0:02

You listening to the cyber wire network

0:04

powered by and two k. Gen.

0:14

Vi is now fueling cybercrime.

0:16

I'd fueling it to such

0:18

a rate that we start

0:21

doubting whether it is real

0:23

or not. And for most

0:25

people, it is very difficult

0:27

to answer that question or

0:29

ring. Hello! Everyone

0:31

and welcome to and to Case Cyber

0:33

Liars Hacking Humans podcast where each week

0:35

we look behind the social engineering scams,

0:37

fishing schemes and criminal exploits that are

0:40

making headlines and taking a heavy toll

0:42

on organizations around the world. I'm Dave

0:44

Bittner and joining me is Joe Kerrigan

0:46

from the Johns Hopkins University Information Security

0:48

Institute paid Joe hi Dave we got

0:50

some good stories to share this week

0:53

and later in the show my conversation

0:55

with bug done but has up to

0:57

use Director of Threat Research at Bit

0:59

Defender or talking about. Audio. Deep

1:01

Fakes will be right back after

1:03

this message from our show sponsor.

1:15

But first a word from our

1:17

sponsors at Know Before Time Travel

1:19

would be a particularly powerful tool

1:21

in the hands of any overworked

1:23

info Sec Professional: Think about it

1:25

being able to see the future

1:27

and know which malicious emails would

1:29

be missed by all the existing

1:31

filters. Your ability to stay one

1:33

step ahead of the bad actors

1:35

would rise to a whole new

1:37

level. Unfortunately, our sponsors haven't cracked

1:39

Time Travel just yet. They are,

1:41

however, introducing a new fishing protection

1:43

product that can block and remove.

1:45

Dangerous phishing emails before your users

1:47

even see them. Stay with us and

1:49

in a few minutes you'll learn

1:51

how. Are.

1:58

You Joe before we dig. Here are

2:00

we got a little bit of follow

2:02

up We do. This is from a

2:05

kind listener named Lara. Islands.

2:07

And will have it's too, I suppose. Well, I.

2:10

Can see like I'm assuming she's right

2:12

from London. So I would say just

2:14

like it's spelled Lara That's why they

2:17

call me names. Laira read like an

2:19

American. Sign up for more of a

2:21

Lara. Okay, Nora, it's probably Lara. A.

2:24

Go lara rights and and says

2:26

hey guys London based listener here

2:28

please bear with me. Is.

2:31

Piccadilly Circus so tight

2:33

circle. At okay point

2:35

taken Max you are hilarious as it's

2:37

a tube of subway station, not a

2:40

train states okay I did last year

2:42

and Weston. So thank

2:44

you for the clarification. Is a tube stations

2:46

and it is it called The Underground London

2:48

Underground. I suppose what

2:50

they call slang is the tube, right?

2:53

right? But. If.

2:55

He I think one of the issues here is that.

2:58

Europe has as such, vastly superior

3:01

public transportation than we do well.

3:03

Of course they do, hardly because

3:05

things are closer together, I guess.

3:07

Yeah, so. For.

3:09

I find the train poisons d

3:11

C to to Kansas City is

3:13

the same as the distance from

3:15

Warsaw to Paris and okay. Countries

3:18

huge so I like for me

3:20

if I'm taking the Dc metro

3:22

I would still consider that of

3:24

taking a train because is running

3:27

on. Trials the suffer but

3:29

it's a drugs flight. But ah, I

3:31

do appreciate the subtle distinction that Lars

3:33

make. I will say here on the

3:35

East coast there is a distinction between

3:37

subway systems I can get on the

3:39

Metro rail, then you get on Amtrak

3:42

which is more like a rail run

3:44

and wind up in the New York

3:46

subway system. Yeah, a dead duck. Grand

3:48

Central, that's true. and we have commuter

3:50

rail which is different from bright Amtrak

3:52

which is our trains or passenger rail

3:54

freight nets. Unless hard to say it's

3:56

national passenger rail. Or

3:59

I could see doing. Romero says you don't need

4:01

to take it, you just have a card. There

4:03

are no paper tickets any longer. Okay as we

4:05

don't know how the story was that by yeah

4:07

that's the way the metro works. Now to get

4:10

tickets are about as seven pounds. The guy spent

4:12

twenty pounds. I have no clue what he bought

4:14

but it wasn't a one way tickets. Well

4:17

I mean if you, if you have a card

4:19

geez I suspect you can load up that card

4:21

with the as much money as. You. Want

4:23

so. Also of this as

4:26

someone who is unfamiliar with the money right?

