Hacking Humans

Guest Fleming Shi of Barracuda joins Dave to talk about about travel-related phishing attacks now that vaccines are more readily available, Dave and Joe share listener advice about preventative email blocking, Joe shares a story about romance scams by someone that includes fake W2s and other documents in the process, Dave's got a story about a phone scammer posing as McDonald's CEO, and our Catch of the Day is from a listener named Tarik with an email about his reported death. Tarik awards this email the Unlikely Phishing Hook of the Year Award presented by the Institute of Questionable Intentions.Links to stories: Irvine man accused of $1 million romance scam Phone scammer pretending to be McDonald's CEO nearly cons Pennsylvania restaurant out of thousands: report Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

An undocumented or publicly unknown method to access a computer system undetected or to break a cypher used to encode messages.

Guest Ming Yang of Orchard joins Dave to talk about ways to help your parents with technology (aka providing tech support for our parents). Dave shares the FBI's advisory warning of an expected increase in the use of deepfakes for social engineering attacks, Joe's got a story about phantom debts, and our Catch of the Day is from a listener named Anthony about an email from federalcrimeofinvestigation@gmail.com. Hmmm...seems legit.Links to stories: Malicious Actors Almost Certainly Will Leverage Synthetic Content for Cyber and Foreign Influence Operations Beware Scammers Trying to Collect Phantom Debts Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

From the intrusion kill chain model, a technique where the hacker compromises sites commonly visited by members of a targeted community in order to deliver a malicious payload to the intended victim.

Guest professional magician Brandon Williams talks with Joe about the art of deception. we have some follow-up on a watering hole attack we discussed a few episodes back, Joe's story is about the Attorney General of Vermont's top scams of 2020 report (no surprise #1 was SSN phishing), Dave's got a story about the level of sophistication of cybercriminals (hint: not all are that sophisticated), and our Catch of the Day is from a listener named Jo about a well-written request for donation.Links to stories: Top 10 scams of 2020 released by attorney general Not all cybercriminals are sophisticated Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Network observation systems designed to monitor globally unreachable but unused Internet address space or the Deep Web in order to study a wide range of interesting Internet phenomena.

Guest Inon Shkedy, security researcher at Traceable and API project leader at OWASP Foundation, talks with Dave about the risks various types of insider threats pose to APIs, we have some follow-up from a listener closing on their home, Dave's story is about a new wave of scams saying they are from the Social Security Administration, Joe's got Deepfakes of Tom Cruise (thanks to Rachel Tobac for this one), and our Catch of the Day is from a listener named John's son and a job interview scam he experienced.Links to stories: US government warns of Social Security scams using fake federal IDs Here’s How Worried You Should Be About Those Tom Cruise Deepfakes Deepfake videos of Tom Cruise show the technology's threat to society is very real Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A best practice for framing cyber intelligence critical information requirements that recommends collecting and consolidating data from three specific sources: endpoint, network and log.

Guest Brittany Allen of Sift joins Dave to talk about a new fraud ring on Telegram where bad actors leverage the app to steal from on-demand food delivery services, Joe's story involves two of the five parts of URLs in phishing attacks, Dave's got a story about a malvertising group called "ScamClub," and our Catch of the Day is from a listener named John about a letter he received in the mail from "TD Trust Bank" about an inheritance opportunity.Links to stories: New Phishing Attack Identified: Malformed URL Prefixes “ScamClub” gang outed for exploiting iPhone browser bug to spew ads Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Also known as a third-party attack or a value-chain attack, advisory groups gain access to a targeted victims network by first infiltrating a business partner's network that has access to the victim's systems or data.