Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:02
You listening to the cyber wire network
0:04
powered by and two k. Gen.
0:14
Vi is now fueling cybercrime.
0:16
I'd fueling it to such
0:18
a rate that we start
0:21
doubting whether it is real
0:23
or not. And for most
0:25
people, it is very difficult
0:27
to answer that question or
0:29
ring. Hello! Everyone
0:31
and welcome to and to Case Cyber
0:33
Liars Hacking Humans podcast where each week
0:35
we look behind the social engineering scams,
0:37
fishing schemes and criminal exploits that are
0:40
making headlines and taking a heavy toll
0:42
on organizations around the world. I'm Dave
0:44
Bittner and joining me is Joe Kerrigan
0:46
from the Johns Hopkins University Information Security
0:48
Institute paid Joe hi Dave we got
0:50
some good stories to share this week
0:53
and later in the show my conversation
0:55
with bug done but has up to
0:57
use Director of Threat Research at Bit
0:59
Defender or talking about. Audio. Deep
1:01
Fakes will be right back after
1:03
this message from our show sponsor.
1:15
But first a word from our
1:17
sponsors at Know Before Time Travel
1:19
would be a particularly powerful tool
1:21
in the hands of any overworked
1:23
info Sec Professional: Think about it
1:25
being able to see the future
1:27
and know which malicious emails would
1:29
be missed by all the existing
1:31
filters. Your ability to stay one
1:33
step ahead of the bad actors
1:35
would rise to a whole new
1:37
level. Unfortunately, our sponsors haven't cracked
1:39
Time Travel just yet. They are,
1:41
however, introducing a new fishing protection
1:43
product that can block and remove.
1:45
Dangerous phishing emails before your users
1:47
even see them. Stay with us and
1:49
in a few minutes you'll learn
1:51
how. Are.
1:58
You Joe before we dig. Here are
2:00
we got a little bit of follow
2:02
up We do. This is from a
2:05
kind listener named Lara. Islands.
2:07
And will have it's too, I suppose. Well, I.
2:10
Can see like I'm assuming she's right
2:12
from London. So I would say just
2:14
like it's spelled Lara That's why they
2:17
call me names. Laira read like an
2:19
American. Sign up for more of a
2:21
Lara. Okay, Nora, it's probably Lara. A.
2:24
Go lara rights and and says
2:26
hey guys London based listener here
2:28
please bear with me. Is.
2:31
Piccadilly Circus so tight
2:33
circle. At okay point
2:35
taken Max you are hilarious as it's
2:37
a tube of subway station, not a
2:40
train states okay I did last year
2:42
and Weston. So thank
2:44
you for the clarification. Is a tube stations
2:46
and it is it called The Underground London
2:48
Underground. I suppose what
2:50
they call slang is the tube, right?
2:53
right? But. If.
2:55
He I think one of the issues here is that.
2:58
Europe has as such, vastly superior
3:01
public transportation than we do well.
3:03
Of course they do, hardly because
3:05
things are closer together, I guess.
3:07
Yeah, so. For.
3:09
I find the train poisons d
3:11
C to to Kansas City is
3:13
the same as the distance from
3:15
Warsaw to Paris and okay. Countries
3:18
huge so I like for me
3:20
if I'm taking the Dc metro
3:22
I would still consider that of
3:24
taking a train because is running
3:27
on. Trials the suffer but
3:29
it's a drugs flight. But ah, I
3:31
do appreciate the subtle distinction that Lars
3:33
make. I will say here on the
3:35
East coast there is a distinction between
3:37
subway systems I can get on the
3:39
Metro rail, then you get on Amtrak
3:42
which is more like a rail run
3:44
and wind up in the New York
3:46
subway system. Yeah, a dead duck. Grand
3:48
Central, that's true. and we have commuter
3:50
rail which is different from bright Amtrak
3:52
which is our trains or passenger rail
3:54
freight nets. Unless hard to say it's
3:56
national passenger rail. Or
3:59
I could see doing. Romero says you don't need
4:01
to take it, you just have a card. There
4:03
are no paper tickets any longer. Okay as we
4:05
don't know how the story was that by yeah
4:07
that's the way the metro works. Now to get
4:10
tickets are about as seven pounds. The guy spent
4:12
twenty pounds. I have no clue what he bought
4:14
but it wasn't a one way tickets. Well
4:17
I mean if you, if you have a card
4:19
geez I suspect you can load up that card
4:21
with the as much money as. You. Want
4:23
so. Also of this as
4:26
someone who is unfamiliar with the money right?
4:28
right? More how things work right they may
4:30
to say oh, you know what do I
4:32
got here? I already got a twenty hour
4:34
of but The Sun card grammar. Ah,
4:37
And and last but certainly not
4:40
Li said, Lara says Americans get
4:42
recognized and scammed everywhere because of
4:44
how clueless you guys like Assist
4:47
assist. At. At healthy
4:49
subjects, the mere fact most
4:51
Americans say things like i'm
4:53
going to Europe. As. If
4:55
it was a country makes you a target.
4:58
Second, Yeah. Okay
5:02
so turnabout is fair play. I
5:04
were I would point out our
5:06
our producer Jen made the point
5:08
that is Lara is coming on
5:10
decided upon it is likely that
5:12
she would say I'm going to
5:14
America. Yes, Which is. Two
5:17
continents, Yes. Are
5:19
just one us At the center of
5:22
the rest is is that sets of
5:24
so. Airborne out. To
5:26
be fair, we don't know. Larose might just
5:28
have to say that she's going to visit
5:30
the United States and never he summer. the
5:32
distant the difference between numbers a different distances
5:34
from L A times when people are going
5:36
to Europe. Of they will go
5:39
to multiple countries. That are like
5:41
you can go to Germany and France and Switzerland demands
5:43
and auto they also fact of the only time I've
5:45
ever been to Europe I went to Ireland and Northern
5:47
Ireland which is part of United Kingdom. So.
5:49
Even staying on one little tiny island. The.
5:52
Island of Ireland. I went to two countries.
5:55
Road. Done and I I
5:57
don't I'm on a know a means of for
5:59
an American. They were going to Europe. right?
6:02
Ah, Because.
6:05
You we sweeter taking a European vacation
6:07
would to your point works are probably
6:09
visiting multiple countries. price because they're so
6:11
darn close together. I now serves as
6:13
a sovereign state us to I have
6:15
read it or record. So
6:18
it's issues Scale: Ah,
6:20
alright well. My. Favorite thing
6:22
is when somebody comes with us and says
6:24
hour drive down to Disney World and then
6:27
fly out to have filed to California and
6:29
see the Redwoods in an episode. or does
6:31
he have a week when I went all
6:33
the. The. Out about No
6:35
Limits right now they do. There is a tendency
6:37
to think that, especially when you get out west,
6:39
that yeah, things are. so he was read out.
6:42
Of something about Los Angeles the other day. Air
6:44
how big that city is now. like when you
6:47
fly out of it. Your. Up
6:49
in the clouds before you're out from
6:51
underneath of it isn't It's huge price.
6:53
It's a mile wide and an inch
6:55
deep, right? Yes, the older a lottery
6:57
low and it's. So enormous
6:59
and all lara of thank you for
7:01
your name again and we do much
7:03
you love here in this this a
7:05
good natured ribbing guess you're you're good
7:07
sport and would be appreciated and. We.
7:10
Will we were are Ugly American
7:12
is some love as as on
7:14
our sleeves is a. Point.
