Hacking Humans

Dave shares a bank spoofing scam with a reminder to mind those links, especially on mobile devices. Joe describes a case of someone turning the tables on a Twitter scammer. Our catch of the day involves a clumsy claim of physical harm. Dave interviews author Dave Levitan about his book Not a Scientist: How politicians mistake, misrepresent and utterly mangle science. Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

We've got followup on bank scams and ransomware. Joe describes a highly sophisticated multinational business scam. Dave shares a story about private school parents falling for a Bitcoin discount scam. Our guest is Jordan Harbinger, host of The Jordan Harbinger Show, with insights on influence and social engineering. Links to this week's stories: https://www.cpomagazine.com/cyber-security/cyber-fraud-by-chinese-hackers-makes-headlines-in-india/ https://www.bbc.com/news/uk-england-tyne-46920810 Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Dave reviews tips on protecting yourself from ransomware. Joe describes a clever way to trick people into enabling macros. An attempt at celebrity friendship is our catch of the day. Carole Theriault returns and speaks with Dr. Jessica Barker from Cygenta about effective training techniques. Links to stories mentioned: https://www.csoonline.com/article/3331981/ransomware/how-to-protect-backups-from-ransomware.html https://myonlinesecurity.co.uk/agent-tesla-reborn-via-fake-order/ Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Joe shares the tale of a prisoner running a variety of romance scams from the inside. Dave outlines direct deposit scams. The catch of the day is a clever variation from (where else?) Nigeria. Our guest is Sam Small from ZeroFox. Links to stories: https://hubpages.com/politics/The-Games-That-Inmates-Play https://ogletree.com/shared-content/content/blog/2018/january/diverting-employees-payroll-direct-deposits-the-latest-wave-of-phishing-scams https://www.kansas.com/news/local/crime/article223873805.html Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Dave warns of scammers gaining access to homes by pretending to be workers from the local utility company. Joe shares a story of a sophisticated bank transfer scam in the UK. Our catch of the day outlines an attempted email scam targeting an architectural firm. Carole Theriault is back with the second part of her interview with the pen tester who goes by the name freaky clown. Links to today's stories: https://www.wxyz.com/news/michigan-energy-company-warns-of-increase-in-imposters-trying-to-enter-homes https://inews.co.uk/inews-lifestyle/money/lost-19960-life-savings-phone-scam-natwest Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Joe describes a reply-all scenario gone wrong. Dave explains the criminal use of steganography in memes as a command and control technique. Our catch-of-the-day features alluring photos texted to an unimpressed listener. Carole Theriault interviews physical pen tester Freaky Clown. Links to stories mentioned in this week's show: https://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-use-malicious-memes-that-communicate-with-malware/ https://www.cygenta.co.uk/ Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter

We follow up on critical feedback of last week's show. Dave describes how online extortionists have pivoted from sex to explosives. We've got an auto-responding catch of the day from one of Joe's colleagues. Guest is Sean Brooks, Director of the Citizen Clinic and a Research Fellow at the Center for Long-Term Cybersecurity at UC Berkeley. He shares their research into online attacks of politically vulnerable organizations. From our EV certs follow-up: https://www.troyhunt.com/extended-validation-certificates-are-dead/ https://casecurity.org/2018/12/06/ca-security-council-casc-2019-predictions-the-good-the-bad-and-the-ugly/ Bomb threat catch of the day: https://www.zdnet.com/article/extortion-emails-carrying-bomb-threats-cause-panic-across-the-us/ Sean Brooks interview: Report: http://cltc.berkeley.edu/defendingpvos/ Clinic: http://cltc.berkeley.edu/citizen-clinic/ Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Joe describes a Nigerian gang called London Blue that focuses on business email compromise. Dave shares surprising Cyber Monday phishing statistics. Guest Chris Bailey from Entrust Datacard teaches us how to detect lookalike sites online and better protect ourselves from fraud. Links to today's stories: https://www.agari.com/insights/whitepapers/london-blue-report/ https://www.zscaler.com/blogs/research/cyber-monday-biggest-day-cyberattacks-not-long-shot Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Listener follow-up on a URL issue. Dave describes an elderly couple scammed out of savings. Joe wonders if it's wise to unsubscribe. Guest Andre McGregor from TLDR Capital describes his work as a former FBI agent, and his experience consulting on Mr. Robot. Bank account transfer scam: https://abc11.com/troubleshooter-durham-couple-loses-$8900-in-computer-virus-scam/4782799/ Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Joe explains URLs and DNS. Dave has tips to prevent holiday skimming. A bogus bank barrister is the catch of the day. Writer Ben Yagoda explains cognitive biases. Links: Wikipedia page on URLs - https://en.wikipedia.org/wiki/URL Tips to prevent skimming - https://www.social-engineer.org/newsletter/social-engineer-newsletter-vol-07-issue-96/ Ben Yagoda's article from the Atlantic - https://www.theatlantic.com/magazine/archive/2018/09/cognitive-bias/565775/ Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Listener feedback on the "Can you hear me?" scam. Dave shares an ongoing Elon Musk Bitcoin giveaway scam. Joe describes the malicious use of a compromised DHL email address. This week's catch of the day comes from down under. (Apologies to the fine citizens of Australia.) Carole Theriault returns with an interview with MimeCast's Matthew Gardiner. Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Joe gathers open source information online. Dave wonders if a tow truck driver got the better of him. A listener shares a possible custom app scam. Former FBI agent Dennis Franks shares his experience developing human intelligence sources. Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

