Hacking Humans

A type of cyber attack where an attacker sends a targeted and personalized email or other form of communication to a specific individual or a small group of individuals with the intention of tricking them into divulging sensitive information, such as a password, or convincing them to click a malicious link that will enable the attacker to take control of the victim's machine.CyberWire Glossary link: https://thecyberwire.com/glossary/spearphishingAudio reference link: Richardson, T., 2014. What is the difference between phishing and spear-phishing? [Video]. YouTube. URL www.youtube.com/watch?v=Wpx5IMduWX4.

Josh Yavor, CISO at Tessian, joins Dave to discuss a new report they released on cyber mistakes and why employees make them. Joe and Dave share a listener follow-up from Jon, who writes in about mental illness, a serious epidemic taking over the nation. Jon shares interesting tidbits on social media linking to mental illness and the impact it's creating. Dave's story is on hackers trying an old trick with new mechanics: impersonating well known companies. This time, hackers are posing as Quickbooks. Joe's story describes how LinkedIn users are being targeted yet again. These fraudsters are now creating significant threats to users, according to the FBI. Finally, our catch of the day comes from listener Jennifer, who writes in and shares her story of a scammer using SMS to tell her that her Venmo account was hacked, even though she does not have one.Links to stories: Sending Phishing Emails from QuickBooks FBI says fraud on LinkedIn a ‘significant threat’ to platform and consumers Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter

The ability to continuously deliver the intended outcome despite adverse cyber events.CyberWire Glossary link: https://thecyberwire.com/glossary/resiliencyAudio reference link: Cameron, J., 1984. The Terminator [Movie]. IMDb. URL www.imdb.com/title/tt0088247/.Clip Nation, 2012. The Arnold Schwarzenegger “I’ll Be Back” Supercut [Video]. YouTube. URL www.youtube.com/watch?v=-YEG9DgRHhA.Coops, C., 2013. Terminator 2 Theme [Video]. YouTube. URL www.youtube.com/watch?v=pVZ2NShfCE8.

This week, Carole Theriault, CW UK correspondent, sits down with Cisco Talos' Vanja Svacjer discussing if the security industry is ready for AI. Joe and Dave share some follow up regarding a new term, "yahoo boy" after reading it in an article. Joe's follows a story about a scam where five mastermind business men were able to scam ordinary investors out of a billion dollars. Dave's story is on a basic iPhone feature that is helping criminals steal your entire digital life. Our catch of the day comes from William who writes in about an email he received from "Bob William" who shares that he works at a law firm and one of his clients has an insurance policy where his client did not write a will. Bob wants to share the amount of $12,820,000 with charity and then split the rest of the funds.Links to stories: On the hunt for the businessmen behind a billion-dollar scam A Basic iPhone Feature Helps Criminals Steal Your Entire Digital Life Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A centralized facility or team responsible for monitoring, detecting, analyzing, and responding to cybersecurity incidents within an organization.CyberWire Glossary link: https://thecyberwire.com/glossary/security-operations-centerAudio reference link: AT&T Tech Channel, 2012. A tour of AT&T’s Network Operations Center (1979) [Video]. YouTube. URL www.youtube.com/watch?v=cigc3hvMyWw.

This week, our guests are Jean Lee and Geoff White from BBC and the Lazarus Heist talking about what is coming up in Season 2 of their show and how the Lazarus Group is evolving. Joe briefly discusses Generative AI before going into his stories for this week. Joe's first story comes from Lauren Jackson from WBRC who writes in with a disturbing tire scam causing businesses to lose thousands. Joe's second story is from David Sentendrey from KDFW, who shares a story about a woman who fell victim to a romance scam loosing $75,000. Daves story follows a casino scam in Colorado, which was the largest heist in the states history. Our catch of the day comes from listener Morten who received a confusing message regarding an inheritance payment fund.Links to stories: Cullman Police warn of returning scam that has local businesses out thousands of dollars Woman who lost $75K in worldwide online romance scam warning others of the danger Black Hawk casino heist is largest in Colorado history Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Defensive cyber operations carried out by U.S. Cyber Command's Cyber National Mission Force, CNMF at the request of allied nations.CyberWire Glossary link: https://thecyberwire.com/glossary/hunt-forward-operationAudio reference link: Paul Nakasone, G., 2022. Vanderbilt Summit Keynote [Video]. YouTube. URL www.youtube.com/watch?v=Axg4s9l9wi0.

Paul Dant, Illumio's Senior Director for Cybersecurity Strategy and Research, is sharing how his history as a child hacker informed his thinking today. Joe and Dave share some listener follow up from Anthony, who writes in about a scam from the app Nextdoor, regarding scammers trying to upgrade Xfinity customers using their computers rather than the usual method, which throws up red flags. Dave's story this week follows a principal from a Florida science and technology charter school who mistakenly wrote a check for $100,000 to an Elon Musk impersonator. Joe's story is on email compromise, and the increase we have seen in the last several months, including an "increase in ‘novel social engineering attacks’ across thousands of active Darktrace/Email customers from January to February 2023." Our catch of the day comes from listener JP, who writes in regarding a suspicious looking email they received from "Norton" saying they will increase the price of their service being used.Links to stories: School principal resigns after writing $100,000 check to Elon Musk impersonator Tackling the Soft Underbelly of Cyber Security – Email Compromise Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The invisible force that governs the movement of data across networks.Audio reference link: “Things to Come 1936 - HG Wells.” YouTube, YouTube, 28 Sept. 2011, https://www.youtube.com/watch?v=atwfWEKz00U. 

Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn and join us for some fantastic scams and frauds.Links to this episode's clips if you'd like to watch along: Dave's clip from the movie The Princess Bride Rick's clip from the movie Now You See Me 2