7:17
Of pride I guess on of a kind
7:19
of it is a. Really
7:21
sweet knowledge it guess I'd well thank
7:24
you for writing and we do appreciate
7:26
it and of course so we would
7:28
love to hear from you. Is there
7:30
something you'd like us to cover on
7:32
the show? You can email us his
7:34
sacking humans and and Two K.com. Or.
7:36
A Joe. Let's dig into some stories
7:38
here. You wanna start things off for
7:41
us? Yes, I want to start off
7:43
by talking about to see I'd as
7:45
Dss are busy ideas of those Bloody
7:47
Simmons Er Det Assessor I'm Sandra Mouse
7:49
Android say oh goody I may say
7:52
oh good eats we are tapping with
7:54
sarcasm yeah face if it's but. Ah,
7:57
first, all version for the standard became
7:59
mandatory on April first this year. While
8:01
it's about time Russ got released about
8:03
two years ago biscuits and now it's
8:05
now it's required. And there was some
8:07
changes to the standard that I think.
8:09
Are. Pretty good. Okay to go so far as
8:11
to call them awesome or I. In.
8:14
The old standard oh restored so
8:16
we we we wait before we
8:18
do is yeah wouldn't it wouldn't
8:20
with a so what is Dc
8:22
ideas as was excellent. Excellent point
8:24
Dave I was wrong long as
8:26
if everybody knew what that The
8:28
security center whoa down Egghead A
8:30
sophisticated it is. Cia is short
8:32
for the payment card industry. Ah
8:34
is a an organization of people
8:36
that are. They work with payment
8:38
cards right? right? and D D
8:40
S S is the data security
8:42
standard Now correct Tate's. That if
8:44
you're going to accept credit cards
8:46
and hold credit card data, there
8:48
are certain security standards to which
8:50
you must adhere. Okay, it is
8:52
the reason that now all the
8:54
gas stations in the United States
8:56
have chipped. Readers. And right, Frank
8:59
God that has been delayed. I think
9:01
that's now. Part and parcel of this
9:03
it with everybody has to have that okay or as
9:05
as I can remember. last time I saw a. A
9:08
a gas pump without it's a breeder. Which.
9:10
Is good and this is an area where
9:12
we have lagged the rest of the world.
9:15
Yeah it is. We've always been a year
9:17
to behind Zealots August Laurie people over London
9:19
there were a source of of course assist
9:21
assist. Over Piccadilly Circus. fresh.
9:25
As. A Don't
9:27
something that's that's just as. So.
9:30
There have been some changes and of
9:32
course all these their story standards. The
9:35
A pianist recent releases around but this
9:37
is a private sector. Data security standards
9:39
isn't as called the Pc Ideas as
9:42
and. The. Changes that
9:44
I want to talk about. Our
9:46
the changes to the social
9:48
engineering portion of the standard.
9:50
Oh okay. so in the
9:53
past. A broad security
9:55
awareness campaign would have sufficed to
9:57
meet the requirements of the data
9:59
Security. Hundred. So. long as
10:01
you had some kind of security awareness.
10:04
Thing. Going on at your company. Then.
10:07
You could check the box with a Pc.
10:09
I and this is for someone who takes
10:11
credit card. As for somebody to his credit
10:13
card of other say this. There are different
10:15
layers of people that take credit cards. Like
10:18
not every small business can comply
10:20
with this requirement, right? So those
10:22
you something like square or I'm.
10:24
A. House that yeah
10:26
Obama? yes I did once in A
10:28
And what they do with those companies
10:30
do is they it's. Totally.
10:33
Removed that responsibility from the business owners
10:35
small business owner and eight encrypt that
10:37
data completely along the traffic so that
10:40
small business owner never really seen the
10:42
credit card right? they never really have
10:44
it in their custody. So if their
10:46
systems get get. Breached. Someone.
10:49
Gets access to and they're not going to get a credit card.
10:51
Information. And because it's been secured
10:53
by these other third party providers, which
10:55
is a great business model. Yeah
10:57
because. Not every small
10:59
business of can afford to. Comply.
11:03
With the Pc ideas s right.
11:06
But. You can, you can just go out and. Get.
11:08
A square accounts pay a little bit more
11:10
per transaction. Was a small business. can probably
11:12
to check your prices a little bit more
11:15
to come to compensate. And.
11:18
You're. A business which is great. You can
11:20
take payment cards right at. The
11:23
new. Requirements. In
11:25
and this I think is very good wording.
11:28
Targeted Security Awareness Training
11:30
tailored to the specific risks
11:33
faced by company employees
11:35
and. That's
11:37
great. Because. If
11:39
users have a security awareness campaign.
11:42
That. Doesn't. Answer the mail on
11:44
what kind of threats you're going to
11:46
be receiving. It's it's a very little
11:48
used to you. If also
11:50
mandates the use of a couple of technologies.
11:53
including Etti fishing filters, Which.
11:55
Are like anti spam filters? You just on
11:58
your emails right? and then. Our
12:00
Social Engineering simulation tools.
12:03
Oh okay, much like the ones provided by
12:05
our sponsor know before in. Other.
12:08
Companies also provide the but there are
12:10
there out there. These are fishing tools
12:12
you can even do a your training
12:14
your training that provides of yeah when
12:17
you click on the link you actually
12:19
wind up clicking on a training link
12:21
right arm and oh you click that
12:23
you shouldn't have a When I like
12:25
about that model is that it's quick,
12:28
it's on demand when it's needed, and
12:30
it doesn't take a lot of time.
12:33
And it is In. It's so it's
12:35
catching. The person at catching fire did
12:37
not have the right words. You're to
12:39
United Smartphone Celica Gotcha sort of Cat
12:42
like that, You're You're catching the person
12:44
at the very moment when. They.
12:46
Made the mistake when they made the mistake.
12:48
And so they are primed to learn that
12:51
lesson. Yes, Yes, Your. The
12:53
article it up by the way, I'm referencing
12:55
an article from I'd See online or com
12:57
and will put a link in the show
12:59
notes. but this article's adds that it might
13:01
be a good idea to implement Policies are
13:03
on social media usage. Of.
13:06
I hadn't even considered that. As I
13:09
don't have as part of the Pc ideas as
13:11
here right? But it would be a good thing
13:13
to do at work for your employees. Three employees.
13:15
Yep. Tell him how they're going to use Facebook,
13:17
you know, at work. Or. Jokes as
13:19
if you're it's or linked in. If
13:22
you're on linked in. Think. About
13:24
that you're on linked in. Linked In has a
13:26
message or is linked in messenger, right? And somebody
13:28
knows where you work. And. If they're
13:31
hit new Era and nine to five
13:33
eastern daylight time. They. Know you're
13:35
probably at the office isn't and they can send
13:37
you a message going. hey I'm book and I
13:39
wanted to share this with you mate. Maybe it's
13:41
a job opportunities? Hey can you redo my resume?
13:44
Here's here's a documents. And is just
13:46
have a link to a phishing site. right?
13:48
Detour Officer Sixty Five Credentials:
13:51
Stolen. That with mean it's these. This
13:56
is a very good. Point is one sec. Yeah. Put
13:58
some policy around. How
14:00
your pay, your employees interact on social media
14:03
why they're at the office. So.
14:05
I mean, it strikes me that it in the
14:07
same way that some. Insurance.
14:09
Companies help make.
14:12
Homes and offices Safer by.
14:15
Saying. You know if you install sprinklers
14:18
iri to get a lower insurance rate?
14:20
Yep. This is the Pc
14:22
I folks saying. You're
14:24
going to do these things and it's
14:26
gonna make everybody safer. We're going awry
14:29
or this. Yes, because their insurance companies
14:31
are saying dry required This Sounds good
14:33
point? Yeah, yeah. Doing
14:35
these things gonna make doing all these things like.
