Hacking Humans

The manipulation of search engine optimization, SEO, to promote malicious sites in search engine results.CyberWire Glossary link: https://thecyberwire.com/glossary/search-engine-optimization-poisoningAudio reference link: Brown, B.E., 2021. The Ending Of The Waldo Moment Explained [Video]. YouTube. URL https://www.youtube.com/watch?v=HsWja44-EMg.

Bala Kumar of Jumio joins to discuss how travel companies can combat the exponential rise in fraud and ensure their traveler is who they say they are. Dave and Joe share some listener follow up, with the first from Matt, who writes in with a strange Dick's Sporting Goods story about gift cards and credit cards. Our second follow up comes from listener King, who writes in regarding the QR discussion in episode 243. Dave's story follows how almost every US state has sued a telecom company after being accused of routing billions of illegal robocalls to millions of US residents on the do not call list. Joe's story is about a family losing $730,000 in a wire fraud scam, but with a twist ending. Our catch of the day comes from listener William, who writes in with an email laced with so much fraud, Gmail didn't even want Joe to open it to read it for this episode.Links to stories: 48 states sue phone company that allegedly catered to needs of robocallers Family loses $730K in wire fraud scam — and gets it all back Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A passwordless authentication protocol based on the FIDO2 standard.CyberWire Glossary link: https://thecyberwire.com/glossary/passkeyAudio reference link: Summers, J., 2023. Google Passkeys Have Arrived (here’s how to use them) [All Things Secured Channel]. YouTube. URL https://www.youtube.com/watch?v=oFO7JgUx-bU.

The practice of crafting a fake online persona for malicious purposes.CyberWire Glossary link: https://thecyberwire.com/glossary/catfishAudio reference link: netbunny, 2013. Catfish - The Movie - Ending Scene [Movie Scene]. YouTube. URL https://www.youtube.com/watch?v=qR_NIN6zy0U

Nick Percoco from Kraken sits down to discuss the human factor of crypto scams, including going over common red flags and what to do when a third party is exerting pressure that taps into a human emotions. Listener Sean writes in with some follow up to discuss the increase in AI scams and if people would be more likely to talk about falling for these scams as AI becomes better and better. An anonymous listener also reached out with some follow up regarding there experience with corporate ID theft. Joe's story follows the report on "dark patterns," and what they are. Dave's story is on people who got hired as customer service reps, but instead helped lure in lonely and lovestruck through a network of dating and hookup sites. Our catch of the day comes from listener Gareth who shares his catch of a phishing scheme from the "NSA."Links to stories: Guide to Dark Patterns – Terms and examples from the CCPA and the CPA Bringing Dark Patterns to Light This Is Catfishing on an Industrial Scale Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A type of phishing attack that uses QR codes as the lure.CyberWire Glossary link: https://thecyberwire.com/glossary/qr-code-phishingAudio reference link: KNR, 2018. Batman The Dark Knight Joker bomb blast by phone calls scene [Video]. YouTube. URL https://www.youtube.com/watch?v=qB_fXfzB4z0.

Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn and join us for some fantastic scams and frauds.Links to this episode's clips if you'd like to watch along: Dave's clip from the movie Out of Sight Rick's clip from the movie The Thomas Crown Affair

Our guest, Mark Kapczynski from OneRep, joins Dave to discuss what consumers should know about data privacy. Listener Jon writes in to the show with some follow-up with some thoughts on tap interface. Another anonymous listener wrote into the show discussing ethical hacking. Dave's story is on fake QR codes and how people are getting scammed out of money after receiving a fake QR code parking ticket survey. Joe's story follows an attempted attack at Dragos and what they didn't get. Our catch of the day comes from listener Richard who writes in with a fun scam he caught from the "Marine Corps."Links to stories: QR codes used in fake parking tickets, surveys to steal your money Deconstructing a Cybersecurity Event Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Definition one: The recognition of a set of repeatable attack patterns across the intrusion kill chain.Definition two: Determining the responsibility for offensive cyber operations.CyberWire Glossary link: https://thecyberwire.com/glossary/attributionAudio reference link: Nunnikhoven, M., 2018. Cybersecurity Basics #9 - Attack Attribution [Video]. YouTube. URL www.youtube.com/watch?v=rlyMz5jN_Vs

Our guest, CW Walker, Director of Security Product Strategy at SpyCloud, joins to discuss post-infection remediation and ransomware defense. Joe compliments one of his least favorite big tech companies. Joe and Dave share quite a bit of follow-up; one from listener Clayton who writes in about “fast idiots” from a previous episode. The other is from listener Robert, who writes in about the wallet versus smart phone debate, and which is safer. Joe shares a few stories this week, all regarding ATM scams and lost or stolen credit cards including his own sons ATM nightmare. Dave's scary story is on the latest hot topic in the cyber industry: AI, and how families are being scammed by believable voice AI to sound like loved ones. Listener Michael shares this week's catch of the day on an IRS scam he came across in his email.Links to stories: Chase Bank didn't believe customers with accounts drained by ATM 'tap' feature scam Lost or Stolen Credit, ATM, and Debit Cards Family targeted by AI scam using loved one’s voice Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.