Hacking Humans

This week, Carole Theriault sits down to talk with Paul Ducklin from Sophos on extortion scams targeting LGBTQ+ communities. Joe and Dave share multiple pieces of listener follow up, the first from Matt and Kevin, who write in to share a Wikipedia link regarding N.B. (Nota Bene, or note well) and an ad from 1801. The second one is a write in from someone who is referred to as "P," who shares more information on the Facebook link shortener discussion. Finally, Joe and Dave get a great piece of listener feedback from listener and friend of the show Jonathan, who writes in about resist fingerprinting and how Firefox doesn't block fingerprinting. Dave's story is on trafficking victims being forced to scam people. Joe's story is on a credit union being targeted for phone scams. Our catch of the day comes from listener Ian, who shares how his son was trying to get college housing accommodations and went through Facebook, only to find out that not everyone is as trustworthy as they seem. Links to stories: From Industrial-Scale Scam Centers, Trafficking Victims Are Being Forced to Steal Billions Don’t fall for a scam targeting Ent Credit Union customers Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter

The potential next evolution of the worldwide web that decentralizes interaction between users and content away from the big silicon valley social media platforms like Twitter, Facebook, and YouTube, and towards peer-to-peer interaction using blockchain as the underlying technology. CyberWire Glossary link: https://thecyberwire.com/glossary/web-30 Audio reference link: “What Elon Musk Just Said about Metaverse, Web3 and Neuralink,” By Clayton Morris, Crypto News Daily, YouTube. 2 December 2021.

Kelly Shortridge, a Senior Principal from Fastly, joins Dave to discuss her talk at RSAC on why behavioral science and behavioral economics matters for InfoSec. Joe's story shares an old scam with a new twist, it's about packages being delivered to you that you never ordered. Dave's story is on how a large scale phishing campaign compromised one million Facebook credentials. Our catch of the day comes from listener Will who was reached out to by someone claiming to be the "Head IMF/EUROPEAN UNION coordinator," who claimed to want to give Will one million dollars in compensation. Links to stories: Package scam delivers unordered items, victims billed hundreds of dollars One Million Facebook Credentials Compromised in Four Months by Ongoing Phishing Campaign Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter

A set of solutions for ensuring that the right users can only access the appropriate resources. CyberWire Glossary link: https://thecyberwire.com/glossary/identity-and-access-management Audio reference link: “The Wrath of Khan (1982) ‘Kirk’s Response,’” by Russell, YouTube, 16 May 2017.

Josh Yavor, CISO at Tessian, joins Dave to discuss a new report they released on cyber mistakes and why employees make them. Joe and Dave share a listener follow-up from Jon, who writes in about mental illness, a serious epidemic taking over the nation. Jon shares interesting tidbits on social media linking to mental illness and the impact it's creating. Dave's story is on hackers trying an old trick with new mechanics: impersonating well known companies. This time, hackers are posing as Quickbooks. Joe's story describes how LinkedIn users are being targeted yet again. These fraudsters are now creating significant threats to users, according to the FBI. Finally, our catch of the day comes from listener Jennifer, who writes in and shares her story of a scammer using SMS to tell her that her Venmo account was hacked, even though she does not have one. Links to stories: Sending Phishing Emails from QuickBooks FBI says fraud on LinkedIn a ‘significant threat’ to platform and consumers Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter

A process of hiding the complexity of a system by providing an interface that eases its manipulation. CyberWire Glossary link: https://thecyberwire.com/glossary/abstraction-layer Audio reference link: “What Is Abstraction in Computer Science,” by CodeExpanse, YouTube, 29 October 2018.