We get listener followup on the church pastor scam. Dave explores a phony investment web site. Joe explains phishing, spear phishing and whaling. Fake federal agents are featured in our catch of the day. Carole Theriault interviews Max Bruce from Action Fraud UK. Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

We get followup feedback on gift cards. Joe describes a banking payment scam on a Canadian university. Dave reveals some sneaky apps. A reader shares a story worth its weight in gold. Jenny Radcliffe from Human Factor Security shares her insights on social engineering. Links to stories in this episode: https://www.thestar.com/edmonton/2018/10/09/how-a-fraudster-got-12-million-out-of-a-canadian-university-they-just-asked-for-it.html https://www.forbes.com/sites/johnkoetsier/2018/10/04/app-scams-cheap-utility-apps-are-stealing-260-2500-or-even-4700-each-year-per-user/#9de2b67162ac Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Dave reveals a stealthy trademark scam. Joe describes the invocation of a judge's name to lure a victim. A listener shares a business scam from India. Joe interviews "Shannon," a listener who enjoys wasting phone scammer's time. Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Joe ponders how a phone number is obtained. Dave's friend avoids a Google gift card scam. Christopher Hadnagy returns with an update to his book, The Science of Social Engineering. Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Dave dodges a local theater scam. Joe shares survey results from Black Hat attendees. A listener's calendar pops up alluring invitations. Carole Theriault interviews Sophos Naked Security writer Mark Stockley about password shortcomings. Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Joe shares a kidnapping scam targeting foreign students. Dave describes social engineering involving robots. Our guest is Robert Anderson from the Chertoff Group, discussing Deep Fake technology and how it erodes trust. Links to stories mentioned in this week's show: https://searchsecurity.techtarget.com/news/252448458/Robot-social-engineering-works-because-people-personify-robots Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Dave warns of scammers taking advantage of hurricane Florence, both on the phone and in person. Joe shares a scheme targeting the kindness of local churchgoers. A cosmic variation on the Nigerian email scam. Joe interviews his Johns Hopkins University colleague Chris Venghaus, who leads a tech support scammer on a wild goose chase. Links to stories mentioned in this week's show: https://www.13newsnow.com/video/weather/hurricanes/hurricane-florence/hurricane-scammers-target-hampton-roads/291-8250736 Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Joe describes a law firm impersonating a rival to funnel business away from them. Dave has a story of pontiff impersonation. Our guest is Joe Gray from Advanced Persistent Security. Links to stories mentioned in this week's show: https://www.theregister.co.uk/2018/08/27/lawyers_impersonating_rivals/ https://www.ccn.com/pope-francis-latest-target-of-twitter-crypto-scam/ Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Dave gets scammed on an exit ramp. Joe describes real estate transaction scams. Is LinkedIn moonlighting in Himalayan tourism? Guest Asaf Cidon from Barracuda Networks shares social engineering trends his team is tracking. Links to stories mentioned in this week's show: http://www.baltimoresun.com/news/maryland/crime/bs-md-ramp-scam-20161018-story.html https://www.cyberradio.com/2018/08/threat-actors-targeting-homebuyers-with-phishing-attacks/ Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Joe describes an Office 365 phishing campaign. Dave warns of dangerous USB cables. A listener shares a fax from the UK. Joe interviews security consultant and pen tester Justin White. Links to stories mentioned in this week's show: https://www.helpnetsecurity.com/2018/08/15/office-365-phishing-sharepoint/ https://srlabs.de/bites/usb-peripherals-turn/ https://www.bleepingcomputer.com/news/security/usbharpoon-is-a-badusb-attack-with-a-twist/ Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Dave looks at Hollywood script pitch event scams. Joe describes a romance scam murder scheme. Spontaneously combusting ATM cards. Guest Jayson E. Street from SphereNY describes his security awareness engagements. Links to stories mentioned in this week's show: https://www.hollywoodreporter.com/news/why-are-wannabe-screenwriters-getting-scammed-1130919 