Hacking Humans

From the intrusion kill-chain model, the delivery of a “lure” via a text message to a potential victim by pretending to be some trustworthy person or organization in order to trick the victim into revealing sensitive information. Smishing is a portmanteau word made of two other words, the acronym “SMS” and the cyber coinage “Phishing“. It’s a text-message-centric variation of the email-based phishing scams that have been around since the 1990s. The term “Smishing” arose in the late 2000s. 

Aaron Walton, Threat Intel Analyst from Expel is discussing some things to look out for in 2024. Joe and Dave share some listener follow up from Mateusz, who shares some positive news with us. Dave's story is about a romance scammer coming clean after failing to woo CBS News reporter, Erica Johnson. Joe's story is on the latest decision from the FCC, and how they voted to ban scam robocalls that use AI-generated voices. Our catch of the day comes from listener Chuck, just in time for tax season, he warns against a phishing scam he received about his taxes. Links to the stories: Romance scammer reveals how he tricks women after failing to fool Go Public reporter FCC votes to ban scam robocalls that use AI-generated voices Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

A network switch configuration setting that forwards a copy of each incoming and outgoing packet to a third switch port. Also known as SPAN or Switched Port Analyzer, RAP or Roving Analysis Port, and TAP or Test Access Point. When network managers and security investigators want to capture packets for analysis, they need some sort of generic TAP or Test Access Point. You can buy specialized equipment for this operation but most modern switches have this capability built in. 

This week, we are joined by host of N2K's T-Minus Space Daily podcast, Maria Varmazis, she sits down with Joe and Dave to discuss sextorion materials that were found on popular social media apps such as, TikTok, Instagram, Snapchat and YouTube. Joe and Dave share quite a bit of follow up, Joe starts with an anonymous listener writing in sharing their story on gift card scams. Dave shares another anonymous listeners comments, sharing about what they think of Andy Cohen going public on how he got scammed. Finally, Joe and Dave hear from a listener by the name of "The Computrix," who says they need to defend Walmart. Dave share's his story about the most common phishing email themes of 2023. Joe's got the story of ransomware not being paid the same way as it used to be by companies, and share the two different angles on that. Our catch of the day comes from listener William, who writes in with a phishing scam that caught his eye. Links to the stories: Sextortion training materials found on TikTok, Instagram, Snapchat and YouTube, according to new report Most Common Phishing Email Themes of 2023 Companies aren’t paying ransoms like they used to New Ransomware Reporting Requirements Kick in as Victims Increasingly Avoid Paying FBI: Scammers Are Sending Couriers to Collect Cash From Victims You can hear more from the T-Minus space daily show here.Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

A reflection or amplification distributed denial-of-service attack in which hackers query Internet network time protocol servers, NTP servers for short, for the correct time, but spoof the destination address of their target victims.

Jaeson Schultz, Technical Leader from Cisco Talos, is discussing "Spammers abuse Google Forms’ quiz to deliver scams." Dave's story discusses the disturbing new trick up a scammers sleeve to get you to fall for their schemes. Joe has two stories this week, the first a warning to those who pick up scammers phone calls and what that can lead to after gaining access to your voice. Joe's second story follows a band of organized thieves and how they have been targeting high-end homes across Metro Detroit. Our catch of the day comes from listener Van, who writes in to share a fun catch from a scammer who left a voicemail. Links to the stories: Spammers abuse Google Forms’ quiz to deliver scams Scammers are stealing people's faces for live video calls All it takes is one sentence for AI to clone your voice Expert says alleged recording of racist, antisemitic rant by Pikesville High principal could be fake Videos: Organized crews smash glass, use jammers to break into high-end Metro Detroit homes Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

From the intrusion kill-chain model, the delivery of a “lure” via a text message to a potential victim by pretending to be some trustworthy person or organization in order to trick the victim into revealing sensitive information. Smishing is a portmanteau word made of two other words, the acronym “SMS” and the cyber coinage “Phishing“. It’s a text-message-centric variation of the email-based phishing scams that have been around since the 1990s. The term “Smishing” arose in the late 2000s. 

Topics include a USPS phishing campaign using freemium dynamic DNS and SaaS providers, follow-ups on previous episodes, Walmart's relaxed security methods, scammers using Taylor Swift's face, and the hosts' analysis of a suspicious email. They also discuss avoiding scams on Facebook, Walmart's role in a money laundering scam, protecting from holiday phishing scams, and the importance of secure communication channels.

A network switch configuration setting that forwards a copy of each incoming and outgoing packet to a third switch port. Also known as SPAN or Switched Port Analyzer, RAP or Roving Analysis Port, and TAP or Test Access Point. When network managers and security investigators want to capture packets for analysis, they need some sort of generic TAP or Test Access Point. You can buy specialized equipment for this operation but most modern switches have this capability built in. 

This week we are joined by the host of T-Minus, N2Ks very own Maria Varmazis brings her own story and discusses with Dave and Joe. We start off with Joe, and he brings in the story of Andy Cohen and how he fell victim to a credit card scam and shares what he had learned through the experience. Maria shares Arctic Wolf Labs' story and how they have investigated several cases of Royal and Akira ransomware victims being targeted in follow-on extortion attacks dating back to October of 2023. Lastly, Dave shares his story warning YouTube users about videos promoting cracked software that is distributing Lumma Stealer. Our catch of the day comes from listener Jon, he shares and email that had made it through his spam filter. You can hear more from the T-Minus space daily show here.Links to the stories: Exclusive: Andy Cohen fell victim to a credit card scam. Here's what he learned Follow-On Extortion Campaign Targeting Victims of Akira and Royal Ransomware Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.