14:38
That complying with this new standards gonna
14:40
make your employees a lot more likely
14:42
to be able to recognize and handle
14:45
social engineering attacks when they're happening. Now
14:47
it is. You leave your employees out
14:49
in the wilderness he did. You don't
14:51
do payment cards or they're not payment
14:53
card handling people. You're
14:56
just leaving them open for these kind of
14:59
attacks, and there are plenty of third parties
15:01
out there that can help your organizations with
15:03
these compliance requirements. Another compliance requirements as well.
15:06
I'm so. I would
15:08
say take advantage of that. I know you're a
15:10
small companies. If you're a small company, you can't
15:13
afford the massive security budget. Or
15:15
so do the company like Square.
15:18
But you. Just never even see the credit
15:20
card information right? Or but still. Make
15:23
sure you have anybody that access is
15:25
your bank accounts. Taking
15:27
some security awareness training and summer and
15:29
understand what the risk is. An
15:32
Eminent As I think this emphasizes
15:34
that. And. Organization:
15:36
As large and widespread
15:39
as the folks who
15:41
handle Pc I. Feel.
15:44
Like this is time well spent? Yes,
15:46
right. This is in. It's yes. This
15:48
is an investment in your employees time.
15:50
Yes, what? The. Time they spend
15:53
on this ultimately. Could. Very
15:55
well save you a ton of time and
15:57
money. Yeah, on the headaches of dealing with.
16:00
A data breach says right. And one of
16:02
things I like about this isn't the kind
16:04
of a mandatory compliance for a business. It
16:07
wants to manage some credit card systems right
16:09
arm. So. It's kind
16:11
of like the heavy hammer coming down. On
16:14
these businesses but again it's we find
16:16
ourselves in the in the same situation.
16:18
Like all this money you're going to
16:20
spend on this. Will. Be well
16:22
spent if nothing happens. Rise says
16:24
it's as. If. That's
16:27
the measure of success with cyber security professionals.
16:29
Very Nothing happens, right? All.
16:32
right? Well that is interesting indeed. I
16:34
like you said, we will have a
16:36
link to that story in the So
16:38
Notes my story this week so I'm
16:41
actually going to focus on a letter
16:43
we got from a listener. Okay, Or
16:46
this is from a listener late name does
16:48
Deanna. Who. Asks that
16:50
we share this story. Someone.
16:53
Read it of that says dear Hiking Humans
16:55
Team. I'm. Writing
16:57
You amidst a harrowing situation involving
17:00
my recently widowed grandmother who has
17:02
fallen victim to pick butchering. Despite
17:04
our families best efforts intervene, she
17:06
is being manipulated to an extent
17:08
that has resulted in severe financial
17:11
loss and emotional turmoil for all
17:13
involved. A. Grandmother who mile
17:15
referred to as Nana After selling
17:17
her husband's truck became entangled with
17:19
a scammer known as Richard From
17:22
this relationship originated from the sale
17:24
of it's unclear if it was
17:26
online or through another channel. This.
17:29
Person has isolated her from our
17:31
family. beginning with my uncle or
17:33
recently retired police officer. After
17:36
extensive investigation, my uncle uncovered
17:38
that Richard was impersonating a
17:41
deceased man and presented numerous
17:43
inconsistency since his story. Is.
17:46
By presenting this evidence to Nana,
17:48
she has become increasingly alienated from
17:50
Us. Richard. Has convinced
17:52
her of is false identity and
17:54
a fabricated scenario where he's currently
17:57
detained by the I. R.S. in
17:59
Atlanta urging. The marry him. Nana.
18:01
Deeply misled is prepared to travel
18:04
to marry him and we are
18:06
of his motives are simply aiming
18:08
for marriage for immigration or other
18:10
fraud purposes. She. Has lost
18:12
approximately eighty five thousand dollars to
18:14
the scam. And. Recently sent
18:16
her driver's license to an unknown
18:19
recipient, increasing our concerns about further
18:21
identity theft or looming property fraud.
18:24
Efforts to intervene through banks and
18:26
legal channels have been unsuccessful as
18:28
she is still deemed capable of
18:31
handling her personal affairs. Our.
18:34
Family feels powerless as the situation
18:36
worsens and even with my fiance
18:38
is extensive background and cyber security,
18:40
we find ourselves at a loss.
18:42
We would appreciate any advice, resources
18:44
or if you could highlight the
18:47
story on your platform to raise
18:49
awareness about the dangers of social
18:51
engineering scams targeting the elderly. Thank
18:53
you for your commitment to educating
18:55
people on these critical issues. Sincerely,
18:57
Deanna. Have dating. Yeah,
19:01
it really is. This is gonna keep
19:03
going. until now. Realizes this is a
19:05
scammer. She runs out of money, And
19:08
then. One. Of those two
19:10
things are going to happen. Wanna go through this
19:12
just bit by bit and and sort of will
19:14
narrated as we go? Sure. So. We
19:16
start off here with some Nana
19:18
sold her husband's trucks. I'm assuming
19:20
here that this is a deceased
19:22
husband runs his widow. Ah,
19:25
This is selling the truck and someone comes
19:27
along. The. By the truck of
19:29
yeah a it could have been busy so
19:32
be trucked. Ah to another
19:34
buyer and got some cash for it and young this
19:36
guy just so happen to start talking to her when
19:38
she was trying to sell it. So.
19:40
Grabs your the process of selling right. Work on
19:42
it ended that. This. Guy somehow
19:45
made off with the truck. As
19:47
well. Yes, So or a
19:49
Either way, that's what prompted the
19:51
relationship life. So we've already. we've
19:53
got some new. Nana is in
19:55
a position of vulnerability. Yeah, right,
19:58
she is. She's in the process
20:00
still. I suspect grieving. Yup, she's
20:02
selling something that was the property
20:04
of. Her. Former loved one. And.
20:07
So she's vulnerable. Yeah, and this person
20:10
comes along and likely takes advantage of
20:12
that. Was talk
20:14
about the isolation. Adana says
20:16
that Nana has been isolated from
20:18
the family even including a oh
20:21
uncle who's are retired police are
20:23
police officer yeah that's that's amazing
20:25
a me as as. It
20:28
doesn't surprise me. right? You
20:30
know if this is one of her sons? I
20:33
would guess. That's. A retired
20:35
police officer. If. It's the the
20:37
dog. The authors uncle Ah could be
20:39
sub or maybe us on law pianos.
20:41
You have someone you've known and trusted
20:43
all your life. And are telling
20:45
you this is a scam. Be.
20:47
Influenced This guy has over over.
20:50
This. Woman: Is. Remarkably
20:52
strong in. Ways.
20:55
Woven a spell over her right in
20:57
the Zoc. with that's It's A that
20:59
we had actually was our prime evinced
21:02
her that bed. he genuinely loves her
21:04
and she believes is right. Oh, so
21:06
you're arguing against what is her truth,
21:08
not objective truth. But. Her subjective
21:10
truth which is very hard to argue
21:12
against right and in her heart is.
21:15
All intertwined in it's be as he
21:17
is. He's. Put her
21:19
in this situation of feeling like
21:21
there's a some sort of deep
21:23
intimate relationship Hear? The
21:26
thing about being retained by the I
21:28
Rs in Atlanta I suspect has nothing
21:30
to that right now the it's just
21:32
putting a distance between them and excuse
21:34
why he can't buy the can't meet
21:37
in person do is here. I might
21:39
actually think. It might be worth
21:41
depending on where you live in the Us.