Omer Dembinsky, a Data Research Manager from Check Point Research, joins Dave to discuss their Brand Phishing Report for Q1 2022 and how DHL, Maersk, and AliExpress were all in the top 10 list. Joe and Dave have some listener follow up from the 200th episode discussing how many redirects are too many. Joe has two stories this week, the first on how Instagram (Meta Platforms) was hit with multiple lawsuits from the Beasley Allen Law Firm over exploiting young people for money. The second story is about social media addiction, and how companies are making the platforms deliberately addictive. Dave's story is on your internet fingerprint that you leave behind, and how easy it is for websites to know everything about you and your computer settings. Our catch of the day comes from listener Pablo, who shares about a scammer contacting him through text trying to receive money for coronavirus insurance. Links to stories: Meta, Instagram hit with 8 lawsuits for ‘exploiting young people for profit’ Social media apps are 'deliberately' addictive to users The Fingerprint You Leave Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter

A set of services for managing identity and access management, or IAM across all of an organization's data islands. CyberWire Glossary link: https://thecyberwire.com/glossary/identity-fabric Audio reference link: “Leadership Compass Identity Fabrics - Analyst Chat 126,” by KuppingerCole, YouTube, 30 May 2022.

Carole Theriault interviews author and journalist Geoff White on his upcoming book, "The Lazarus Heist: From Hollywood to High Finance: Inside North Korea's Global Cyber War." Joe and Dave share some listener follow up from listener John, regarding a T-mobile breach and how he was notified through a third-party monitoring service and not T-Mobile. Joe's story shares how hackers are also keeping an eye on the upcoming holidays and describes how a Father's Day beer contest from Heineken was a scam. Dave's story is on police warning against a rise in voice phishing as they have made 2000 arrests since the crackdown on social engineering and business email scams started. Our catch of the day comes all the way from the Netherlands, listener Joram shares a scam he discovered in his spam folder. The sender notified him that she is frail and will be dying soon, to which her millions of dollars will be lost since she has no next of kin. The sender goes on to tell him that he is receiving this money just out of the goodness of her heart. Links to stories: Heineken says Father's Day beer contest is a scam 2,000 arrests in crackdown on social engineering and business email scams Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter

A cybersecurity first principle strategy focused on disrupting known adversary activity at one of several phases of an attack sequence. CyberWire Glossary link: https://thecyberwire.com/glossary/intrusion-kill-chain Audio reference link: "Cybersecurity Days: A Network Defender's Future," by Rick Howard, Integrated Cyber Conference, Integrated Adaptive Cyber Defense (IACD), YouTube, 26 October 2018.

Abhik Mitra, Head of Portfolio Strategy at Code42, shares the findings on Code 42's 2022 Data Exposure Report (DER). Joe breaks down a story that follows a couple in Westlake, where the woman was called about a supposed warrant out for her arrest, and how she was told that she needs to provide thousands of dollars in order for the police to not come and arrest her. The story describes how her fast-thinking husband was able to figure out the scam and get in touch with real authorities. Dave's story delves into Facebook and a phishing scam that ended in a threat actor stealing 1M credentials in 4 months. Our catch of the day comes from listener William who received an email about a new laptop that he supposedly bought through PayPal. He shares why he knew it was a scheme right away, and hopes to make this information known so others know what to look out for. Links to stories: Westlake doctor and lawyer avoid telephone scam; police warn residents to be alert Phishing tactics: how a threat actor stole 1M credentials in 4 months Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitte

A subset of security orchestration, the management of identities across an organization's set of digital islands. CyberWire Glossary link: https://thecyberwire.com/glossary/identity-orchestration

Andrew Morris, founder and CEO of GreyNoise Intelligence, joins Dave to discuss the explosive increase in opportunistic scan-and-exploit cyber attacks, and what security analysts can do to combat it. Joe and Dave share some follow up from listener Mark, whose son got scammed out of 150 million dollars in a game he plays. Dave's story is on ChromeLoader, which is a pervasive and persistent browser hijacker that modifies your settings and redirects you to more advertisement websites. Joe has two stories: one on a family of con artists found to be scamming gas station patrons that attacked an individual after being confronted, and the second is on fake Facebook ads and how shoppers are being scammed. Our catch of the day comes from listener Jon, who was contacted via email being requested to pay customs fees of $750 for packages in his name. Links to stories: ChromeLoader: a pushy malvertiser Michigan State Police Looking For Con Artists in Emmet County Gas Station Scam Shoppers scammed by fake ads on Facebook Marketplace Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A cyber threat intelligence analysis model that defines relationship pairs between four core components in the shape of a diamond of adversary playbook activity across the intrusion kill chain: the adversary, their capability, the infrastructure used or attacked, and the victim. CyberWire Glossary link: https://thecyberwire.com/glossary/diamond-model Audio reference link: “Diamond Presentation v2 0: Diamond Model for Intrusion Analysis – Applied to Star Wars’ Battles,” Andy Pendergrast and Wade Baker, ThreatConnect, YouTube, 4 February 2020.