4:28

right? More how things work right they may

4:30

to say oh, you know what do I

4:32

got here? I already got a twenty hour

4:34

of but The Sun card grammar. Ah,

4:37

And and last but certainly not

4:40

Li said, Lara says Americans get

4:42

recognized and scammed everywhere because of

4:44

how clueless you guys like Assist

4:47

assist. At. At healthy

4:49

subjects, the mere fact most

4:51

Americans say things like i'm

4:53

going to Europe. As. If

4:55

it was a country makes you a target.

4:58

Second, Yeah. Okay

5:02

so turnabout is fair play. I

5:04

were I would point out our

5:06

our producer Jen made the point

5:08

that is Lara is coming on

5:10

decided upon it is likely that

5:12

she would say I'm going to

5:14

America. Yes, Which is. Two

5:17

continents, Yes. Are

5:19

just one us At the center of

5:22

the rest is is that sets of

5:24

so. Airborne out. To

5:26

be fair, we don't know. Larose might just

5:28

have to say that she's going to visit

5:30

the United States and never he summer. the

5:32

distant the difference between numbers a different distances

5:34

from L A times when people are going

5:36

to Europe. Of they will go

5:39

to multiple countries. That are like

5:41

you can go to Germany and France and Switzerland demands

5:43

and auto they also fact of the only time I've

5:45

ever been to Europe I went to Ireland and Northern

5:47

Ireland which is part of United Kingdom. So.

5:49

Even staying on one little tiny island. The.

5:52

Island of Ireland. I went to two countries.

5:55

Road. Done and I I

5:57

don't I'm on a know a means of for

5:59

an American. They were going to Europe. right?

6:02

Ah, Because.

6:05

You we sweeter taking a European vacation

6:07

would to your point works are probably

6:09

visiting multiple countries. price because they're so

6:11

darn close together. I now serves as

6:13

a sovereign state us to I have

6:15

read it or record. So

6:18

it's issues Scale: Ah,

6:20

alright well. My. Favorite thing

6:22

is when somebody comes with us and says

6:24

hour drive down to Disney World and then

6:27

fly out to have filed to California and

6:29

see the Redwoods in an episode. or does

6:31

he have a week when I went all

6:33

the. The. Out about No

6:35

Limits right now they do. There is a tendency

6:37

to think that, especially when you get out west,

6:39

that yeah, things are. so he was read out.

6:42

Of something about Los Angeles the other day. Air

6:44

how big that city is now. like when you

6:47

fly out of it. Your. Up

6:49

in the clouds before you're out from

6:51

underneath of it isn't It's huge price.

6:53

It's a mile wide and an inch

6:55

deep, right? Yes, the older a lottery

6:57

low and it's. So enormous

6:59

and all lara of thank you for

7:01

your name again and we do much

7:03

you love here in this this a

7:05

good natured ribbing guess you're you're good

7:07

sport and would be appreciated and. We.

7:10

Will we were are Ugly American

7:12

is some love as as on

7:14

our sleeves is a. Point.

7:17

Of pride I guess on of a kind

7:19

of it is a. Really

7:21

sweet knowledge it guess I'd well thank

7:24

you for writing and we do appreciate

7:26

it and of course so we would

7:28

love to hear from you. Is there

7:30

something you'd like us to cover on

7:32

the show? You can email us his

7:34

sacking humans and and Two K.com. Or.

7:36

A Joe. Let's dig into some stories

7:38

here. You wanna start things off for

7:41

us? Yes, I want to start off

7:43

by talking about to see I'd as

7:45

Dss are busy ideas of those Bloody

7:47

Simmons Er Det Assessor I'm Sandra Mouse

7:49

Android say oh goody I may say

7:52

oh good eats we are tapping with

7:54

sarcasm yeah face if it's but. Ah,

7:57

first, all version for the standard became

7:59

mandatory on April first this year. While

8:01

it's about time Russ got released about

8:03

two years ago biscuits and now it's

8:05

now it's required. And there was some

8:07

changes to the standard that I think.