21:43
That might be worth a trip to Atlanta.
21:46
To the Iris office. You
21:48
know, go in there and say hey my Nemesis
21:50
you're holding her boyfriend here in a detention so
21:52
we'd like to see him. sister sister has sued
21:55
the I Am Aware of the Of Your Eyes
21:57
or Iris Jail I mean other there is not
21:59
Iris. Okay,
22:03
Yeah. So I guess I don't
22:05
think there's anything to that this notion
22:07
that, ah, That. He wants to
22:09
marry her. I don't think there's
22:11
anything to that know. let's just all part of
22:13
the room and skin tight. And he's already taken
22:16
her for eighty five thousand dollars? Yep, Ah
22:18
is thing about sending her driver's license
22:20
off. I mean that's frightening. Yeah, I
22:23
think. The. Watch your parents out
22:25
because somebody else to go to opening bank accounts And
22:27
her name. right? Is
22:29
proof of my Id bright? And
22:33
I don't know like it there. for
22:35
the of the driver's license it's not
22:37
like a credit card where you can
22:39
just cancel it and it doesn't work
22:41
anymore. I you know I mean it's
22:43
still still valid. it's a valid Id
22:45
begin to replace but it would basically
22:47
be a duplicate of right the one
22:49
that see mailed off. yeah depending on
22:51
how the state does have a driver's
22:53
license numbers right? So definitely a put
22:55
some kind of credit monitoring in place
22:57
now. If if it's possible
22:59
I would freeze for credit and freeze her
23:02
are tell sucks and since of it nobody
23:04
else can open a bank account and or
23:06
name yeah because that's what's happening next with
23:08
that with that idea. Made
23:10
a. I'm.
23:13
In terms of additional
23:15
advice, I
23:17
think going into town to hear me normally what
23:19
I would say is try to find someone. Who.
23:22
Nana respects. Who's.
23:25
In a position of authority? Yeah, we've
23:27
had story after story where even that
23:29
doesn't help. Right of Maria was
23:31
on one time telling a story about somebody.
23:33
That. Wouldn't listen to the priests,
23:35
right? Wouldn't listen to the police officer.
23:39
And the sounds very similar. Of
23:41
what I would say is see if
23:43
you can slow things down little bit.
23:46
Citizens Not. Totally stop
23:48
Admins sell it to her like your we're
23:50
not going to totally stopped selling this guy
23:52
money, but we're going to slow down a
23:54
little bit and see what happens right? and
23:56
then. If. You can do that.
23:59
Perhaps. The. Will lose some interest. Although.
24:01
If he's done is. Done
24:04
our homework really isolating or. It's
24:07
it's. a. It's. A
24:09
problem is. It's. Really a
24:11
problem. One thing I wonder if we know
24:13
that there's mention of of as as we
24:15
set a family member who's a police officer.
24:18
I. Wonder if bringing in a higher
24:21
level law enforcement person could be
24:23
helpful than might at the level
24:25
of loss that we've had here.
24:27
I would think first of all,
24:29
Get. In touch with your local police
24:32
ah but then also your local F
24:34
B I field office know. I'm
24:36
as A maybe have made the Alamo
24:38
with you if you saw a friend
24:40
of the police departments. maybe get like
24:43
twenty police officers together and have them
24:45
all tell her it's a stamp or
24:47
the Chief of Police Syracuse someone who
24:49
who she would mean to me and
24:51
F B I agent coming to the
24:53
home right? Ah might be. An
24:56
increase in authority that she would take
24:58
seriously and are and I someone in
25:00
that position or someone who deals with
25:02
the scam side of this. Might.
25:05
Be able to break that spell right? Able to
25:07
say you know? I bet this is what happened,
25:09
right? And Nana will say how did you know
25:12
and the personal sake of that was what always
25:14
happens right in the that's. That. Sort
25:16
of thing to try to. I'm.
25:19
In a. Metaphor
25:21
for the Cdc Crab provide the
25:23
soldiers and saker remember to break
25:25
the spell of what's going on
25:28
here. The but
25:30
you know is he sees her own person
25:32
and there's not any. It's
25:34
her money to do with what she
25:36
wants rights the thing. it's legally. She
25:39
wants to. You know, take
25:41
all her money and throw it out in
25:43
the streets. He's allowed to do that right?
25:45
And yes, and Ahmed. I don't know that
25:47
that's a problem, but in this case, in
25:49
these cases, it certainly is a problem. right?
25:53
Now. it is a
25:55
crime for someone to be
25:57
defrauding her yes so Do
26:00
you come at it that you
26:02
know that my my relative is a victim of
26:05
a crime? But
26:07
but again, you know trying to get
26:10
them to To
26:12
lock things down is really hard You
26:15
can there are things you can do if you
26:17
were if you're able to get some Some
26:21
buy-in from her there are things you
26:24
can do like having Alerts
26:27
on bank accounts and things like that. Yeah,
26:29
these are useful for the elderly. So for
26:31
example I
26:33
have a thing with One an
26:35
elderly member of my family where if more
26:37
than let's say five thousand
26:39
dollars Flows out of a
26:41
bank account I get a notification right
26:43
right now in order for that to happen
26:45
That person had to agree to that so
26:48
you can't just have it done
26:50
right if If
26:53
you could convince her that this is in
26:55
everyone's best interest for no other reason than
26:57
just to slow things down Maybe
27:01
it'll help. Yeah Our
27:04
heart goes out to you Deanna and this
27:06
is not an easy situation. No, this is
27:08
terrible Yeah, it is really heartbreaking our listeners
27:10
have anything to say that might help Deanna.
27:12
I would love to hear it Yeah,
27:15
if there's anybody out there who's had
27:17
success here in breaking that spell I'd
27:21
love to know what worked. Yeah,
27:23
because I suspect there are folks out
27:25
there who've been in this harrowing
27:27
situation so Thank
27:30
You Deanna for sending in your
27:32
note We do appreciate
27:34
you taking the time for that and like I
27:36
said, we're we we're sorry that you're in this
27:39
situation And we hope for you the best We
27:42
do indeed. All right, Joe. Well,
27:44
let's go from there and let's
27:46
take a moment and switch gears
27:49
And it's time for our catch of the day Barker
28:00
to the day comes from Kenneth who
28:02
just sent us a been email of.
28:06
Your. Dogs Dave I love dogs. We got.
28:09
We. Have Fred sitting right here in
28:11
Essence, Effects, etc. Dogs is in studio
28:13
today. Thread has come back for the
28:15
cyber security is season on his best
28:18
behavior. He has not started are going
28:20
through a D trash can, sort of
28:22
nosing anyone or anything like that. So
28:24
Fred there's been a very good boy
28:27
is he is in now You've said
28:29
his name is coming up Now I've
28:31
read. The ruin
28:33
of Fred success as ah Ok so when
28:35
we got him go. Sorry. Last,
28:37
if you like dogs is this is a puppy scam.
28:40
Oh. It's a it's
28:42
a letter from an esteemed cardiologist.
28:45
Died at says hello. My name
28:47
is Doctor Doris Linda I am
28:49
and cardiologist by priests. Since I
28:51
work for major hospitals, I came
28:54
across your email address to surfing
28:56
the internet affiliated with the Us
28:58
Chamber of Commerce. My late grandmother
29:00
was a puppy breeder see died
29:03
about four months ago and see
29:05
left of see mail English bulldogs
29:07
and a female yorkie before she
29:09
died. One of the female. Puppy
29:12
Recently had a litter three puppies. They
29:14
are so adorable but due to my
29:16
job as an cardiologist it does not
29:18
give me the proper time to take
29:20
good care of these babies. I would
29:22
have loved to take care them myself
29:24
but due to the nature of my
29:26
jobs are almost do not have time
29:29
for myself. So I am currently after
29:31
finding for them a caring and loving
29:33
parents who would take good care of
29:35
them and are willing to adopt. If
29:37
you are generally interested in having one
29:39
or more of them, please do feel.