Ryan Kovar, distinguished security strategist at Splunk and leader of SURGe, discusses the speed of ransomware, as well as the first-of-its-kind research the SURGe team is releasing on how quickly the top ransomware families can encrypt 100,000 files. Joe and Dave share some listener follow up from listener Josh. Joe's story follows the baby food shortage and warns about the dangers of sellers scamming people through online purchases of formula. Dave's story is on how IT members can identify the three most dangerous types of internal users and what businesses need to look out for. Our catch of the day comes from listener Josh, who shares about a friend of his who possibly got hacked and the check the scammers claimed was real. Links to stories: Kansas City-area experts warn of online baby formula scams The three most dangerous types of internal users to be aware of Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A knowledge base of adversary tactics, techniques, and procedures established and maintained by the MITRE Corporation. CyberWire Glossary link: https://thecyberwire.com/glossary/mitre-attck Audio reference link: “Attack Frameworks - SY0-601 CompTIA Security+ : 4.2,” Professor Messer, YouTube, 29 April 2021.

Ann Johnson, Security Executive at Microsoft and host of the afternoon cyber tea podcast, joins Dave to discuss social engineering and ways to help prevent it, as well as the different types of social engineering she's seen from her experience, Dave and Joe share some listener follow up about macros in Office documents, Joe has two stories this week, one is on how Seth Green lost over 300K in NFTs, and the other is on a new scam with Chatbots on phishing emails, Dave's story is on how a California man was arrested for siphoning money, our catch of the day comes from listener Sadik who shares a suspicious looking email telling him, that his Norton service is about to expire. Links to stories: Amazing mind reader reveals his 'gift' Seth Green Loses $200K Bored Ape Yacht Club NFT in Phishing Scam Phishing Scam Nets $23.5 Million From DoD, California Man Arrested Siphoning Money From Contractor Phishing websites now use chatbots to steal your credentials Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

The set of people, process, technology, and cultural norms that integrates software development and IT operations into a system-of-systems. CyberWire Glossary link: Audio reference link: "10+ Deploys Per Day: Dev and Ops Cooperation at Flickr," by John Allspaw and Paul Hammond, Velocity 09, 25 July 2009.

Mark Horne, Chief Marketing Officer at Pindrop, joins Dave to discuss voice authentication, Dave and Joe have some follow up about business phishing (BECs) from listeners Nick and Michael, Joe's story has a romance scam where criminals pretend to be celebrities, and Dave's story is about the increase in phishing downloads due to cyber criminals using SEO to leverage their lures, and we've got 2 catches of the day for you from listener Peter on free Dyson vacuums and one from Joe with a plea from Vladimir Putin asking for money. Links to stories: ‘Keanu Reeves … I know it’s not you’: Fraudsters pretend to be celebrities in scam attempts Malware Mayhem: Netskope Research Finds Sharp Increase in Phishing Downloads, as Cybercriminals Leverage SEO to Lure Victims Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A knowledge base of adversary tactics, techniques, and procedures established and maintained by the MITRE Corporation. CyberWire Glossary link: https://thecyberwire.com/glossary/mitre-attck Audio reference link: “Attack Frameworks - SY0-601 CompTIA Security+ : 4.2,” Professor Messer, YouTube, 29 April 2021.

