Hacking Humans

Our guest, Mark Kapczynski from OneRep, joins Dave to discuss what consumers should know about data privacy. Listener Jon writes in to the show with some follow-up with some thoughts on tap interface. Another anonymous listener wrote into the show discussing ethical hacking. Dave's story is on fake QR codes and how people are getting scammed out of money after receiving a fake QR code parking ticket survey. Joe's story follows an attempted attack at Dragos and what they didn't get. Our catch of the day comes from listener Richard who writes in with a fun scam he caught from the "Marine Corps."Links to stories: QR codes used in fake parking tickets, surveys to steal your money Deconstructing a Cybersecurity Event Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Definition one: The recognition of a set of repeatable attack patterns across the intrusion kill chain.Definition two: Determining the responsibility for offensive cyber operations.CyberWire Glossary link: https://thecyberwire.com/glossary/attributionAudio reference link: Nunnikhoven, M., 2018. Cybersecurity Basics #9 - Attack Attribution [Video]. YouTube. URL www.youtube.com/watch?v=rlyMz5jN_Vs

Our guest, CW Walker, Director of Security Product Strategy at SpyCloud, joins to discuss post-infection remediation and ransomware defense. Joe compliments one of his least favorite big tech companies. Joe and Dave share quite a bit of follow-up; one from listener Clayton who writes in about “fast idiots” from a previous episode. The other is from listener Robert, who writes in about the wallet versus smart phone debate, and which is safer. Joe shares a few stories this week, all regarding ATM scams and lost or stolen credit cards including his own sons ATM nightmare. Dave's scary story is on the latest hot topic in the cyber industry: AI, and how families are being scammed by believable voice AI to sound like loved ones. Listener Michael shares this week's catch of the day on an IRS scam he came across in his email.Links to stories: Chase Bank didn't believe customers with accounts drained by ATM 'tap' feature scam Lost or Stolen Credit, ATM, and Debit Cards Family targeted by AI scam using loved one’s voice Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A type of cyber attack where an attacker sends a targeted and personalized email or other form of communication to a specific individual or a small group of individuals with the intention of tricking them into divulging sensitive information, such as a password, or convincing them to click a malicious link that will enable the attacker to take control of the victim's machine.CyberWire Glossary link: https://thecyberwire.com/glossary/spearphishingAudio reference link: Richardson, T., 2014. What is the difference between phishing and spear-phishing? [Video]. YouTube. URL www.youtube.com/watch?v=Wpx5IMduWX4.

Josh Yavor, CISO at Tessian, joins Dave to discuss a new report they released on cyber mistakes and why employees make them. Joe and Dave share a listener follow-up from Jon, who writes in about mental illness, a serious epidemic taking over the nation. Jon shares interesting tidbits on social media linking to mental illness and the impact it's creating. Dave's story is on hackers trying an old trick with new mechanics: impersonating well known companies. This time, hackers are posing as Quickbooks. Joe's story describes how LinkedIn users are being targeted yet again. These fraudsters are now creating significant threats to users, according to the FBI. Finally, our catch of the day comes from listener Jennifer, who writes in and shares her story of a scammer using SMS to tell her that her Venmo account was hacked, even though she does not have one.Links to stories: Sending Phishing Emails from QuickBooks FBI says fraud on LinkedIn a ‘significant threat’ to platform and consumers Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter

The ability to continuously deliver the intended outcome despite adverse cyber events.CyberWire Glossary link: https://thecyberwire.com/glossary/resiliencyAudio reference link: Cameron, J., 1984. The Terminator [Movie]. IMDb. URL www.imdb.com/title/tt0088247/.Clip Nation, 2012. The Arnold Schwarzenegger “I’ll Be Back” Supercut [Video]. YouTube. URL www.youtube.com/watch?v=-YEG9DgRHhA.Coops, C., 2013. Terminator 2 Theme [Video]. YouTube. URL www.youtube.com/watch?v=pVZ2NShfCE8.

This week, Carole Theriault, CW UK correspondent, sits down with Cisco Talos' Vanja Svacjer discussing if the security industry is ready for AI. Joe and Dave share some follow up regarding a new term, "yahoo boy" after reading it in an article. Joe's follows a story about a scam where five mastermind business men were able to scam ordinary investors out of a billion dollars. Dave's story is on a basic iPhone feature that is helping criminals steal your entire digital life. Our catch of the day comes from William who writes in about an email he received from "Bob William" who shares that he works at a law firm and one of his clients has an insurance policy where his client did not write a will. Bob wants to share the amount of $12,820,000 with charity and then split the rest of the funds.Links to stories: On the hunt for the businessmen behind a billion-dollar scam A Basic iPhone Feature Helps Criminals Steal Your Entire Digital Life Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A centralized facility or team responsible for monitoring, detecting, analyzing, and responding to cybersecurity incidents within an organization.CyberWire Glossary link: https://thecyberwire.com/glossary/security-operations-centerAudio reference link: AT&T Tech Channel, 2012. A tour of AT&T’s Network Operations Center (1979) [Video]. YouTube. URL www.youtube.com/watch?v=cigc3hvMyWw.

This week, our guests are Jean Lee and Geoff White from BBC and the Lazarus Heist talking about what is coming up in Season 2 of their show and how the Lazarus Group is evolving. Joe briefly discusses Generative AI before going into his stories for this week. Joe's first story comes from Lauren Jackson from WBRC who writes in with a disturbing tire scam causing businesses to lose thousands. Joe's second story is from David Sentendrey from KDFW, who shares a story about a woman who fell victim to a romance scam loosing $75,000. Daves story follows a casino scam in Colorado, which was the largest heist in the states history. Our catch of the day comes from listener Morten who received a confusing message regarding an inheritance payment fund.Links to stories: Cullman Police warn of returning scam that has local businesses out thousands of dollars Woman who lost $75K in worldwide online romance scam warning others of the danger Black Hawk casino heist is largest in Colorado history Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Defensive cyber operations carried out by U.S. Cyber Command's Cyber National Mission Force, CNMF at the request of allied nations.CyberWire Glossary link: https://thecyberwire.com/glossary/hunt-forward-operationAudio reference link: Paul Nakasone, G., 2022. Vanderbilt Summit Keynote [Video]. YouTube. URL www.youtube.com/watch?v=Axg4s9l9wi0.