8:09

Are. Pretty good. Okay to go so far as

8:11

to call them awesome or I. In.

8:14

The old standard oh restored so

8:16

we we we wait before we

8:18

do is yeah wouldn't it wouldn't

8:20

with a so what is Dc

8:22

ideas as was excellent. Excellent point

8:24

Dave I was wrong long as

8:26

if everybody knew what that The

8:28

security center whoa down Egghead A

8:30

sophisticated it is. Cia is short

8:32

for the payment card industry. Ah

8:34

is a an organization of people

8:36

that are. They work with payment

8:38

cards right? right? and D D

8:40

S S is the data security

8:42

standard Now correct Tate's. That if

8:44

you're going to accept credit cards

8:46

and hold credit card data, there

8:48

are certain security standards to which

8:50

you must adhere. Okay, it is

8:52

the reason that now all the

8:54

gas stations in the United States

8:56

have chipped. Readers. And right, Frank

8:59

God that has been delayed. I think

9:01

that's now. Part and parcel of this

9:03

it with everybody has to have that okay or as

9:05

as I can remember. last time I saw a. A

9:08

a gas pump without it's a breeder. Which.

9:10

Is good and this is an area where

9:12

we have lagged the rest of the world.

9:15

Yeah it is. We've always been a year

9:17

to behind Zealots August Laurie people over London

9:19

there were a source of of course assist

9:21

assist. Over Piccadilly Circus. fresh.

9:25

As. A Don't

9:27

something that's that's just as. So.

9:30

There have been some changes and of

9:32

course all these their story standards. The

9:35

A pianist recent releases around but this

9:37

is a private sector. Data security standards

9:39

isn't as called the Pc Ideas as

9:42

and. The. Changes that

9:44

I want to talk about. Our

9:46

the changes to the social

9:48

engineering portion of the standard.

9:50

Oh okay. so in the

9:53

past. A broad security

9:55

awareness campaign would have sufficed to

9:57

meet the requirements of the data

9:59

Security. Hundred. So. long as

10:01

you had some kind of security awareness.

10:04

Thing. Going on at your company. Then.

10:07

You could check the box with a Pc.

10:09

I and this is for someone who takes

10:11

credit card. As for somebody to his credit

10:13

card of other say this. There are different

10:15

layers of people that take credit cards. Like

10:18

not every small business can comply

10:20

with this requirement, right? So those

10:22

you something like square or I'm.

10:24

A. House that yeah

10:26

Obama? yes I did once in A

10:28

And what they do with those companies

10:30

do is they it's. Totally.

10:33

Removed that responsibility from the business owners

10:35

small business owner and eight encrypt that

10:37

data completely along the traffic so that

10:40

small business owner never really seen the

10:42

credit card right? they never really have

10:44

it in their custody. So if their

10:46

systems get get. Breached. Someone.

10:49

Gets access to and they're not going to get a credit card.

10:51

Information. And because it's been secured

10:53

by these other third party providers, which

10:55

is a great business model. Yeah

10:57

because. Not every small

10:59

business of can afford to. Comply.

11:03

With the Pc ideas s right.

11:06

But. You can, you can just go out and. Get.

11:08

A square accounts pay a little bit more

11:10

per transaction. Was a small business. can probably

11:12

to check your prices a little bit more

11:15

to come to compensate. And.

11:18

You're. A business which is great. You can

11:20

take payment cards right at. The

11:23

new. Requirements. In

11:25

and this I think is very good wording.

11:28

Targeted Security Awareness Training

11:30

tailored to the specific risks

11:33

faced by company employees

11:35

and. That's

11:37

great. Because. If

11:39

users have a security awareness campaign.

11:42

That. Doesn't. Answer the mail on

11:44

what kind of threats you're going to

11:46

be receiving. It's it's a very little

11:48

used to you. If also

11:50

mandates the use of a couple of technologies.

11:53

including Etti fishing filters, Which.

11:55

Are like anti spam filters? You just on

11:58

your emails right? and then. Our

12:00

Social Engineering simulation tools.

12:03

Oh okay, much like the ones provided by

12:05

our sponsor know before in. Other.

