Hacking Humans

Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn and join us for some fantastic scams and frauds.Links to this episode's clips if you'd like to watch along: Dave's clip from the television show Better Call Saul. Rick's clip from the movie The Lady Eve.

Guest Giulia Porter, Vice President of RoboKiller, discusses their mid-year report on phone scams. Following that phone scam line, Dave has a story about the international takedown of online crimeware that spoofed caller ID with a service called iSpoof. Dave notes there are some helpful tips for scams related to caller ID included in the article. Joe talks about news on social media (note: Joe's stance is: DO NOT get your news on social media). He talks about several pieces he found on leadstories.com while doing research for an article about news on social media. Joe shares some examples from the website. Our Catch of the Day listener Povilas with a funny phish about a green product.Links to stories: Voice-scamming site “iSpoof” seized, 100s arrested in massive crackdown Leadstories.com Blue Feed Fact Check: White House Did NOT Pick 'Satan Worshipper' to 'Oversee American Health' Fact Check: COVID-19 Nasal Test Swabs Do NOT Contain DARPA Hydrogel That Causes Recipients To Be Remotely Controlled Red Feed Fact Check: Donald Trump Does NOT Get A Tax Break For His Golf Course Because Ivana Trump Is Buried There Fact Check: Ben Shapiro The Commentator Did NOT Receive PPP Loan -- That Was A Different Guy Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A social engineering technique in which a threat actor poses as a trusted person or entity in order to trick the victim into disclosing information or performing an action that benefits the attacker.CyberWire Glossary link: https://thecyberwire.com/glossary/pretextingAudio reference link: “Batch Pin Hurt Charlize Theron Skin | the Italian Job (2003) Movie Scene.” YouTube, YouTube, 22 Nov. 2016. 

This week, Carole Theriault is interviewing DEFCON Black Badge holder Chris Kirsch from RunZero on the recent DEFCON 30 vishing competition. Dave and Joe share some listener follow up from 3 different listeners, who share stories on disposable email addresses, as well as a little insight on a Best Buy scam mentioned in a previous episode. Joe's story is on gaming companies and whether or not they have to stoop down to stemming growth in cheats, hacks, and other types of fraud to keep customers coming back. Dave's story comes from his father, he has two stories, one involving a gift card scam and an email compromise of a family member’s account. The other involves a fake invoice for tech support services. Our catch of the day comes from listener Felipe, who writes in asking Joe and Dave to make sense of the email he received saying that his refund was recalled from someone claiming to be the "Secretary for International Finance of United States Treasury Department."Links to stories: For Gaming Companies, Cybersecurity Has Become a Major Value Proposition Scam call center video Jim Browning scammers video Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A layer seven firewall designed to block threats at the application layer of the open system interconnection model, the OSI model. CyberWire Glossary link: https://thecyberwire.com/glossary/web-application-firewallAudio reference link: “VCF East 9.1 - Ches' Computer Security Adventures - Bill Cheswick.” YouTube, 29 Dec. 2015, https://youtu.be/trR1cuBtcPs. 

Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn and join us for some fantastic scams and frauds.Links to this episode's clips if you'd like to watch along: Dave's clip from the movie Queenpins. Rick's clip from the movie Confidence.

An IT governance framework developed by ISACA. CyberWire Glossary link: https://thecyberwire.com/glossary/cobitAudio reference link: isacappc. “How Do You Explain Cobit to Your Dad – or Your CEO?” YouTube, YouTube, 24 Aug. 2016, https://www.youtube.com/watch?v=EYATVkddIyw. 

Brett Johnson, Chief Criminal Officer at Arkose Labs, sits down with Dave to discuss his history & ways to make fraud efforts less lucrative for bad actors. Dave and Joe share some listener follow up from Graham about one way that helps him stay safe against fake URLs. Dave's story is about bomb email attacks, in which someones email is spammed with hundreds to thousands of emails in hopes of hiding important information contained in one of the thousands of emails, perhaps from a financial institute. Joe's story is on how the FBI is warning the public to beware of tech support scammers and how they are targeting financial accounts using remote desktop software. Our catch of the day comes from listener Norman, who shares a story about how his Steam account got hijacked and how a hacker impersonating a Steam employee was trying to help him.Links to stories: New Registration Bomb Email Attack Distracts Victims of Financial Fraud FBI Warns Public to Beware of Tech Support Scammers Targeting Financial Accounts Using Remote Desktop Software Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A security architecture that incorporates the cloud shared responsibility model, a vendor provided security stack, and network peering with one or more of the big content providers and their associated fiber networks. CyberWire Glossary link: https://thecyberwire.com/glossary/security-service-edgeAudio reference link: Netskope (2022). What is Security Service Edge (SSE). YouTube. Available at: https://www.youtube.com/watch?v=Z9H84nvgBqw [Accessed 21 Oct. 2022].

Kurtis Minder, CEO of GroupSense joins Dave to discuss how ransomware new laws leave small business behind. Dave and Joe share some follow up on Elon Musk after his big purchase and the changes that now follow. Joe's story follows Kalamazoo County residents and a new scam that is popping up, where they are being targeted by scammers through Facebook messenger video calls. Dave shares a story that hits home for him about an email that his father received from Best Buy claiming that he will be charged $500 for Geek Squad services. Our catch of the day comes from an anonymous listener who writes in to share an email they received from a Mrs. Phong Dung, who wants to send 1 million to the person who received the email. The receiver knows this email is a fake and writes into the show to ask Joe and Dave if these emails ever actually work on anyone.Links to stories:Kalamazoo County residents targeted in Facebook messenger video call scamHave a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.