanan joins Dave to talk about how bad actors are infiltrating organizations using collaboration apps, we have two pieces of listener follow up from Michael and Tobias, Joe has a story about fake information, Dave's story is about message spam on LinkedIn, and our Catch of the Day is from a listener named Lucio with a questionable Reddit communication.
Links to stories:
Propaganda as a Social Engineering Tool
Annoying LinkedIn Networkers Actually Russian Hackers Spreading Zero-Days, Google Says
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Guest Kurtis Minder from GroupSense joins Dave to discuss divergent ransomware trends, the guys have a listener reminder about it being CompTIA, Joe, Dave has a story about a coupon scam in the Houston area, Joe's story is about a real estate rental scam and a scammer who likes to talk about his work, and our Catch of the Day is from a listener named Craig with an email about an unprofessional colleague and a questionable attachment.
Links to stories:
A ‘dark-side coupon group’ scammed stores out of millions, police say. ‘They were just going through the ink.’
Housing scams abundant in Jackson. This scammer is proud of it
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Download from Google Play
Download from App Store
United States
The app lock for iOS is somehow quite different from the process used to lock apps on Android devices. The use of a password lock app in iOS and setting time limits for apps is used to lock apps on iOS.
Awesome podcast, learn new things without it being boring. Love the catch of the week!
puppy
Love this podcast! Keep erm coming!!!