12:08

Companies also provide the but there are

12:10

there out there. These are fishing tools

12:12

you can even do a your training

12:14

your training that provides of yeah when

12:17

you click on the link you actually

12:19

wind up clicking on a training link

12:21

right arm and oh you click that

12:23

you shouldn't have a When I like

12:25

about that model is that it's quick,

12:28

it's on demand when it's needed, and

12:30

it doesn't take a lot of time.

12:33

And it is In. It's so it's

12:35

catching. The person at catching fire did

12:37

not have the right words. You're to

12:39

United Smartphone Celica Gotcha sort of Cat

12:42

like that, You're You're catching the person

12:44

at the very moment when. They.

12:46

Made the mistake when they made the mistake.

12:48

And so they are primed to learn that

12:51

lesson. Yes, Yes, Your. The

12:53

article it up by the way, I'm referencing

12:55

an article from I'd See online or com

12:57

and will put a link in the show

12:59

notes. but this article's adds that it might

13:01

be a good idea to implement Policies are

13:03

on social media usage. Of.

13:06

I hadn't even considered that. As I

13:09

don't have as part of the Pc ideas as

13:11

here right? But it would be a good thing

13:13

to do at work for your employees. Three employees.

13:15

Yep. Tell him how they're going to use Facebook,

13:17

you know, at work. Or. Jokes as

13:19

if you're it's or linked in. If

13:22

you're on linked in. Think. About

13:24

that you're on linked in. Linked In has a

13:26

message or is linked in messenger, right? And somebody

13:28

knows where you work. And. If they're

13:31

hit new Era and nine to five

13:33

eastern daylight time. They. Know you're

13:35

probably at the office isn't and they can send

13:37

you a message going. hey I'm book and I

13:39

wanted to share this with you mate. Maybe it's

13:41

a job opportunities? Hey can you redo my resume?

13:44

Here's here's a documents. And is just

13:46

have a link to a phishing site. right?

13:48

Detour Officer Sixty Five Credentials:

13:51

Stolen. That with mean it's these. This

13:56

is a very good. Point is one sec. Yeah. Put

13:58

some policy around. How

14:00

your pay, your employees interact on social media

14:03

why they're at the office. So.

14:05

I mean, it strikes me that it in the

14:07

same way that some. Insurance.

14:09

Companies help make.

14:12

Homes and offices Safer by.

14:15

Saying. You know if you install sprinklers

14:18

iri to get a lower insurance rate?

14:20

Yep. This is the Pc

14:22

I folks saying. You're

14:24

going to do these things and it's

14:26

gonna make everybody safer. We're going awry

14:29

or this. Yes, because their insurance companies

14:31

are saying dry required This Sounds good

14:33

point? Yeah, yeah. Doing

14:35

these things gonna make doing all these things like.

14:38

That complying with this new standards gonna

14:40

make your employees a lot more likely

14:42

to be able to recognize and handle

14:45

social engineering attacks when they're happening. Now

14:47

it is. You leave your employees out

14:49

in the wilderness he did. You don't

14:51

do payment cards or they're not payment

14:53

card handling people. You're

14:56

just leaving them open for these kind of

14:59

attacks, and there are plenty of third parties

15:01

out there that can help your organizations with

15:03

these compliance requirements. Another compliance requirements as well.

15:06

I'm so. I would

15:08

say take advantage of that. I know you're a

15:10

small companies. If you're a small company, you can't

15:13

afford the massive security budget. Or

15:15

so do the company like Square.

15:18

But you. Just never even see the credit

15:20

card information right? Or but still. Make

15:23

sure you have anybody that access is

15:25

your bank accounts. Taking

15:27

some security awareness training and summer and

15:29

understand what the risk is. An

15:32

Eminent As I think this emphasizes

15:34

that. And. Organization:

15:36

As large and widespread

15:39

as the folks who

15:41

handle Pc I. Feel.

15:44

Like this is time well spent? Yes,

15:46

right. This is in. It's yes. This

15:48

is an investment in your employees time.

15:50

Yes, what? The. Time they spend

15:53

on this ultimately. Could. Very

15:55

well save you a ton of time and

15:57

money. Yeah, on the headaches of dealing with.

16:00

A data breach says right. And one of

16:02

things I like about this isn't the kind

16:04

of a mandatory compliance for a business. It

16:07

wants to manage some credit card systems right

16:09

arm. So. It's kind

16:11

of like the heavy hammer coming down. On

16:14

these businesses but again it's we find

16:16

ourselves in the in the same situation.