29:41
Free to email me immediately
29:44
for more details and information.
29:46
Doctor Doris Linder. Sent.
29:49
From my Android device with canine mail
29:51
please excuse my brevity. funny that the
29:53
using too much and I mail client
29:55
which is. Of. On
29:58
Android mail client and there are as real
30:00
think that a lot of get guess I'm
30:02
afraid I don't like that's. kind of odd.
30:04
I thought it was just reinforcing the scam
30:06
like this: This person loves dogs so much
30:08
they're even using a good dog email program
30:10
for us in our the real amp. Okay.
30:14
Guys. This is on. This is obviously
30:16
just a scammer. Was just going say
30:18
send you pictures of of dogs when
30:20
they sat on the internet and then
30:22
demand money from you and riders sense
30:24
and the money into dogs ever going
30:26
to show up? There is no.as a
30:28
sort of oh that's right, right we're
30:30
going to try to get see on
30:32
the hook for who knows, spaying and
30:34
neutering, or. Silly. Powder or effort
30:36
or whatever something the dog needs Gas you
30:38
go if you go like get another dog
30:41
like Fred gender to puppy a golden little
30:43
puppy cause. Oh to Grant?
30:45
Yeah, We we adopted
30:47
Fred from. A rescue in
30:50
paid nearly that much And to
30:52
pay the it off cincy add. Add.
30:55
Two thousand and there's a lot of money and dogs to
30:57
death. In. Answer Same
30:59
it is. All. right?
31:01
Well thank you can it for sending that
31:03
and we do appreciate it and por sua
31:06
we would love to hear from you or
31:08
you can send us your sense of the
31:10
day to hacking humans as and a. Getting
31:26
your organisation before your users
31:28
even see them. The new
31:30
Ccr Plus from Know Before
31:32
was developed to help you
31:34
supercharge your organization's email security
31:36
defenses. How you get a
31:38
unique crowdsourcing advantage? More than
31:40
ten million highly trained Know
31:42
before end users from across
31:44
the globe catch and report
31:46
militias emails that makes it
31:48
through all the filters. Know
31:50
Before is that lab then
31:52
validate said with a I
31:54
and with human researchers. Fish
31:56
he are plus blocks, fishing threads,
31:59
other tools, Myth and proactively
32:01
remove them from your users in
32:03
boxes. Not quite time travel like
32:05
we think you'll agree, it's a
32:08
vital capability in any info says
32:10
professionals Arsenal. Visit. Know
32:13
before.com/products/since the are-plus
32:16
to learn more
32:18
that's Know before.
32:21
com/Products slashed S
32:23
E R. Us.
32:26
And we take know before for sponsoring are. Ah
32:41
Joe! I recently had the pleasure of
32:43
speaking with Bogged Down by desire to
32:46
who is the Director of Threat Research
32:48
said it defender and were talking about
32:50
a hot topic. this is audio deep
32:52
fake my is our conversation. Dubbed.
32:55
Short stories that we're investigating are
32:57
scams that the of propagate through
32:59
social networks. For instance, because we're
33:01
working on a solution that house
33:03
people detect such scams. I'm not
33:05
going to a while going through
33:08
too much detail about a product.
33:10
but one of the things that
33:12
makes it stand out these this
33:14
unique combination of technology and human
33:16
intervention. You know that to stay
33:18
on top of these rats we
33:20
need to a mob a manual.
33:23
They analyze that them look into.
33:25
What the outcome? Sober specific
33:27
scams arts so I'm know
33:29
what we're doing is. ah
33:31
jeez, these towns on the
33:33
social media dissecting them are
33:35
looking gastro wonder scammers are
33:37
using how they're going to
33:39
monetize or or or other
33:41
going to capitalize on his
33:43
victims and then we are
33:45
logged these into a fire
33:47
of course. The fun part
33:49
of the investigation is. Reporting
33:52
them to their social network that.
33:55
Drive this the advertising. But up
33:57
until now we're. Pretty.
34:00
Skeptical about the outcomes of
34:02
reporting it is can still
34:04
problem gate the still keep
34:06
going because probably cybercriminals serve
34:08
a bumpy huge amounts of
34:10
money to our and on
34:12
display to potential victims. Solar
34:14
This is briefly why we
34:16
know so much about the
34:18
skanks were not using my
34:20
exclusively automated technologies to have
34:22
identified as camps are we
34:24
have a the old people
34:26
looking into that and. Will.
34:29
A little let's dig into some of them
34:31
here. I mean, for our listeners, can you
34:33
describe what a typical. One. Of these
34:36
looks like to it would kind of celebrities or were
34:38
talking about and what are they trying to do here.
34:41
Okay are I'm going to go
34:43
with the high profile list of
34:45
celebrities. I'm not sure if have
34:47
too many. All of our listeners
34:49
know where Romania it's A it's
34:51
a small country in the European
34:53
Union on that has the capital
34:55
city in Bucharest and is mostly
34:57
known for the stories about Dracula
34:59
is granted olive Board of interest
35:01
Romania right arm Wells I have
35:03
a president and the National Bank
35:05
governor and a couple of high
35:07
profile celebrities that are always strive
35:09
to the news cycle and. The
35:11
summer coming on. decided to go
35:13
for all of these people, impersonate
35:16
them and put words into their
35:18
mouths. Ah so because they have
35:20
huge presence. On
35:22
television and on the internet
35:24
is very easy for cybercriminals
35:27
to sample out mom pcs
35:29
all video and audio with
35:31
them. With all of these
35:33
information he to a been
35:35
on the a I've algorithm
35:37
and ah have samples of
35:39
their voice. Train. Right
35:41
after this happens or they
35:43
will usually a regular footage.
35:46
And. Listings are specific
35:48
text. Are usually asthma
35:51
claiming that were these
35:53
people are endorsing giveaways
35:55
or rob investment opportunities
35:57
or what not to.
36:00
Gullible. People And when these
36:02
endorsements fake endorsements are they
36:04
will purchase ads on platforms,
36:06
target specific audiences and and
36:08
have everybody c a one
36:11
minute or the the old
36:13
How to get rich Quick
36:15
and of course a lot
36:17
of people. Are. Fall victim
36:19
to that's because these celebrities, ah,
36:21
have a very. These
36:24
calls are olympics I would say
36:26
in a into the nice and
36:28
when the president that was you
36:30
bad or the or get rich
36:32
quick scheme that ago other members
36:35
of the governments are are hiding
36:37
away from you You will tend
36:39
to believe that because it has
36:41
everything is has agreed that has
36:44
the conspiracy theory aid schools and
36:46
is being there raised in by
36:48
of whoa who first a new
36:50
flesh and bones behind the camera
36:52
or has. Some.
36:55
Of the ones that you all sent over
36:57
for us to look at, their there was
36:59
one here from Oprah. And
37:02
there was one from Jennifer Anniston, who
37:04
are certainly well known celebrities here in
37:06
the United States. It is interesting to
37:08
me that. They. Both. Really?
