Hacking Humans

A cyber threat intelligence analysis model that defines relationship pairs between four core components in the shape of a diamond of adversary playbook activity across the intrusion kill chain: the adversary, their capability, the infrastructure used or attacked, and the victim.CyberWire Glossary link: https://thecyberwire.com/glossary/diamond-model Audio reference link: “Diamond Presentation v2 0: Diamond Model for Intrusion Analysis – Applied to Star Wars’ Battles,” Andy Pendergrast and Wade Baker, ThreatConnect, YouTube, 4 February 2020.

Guest Sean Gallagher, Principal Researcher with Sophos Xops team, joins us to discuss "'FleeceGPT' mobile apps target AI-curious to rake in cash. Joe shares some listener feedback from Jon about "No Stupid Questions" podcast. Dave's story is from Reddit about a free piano scam. Joe's got a story on a woman pleading with her bank to stop a fake wire transfer, but they were too busy. Our Catch of the Day comes from Rob about a fake student loan help ticket.Links to stories: “FleeceGPT” mobile apps target AI-curious to rake in cash Just ran into the most sophisticated "free piano" scam I've ever seen Wells Fargo bankers tell East Bay customer they're too busy to stop wire scam Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A US Department of Homeland Security agency tasked with supporting cyber and physical security for US critical infrastructure.CyberWire Glossary link: https://thecyberwire.com/glossary/cybersecurity-and-infrastructure-security-agencyAudio reference link: CISA, 2021. CISA Director Jen Easterly’s Keynote at Black Hat USA 2021 [Video]. YouTube. URL https://www.youtube.com/watch?v=q7bu-L-m4K4.

Unsolicited, unwanted, and sometimes malicious electronic messages indiscriminately transmitted to a large number of people.CyberWire Glossary link: https://thecyberwire.com/glossary/spamAudio reference link: zumpzump, 2007. Monty Python - Spam [Video]. YouTube. URL https://www.youtube.com/watch?v=anwy2MPT5RE.

Toby Pischl, Head of Information & Email Security at Broadcom, sits down with Dave to discuss how Slack and Microsoft Teams phishing is an open door into businesses. Joe and Dave share some follow up regarding a case of a woman claiming to have cancer to receive over $37,000 from donors on GoFundMe. Joe has the terrible story out of Michigan where a high schooler committed suicide after a sextortion scam. Dave has a story on job seekers around the country and how likely they are to fall for a job scam. Our catch of the day comes from listener Albert, who writes in regarding the German phishing emails he keeps receiving.Links to stories: Madison Russo pleads guilty to theft in cancer scheme High school football player Jordan DeMay driven to suicide after Nigerian sextortion scam, anguished family reveals Michigan family sounds alarm on son's 'sextortion' suicide after arrests of 3 Nigerian men Three Nigerian Men Awaiting Extradition For Committing Sexual Extortion 1 in 3 Recent Job Seekers Have Been Tricked Into Applying for a Fake Job Scam Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A US Department of Homeland Security agency tasked with supporting cyber and physical security for US critical infrastructure.CyberWire Glossary link: https://thecyberwire.com/glossary/cybersecurity-and-infrastructure-security-agencyAudio reference link: CISA, 2021. CISA Director Jen Easterly’s Keynote at Black Hat USA 2021 [Video]. YouTube. URL https://www.youtube.com/watch?v=q7bu-L-m4K4.

This week, Jeremy Fuchs from Avanan joins Dave to discuss how hackers are using replier attacks. Replier attacks are attacks in which hackers change the reply-to address to send emails from what appears to be a reputable company, when in reality it's a spoofed account. Joe and Dave share some follow up from listeners Wayne who writes in with some comments on episode 245, and listener Michael, who writes about his first ChatGPT experience. Dave's story follows the alarming new trend happening, where sextortionists are making AI nudes from people's social media images. Joe's story uncovers the social engineering trick hackers use from their personal scammers handbook. Our catch of the day comes from listener Tim, who shares a message from a "dear friend."Links to stories: Sextortionists are making AI nudes from your social media images Offbeat Social Engineering Tricks in a Scammer’s Handbook Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The act of searching through an organization's trash for discarded sensitive material. CyberWire Glossary link: https://thecyberwire.com/glossary/dumpster-divingAudio reference link: “Better Call Saul jimmy digs in the Sandpiper trash scene,” uploaded by Robert Bowersock, 18 September 2022.

Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn and join us for some fantastic scams and frauds.Links to this episode's clips if you'd like to watch along: Dave's clip from the movie: Ocean's 8 Rick's clip from the movie: Avengers Endgame

This week, our CyberWire UK Correspondent Carole Theriault is talking with Paul Ducklin from Sophos about where ChatGPT could be going in the future. Joe and Dave share quite a bit of follow up from listeners, discussing several people writing in about dating apps and the men who use them, along with a question from listener Bryan who asks about an email scheme an intern working for his company received. Joe's story hones in on AI, discussing in particular how artificial intelligence is changing the social engineering game forever. Dave has the story on how hackers hide malicious links within pictures to redirect users to phishing sites. Our catch of the day comes from listener Cyrus, who shares an email they received about benefits with a hilarious twist.Links to stories: How AI Is Changing Social Engineering Forever The Picture in Picture Attack Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.