16:18

Like all this money you're going to

16:20

spend on this. Will. Be well

16:22

spent if nothing happens. Rise says

16:24

it's as. If. That's

16:27

the measure of success with cyber security professionals.

16:29

Very Nothing happens, right? All.

16:32

right? Well that is interesting indeed. I

16:34

like you said, we will have a

16:36

link to that story in the So

16:38

Notes my story this week so I'm

16:41

actually going to focus on a letter

16:43

we got from a listener. Okay, Or

16:46

this is from a listener late name does

16:48

Deanna. Who. Asks that

16:50

we share this story. Someone.

16:53

Read it of that says dear Hiking Humans

16:55

Team. I'm. Writing

16:57

You amidst a harrowing situation involving

17:00

my recently widowed grandmother who has

17:02

fallen victim to pick butchering. Despite

17:04

our families best efforts intervene, she

17:06

is being manipulated to an extent

17:08

that has resulted in severe financial

17:11

loss and emotional turmoil for all

17:13

involved. A. Grandmother who mile

17:15

referred to as Nana After selling

17:17

her husband's truck became entangled with

17:19

a scammer known as Richard From

17:22

this relationship originated from the sale

17:24

of it's unclear if it was

17:26

online or through another channel. This.

17:29

Person has isolated her from our

17:31

family. beginning with my uncle or

17:33

recently retired police officer. After

17:36

extensive investigation, my uncle uncovered

17:38

that Richard was impersonating a

17:41

deceased man and presented numerous

17:43

inconsistency since his story. Is.

17:46

By presenting this evidence to Nana,

17:48

she has become increasingly alienated from

17:50

Us. Richard. Has convinced

17:52

her of is false identity and

17:54

a fabricated scenario where he's currently

17:57

detained by the I. R.S. in

17:59

Atlanta urging. The marry him. Nana.

18:01

Deeply misled is prepared to travel

18:04

to marry him and we are

18:06

of his motives are simply aiming

18:08

for marriage for immigration or other

18:10

fraud purposes. She. Has lost

18:12

approximately eighty five thousand dollars to

18:14

the scam. And. Recently sent

18:16

her driver's license to an unknown

18:19

recipient, increasing our concerns about further

18:21

identity theft or looming property fraud.

18:24

Efforts to intervene through banks and

18:26

legal channels have been unsuccessful as

18:28

she is still deemed capable of

18:31

handling her personal affairs. Our.

18:34

Family feels powerless as the situation

18:36

worsens and even with my fiance

18:38

is extensive background and cyber security,

18:40

we find ourselves at a loss.

18:42

We would appreciate any advice, resources

18:44

or if you could highlight the

18:47

story on your platform to raise

18:49

awareness about the dangers of social

18:51

engineering scams targeting the elderly. Thank

18:53

you for your commitment to educating

18:55

people on these critical issues. Sincerely,

18:57

Deanna. Have dating. Yeah,

19:01

it really is. This is gonna keep

19:03

going. until now. Realizes this is a

19:05

scammer. She runs out of money, And

19:08

then. One. Of those two

19:10

things are going to happen. Wanna go through this

19:12

just bit by bit and and sort of will

19:14

narrated as we go? Sure. So. We

19:16

start off here with some Nana

19:18

sold her husband's trucks. I'm assuming

19:20

here that this is a deceased

19:22

husband runs his widow. Ah,

19:25

This is selling the truck and someone comes

19:27

along. The. By the truck of

19:29

yeah a it could have been busy so

19:32

be trucked. Ah to another

19:34

buyer and got some cash for it and young this

19:36

guy just so happen to start talking to her when

19:38

she was trying to sell it. So.

19:40

Grabs your the process of selling right. Work on

19:42

it ended that. This. Guy somehow

19:45

made off with the truck. As

19:47

well. Yes, So or a

19:49

Either way, that's what prompted the

19:51

relationship life. So we've already. we've

19:53

got some new. Nana is in

19:55

a position of vulnerability. Yeah, right,

19:58

she is. She's in the process

20:00

still. I suspect grieving. Yup, she's

20:02

selling something that was the property

20:04

of. Her. Former loved one. And.