37:11
Follow the same pattern that
37:13
these are giveaway scams. Ah,
37:16
Oprah was giving away some kind
37:18
of a car seat and Jennifer
37:20
Anniston was giving away on a
37:22
Mac book Pro. Both
37:24
for ridiculously low amounts of. is
37:26
that sort of the pattern of
37:28
that? This is very common here,
37:30
where. It's some kind of deal with to the
37:32
to be true. This
37:34
is this. Goes even better than
37:37
that though. Y p Something for
37:39
bar goods when you can can
37:41
get them for free. Ago couple
37:43
more weeks ago there was the
37:45
a Stem campaign. Or
37:47
impersonating Mr. Be Mad that's
37:49
a youtube celebrity. ah that's
37:51
very know A well known
37:53
for a charity work ah
37:56
see. allegedly was giving away
37:58
three I phones. He seemed
38:00
to have people All you
38:02
had to do was a
38:04
for shipment and the device
38:06
when yours. So. I'm
38:08
and of the city you know
38:10
what why and why our that
38:12
these devices boys for supply ah
38:14
on the south of the supermarket
38:17
and stores. She. Has than thousand
38:19
units to get. All.
38:21
For free him if he be a
38:23
mess. Enough of that you know way
38:25
winning moonlight When people see that there
38:28
is goods of high value given away
38:30
for free, don't take the tax right?
38:32
Particularly they had a love of a
38:35
debit card a prepaid card that
38:37
does a series. two months of had
38:39
the was. so even if you fall
38:41
victim to that's yeah a not going
38:44
to miss out to watch money.
38:46
but thing is that when you
38:48
getting out this information the stem goes
38:50
further on. This people
38:52
are are collecting credit
38:54
card information. So.
38:57
They can wire money to your
38:59
account and then use the credit
39:01
card data to do online shopping
39:04
and they're usually a no purchase.
39:06
Ah, digital currencies like or
39:09
bitcoin for a Syrian. To
39:11
launder money coming from different other
39:13
victims. So even if you're not
39:16
losing anything because you have, you
39:18
have no money into that account,
39:20
You're still helping people out launder
39:22
money coming out. some cybercrime so
39:24
nothing gets wasted in this industry.
39:28
It's. A really interesting insight into some
39:30
of the psychology behind this he noted
39:32
suit. It's like. Some. Of
39:34
the people who. I
39:37
don't remember. I'm I'm I'm sorry. Want to say the word,
39:39
Fall for it? because it sounds like. For. Some
39:41
people it's like playing the lottery. You know
39:43
where? they as probably part of their mind
39:45
that knows this is a scam. But.
39:48
For five dollars or for ten
39:50
dollars or for free. What? Have
39:52
I got to lose? straighten and I may come
39:54
away with a Macbook? Pro? Yeah,
39:57
yeah of among that there's this.
40:00
Man, now this example I keep
40:02
bringing up to the point though
40:04
where I'm repeating myself way to
40:06
offer on there's a law well
40:09
known com make a great in
40:11
by Xkcd eat of I'm I'm
40:13
sure that you're familiar with were
40:15
a city that ah is called
40:18
the Ten Thousand Damone alone. Least
40:20
com A to is that. Every
40:23
single day. There's.
40:26
Ten thousand people discovering what happens
40:28
when you mix coke with mental.
40:31
These. Discoveries for the first time. They
40:34
had no idea what happened and they
40:36
learn what happened the same day. This
40:38
goes. Absolutly perfect with
40:40
cyber friends every single day. There's
40:43
by analogy, ten thousand people for
40:45
being defrauded for the first time.
40:47
They have no idea cybercrime existed.
40:49
They were like, you know, virgin.
40:52
And at this point they.
40:55
Encountered the scammer for the first time
40:57
and they're falling victim for that because
40:59
they don't have the education and they
41:01
don't have the experience to stay away
41:03
from that. So yeah, they only learned
41:05
that cybercrime me this the hard way.
41:09
It's. Interesting to me also that you
41:11
mentioned in the you and your colleagues
41:13
do report this to the social media
41:15
platforms but. I. Mean, I suppose
41:18
you could say it's against their interest
41:20
to try to set these things down
41:22
because of. What? They're being paid
41:24
for. They are they're They're being paid to put these
41:26
in front of people. I. Was not allowed
41:28
to say that out loud but the i think
41:30
you for him and bordering on of people are
41:32
going to and i doesn't agree with mates. S.
41:37
Now I'm sure that is it's
41:39
not married exclusively. It's not just
41:41
above. Move will lead that run
41:43
over that the and Iran anttila
41:45
his budget get a depleted I'm
41:47
sure that are are. There are
41:49
some technical challenges are like the
41:52
you know video is very difficult
41:54
to inspect automatically I'm I'm not
41:56
going into detail that. You
41:58
know of sites like Youtube? Fingerprint
42:00
for instance, server video for
42:02
a copyrighted music and they
42:04
can I do that for.
42:08
This damn straight line person has
42:10
been a sudden right before bizarre,
42:12
I'm probably durga under seal a
42:15
volume off as the networks Ron
42:17
would not allow them to manually
42:19
police each and every video. As
42:22
that, they deliver. But they could
42:24
do better than they could, for
42:27
instance, automate, ah, both, or. Prioritize
42:30
in an automated ways. Ah adds
42:32
that get a huge number of
42:34
reports because the is not just
42:36
us for reporting these ads. it's
42:39
a lot of people who are
42:41
that sounds in south, stumbled across
42:43
them for the board them and
42:46
then nothing happens. The.
42:48
I have to say it's it's very frustrating
42:50
for me is. In. A someone who
42:52
does take the time to report these things.
42:55
Over. And over again and they
42:57
just keep popping up like are implying
42:59
that. It's it's it's maddening. Ever
43:03
mean as the as stays on
43:05
line is makes. A lot of
43:07
big them. Now. And know
43:09
another are a lot of victims because
43:11
I'm no forums and reddit threads are
43:14
a fool of people who gave their
43:16
account about how they got scammed and
43:18
a glove Help people that they have
43:21
learned a lesson the hard way. In
43:24
the business it's This is fun
43:26
because when when you're going through
43:29
these people are you realize that
43:31
there's not one single outcome that
43:33
hackers stick to. The have different
43:36
scenarios takes place people. there's ah,
43:38
Scenarios where they just one
43:40
that credit card number for
43:42
credit card fraud. they just
43:44
want more information for. A
43:48
Id theft or they might
43:50
want to enough swarm or
43:52
information for instance, to tweak.
43:56
the scam from a financial the ones
43:58
who are on a scam and to
44:00
a bigger financial one. There
44:03
are multiple outcomes. A couple of
44:05
weeks ago, we learned that some cyber
44:07
criminals would initiate a scam,
44:09
pay out a
44:12
low value return of investments to
44:14
the victim, and then
44:16
entice them to invest more and more and more
44:19
and more. By the time they have invested
44:21
a lot of money, they will
44:23
be like, you know what, you have
44:26
like $50,000 gathered in
44:28
your account. We need
44:31
you to withdraw
44:33
it. And we will happily assist you
44:35
wire the money into your account. You
44:41
don't have anything to do other than
44:43
plugging your phone into the
44:46
computer, install these two utilities,
44:48
and close your monitor off. Give
44:51
us 10, 15 minutes, and
44:53
then you'll have the money loaded into
44:55
your account. It sounds
44:57
stupid, but there's a lot of
45:00
people who heed that, and
45:02
they will connect the device. They will
45:04
install a piece of software
45:07
that automatically links the
45:10
phone to the computer via the
45:12
Android bridge, for instance. And
45:14
the second application would be a remote access tool.