Matthew Connor, Founder of Conscious Security, discusses a study he conducted while working with F-Secure, the study targeted 82,402 individuals with one of four phishing emails, he goes into the findings of the study and certain insight this study has brought, Joe's story is on the popular app Zelle and how users are loosing thousands of dollars due to scams, and Dave's story is on three big tech giants announcing plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance, our catch of the day comes from listener Areus on text messages exchanged between two strangers and where the conversation leads. Links to stories: Criminals Are Scamming Zelle Users. Here's How to Keep Your Money Safe Apple, Google and Microsoft Commit to Expanded Support for FIDO Standard to Accelerate Availability of Passwordless Sign-Ins Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A software development model that relies on a series of sequential steps that flow into each other, like a series of waterfalls. CyberWire Glossary link: https://thecyberwire.com/glossary/waterfall-software-development Audio reference link: “Creating Video Games - Agile Software Development,” by Sara Verrilli, MIT OpenCourseWare, YouTube, 10 December 2015

Guest Andrew Rubin, CEO and co-founder of Illumio, joins Dave to discuss Zero Trust, Dave and Joe share some follow-up from several listeners including one with a variation on prison pen pals we discussed some time ago and some advice on Dave's Google Authenticator issue he mentioned last week, Dave's story is about non-delivery scams, Joe's got a story on Imperial Kitten doing some catphishing, and our Catch of the Day comes from listener Timothy about with a sextortion campaign. Links to stories: 5 reasons non-delivery scams work I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A software development philosophy that emphasizes incremental delivery, team collaboration, continual planning, and continual learning Audio reference link: https://thecyberwire.com/glossary/agile-software-development "Velocity 09: John Allspaw and Paul Hammond, "10+ Deploys Pe" John Allspaw and Paul Hammond, 2009 Velocity Conference, YouTube, 25 June 2009.

John Wilson, Senior Fellow Threat Research at Agari by HelpSystems, discusses business email compromise attacks, Joe shares three stories on different types of scams, the first being a mystery shopper scam, where the scammer tries to get you to buy gift cards at a grocery store, the second one is on, scammers posing as DTE Energy representatives, seeking bill payments, and the final one is about someone showing up to a victims door and demanding money to collect “Money owed” for a family member, Dave's story is on criminals who are using apple pay to scam their way into going on spending sprees, our catch of the day comes from listener Jon, who shares how two men claimed to be owed money after Jon's death, when in fact, John was very alive. Links to stories: Mystery shopper scam: How it works and how to avoid it Phone scam alert: Metro Detroiters receiving phony DTE Energy calls Police: Man scammed elderly person out of $10K Criminals Abuse Apple Pay in Spending Sprees Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

The flagship product of the controversial Israeli spyware vendor, the NSO Group, use for remotely hacking mobile devices, most notably iPhones, via zero-click exploits. CyberWire Glossary link: https://thecyberwire.com/glossary/pegasus Audio reference link: “Cybersecurity beyond the Headlines: A Conversation with Journalist Nicole Perlroth,” Kristen Eichensehr, and Nicole Perlroth, University of Virginia School of Law, YouTube, 14 February 2022

Thanks for joining us for the latest episode of our fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave and Joe are joined on this episode by Perry Carpenter, host of 8th Layer Insights podcast and chief evangelist at KnowBe4. Dave,Joe and Perry watch and discuss Dave's and Perry's clips on this episode. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab your bowl of popcorn and join us for some Hollywood scams and frauds. A heads-up for our listeners: there is a bit of spicy language in today’s clips, so use your discretion if you are tuning in with your kids. Links to this episode's clips if you'd like to watch along: Dave's scene from "Focus" Perrys clip from "Ferris Bueller's Day Off"

Pete Barker, director of Fraud and Identity at SpyCloud offers critical insights on the alarming evolution of fraud and how consumers and enterprises can protect themselves, Joe and Dave share some listener follow up from listener Micah on a catch of the day from last week, Joe's story is on a woman who was scammed out of $15,000 and shares her experience on how the hackers were able to gather so much info and money from her, Dave's story is on an android malware scheme that allows cybercriminals to intercept customer calls to their banks, our catch of the day comes from listener John, who shares a scam from people claiming to be Amazon, saying that the users secret phrase has been incapacitated. Links to stories: 76-year-old Fargo woman loses $15,000 in computer scam Android banking malware intercepts calls to customer support Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

An open source email authentication protocol designed to prevent emails, spoofing in phishing, business email compromise or BEC, and other email-based attacks.

