Hacking Humans

Merry Christmas and Happy Holidays from the CyberWire and our friends! Enjoy our rendition of the 12 Days of Malware created by Dave Bittner and performed by Dave and friends: Rachel Tobac, Jayson Street, Ron Eddings & Chris Cochran, Ray [Redacted], Dinah Davis, Camille Stewart, Rick Howard, Michelle Dennedy, Jack Rhysider, Johannes Ullrich, and Charity Wright. Ba dum bum bum. Sing along if you are game! Check out our video for the full effect! The 12 Days of Malware lyrics On the first day of Christmas, my malware gave to me: A keylogger logging my keys. On the second day of Christmas, my malware gave to me: 2 Trojan Apps... And a keylogger logging my keys. On the third day of Christmas, my malware gave to me: 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the fourth day of Christmas, my malware gave to me: 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the fifth day of Christmas, my malware gave to me: 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the sixth day of Christmas, my malware gave to me: 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the seventh day of Christmas, my malware gave to me: 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the eighth day of Christmas, my malware gave to me: 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the ninth day of Christmas, my malware gave to me: 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the tenth day of Christmas, my malware gave to me: 10 Darknet markets... 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! (Bah-dum-dum-dum!) 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the eleventh day of Christmas, my malware gave to me: 11 Phishers phishing... 10 Darknet markets... 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! (Bah-dum-dum-dum!) 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the twelfth day of Christmas, my malware gave to me: 12 Hackers hacking... 11 Phishers phishing... 10 Darknet markets... 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys.

This week, Carole Theriault sits down to interview Dr. Jessica Barker from Cygenta to discuss the latest Instagram scams and how to avoid them. Dave and Joe share some follow-up on Apple, why they are being sued, and how you can protect yourself, as well as a new USPS scam affecting Connecticut. Dave's story follows a message board on smartphones being stolen and what happens after the thieves obtain the stolen phone. Joe's story is on a complex scam where the scammers choose ambitious individuals to turn into the scammers. Our catch of the day comes from listener Jay, who writes in, sharing a LinkedIn post from Dave Harland about him messing with a scammer trying to bamboozle him. Links to stories: USPS text scam hits Connecticut residents What happens to your smartphone when it gets stolen? Dreamers say father and son lured them to scam artist LinkedIn scammer thread Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A set of tools designed to safeguard data while in use in motion and at rest. CyberWire Glossary link: https://thecyberwire.com/glossary/data-loss-prevention Audio reference link: HistoryHeard. “Data Loss Prevention - CompTIA Security+ SY0-501 - 2.1,” Professor Messer, uploaded 20 November 2017

Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn and join us for some fantastic scams and frauds. On this episode, Dave and Rick are joined once again by Tracy Maleeff, security researcher at the Krebs Stamos Group. You may also know Tracy on Twitter as infosecsherpa. Links to this episode's clips if you'd like to watch along: Rick's clip from the movie Criminal Tracy's clip from the movie The Talented Mr. Ripley

Kaspars Ruklis, the Program Manager for Media Literacy from IREX sits down with Dave to talk about the very verified media literacy program. Dave and Joe share some listener followup on some of the business' common language, this week, listener Vicki asks about the term "EULA" and what it stands for. Joe's story follows a scam that is particularly alarming around the holiday's, about fake barcodes on gift cards. A former police officer found this scam as she was trying to check out with a gift card and the cashier pulled off a fake barcode. Dave's story is all about scammers who are getting scammed. The story follows cybercriminals who are using hacking forums to buy software exploits and stolen login details and how they keep falling for cons and are getting ripped off thousands of dollars. Our catch of the day comes from listener Connor who shares an email that is so suspicious, Gmail put a warning on it. It's a very interesting email explaining that the receiver has been hacked and the scammer requires $1200 in bitcoin to not take advantage of the receivers accounts. Links to stories: HOW TO AVOID GIFT CARD SCAMS THIS HOLIDAY SEASON Scammers Are Scamming Other Scammers Out of Millions of Dollars Very Verified program Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A system that translates text-based URLs to their underlying numerical IP addresses. CyberWire Glossary link: https://thecyberwire.com/glossary/domain-name-system-dns Audio reference link: HistoryHeard. “History Heard: Paul Mockapetris.” YouTube, YouTube, 5 Apr. 2009.

Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn and join us for some fantastic scams and frauds. Links to this episode's clips if you'd like to watch along: Dave's clip from the television show Better Call Saul. Rick's clip from the movie The Lady Eve.

Guest Giulia Porter, Vice President of RoboKiller, discusses their mid-year report on phone scams. Following that phone scam line, Dave has a story about the international takedown of online crimeware that spoofed caller ID with a service called iSpoof. Dave notes there are some helpful tips for scams related to caller ID included in the article. Joe talks about news on social media (note: Joe's stance is: DO NOT get your news on social media). He talks about several pieces he found on leadstories.com while doing research for an article about news on social media. Joe shares some examples from the website. Our Catch of the Day listener Povilas with a funny phish about a green product. Links to stories: Voice-scamming site “iSpoof” seized, 100s arrested in massive crackdown Leadstories.com Blue Feed Fact Check: White House Did NOT Pick 'Satan Worshipper' to 'Oversee American Health' Fact Check: COVID-19 Nasal Test Swabs Do NOT Contain DARPA Hydrogel That Causes Recipients To Be Remotely Controlled Red Feed Fact Check: Donald Trump Does NOT Get A Tax Break For His Golf Course Because Ivana Trump Is Buried There Fact Check: Ben Shapiro The Commentator Did NOT Receive PPP Loan -- That Was A Different Guy Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A social engineering technique in which a threat actor poses as a trusted person or entity in order to trick the victim into disclosing information or performing an action that benefits the attacker. CyberWire Glossary link: https://thecyberwire.com/glossary/pretexting Audio reference link: “Batch Pin Hurt Charlize Theron Skin | the Italian Job (2003) Movie Scene.” YouTube, YouTube, 22 Nov. 2016.

This week, Carole Theriault is interviewing DEFCON Black Badge holder Chris Kirsch from RunZero on the recent DEFCON 30 vishing competition. Dave and Joe share some listener follow up from 3 different listeners, who share stories on disposable email addresses, as well as a little insight on a Best Buy scam mentioned in a previous episode. Joe's story is on gaming companies and whether or not they have to stoop down to stemming growth in cheats, hacks, and other types of fraud to keep customers coming back. Dave's story comes from his father, he has two stories, one involving a gift card scam and an email compromise of a family member’s account. The other involves a fake invoice for tech support services. Our catch of the day comes from listener Felipe, who writes in asking Joe and Dave to make sense of the email he received saying that his refund was recalled from someone claiming to be the "Secretary for International Finance of United States Treasury Department." Links to stories: For Gaming Companies, Cybersecurity Has Become a Major Value Proposition Scam call center video Jim Browning scammers video Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A layer seven firewall designed to block threats at the application layer of the open system interconnection model, the OSI model. CyberWire Glossary link: https://thecyberwire.com/glossary/web-application-firewall Audio reference link: “VCF East 9.1 - Ches' Computer Security Adventures - Bill Cheswick.” YouTube, 29 Dec. 2015, https://youtu.be/trR1cuBtcPs.

Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn and join us for some fantastic scams and frauds. Links to this episode's clips if you'd like to watch along: Dave's clip from the movie Queenpins. Rick's clip from the movie Confidence.

An IT governance framework developed by ISACA. CyberWire Glossary link: https://thecyberwire.com/glossary/cobit Audio reference link: isacappc. “How Do You Explain Cobit to Your Dad – or Your CEO?” YouTube, YouTube, 24 Aug. 2016, https://www.youtube.com/watch?v=EYATVkddIyw.

Brett Johnson, Chief Criminal Officer at Arkose Labs, sits down with Dave to discuss his history & ways to make fraud efforts less lucrative for bad actors. Dave and Joe share some listener follow up from Graham about one way that helps him stay safe against fake URLs. Dave's story is about bomb email attacks, in which someones email is spammed with hundreds to thousands of emails in hopes of hiding important information contained in one of the thousands of emails, perhaps from a financial institute. Joe's story is on how the FBI is warning the public to beware of tech support scammers and how they are targeting financial accounts using remote desktop software. Our catch of the day comes from listener Norman, who shares a story about how his Steam account got hijacked and how a hacker impersonating a Steam employee was trying to help him. Links to stories: New Registration Bomb Email Attack Distracts Victims of Financial Fraud FBI Warns Public to Beware of Tech Support Scammers Targeting Financial Accounts Using Remote Desktop Software Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A security architecture that incorporates the cloud shared responsibility model, a vendor provided security stack, and network peering with one or more of the big content providers and their associated fiber networks. CyberWire Glossary link: https://thecyberwire.com/glossary/security-service-edge Audio reference link: Netskope (2022). What is Security Service Edge (SSE). YouTube. Available at: https://www.youtube.com/watch?v=Z9H84nvgBqw [Accessed 21 Oct. 2022].

