Hacking Humans

Dave warns of scammers gaining access to homes by pretending to be workers from the local utility company. Joe shares a story of a sophisticated bank transfer scam in the UK. Our catch of the day outlines an attempted email scam targeting an architectural firm. Carole Theriault is back with the second part of her interview with the pen tester who goes by the name freaky clown.Links to today's stories: https://www.wxyz.com/news/michigan-energy-company-warns-of-increase-in-imposters-trying-to-enter-homes https://inews.co.uk/inews-lifestyle/money/lost-19960-life-savings-phone-scam-natwestHave a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Joe describes a reply-all scenario gone wrong. Dave explains the criminal use of steganography in memes as a command and control technique. Our catch-of-the-day features alluring photos texted to an unimpressed listener. Carole Theriault interviews physical pen tester Freaky Clown. Links to stories mentioned in this week's show: https://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-use-malicious-memes-that-communicate-with-malware/https://www.cygenta.co.uk/Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter

We follow up on critical feedback of last week's show. Dave describes how online extortionists have pivoted from sex to explosives. We've got an auto-responding catch of the day from one of Joe's colleagues. Guest is Sean Brooks, Director of the Citizen Clinic and a Research Fellow at the Center for Long-Term Cybersecurity at UC Berkeley. He shares their research into online attacks of politically vulnerable organizations.From our EV certs follow-up: https://www.troyhunt.com/extended-validation-certificates-are-dead/ https://casecurity.org/2018/12/06/ca-security-council-casc-2019-predictions-the-good-the-bad-and-the-ugly/Bomb threat catch of the day:https://www.zdnet.com/article/extortion-emails-carrying-bomb-threats-cause-panic-across-the-us/Sean Brooks interview:Report: http://cltc.berkeley.edu/defendingpvos/Clinic: http://cltc.berkeley.edu/citizen-clinic/ Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Joe describes a Nigerian gang called London Blue that focuses on business email compromise. Dave shares surprising Cyber Monday phishing statistics. Guest Chris Bailey from Entrust Datacard teaches us how to detect lookalike sites online and better protect ourselves from fraud.Links to today's stories: https://www.agari.com/insights/whitepapers/london-blue-report/ https://www.zscaler.com/blogs/research/cyber-monday-biggest-day-cyberattacks-not-long-shotHave a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Listener follow-up on a URL issue. Dave describes an elderly couple scammed out of savings. Joe wonders if it's wise to unsubscribe. Guest Andre McGregor from TLDR Capital describes his work as a former FBI agent, and his experience consulting on Mr. Robot.Bank account transfer scam:https://abc11.com/troubleshooter-durham-couple-loses-$8900-in-computer-virus-scam/4782799/Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Joe explains URLs and DNS. Dave has tips to prevent holiday skimming. A bogus bank barrister is the catch of the day. Writer Ben Yagoda explains cognitive biases.Links:Wikipedia page on URLs -https://en.wikipedia.org/wiki/URLTips to prevent skimming -  https://www.social-engineer.org/newsletter/social-engineer-newsletter-vol-07-issue-96/ Ben Yagoda's article from the Atlantic - https://www.theatlantic.com/magazine/archive/2018/09/cognitive-bias/565775/Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Listener feedback on the "Can you hear me?" scam. Dave shares an ongoing Elon Musk Bitcoin giveaway scam. Joe describes the malicious use of a compromised DHL email address. This week's catch of the day comes from down under. (Apologies to the fine citizens of Australia.) Carole Theriault returns with an interview with MimeCast's Matthew Gardiner. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter. 

Joe gathers open source information online. Dave wonders if a tow truck driver got the better of him. A listener shares a possible custom app scam. Former FBI agent Dennis Franks shares his experience developing human intelligence sources.Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter. 

We get listener followup on the church pastor scam. Dave explores a phony investment web site. Joe explains phishing, spear phishing and whaling. Fake federal agents are featured in our catch of the day. Carole Theriault interviews Max Bruce from Action Fraud UK.Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

We get followup feedback on gift cards. Joe describes a banking payment scam on a Canadian university. Dave reveals some sneaky apps. A reader shares a story worth its weight in gold. Jenny Radcliffe from Human Factor Security shares her insights on social engineering. Links to stories in this episode:https://www.thestar.com/edmonton/2018/10/09/how-a-fraudster-got-12-million-out-of-a-canadian-university-they-just-asked-for-it.html https://www.forbes.com/sites/johnkoetsier/2018/10/04/app-scams-cheap-utility-apps-are-stealing-260-2500-or-even-4700-each-year-per-user/#9de2b67162acHave a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.