Brian Brushwood a former magician, joins Perry Carpenter, host of 8th Layer Insights, to talk about his new podcast, The Worlds Greatest Con, and how magic led him to discussing cons and scams on a podcast, Dave shares a personal story on login frustration, Joe's story is on a Cash App breach being confirmed after an employee was able to access a US customers data, and Dave's story is on inauthentic LinkedIn profiles and how fake accounts are requesting to connect when in fact the accounts are fake, our catch of the day comes from listener Richard who shares a scam he got sent through the mail to exploit his political views. Links to stories: Block confirms Cash App breach after former employee accessed US customer data That smiling LinkedIn profile face might be a computer-generated fake Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A condition announced by the US Cybersecurity and Infrastructure Security Agency (CISA) to draw attention to a temporary period of high alert, associated with expectation of a connected wave of cyberattacks prompted by either a widespread vulnerability or an unusually active and capable threat actor.

Laura Hoffner from Concentric, joins Dave to discuss online dangers and how they can very easily turn into real world dangers, Laura explains about the popular social media platform TikTok and how users are being stalked and shares one story in particular, Joe and Dave share some listener follow up, Joe's story is centered around cryptocurrency scams and how they are on the rise, and Dave's story is on the malware BABYSHARK and the internal process of investigation as well as lessons learned, our catch of the day comes to us from listener Andre, who shares a scam from a Commanding officer of the U.S Central Command and how they need Andre to keep his money safe. Links to stories: Targeted APT Activity: BABYSHARK Is Out for Blood BBB Study: Cryptocurrency is ripe for fraud and financial loss Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A prescriptive open source software security maturity model designed to guide strategies tailored to an organization’s specific risks.

Alex Quilici, Robocall Scam Expert of YouMail, discusses how unwanted robocalls are becoming more targeted and the psychology behind some of the worst calls, Joe and Dave share some listener follow up, Joe's story comes from listener Derek who shares how his aunt avoided a scam which wasn't very obvious at first, and Dave's story is about how the FBI released its annual Internet Crime Complaint Center Internet Crime Report for 2021, our catch of the day comes from listener John who shares how he got a new interesting Instagram follower. Links to stories: FBI Releases the Internet Crime Complaint Center 2021 Internet Crime Report Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

An open standard for hardware authentication tokens that use the universal serial bus, or USB, near-field communications, or NFCs, or Bluetooth to communicate one factor in a two-factor authentication exchange.

Thanks for joining us for the latest episode of our fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave, Joe and Rick are watching Joe's and Rick's scene picks. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab a bowl of popcorn and join us for some Hollywood scams and frauds. Links to this episode's clips if you'd like to watch along: Joe's clip from "House of Games" (the Western Union scene) Rick's clip from "The Brothers Bloom"

Jim Ducharme, COO of Outseer joins Dave to discuss buy now pay later scams, Joe and Dave share some listener follow up, Joe has an interesting story about an Unchained Capital partner and how they were hit with a social engineering attack, and Dave's story is on the FIDO alliance, our catch of the day comes from listener Matt, who shares how he won 20.5 million and why he wasn't falling for it. Links to stories: A Big Bet to Kill the Password for Good Unchained Capital partner hit with social engineering attack Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A cyber threat intelligence best practice of assigning arbitrary labels to collections of hacker activity across the intrusion kill chain.

UK Correspondent Carole Theriault returns talking with guest David Ruiz from Malwarebytes about parents spying on their kids, Joe and Dave share some listener follow up, Joe's shares a story about the top 5 strangest social engineering tactics, Dave's got a story from one of our listeners, Ricky, about best gift card sales practices at retail chains, and our Catch of the Day comes from listener Michael with a well-crafted email full of red flags when you read into it. Links to stories: Rounding up the Past Year's Strangest Social Engineering Tactics Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A descriptive model that provides a baseline of observed software security initiatives and activities from a collection of volunteer software development shops.