Kurtis Minder, CEO of GroupSense joins Dave to discuss how ransomware new laws leave small business behind. Dave and Joe share some follow up on Elon Musk after his big purchase and the changes that now follow. Joe's story follows Kalamazoo County residents and a new scam that is popping up, where they are being targeted by scammers through Facebook messenger video calls. Dave shares a story that hits home for him about an email that his father received from Best Buy claiming that he will be charged $500 for Geek Squad services. Our catch of the day comes from an anonymous listener who writes in to share an email they received from a Mrs. Phong Dung, who wants to send 1 million to the person who received the email. The receiver knows this email is a fake and writes into the show to ask Joe and Dave if these emails ever actually work on anyone. Links to stories: Kalamazoo County residents targeted in Facebook messenger video call scam Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A social engineering tactic in which hackers build a malicious domain to mimic a legitimate one. CyberWire Glossary link: https://thecyberwire.com/glossary/domain-spoofing Audio reference link: “Mission Impossible Fallout - Hospital Scene.” YouTube, YouTube, 8 Oct. 2018,

Jameeka Green Aaron, CISO, Customer Identity at Okta, sits down with Dave to speak about their State of Secure Identity report. Dave and Joe share some listener follow up from Richard, who writes in to share his thoughts on the discussion of the phishing kit targeting WordPress sites in a previous episode, and also writes in about last episode’s discussion on how companies were turning on employees who are overworked with two remote jobs and shares how Equifax was one of these companies. Dave's story follows typosquatting, which is when a scammer registers a website that is very similar to the real one, but will have a typo in it (ex: amozon, homdepot, gougle) and how a large typosquatting campaign is delivering tech support scams. Joe's story follows a South Bay man who had the misfortune of accepting hundreds of open house offers, but the houses weren't for sale. Our catch of the day comes from listener Chris who writes in that he's never gotten a phishing email on his work email or personal email, but that he received his first phish from PayPal, which seemed to me a notification at first glance rather than a message telling him there is fraudulent activity happening in his account. Links to stories: Large typosquatting campaign delivers tech support scams A South Bay man accepted hundreds of offers from open houses. But the homes weren’t for sale Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

We’re sharing a preview of a podcast we enjoy called “What’s Your Problem?” Every week on What’s Your Problem, entrepreneurs talk about the future they’re trying to build and the problems they have to solve to get there. How do you build cars that can actually drive themselves? How do you use technology to bring down the cost of airfares? And how do you teach a computer to understand sports? Hosted by former Planet Money host Jacob Goldstein, What’s Your Problem? helps listeners understand the problems really smart people are trying to solve right now. Listen to What’s Your Problem? at https://podcasts.pushkin.fm/wyphumans

A layer seven firewall that sits in line at the boundary between the internet and an organization's network perimeter that allows security policy enforcement and can perform certain prevention and detection tasks. CyberWire Glossary link: https://thecyberwire.com/glossary/secure-web-gateway Audio reference link: ‌Vintage Computer Federation (2015). VCF East 9.1 - Ches’ Computer Security Adventures - Bill Cheswick. YouTube. Available at: https://www.youtube.com/watch?v=trR1cuBtcPs.

Enjoy this CyberWire classic. They did the Mash...the did the Malware Mash...

