Hacking Humans

We get followup feedback on gift cards. Joe describes a banking payment scam on a Canadian university. Dave reveals some sneaky apps. A reader shares a story worth its weight in gold. Jenny Radcliffe from Human Factor Security shares her insights on social engineering. Links to stories in this episode: https://www.thestar.com/edmonton/2018/10/09/how-a-fraudster-got-12-million-out-of-a-canadian-university-they-just-asked-for-it.html https://www.forbes.com/sites/johnkoetsier/2018/10/04/app-scams-cheap-utility-apps-are-stealing-260-2500-or-even-4700-each-year-per-user/#9de2b67162ac Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Dave reveals a stealthy trademark scam. Joe describes the invocation of a judge's name to lure a victim. A listener shares a business scam from India. Joe interviews "Shannon," a listener who enjoys wasting phone scammer's time. Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Joe ponders how a phone number is obtained. Dave's friend avoids a Google gift card scam. Christopher Hadnagy returns with an update to his book, The Science of Social Engineering. Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Dave dodges a local theater scam. Joe shares survey results from Black Hat attendees. A listener's calendar pops up alluring invitations. Carole Theriault interviews Sophos Naked Security writer Mark Stockley about password shortcomings. Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Joe shares a kidnapping scam targeting foreign students. Dave describes social engineering involving robots. Our guest is Robert Anderson from the Chertoff Group, discussing Deep Fake technology and how it erodes trust. Links to stories mentioned in this week's show: https://searchsecurity.techtarget.com/news/252448458/Robot-social-engineering-works-because-people-personify-robots Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Dave warns of scammers taking advantage of hurricane Florence, both on the phone and in person. Joe shares a scheme targeting the kindness of local churchgoers. A cosmic variation on the Nigerian email scam. Joe interviews his Johns Hopkins University colleague Chris Venghaus, who leads a tech support scammer on a wild goose chase. Links to stories mentioned in this week's show: https://www.13newsnow.com/video/weather/hurricanes/hurricane-florence/hurricane-scammers-target-hampton-roads/291-8250736 Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Joe describes a law firm impersonating a rival to funnel business away from them. Dave has a story of pontiff impersonation. Our guest is Joe Gray from Advanced Persistent Security. Links to stories mentioned in this week's show: https://www.theregister.co.uk/2018/08/27/lawyers_impersonating_rivals/ https://www.ccn.com/pope-francis-latest-target-of-twitter-crypto-scam/ Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Dave gets scammed on an exit ramp. Joe describes real estate transaction scams. Is LinkedIn moonlighting in Himalayan tourism? Guest Asaf Cidon from Barracuda Networks shares social engineering trends his team is tracking. Links to stories mentioned in this week's show: http://www.baltimoresun.com/news/maryland/crime/bs-md-ramp-scam-20161018-story.html https://www.cyberradio.com/2018/08/threat-actors-targeting-homebuyers-with-phishing-attacks/ Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Joe describes an Office 365 phishing campaign. Dave warns of dangerous USB cables. A listener shares a fax from the UK. Joe interviews security consultant and pen tester Justin White. Links to stories mentioned in this week's show: https://www.helpnetsecurity.com/2018/08/15/office-365-phishing-sharepoint/ https://srlabs.de/bites/usb-peripherals-turn/ https://www.bleepingcomputer.com/news/security/usbharpoon-is-a-badusb-attack-with-a-twist/ Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Dave looks at Hollywood script pitch event scams. Joe describes a romance scam murder scheme. Spontaneously combusting ATM cards. Guest Jayson E. Street from SphereNY describes his security awareness engagements. Links to stories mentioned in this week's show: https://www.hollywoodreporter.com/news/why-are-wannabe-screenwriters-getting-scammed-1130919 https://nakedsecurity.sophos.com/2018/08/17/romance-scam-victim-allegedly-plotted-to-kill-her-mother-for-cash/ Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Joe shares the story of a retiree scammed by a clever scheme. Dave describes a tech-support scam with a Russian twist. Our Catch of the Day features an adorable puppy. Guest Michael Murray from Lookout explains mobile device vulnerabilities. Links to stories mentioned in this week's show: https://www.scamwatch.gov.au/get-help/real-life-stories/investment-scam-how-steve-lost-200-000-to-an-investment-scam https://www.grahamcluley.com/phone-scam-exploits-russian-hacking-fears/ Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Dave describes a phishing attempt to infiltrate U.S. election systems. Joe shares a story of government agencies receiving malicious CDs in the mail. University employees are lured by greed. And David Baggett from Inky joins us to describe phishing techniques they are seeing and offers ways to best protect yourself and your organization. Links to stories mentioned in this week's show: https://theintercept.com/2018/06/01/election-hacking-voting-systems-email/ https://krebsonsecurity.com/2018/07/state-govts-warned-of-malware-laden-cd-sent-via-snail-mail-from-china/ http://hci2018.bcs.org/prelim_proceedings/papers/Work-in-Progress%20Track/BHCI-2018_paper_95.pdf Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Joe describes clever gift card scams. Dave follows up on last week's proposal to waste phone scammer's time. A more plausible phishing scheme comes through. Guest David Shear from Flashpoint describes methods scammers use to lure people into being money mules. Links: https://securelist.com/giftcard-generators/86522/ https://jollyrogertelephone.com/ Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Dave shares a story of deception right out of Hollywood. https://www.hollywoodreporter.com/features/hunting-con-queen-hollywood-1125932 Joe proposes changing the financial incentives for scammers. A porn-shaming catch of the day courtesy of Johannes Ulrich. An interview with atomic physicist and close-up magician Adam West. Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Joe describes a con law enforcement agencies use to lure crooks. Dave shares a tech support scan spreading in chat forums. A listener from Dublin has a fake email from Apple. We welcome Rachel Tobac, CEO of SocialProof Security. Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Dave recounts the news that US President Trump likely fell for a prank phone call. Joe outlines the sad story of a woman robbed of her retirement savings. Twitter account recovery scams. Charles Arthur, author of Cyber Wars - Hacks that Shocked the Business World, joins us for an interview. Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Joe warns of a harrowing phone scam technique, Dave reveals an alternate persona, a listener tries to sell a truck, and Carole Theriault from the Smashing Security Podcast interviews Sophos' Paul Ducklin. Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Dave shares a story of airport penetration testing with high degree of yuck-factor. Joe explores research on protecting passwords from social engineering. The catch-of-the-day comes courtesy of Graham Cluley's email spam box. Dave interviews Wired's Security Staff Writer Lily Hay Newman on her article tracking Nigerian email scammers. Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Joe explains the Ben Franklin effect. Dave describes job applicants tricked unto money laundering. A listener tells a tale of being fooled by an appeal to greed. Joe interviews Stacey Cameron from DirectDefense about her physical penetration testing work.

Joe warns of scammers taking advantage of natural disasters, Dave explores romance scams, and gets a strange voice mail. Stephen Frank from the National Hockey League Players Association joins us to share how professional athletes protect themselves from online scams.

In this episode, Joe examines the anatomy of a phishing attack, Dave explores pretexting, and a scammer targets real estate agents. Professor Stephen Lewandowsky from the University of Bristol joins us to share his research on misinformation, fake news, and inoculating people against them.

In this premier episode of the Hacking Humans podcast, cohosts Dave Bittner from the CyberWire and Joe Carrigan from the Johns Hopkins University Information Security Institute discuss noteworthy social engineering schemes and ways to detect them. Author Christopher Hadnagy discusses his book The Art of Human Hacking.