Guest Justin Reilly, the CEO of Impero, stops by to talk with Dave Bittner about the mental health of kids in the digital age, Dave's got a story about large-scale phishing campaigns targeting the Indian Electric Vehicle consumers and businesses, Joe's story is from Vade sharing the top 20 most impersonated brands in phishing, and our Catch of the Day comes from Bob, a friend and former coworker of Joe's who received a smishing attempt via text from a "friend" and how he expertly turned the tables on the scammer. Links to stories: Unearthing the Million Dollar Scams Targeting the Indian Electric Vehicle Industry Vade Releases 2021 Phishers’ Favorites Report Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Software libraries, frameworks, packages, and other components, and their dependencies (third-party code that each component uses) that have inherent security weaknesses, either through newly discovered vulnerabilities or because newer versions have superseded the deployed version.

Guest Jeff Nathan, the Director of Threat research at Norton Labs, joins Dave to discuss their most recent Consumer Cyber Safety Pulse Report, Joe and Dave share some follow up from listeners Daniel and Neville who helped the guys with a phrase from a recent Catch of the Day, Joe shares a story about getting around MFA using remote access software, Dave's story is about a jobfishing scam from a fake design firm, and our Catch of the Day is from listener Randy about an unsubscribe email he received. Links to stories: Devious phishing method bypasses MFA using remote access software Jobfished: the con that tricked dozens into working for a fake design agency Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Code and data repositories that don't protect against unauthorized changes.

Guest Joshua Neil, the Chief Data Scientist for SecurOnix, joins Dave to talk about evasive techniques and identifying nation-state kill chains, Joe shares an update on his identity theft experience, the guys share some follow up from listener Benji who shares experiences of scammers changing the name on gmail accounts at the synagogue where he works saying they are the rabbi and emailing congregants asking for gift cards, Dave's story is about Apple's AirTags and how they led to the discovery of a German intelligence agency, Joe's got a story about the City of Baltimore falling victim to a phishing scam, and our Catch of the Day is from listener G about a compressed file attachment he received, but did not open. Links to stories: Apple's AirTag uncovers a secret German intelligence agency Inspector General: Baltimore victimized in 376,213 phishing scam last year Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

An attack technique that leverages an unprotected web server as a proxy for attackers to send commands through to other computers.

Thanks for joining us for the latest episode of our fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave, Joe and Rick are watching Joe's and Dave's scene picks. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab a bowl of popcorn and join us for some Hollywood scams and frauds. Links to this episode's clips if you'd like to watch along: Joe's scene from "The Hustle" Dave's clip from "True Lies"

Guest Deral Heiland from Rapid7 talks with our UK Correspondent Carole Theriault about the state of IOT, Joe shares a personal story about bank checks and a debit card received at his home that were in his name but not from his bank, Dave's got a story from an email he received from the PR department at TikTok about romance scams, and our Catch of the Day is from listener John about a friend who was harassed on Facebook to click a link and how John addressed it. Links to stories: #BeCyberSmart: Tips to protect your heart and wallet Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

The absence of telemetry that could help network defenders detect and respond to hostile attempts to compromise a system.

Guest Nick Shevelyov, Chief Security Officer for Silicon Valley Bank. joins Dave sharing some personal history around security, and discussing his book "Cyber War… and Peace," Dave and Joe have some follow up from an anonymous listener about mobile device management issue at their work, Dave has a story where a woman was scammed out of thousands while someone contacted her to "help" with a problem with their bank, Joe's got a few stories about Facebook and ad scams, and our Catch of the Day is from listener Jonathan with a Geek Squad subscription scam. Links to stories: They Were ‘Calling to Help.’ Then They Stole Thousands Facebook blames Apple after a historically bad quarter, saying iPhone privacy changes will cost it $10 billion Scam ads: why an Australian billionaire is launching legal action against Facebook Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.