Kim Allman from NortonLifeLock, and Carrie Neill from the National PTA, sit down with Dave to discuss the Smart Talk 2.0 tool. Joe and Dave share some follow up on an exciting new position Joe has accepted as the Director of Cyber Science at a company called Harbor Labs. This week, Joe's story comes from listener Beau, who writes in about an ATM scam he fell victim to, sharing how the scammers were spamming his phone with texts, emails, and calls before he figured out what was going on. Dave's story follows the growing new trend of overworking, or having two remote jobs at once and working at both. One company's CEO calls it a form of theft and deception. Our catch of the day comes from listener Rodney who writes in, sharing about his son's girlfriend who is looking for work and received an email pointing her in the direction of a new prospect. Sadly, Rodney had to share the news that the email seemed to be a scam. Links to stories: Tech CEO calls overemployment trend a 'new form of theft and deception' after firing 2 engineers secretly working multiple full-time jobs at once Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Digital evidence that a system or network has been breached. CyberWire Glossary link: https://thecyberwire.com/glossary/indicator-of-compromise Audio reference link: ‌”Suicide or Murder? | The Blind Banker | Sherlock,” uploaded by Sherlock, 18 October 2015

Martin Rehak CEO & Founder from Resistant AI sits down with Dave to discuss how organizations should be worried about shallow fakes vs. deep fakes. Listener Joe writes in with some follow up on Joe's statement about not using legacy OSes, and how it is unfortunately not an option for many. Both Joe and Dave share two stories this week. Dave's first story follows how the Maryland Attorney General, Brian Frosh, is warning residents about purchasing flood-damaged cars. Dave's second story is about how a Japanese woman was fooled by an astronaut imposter who wooed her into buying a "return ticket to earth." Joe's first story is about a potential scam brewing in Springfield, as people are collecting money on the side of the street for a teenagers funeral, police are warning residents stating they have heard of this scam in neighboring cities. Joe's second story follows a new horrifying scam after a woman fell victim to a phone scam where the scammer claimed to have the victims daughter and they would kill her if she did not do what they asked. Our catch of the day comes from listener Richard who writes in sharing his experience with an email that may or may not be a phish. Links to stories: Consumer Alert: Attorney General Frosh Warns Consumers about Purchasing Flood-Damaged Cars An Imposter Claiming to Be an Astronaut Wooed a Japanese Woman Into Paying for a 'Return Ticket to Earth' Springfield police warns drivers of “potential” funeral scam Greenfield Police warns about "terrifying" kidnapping scam Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A system that monitors for malicious or unwanted activity, and either raises alerts when such activity is detected or blocks the traffic from passing to the target. CyberWire Glossary link: https://thecyberwire.com/glossary/intrusion-detection-system Audio reference link: “Network Intrusion Detection and Prevention - CompTIA Security+ SY0-501 - 2.1,” Professor Messer, uploaded 16 November, 2017

Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn and join us for some fantastic scams and frauds. Links to this episode's clips if you'd like to watch along: Rick's clip from Hustle: S1 Ep1 The Con is On Dave's clip from Cheers: S6 Harry the Hat

Larry Cashdollar from Akamai sits down with Dave to discuss their research, "The Kit That Wants It All: Scam Mimics PayPal’s Known Security Measures." Joe shares an incredible story regarding impersonation and man sharing his first hand experience with impostors impersonating him to get a job, luckily a good samaritan shared this information before the damage could be done. Dave's story follows raids happening in Cambodia with connection to alleged cyberscam compounds. We have two catches of the day this week, one is from listener Eric who sends in a romance scam email asking for love from one desperate scammer. The next one comes from Uberfacts on Twitter and is an instagram DM from someone pretending to be Queen Elizabeth II. Links to stories: Someone is pretending to be me. Authorities Raid Alleged Cyberscam Compounds in Cambodia Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Hackers bypass, multifactor authentication schemes by sending a blizzard of spamming login attempts until the accounts owner accepts the MFA prompt out of desperation to make the spamming stop. CyberWire Glossary link: https://thecyberwire.com/glossary/mfa-prompt-bombing Audio reference link: movieclips. “Sneakers (2/9) Movie Clip - Defeating the Keypad (1992) HD.” YouTube, YouTube, 29 May 2011, https://www.youtube.com/watch?v=oG5vsPJ5Tos.

