Hacking Humans

Larry Cashdollar from Akamai sits down with Dave to discuss their research, "The Kit That Wants It All: Scam Mimics PayPal’s Known Security Measures." Joe shares an incredible story regarding impersonation and man sharing his first hand experience with impostors impersonating him to get a job, luckily a good samaritan shared this information before the damage could be done. Dave's story follows raids happening in Cambodia with connection to alleged cyberscam compounds. We have two catches of the day this week, one is from listener Eric who sends in a romance scam email asking for love from one desperate scammer. The next one comes from Uberfacts on Twitter and is an instagram DM from someone pretending to be Queen Elizabeth II.Links to stories: Someone is pretending to be me. Authorities Raid Alleged Cyberscam Compounds in Cambodia Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Hackers bypass, multifactor authentication schemes by sending a blizzard of spamming login attempts until the accounts owner accepts the MFA prompt out of desperation to make the spamming stop. CyberWire Glossary link: https://thecyberwire.com/glossary/mfa-prompt-bombingAudio reference link: movieclips. “Sneakers (2/9) Movie Clip - Defeating the Keypad (1992) HD.” YouTube, YouTube, 29 May 2011, https://www.youtube.com/watch?v=oG5vsPJ5Tos. 

Pete Ford from QuSecure sits down with Dave to discuss what exactly cyber quantum computing is, what it means for the country, and how other countries are using quantum. Dave and Joe share follow up on 2 stories, one Bleeping Computer reports, discussing the teen that hacked Uber and Rockstar Games has been arrested. Second, we share some listener follow up from last episode about medical documents being shared and how easy it would be to falsify your identity to obtain children's documents. Dustin, a Registered Health Information Management Technician, shares his thoughts on the matter. Dave's story follows the FCC’s new plan to require phone companies to block spam texts from bogus numbers. Joe has the story on how two Abbotsford residents lose approximately forty six thousand dollars in a bank scam. Our catch of the day comes from listener Joseph who shares a strange email he received from a scammer claiming to be PayPal, which could have seemed real if it weren't for a few mistakes Joseph found to be peculiar.Links to stories: FCC advances plan to require blocking of spam texts from bogus numbers Two Abbotsford residents lose $46K in bank scam UK Police arrests teen believed to be behind Uber, Rockstar hacks Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

An optional security mode for macOS and iOS that reduces the attack surface of the operating system by disabling certain commonly attacked features. Audio reference link: “How NSO Group’s Pegasus Spyware Was Found on Jamal Khashoggi’s Fiancée’s Phone,” FRONTLINE, YouTube, 18 July 2021.

This week Carole Theriault sits down to interview author Jamie Bartlett on his book, "The Missing Cryptoqueen - The Billion Dollar Cryptocurrency Con and the Woman Who Got Away with It." Dave and Joe share some follow up from listener Dustin who shares an interesting experience he had involving his child's medical documents and how easy it was to obtain them, making scams even easier. Joe's story follows a young teen hacker and how they allegedly were able to hack Uber and Rockstar Games. Dave has got the story on Queen Elizabeth II and how giving condolences could lead you right into a scam. Our catch of the day comes from us here at the CyberWire. We received an email from one Vladomir Petrova, a citizen of Ukraine, which gets more suspicious the longer the email reads.Links to stories: Social Engineering: How A Teen Hacker Allegedly Managed To Breach Both Uber And Rockstar Games PHISHING ALERT: GIVING YOUR CONDOLENCES FOR QUEEN ELIZABETH II CAN LEAVE YOUR DATA IN THE HANDS OF CYBERCRIMINALS Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A security awareness training technique in which authorized, but fake phishing emails are sent to employees in order to measure and improve their resistance to real phishing attacks. CyberWire Glossary link: https://thecyberwire.com/glossary/simulated-phishingAudio reference link: “Blackhat (2014) - Hacking the NSA Scene (4/10) | Movieclips.” YouTube, YouTube, 19 Apr. 2017.

Guest Jane Lee, Trust and Safety Architect from Sift joins Dave to discuss the rise of fraudulent online content and fake crypto platforms. Dave and Joe share some listener follow up regarding the debate over "mum" versus "mom" and who speaks which pronunciation more. Dave has two stories this week, one story follows a Twitter thread about a man who shared his story about selling a desk on Facebook and the dangers that come with that. His second story is about how hackers are using a clever new phishing technique to create email threads with multiple responses to trick potential victims into thinking bogus messages are legitimate. Joe shares the story of hackers new way to get information positioning themselves in the middle of your browser between the server and your computer. Our catch of the day has a little bit of everything from Peter who writes in about an email he received pulling out all the stops to get him to give over his information.Links to stories: Twitter thread https://www.cyberscoop.com/phishing-scheme-targeting-mideast-researchers/ Serious Security: Browser-in-the-browser attacks – watch out for windows that aren’t! Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The process of installing applications on a device without the use of official software distribution channels.CyberWire Glossary link: https://thecyberwire.com/glossary/sideloading

Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave and Joe are joined on this episode by guest Tracy Maleeff from Krebs Stamos Group – you may know her on Twitter as @Infosecsherpa. Dave,Joe and Tracy watch and discuss Tracy;s and Joe's clips on this episode. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab your bowl of popcorn and join us for some Hollywood scams and frauds.Links to this episode's clips if you'd like to watch along: Tracy's clips from "Working Girl" Elevator scene Tess and Jack gatecrash a wedding scene Joe's clip from "Oceans 8"

Dov Lerner, a Security Research Lead from Cybersixgill, sits down with Dave to discuss how inflation hasn't affected the Dark Web, including how the cratering of cryptocurrency may have affected things. Joe and Dave share some follow up from listener Pelle, who writes in about their grandmother who was scammed over the phone for her PIN, among other information, allowing the scammers to get away with much more than money. This week, Joe's story comes from a listener named Kyle, who shared an article about protecting against AiTM (adversary-in-the-middle) phishing techniques that bypass multi-factor authentication. Dave's story is about a new video being released that shares the most common WhatsApp scams and how to avoid them. Our catch of the day comes from listener Vlad, who shares his story regarding an email he received stating he is owed 1 million dollars, and how he's not falling for the scammer’s latest attempt.Links to stories: Protect against AiTM/ MFA phishing attacks using Microsoft technology How to avoid the most common WhatsApp Scams 2022 WhatsApp Scams in 2022: What to Look out for Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.