45:17
So cyber criminals now have access to the
45:20
computer browser, and they have
45:22
access to the device that receives the
45:24
second authentication factor in the form of
45:26
SMS, for instance. And
45:29
all of a sudden, money will
45:31
start leaving the accounts rather than
45:33
arriving into the account because cyber
45:36
criminals will keep transferring all the
45:38
funds that the person
45:40
has in the banking account. That's
45:42
why a lot of European banks,
45:44
for instance, have become so paranoid
45:46
that they will lock down accounts
45:48
and temporarily freeze codes whenever
45:51
they identify a remote
45:55
desktop solution running along the
45:58
browser that opens up. end
46:00
up on your banking session. Interesting.
46:03
So what are your recommendations here?
46:05
I mean, for those of us who are
46:07
sharing this kind of thing with our
46:09
friends and family, I mean, what kind
46:11
of information should we share? First
46:14
of all, I would say
46:16
that education is a big
46:19
part of helping people navigate
46:21
through this new reality. If
46:24
there's one thing that we realized
46:26
in the event
46:28
of chat GPT, for instance, because we
46:31
keep referencing chat GPT as
46:33
the first formal AI
46:35
that the regular people could interact with.
46:38
You just chat with a bot, it
46:40
behaves like a human, it gives you
46:42
a solution. It isn't
46:44
empathetic, it is compassionate. It helps
46:46
you out. Right. That's
46:49
when people understood that AI
46:52
can have a huge, huge
46:55
power. The
46:58
event of this formal generative
47:00
AI is now
47:03
fueling cybercrime. It's fueling it
47:05
to saturate that we start
47:07
doubting whenever
47:10
we see something, whether it is
47:12
real or not, we start asking
47:14
ourselves questions. What
47:17
I'm seeing now, is it real or
47:19
is it special effects generated by the
47:21
AI? For
47:23
most people, it is very difficult
47:26
to answer that question correctly. There
47:28
will be a lot of people who are mistaking
47:32
AI generated content with reality.
47:36
For a very few pool of people, these
47:39
differences will be visible just because
47:41
it's advertising something too good to
47:44
be true. Back to
47:46
the original question, I would say that
47:48
education plays a key role because
47:52
there's no Greater
47:54
tools than common sense. When You see something
47:56
given away for free, that costs thousands of
47:59
dollars. You. Should ask
48:01
yourself why and my receiving
48:03
that and what makes it.
48:06
Possible. For people to blow
48:08
unlock this economical glitch that
48:11
brings infinite well when limited
48:13
resources. Is you're aware
48:15
of the sand? that nobody
48:17
gives anything for free. Just.
48:19
Out of the goodness of
48:22
their heart to strangers on
48:24
the internet you'll already the
48:26
already ah, have these systems
48:28
activated ah Secondly I would
48:30
say. L,
48:32
We should start looking easy to
48:34
our technologies that offer ah a
48:37
deeper level of protection than what
48:39
we're seeing Longstreet at this point
48:41
it's it's a little bit difficult
48:43
for technology to correctly identify a
48:46
I generated content that goes into
48:48
of. The real substance
48:50
blood on are these a I
48:52
generated content the is just the
48:54
top layer over more elaborate and
48:56
scam be you probably saw that
48:58
sir incident a couple of. Weeks
49:02
ago. In. Wage Singapore
49:04
Ah Employee. Or
49:07
was instructed to wire twenty
49:10
four million dollars to on
49:12
external. Bank account rain
49:14
and builder of of the
49:16
order came from the Ceo
49:18
himself. And. The
49:21
employee was like ah, i'm not sure
49:23
about that. You know I'll have to
49:25
validate with you were arguing the office
49:28
no I'm not in the office Ima,
49:30
I'm working remotely but can we urge
49:32
on quickly into a call? I'm going
49:34
to booting colleague X Why's that Combine
49:36
us and we're going to sit together.
49:39
Ah, they can make a decision and
49:41
then you will help. Ah squired the
49:43
my. And see indeed,
49:45
jump on on a zoom fall
49:47
or with the Ceo and three
49:50
other colleagues. They reached
49:52
an agreement. The employees are wired
49:54
the money just to learn out
49:57
that he was. The.
49:59
Only here. One in the car,
50:01
the other one day of the
50:03
the that recall a swerve or
50:05
a I bought and the seal
50:08
was a fraudster. So yeah these
50:10
camps are so elaborated that they
50:12
don't only rely on ago ads
50:14
are showing off or know people
50:17
streets. Of elaborated
50:19
stems usually start with a
50:21
background check on the victim
50:23
mode and the usual parts
50:25
of the keeled straight. ah
50:27
learning out there are phone
50:29
number their whereabouts. Their blood least
50:31
on colleagues they released of friends.
50:34
Fortunately, social media makes it so
50:36
easy for the other cybercriminals to
50:38
mount a lot of information bc
50:41
together and then generate does that
50:43
the perfect scam and Via A
50:45
is just the icing on the
50:48
kid is the final layer of
50:50
technology doesn't basically seals and you.
51:00
Go what you think, Damn. I really like
51:03
that admits offenders are examining the stamps to
51:05
the point where they're wondering what the endgame
51:07
is. No, don't they want to really understand
51:09
the anatomy of the scam, right? is great.
51:12
Courses always money is the end game but
51:14
he has been. They really want to know how
51:17
the scammers or didn't the victims there now and
51:19
they want to see with the damages. Are
51:22
it's interesting. That. Things
51:25
I thought was really telling in
51:27
this article was the body doesn't
51:29
think that reporting these scams to
51:31
social media comes to social media
51:33
companies. hops. It. He
51:36
said it, I don't think it helps and my first
51:38
thought was. I
51:40
want a lot of yeah again, social media
51:42
is making money from these scams as well.
51:45
I mean, they're right there, just the front
51:47
end of the parcel of the stamps. They
51:49
they like to pretend that they're not. Taking.
51:52
Part of this is and. In. But.
51:54
Then says he doesn't want to say that
51:56
they are. Also the artist
51:58
and or another. money off of
52:01
this, Dave. And that's why they're not involved
52:03
in it. If nothing else, it just drives
52:05
engagement. Right. Right. Yeah. Which is,
52:07
which is almost like their currency. Yeah. So
52:11
they sell the ads, they collect the cash. Um,
52:14
and I just remain more
52:16
and more unconvinced that, that they're doing anything
52:18
about it. Yeah. I don't think this might
52:21
be part of their business model. I'm with
52:23
you. It's aggravating. It is. Uh, there
52:25
are person in Romanian political figures in
52:28
Romania. Vladimir Steppes would
52:31
not have tolerated that. Um,
52:34
but they're also doing Oprah and
52:36
Jennifer Aniston. And I actually looked up the video,
52:39
found the video of Jennifer Aniston. Um,
52:42
it sounds very much like Jennifer
52:44
Aniston. Yeah. It doesn't look like
52:47
it's exactly right, but it,
52:49
it does sound almost exactly, I
52:51
can't tell that it's not Jennifer Aniston. Um,
52:56
Mr. Beast is also a great target for
52:58
these scammers. Um, I have an
53:00
appreciation slash hate relationship with Mr. Beast. I
53:03
don't watch his videos generally. Yeah. I find
53:05
his, I find his presence on my YouTube
53:07
feed annoying. Okay. Uh, but my son is
53:10
a big advocate and says he does a
53:12
lot of philanthropy work and does give away
53:14
a lot of stuff. Yes. I have heard
53:16
that. But so I'm going
53:19
to, I'm going to put my personal disdain
53:21
for him aside and say, um,
53:24
it's terrible that he's such a great target for
53:26
this because he has a reputation of being such
53:28
a nice guy and of
53:30
giving stuff away. These scammers can take
53:32
advantage of that and impersonate him. Yeah.