Pete Ford from QuSecure sits down with Dave to discuss what exactly cyber quantum computing is, what it means for the country, and how other countries are using quantum. Dave and Joe share follow up on 2 stories, one Bleeping Computer reports, discussing the teen that hacked Uber and Rockstar Games has been arrested. Second, we share some listener follow up from last episode about medical documents being shared and how easy it would be to falsify your identity to obtain children's documents. Dustin, a Registered Health Information Management Technician, shares his thoughts on the matter. Dave's story follows the FCC’s new plan to require phone companies to block spam texts from bogus numbers. Joe has the story on how two Abbotsford residents lose approximately forty six thousand dollars in a bank scam. Our catch of the day comes from listener Joseph who shares a strange email he received from a scammer claiming to be PayPal, which could have seemed real if it weren't for a few mistakes Joseph found to be peculiar. Links to stories: FCC advances plan to require blocking of spam texts from bogus numbers Two Abbotsford residents lose $46K in bank scam UK Police arrests teen believed to be behind Uber, Rockstar hacks Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

An optional security mode for macOS and iOS that reduces the attack surface of the operating system by disabling certain commonly attacked features. Audio reference link: “How NSO Group’s Pegasus Spyware Was Found on Jamal Khashoggi’s Fiancée’s Phone,” FRONTLINE, YouTube, 18 July 2021.

This week Carole Theriault sits down to interview author Jamie Bartlett on his book, "The Missing Cryptoqueen - The Billion Dollar Cryptocurrency Con and the Woman Who Got Away with It." Dave and Joe share some follow up from listener Dustin who shares an interesting experience he had involving his child's medical documents and how easy it was to obtain them, making scams even easier. Joe's story follows a young teen hacker and how they allegedly were able to hack Uber and Rockstar Games. Dave has got the story on Queen Elizabeth II and how giving condolences could lead you right into a scam. Our catch of the day comes from us here at the CyberWire. We received an email from one Vladomir Petrova, a citizen of Ukraine, which gets more suspicious the longer the email reads. Links to stories: Social Engineering: How A Teen Hacker Allegedly Managed To Breach Both Uber And Rockstar Games PHISHING ALERT: GIVING YOUR CONDOLENCES FOR QUEEN ELIZABETH II CAN LEAVE YOUR DATA IN THE HANDS OF CYBERCRIMINALS Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A security awareness training technique in which authorized, but fake phishing emails are sent to employees in order to measure and improve their resistance to real phishing attacks. CyberWire Glossary link: https://thecyberwire.com/glossary/simulated-phishing Audio reference link: “Blackhat (2014) - Hacking the NSA Scene (4/10) | Movieclips.” YouTube, YouTube, 19 Apr. 2017.

Guest Jane Lee, Trust and Safety Architect from Sift joins Dave to discuss the rise of fraudulent online content and fake crypto platforms. Dave and Joe share some listener follow up regarding the debate over "mum" versus "mom" and who speaks which pronunciation more. Dave has two stories this week, one story follows a Twitter thread about a man who shared his story about selling a desk on Facebook and the dangers that come with that. His second story is about how hackers are using a clever new phishing technique to create email threads with multiple responses to trick potential victims into thinking bogus messages are legitimate. Joe shares the story of hackers new way to get information positioning themselves in the middle of your browser between the server and your computer. Our catch of the day has a little bit of everything from Peter who writes in about an email he received pulling out all the stops to get him to give over his information. Links to stories: Twitter thread https://www.cyberscoop.com/phishing-scheme-targeting-mideast-researchers/ Serious Security: Browser-in-the-browser attacks – watch out for windows that aren’t! Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

The process of installing applications on a device without the use of official software distribution channels. CyberWire Glossary link: https://thecyberwire.com/glossary/sideloading

Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave and Joe are joined on this episode by guest Tracy Maleeff from Krebs Stamos Group – you may know her on Twitter as @Infosecsherpa. Dave,Joe and Tracy watch and discuss Tracy;s and Joe's clips on this episode. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab your bowl of popcorn and join us for some Hollywood scams and frauds. Links to this episode's clips if you'd like to watch along: Tracy's clips from "Working Girl" Elevator scene Tess and Jack gatecrash a wedding scene Joe's clip from "Oceans 8"

Dov Lerner, a Security Research Lead from Cybersixgill, sits down with Dave to discuss how inflation hasn't affected the Dark Web, including how the cratering of cryptocurrency may have affected things. Joe and Dave share some follow up from listener Pelle, who writes in about their grandmother who was scammed over the phone for her PIN, among other information, allowing the scammers to get away with much more than money. This week, Joe's story comes from a listener named Kyle, who shared an article about protecting against AiTM (adversary-in-the-middle) phishing techniques that bypass multi-factor authentication. Dave's story is about a new video being released that shares the most common WhatsApp scams and how to avoid them. Our catch of the day comes from listener Vlad, who shares his story regarding an email he received stating he is owed 1 million dollars, and how he's not falling for the scammer’s latest attempt. Links to stories: Protect against AiTM/ MFA phishing attacks using Microsoft technology How to avoid the most common WhatsApp Scams 2022 WhatsApp Scams in 2022: What to Look out for Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