https://nakedsecurity.sophos.com/2018/08/17/romance-scam-victim-allegedly-plotted-to-kill-her-mother-for-cash/ Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Joe shares the story of a retiree scammed by a clever scheme. Dave describes a tech-support scam with a Russian twist. Our Catch of the Day features an adorable puppy. Guest Michael Murray from Lookout explains mobile device vulnerabilities. Links to stories mentioned in this week's show: https://www.scamwatch.gov.au/get-help/real-life-stories/investment-scam-how-steve-lost-200-000-to-an-investment-scam https://www.grahamcluley.com/phone-scam-exploits-russian-hacking-fears/ Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Dave describes a phishing attempt to infiltrate U.S. election systems. Joe shares a story of government agencies receiving malicious CDs in the mail. University employees are lured by greed. And David Baggett from Inky joins us to describe phishing techniques they are seeing and offers ways to best protect yourself and your organization. Links to stories mentioned in this week's show: https://theintercept.com/2018/06/01/election-hacking-voting-systems-email/ https://krebsonsecurity.com/2018/07/state-govts-warned-of-malware-laden-cd-sent-via-snail-mail-from-china/ http://hci2018.bcs.org/prelim_proceedings/papers/Work-in-Progress%20Track/BHCI-2018_paper_95.pdf Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Joe describes clever gift card scams. Dave follows up on last week's proposal to waste phone scammer's time. A more plausible phishing scheme comes through. Guest David Shear from Flashpoint describes methods scammers use to lure people into being money mules. Links: https://securelist.com/giftcard-generators/86522/ https://jollyrogertelephone.com/ Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Dave shares a story of deception right out of Hollywood. https://www.hollywoodreporter.com/features/hunting-con-queen-hollywood-1125932 Joe proposes changing the financial incentives for scammers. A porn-shaming catch of the day courtesy of Johannes Ulrich. An interview with atomic physicist and close-up magician Adam West. Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Joe describes a con law enforcement agencies use to lure crooks. Dave shares a tech support scan spreading in chat forums. A listener from Dublin has a fake email from Apple. We welcome Rachel Tobac, CEO of SocialProof Security. Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Dave recounts the news that US President Trump likely fell for a prank phone call. Joe outlines the sad story of a woman robbed of her retirement savings. Twitter account recovery scams. Charles Arthur, author of Cyber Wars - Hacks that Shocked the Business World, joins us for an interview. Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Joe warns of a harrowing phone scam technique, Dave reveals an alternate persona, a listener tries to sell a truck, and Carole Theriault from the Smashing Security Podcast interviews Sophos' Paul Ducklin. Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Dave shares a story of airport penetration testing with high degree of yuck-factor. Joe explores research on protecting passwords from social engineering. The catch-of-the-day comes courtesy of Graham Cluley's email spam box. Dave interviews Wired's Security Staff Writer Lily Hay Newman on her article tracking Nigerian email scammers. Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Joe explains the Ben Franklin effect. Dave describes job applicants tricked unto money laundering. A listener tells a tale of being fooled by an appeal to greed. Joe interviews Stacey Cameron from DirectDefense about her physical penetration testing work.

Joe warns of scammers taking advantage of natural disasters, Dave explores romance scams, and gets a strange voice mail. Stephen Frank from the National Hockey League Players Association joins us to share how professional athletes protect themselves from online scams.

In this episode, Joe examines the anatomy of a phishing attack, Dave explores pretexting, and a scammer targets real estate agents. Professor Stephen Lewandowsky from the University of Bristol joins us to share his research on misinformation, fake news, and inoculating people against them.

In this premier episode of the Hacking Humans podcast, cohosts Dave Bittner from the CyberWire and Joe Carrigan from the Johns Hopkins University Information Security Institute discuss noteworthy social engineering schemes and ways to detect them. Author Christopher Hadnagy discusses his book The Art of Human Hacking.