53:34
And it's a great tool. I
53:36
mean, I say great. I mean, I imagine that
53:39
it's highly effective. Right. It's probably one of the
53:41
more effective ones that they have because
53:43
he does this kind of stuff all the time. All
53:46
of this is possible because there is tons
53:48
of training data out there for these people.
53:50
Yeah. There's tons of training data out there
53:52
for me and you too, Dave. Yes. So
53:55
I'm still waiting for someone to send in
53:57
an audio deep fake of me saying something.
54:01
So they gather up some of the training
54:03
data. They make the fake endorsement video with
54:05
the audio and then they buy ads on
54:07
the social media platform and they
54:10
push it out and people people get
54:12
hooked. Yeah. I there was
54:14
one thing you talked about with in
54:16
this thing where they will when they're talking about
54:18
get rich quick schemes, they will
54:21
they will invoke the conspiracy theory kind
54:24
of thing. I'm fascinated by conspiracy theories.
54:27
Yeah. I
54:30
don't think most people who are part of the Flat
54:32
Earth movement believe that the Earth is actually flat. Okay.
54:36
But I think that
54:39
I think there's an attractiveness to it. You know, we're looking
54:41
at a little bit of post law here, which means that
54:43
someone's online. You
54:45
can't tell if they're being serious or
54:48
not. Okay. And they talk about
54:50
something. But there are other conspiracy theories out
54:52
there like Kennedy assassination, right? You think about
54:54
that one. Sure. That
54:57
was actually technically a conspiracy, right? They were
54:59
more than one or maybe it was just
55:01
Lee Harvey Oswald. Where are we going
55:03
here, Joe? Right. Well, my point
55:05
is these things are attractive, right? Right.
55:08
They're attractive to believe in. They
55:10
they will hook somebody who's already kind
55:13
of vulnerable to believe in
55:15
the system that the systems rigged against them. And that's why
55:17
they haven't gotten rich. And now they're finally going to get
55:19
the secret. Right. Yeah. Like
55:22
I got an email one time that says, hey, we'd like you to join the Illuminati.
55:25
Yeah. And I was like, there
55:27
is a small I was like, yeah, right. But there's a small
55:29
voice inside in the back of my head that goes, you
55:32
can be so powerful. I
55:35
was like, you sit down. I don't want to hear from
55:37
you again. Well, but
55:39
it's also like we've talked about. There could
55:42
be a certain level of pre filtering. Yeah,
55:44
absolutely. Right. That's an excellent point. And
55:47
kind of what I'm dancing around here is that
55:49
you get the conspiracy theory guy and he's like,
55:51
oh, OK, now what do I got to do?
55:54
I know this isn't going to be free because
55:56
nobody gives away anything for free. And
55:58
they get the money. Hmm. Yeah.
56:01
There was one interesting angle that came
56:04
up in this story in this interview.
56:06
Rather. It's when Bogdan is talking about
56:08
the, uh, you know, you,
56:10
you, you play the lottery to
56:12
get the, the late crusade pot or something, or
56:14
the iPhone or the laptop, and you pay like
56:17
five bucks for the credit card. And
56:19
if they can get your, your credit card
56:21
information and your banking details, now
56:23
they can load money into your bank account and
56:25
spend it on your credit card. And
56:28
you may not be aware that
56:31
they're doing that because when
56:33
you log into your bank account, what do you look at?
56:36
The balance, right? You don't look at the
56:38
transactions right away. Maybe if you go through the fine
56:41
tooth comb, right? Right. Maybe once a month, you look
56:43
at that and you see what, Hey, something's going on
56:45
here. But if you're just logging in, you might not
56:47
see that for a while. And
56:50
with electronic statements, it's
56:52
not like the UPS guy is going to
56:54
show up with your transaction records, you know,
56:57
the truck is full of them. Yeah.
57:01
The UPS guy won't show up. Somebody from
57:03
the department of treasury will, because your money
57:05
laundering is what's going on. You're laundering money.
57:07
Right. And that's what these guys are doing.
57:09
They're, they're going out and spending it on
57:11
cryptocurrency. And now they've got their cryptocurrency and
57:14
they haven't had to risk anything. And
57:16
the only thing they've done is put you at
57:18
risk. Yeah. It's, it's the perfect crime, Dave. He
57:23
tells a story about people connecting their phone to
57:25
their PC with an app on it that gives
57:27
the user control of the PC. That's terrifying to
57:30
me. You know, cause this is all a mystery
57:32
to a lot of people. Just
57:34
install this app and then hook it to your computer
57:36
and I'll take it from here. Yeah. Turn your monitor off.
57:38
So you're not watching what's going on. I'm here to help.
57:40
Right. Also,
57:43
I think it's encouraging though, that banks are
57:45
now recognizing when someone is coming through over
57:47
a remote, remote desktop system, some kind of
57:49
RDP and they're shutting down the connections.
57:52
Just great. Yeah. That's fantastic. One
57:55
of the key points here is that the AI
57:57
generated media is just the new, he called it
57:59
the. top layer in very old scams.
58:01
We're still looking at scams that have been
58:03
around for years and years and years before
58:05
the internet was a big thing. Even
58:08
longer than that. They were just now we're
58:10
putting that veneer of AI on top
58:12
of it. So
58:14
what do you do to protect yourself? Of course you educate yourself.
58:17
Uh, educate those around you. Tell everybody you
58:19
can about what the scams look like. Um,
58:22
remember that something is too good to be true.
58:24
That should be a big red flag. Yeah, absolutely.
58:28
All right. Well, our thanks to Bogdan
58:30
Bhattazatu for joining us again. Uh, he
58:32
is the director of threat research at
58:34
Bitdefender and we do appreciate him taking
58:37
the time. We
58:46
want to thank all of you for
58:48
listening. And of course we want to
58:50
thank our sponsors at Know Before. They
58:52
are experts in helping users do the
58:54
right thing through new school security awareness
58:56
training. And
59:03
that's hacking humans brought to you
59:05
by N2K CyberWire. Our thanks to
59:07
the Johns Hopkins University Information Security
59:09
Institute for their participation. You can
59:12
learn more at ISI.jhu.edu. We'd
59:16
love to know what you think of this
59:18
podcast. Your feedback ensures we deliver the insights
59:20
that keep you a step ahead in the
59:22
rapidly changing world of cybersecurity. If
59:24
you like the show, please share a rating and
59:26
review in your podcast app. Please also
59:29
fill out the survey in the show
59:31
notes or send an email to hackinghumans
59:33
at n2k.com. We're
59:35
privileged that N2K CyberWire is part of
59:37
the daily routine of the most influential
59:39
leaders and operators in the public and
59:41
private sector from the 4K 500
59:43
to many of the world's
59:45
preeminent intelligence and law enforcement agencies.
59:48
N2K makes it easy for companies
59:50
to optimize your biggest investment, your
59:52
people. We make you smarter about
59:54
your team while making your teams
59:56
smarter. Learn how at n2k.com. This
1:00:00
episode is produced by Liz Stokes.
1:00:02
Our executive producer is Jennifer Iben.
1:00:04
We're mixed by Elliot Peltzman and
1:00:06
Trey Hester. Our executive editor is
1:00:09
Brandon Carr. Peter Kilby is our
1:00:11
publisher. I'm Dave Fittner. And I'm
1:00:13
Joe Kerrigan. Thanks for listening.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More