A zero trust security technique that isolates application workloads from each other, allowing each one to be protected individually. CyberWire Glossary link: https://thecyberwire.com/glossary/microsegmentation Audio reference link: “Micro-Segmentation Masterpieces,” PJ Kirner, Illumio CTO and Co-Founder, Tech Field Day, YouTube, 13 December 2020.

Greg Otto from Intel 471 joins Dave to discuss the findings of their work on "Cybercriminals preying on a travel surge with a host of different scams." Dave and Joe share some interesting listener follow up from Kevin, who writes in about the deepfakes episode and shares his comments on how scary the topic can be, especially with politicians. Dave shares a story about Charles Egunjobi, an auditor with the D.C. government, and how he fell victim to an online love scam costing elderly U.S. citizens $1.9 million. Joe touches on two stories, one being how a woman down in Texas is able to scam men out of some expensive items with a romance scam, and the other being a story that is warning Pennsylvania residents on a quick moving scam artist moving from state to state. Our catch of the day comes from Jon in California who writes in about about an email scam concerning a local job sent to him and how he needs to apply right away. Links to stories: D.C. government auditor involved in romance scheme, prosecutors say Texas woman cons men out of Rolex watches and fancy cars through ‘romance scam’ Pennsylvania State Troopers warn of ‘quick moving’ city-to-city scam artists Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

The use of similar-looking characters in a phishing URL to spoof a legitimate site. CyberWire Glossary link: Audio reference link: “Mission Impossible III 2006 Masking 01,” uploaded by DISGUISE MASK, 28 July 2018.

This week Carole Theriault interviews Chuck Everette from Deep Instinct on public and private partnerships. Dave and Joe share some listener follow up from Rodney who writes in about flexible spending cards and chips inside them as well as sharing technology that helps keep the scammers away. Joe's story follows the trend of fake invoicing, specifically through PayPal and the newest string of scammers getting people to call in about a pending charge. Dave shares a story where people are getting sent fake Microsoft products in hopes to steal information after they plug these products into their computers. Our catch of the day comes from listener William who writes in about getting an increasing amount of emails from fake accounts saying they have charged his card and there is a pending transaction. William shares how the scammers are trying to get him to call in to dispute the charges. Links to stories: PayPal Phishing Scam Uses Invoices Sent Via PayPal Criminals posting counterfeit Microsoft products to get access to victims' computers Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

The deployment of rules to the security stack across all data islands, cloud, SaaS applications, data centers, and mobile devices designed to manifest an organization's cybersecurity first principle strategies of zero trust, intrusion kill chain prevention, resilience, and risk forecasting. CyberWire Glossary link: https://thecyberwire.com/glossary/policy-orchestration Audio reference link: “The Value of Using Security Policy Orchestration and Automation,” by David Monahan, uploaded by EMAResearch, 3 April, 2018

Guest Etay Maor of Cato Networks joins Dave Bittner to discuss the impact that deepfakes will have on our society, we share some fun feedback on the Lightning Rod story edit, Dave's story talks about how some of the most successful and lucrative online scams employ a “low-and-slow” approach, Joe's story is about 2 Arkansas farmer that scammed investors out of money for wind turbines, but used it for houses, cars and Disney World, and our Catch of the Day is from an unnamed listener with a supposed iPhone invoice. Links to stories: Gift Card Gang Extracts Cash From 100k Inboxes Daily Arkansas wind farmers claimed their technology was more efficient than turbines — then spent investors’ money on houses, cars and at Disney World Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter.

