Hacking Humans

The art of convincing a person or persons to take an action that may or may not be in their best interests. Social engineering in some form or the other has been around since the beginning of time. The biblical story of Esau and Jacob might be considered one of the earliest written social engineering stories. As applied to cybersecurity, it usually involves hackers obtaining information illegitimately by deceiving or manipulating people who have legitimate access to that information. Common tactics involve phishing attacks and watering hole attacks.

Dov Lerner discusses how inflation hasn't affected the Dark Web and the impact of cryptocurrency cratering. Scammers tricking an elderly woman to steal her PIN and other information. Protecting against AiTM phishing techniques. Common WhatsApp scams and how to avoid them. Listener's story about being owed 1 million dollars email scam.

The podcast discusses the Joint Cyber Defense Collaborative (JCDC), a public-private initiative aiming to unite global cyber defenders and enhance cyber security. It explores the organization's goals, achievements, and concerns raised about the necessity of another information sharing entity. It also mentions the team behind Word Notes and their sponsor, N2K.

This week our guest is, Sam Crowther, Kasada CEO, he's sharing his team's findings on "Stolen Auto Accounts: The $2 Price Tag on Your Car’s Identity." Joe and Dave share some listener follow up from Steve who writes in sharing an email he thought to be a scam, but turned out it was real. Listener Derek writes in with a question regarding AI and phishing emails. Joe's story comes from Proofpoint as they share their 2023 State of the Phish report. Dave's story follows an email that was sent out saying that the receiver has had a sexually explicit video leaked to an adults-only website, and to remove the video in question from the site, the receiver can send $200. Our catch of the day comes from listener Tony who writes in to share an email he and his school received claiming that the person who sent the email found pornographic material on the schools website.Links to follow-up and stories: 2023 State of the Phish Yikes! My sex video has been uploaded to YouPorn, apparently Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The process of evaluating the security of a system or network by simulating an attack on it. Sometimes called "ethical hacking" or white hat hacking. The phrase started to appear in U.S. military circles in the mid 1960s as time sharing computers became more necessary for daily operations. Computer security experts from Rand Corporation began describing computer compromises as “penetrations.” By the early 1970s, government leaders formed tiger teams of penetration testers to probe for weaknesses in various government systems.

Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn and join us for some fantastic scams and frauds.Links to this episode's clips if you'd like to watch along: Dave's clip from the movie: Matchstick Men Rick's clip from the movie: Mr. Robot

This week our guest is, John Hammond from Huntress and he sits down to talk about spoofing and evasion techniques used by hackers. Dave and Joe share a bit of follow up, including a question form listener John who writes in asking about a passkey discussion in the last episode. Joe has a story from Reddit this week, where someone posted about a dispute they are having with their wedding caterer, where the company is saying the couple still owes them over $5,000 after the wedding has happened for umbrellas, the person posting wants to know what they should do about this argument. Dave's story is from Retool, where they are warning customers after an employee of theirs fell victim to a phishing scheme through SMS. Our catch of the day comes from the University of Alabama department of engineering, where the receiver of a suspicious looking email is being "sued" after owing $300 and not paying it back.Links to follow-up and stories: Accelerating the Availability of Simpler, Stronger Passwordless Sign-Ins When MFA isn't actually MFA Wedding caterer charging us $5,000 post-wedding for their accountant’s error Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Tools that automate the identification and remediation of cloud misconfigurations. CyberWire Glossary link: https://thecyberwire.com/glossary/cloud-security-posture-managementAudio reference link: Josh Whedon. 2005. Serenity [Movie]. IMDb. URL https://www.imdb.com/title/tt0379786/

Andrew Hendel, CEO at Marshmallo, joins to share tips to safeguard your feelings and identity in the online dating world. Dave and Joe share some listener follow up from Gareth, who writes in to discuss strange emails he has been receiving. Dave's story follows a woman who was spared jail time after being manipulated by hackers into money laundering. Joe's story is from listener Doug who wrote in to the show to talk about the site he is in charge of and discusses a website he uses called "Buy me a coffee," where his viewers can buy him a coffee, and how he has been experiencing some weird instances with the payment methods of that website. Our catch of the day comes from listener Brandyon who shares an interesting way he was offered to make $600 a week.Links to follow-up and stories:Woman 'manipulated' by hackers into money launderingHave a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

An electro-mechanical device used to break Enigma-enciphered messages about enemy military operations during the Second World War. The first bombe–named Victory and designed by Alan Turning and Gordon Welchman– started code-breaking at Bletchley Park on 14 March 1940, a year after WWII began. By the end of the war, five years later, almost 2000, mostly women, sailors and airmen operated 211 bombe machines in the effort. The allies essentially knew what the German forces were going to do before the German commanders in the field knew. Historians speculate that the effort at Bletchley Park shortened the war by years and estimate the number of lives saved to be between 14 and 21 million.