Software designed to prevent cheating in video games. CyberWire Glossary link: https://thecyberwire.com/glossary/anti-cheat-software Audio reference link: “The BIG Problem with Anti-Cheat,” by Techquickie, YouTube, 5 June 2020

Mallory Sofastaii from Baltimore's WMAR 2 News sits down with Joe to talk about some recent stories on scams she's covered on Matter for Mallory. Dave and Joe share some listener follow up from Robert who writes in about the technical means to protect phones from robocalls. He shares some insight on how carriers up in the north are able to protect phones. Dave shares a twitter thread from Brian Jay Jones, who is an author of biographies of Jim Henson, George Lucas and Dr. Seuss, who shares how he would have almost had his Twitter account hijacked if it weren't for 2-step verification. Joe's story is on a gentleman pleading guilty in PAC scams, raising almost 3.5 million by making false and misleading representations in the 2016 election. This week we have a string of catch of the days from different listeners sharing different SMS scams. Links to stories: Associate of scam PAC operator pleads guilty Twitter thread of Brian Jay Jones Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter

Malware, in the guise of ransomware, that destroys data rather than encrypts. CyberWire Glossary link: https://thecyberwire.com/glossary/pseudoransomware Audio reference link: “Some Men Just Want to Watch the World Burn | the Dark Knight,” by YouTube, 2 November 2019.

Ari Parker, Lead Advisor from Chapter, discussing "Tips for Avoiding Medicare Scams." Joe and Dave share some follow up from several listeners, who write in about various scams they have encountered. Joe's story is on Facebook messenger and how more and more victims are being claimed to scams and cons through the popular social media app. Dave's story shares disturbing information regarding LinkedIn scams, explaining how North Koreans are stealing resumes off the job site in a new crypto job search scam. Our catch of the day comes from listener Jon who writes in about him receiving $10,500,000.00 and how he needs to claim this offer before the end of 2021. Sadly he missed the deadline and wanted to share. Links to stories: Understand and Avoid Medicare Scams Facebook Messenger scam snags 10 million victims, more conned every day North Koreans Steal LinkedIn Resumes in Crypto Job Search Scam Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter

A browser configuration control that prevents accessing resources within a private network. CyberWire Glossary link: Audio reference link: “TPM (Trusted Platform Module) - Computerphile,” Computerphile, 23 July 2021

Raj Sarkar, CMO from 1Password and Julien Benichou, Senior Director of Partnership, Strategy, and Execution from Gen.G, join Dave to discuss making the online world a safer place and talk about helping reduce the risk of gamers being the target of hackers. Joe and Dave share some followup from listener Ryan who writes in about the catch of the day from last week's episode, and what struck him most with the scam. Dave's story is on how the government was able to seize millions in stolen cryptocurrency. Joe's story is on a scam involving diamonds and how one scammer was caught, now sentenced to 12 years in prison. Our catch of the day comes from listener Jeremy who writes in about a suspicious email he received from one of his mothers friends. She wrote him asking if he could buy her gift cards and she would pay him back. He shares how he dealt with the scammer and informed his mom, one of her friends emails may have been compromised. Links to stories: How governments seize millions in stolen cryptocurrency Jeweler who sold Trump-Maples ring sentenced to 12 years in multimillion-dollar ‘Yellow Rose’ diamond scam Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter

A browser configuration control that prevents accessing resources within a private network. CyberWire Glossary link: Audio reference link: “Chrome Limits Access to Private Networks,” by Daniel Lowrie, ITProTV, YouTube, 19 January 2022.

Romain Basset, Director of Customer Service, at Vade joins Dave to discuss the threat of initial contact spearphishing emails now that many employees are returning to the office. Dave and Joe share some listener follow up from listener Will who writes in about a troubling debate over if it should be "Joe and Dave" or "Dave and Joe." Will shares a website about ablaut reduplication, sharing his thoughts on the matter. Joe shares some good news following a story of a homeless man being robbed of $400,000 after a GoFundMe scam. Joe's story is on a woman who loses almost $150,000 over the phone with someone claiming to be a DEA agent. Dave's story is on a woman who gets scam calls up to 20 times a day. She was diagnosed with cancer in 2021, and can't afford to miss any calls from potential doctors or possible nurses trying to schedule appointments. Our catch of the day comes from listener Alex who writes in sharing how his Apple ID was hacked and locked, although the scammers got one crucial detail wrong, his email. Links to stories: Lincoln woman loses $149,000 in DEA phone scam GoFundMe scam: Kate McClure sentenced to 1 year in federal prison The nonstop scam economy is costing us more than just money Have a Catch of the Day you'd like to share? Email it to us at [email protected] or hit us up on Twitter