20:07

So she's vulnerable. Yeah, and this person

20:10

comes along and likely takes advantage of

20:12

that. Was talk

20:14

about the isolation. Adana says

20:16

that Nana has been isolated from

20:18

the family even including a oh

20:21

uncle who's are retired police are

20:23

police officer yeah that's that's amazing

20:25

a me as as. It

20:28

doesn't surprise me. right? You

20:30

know if this is one of her sons? I

20:33

would guess. That's. A retired

20:35

police officer. If. It's the the

20:37

dog. The authors uncle Ah could be

20:39

sub or maybe us on law pianos.

20:41

You have someone you've known and trusted

20:43

all your life. And are telling

20:45

you this is a scam. Be.

20:47

Influenced This guy has over over.

20:50

This. Woman: Is. Remarkably

20:52

strong in. Ways.

20:55

Woven a spell over her right in

20:57

the Zoc. with that's It's A that

20:59

we had actually was our prime evinced

21:02

her that bed. he genuinely loves her

21:04

and she believes is right. Oh, so

21:06

you're arguing against what is her truth,

21:08

not objective truth. But. Her subjective

21:10

truth which is very hard to argue

21:12

against right and in her heart is.

21:15

All intertwined in it's be as he

21:17

is. He's. Put her

21:19

in this situation of feeling like

21:21

there's a some sort of deep

21:23

intimate relationship Hear? The

21:26

thing about being retained by the I

21:28

Rs in Atlanta I suspect has nothing

21:30

to that right now the it's just

21:32

putting a distance between them and excuse

21:34

why he can't buy the can't meet

21:37

in person do is here. I might

21:39

actually think. It might be worth

21:41

depending on where you live in the Us.

21:43

That might be worth a trip to Atlanta.

21:46

To the Iris office. You

21:48

know, go in there and say hey my Nemesis

21:50

you're holding her boyfriend here in a detention so

21:52

we'd like to see him. sister sister has sued

21:55

the I Am Aware of the Of Your Eyes

21:57

or Iris Jail I mean other there is not

21:59

Iris. Okay,

22:03

Yeah. So I guess I don't

22:05

think there's anything to that this notion

22:07

that, ah, That. He wants to

22:09

marry her. I don't think there's

22:11

anything to that know. let's just all part of

22:13

the room and skin tight. And he's already taken

22:16

her for eighty five thousand dollars? Yep, Ah

22:18

is thing about sending her driver's license

22:20

off. I mean that's frightening. Yeah, I

22:23

think. The. Watch your parents out

22:25

because somebody else to go to opening bank accounts And

22:27

her name. right? Is

22:29

proof of my Id bright? And

22:33

I don't know like it there. for

22:35

the of the driver's license it's not

22:37

like a credit card where you can

22:39

just cancel it and it doesn't work

22:41

anymore. I you know I mean it's

22:43

still still valid. it's a valid Id

22:45

begin to replace but it would basically

22:47

be a duplicate of right the one

22:49

that see mailed off. yeah depending on

22:51

how the state does have a driver's

22:53

license numbers right? So definitely a put

22:55

some kind of credit monitoring in place

22:57

now. If if it's possible

22:59

I would freeze for credit and freeze her

23:02

are tell sucks and since of it nobody

23:04

else can open a bank account and or

23:06

name yeah because that's what's happening next with

23:08

that with that idea. Made

23:10

a. I'm.

23:13

In terms of additional

23:15

advice, I

23:17

think going into town to hear me normally what

23:19

I would say is try to find someone. Who.

23:22

Nana respects. Who's.

23:25

In a position of authority? Yeah, we've

23:27

had story after story where even that

23:29

doesn't help. Right of Maria was

23:31

on one time telling a story about somebody.

23:33

That. Wouldn't listen to the priests,

23:35

right? Wouldn't listen to the police officer.

23:39

And the sounds very similar. Of

23:41

what I would say is see if

23:43

you can slow things down little bit.

23:46

Citizens Not. Totally stop

23:48

Admins sell it to her like your we're

23:50

not going to totally stopped selling this guy

23:52

money, but we're going to slow down a

23:54

little bit and see what happens right? and

23:56

then. If. You can do that.

23:59

Perhaps. The. Will lose some interest. Although.

24:01

If he's done is. Done

24:04

our homework really isolating or. It's

24:07

it's. a. It's. A

24:09

problem is. It's. Really a

24:11

problem. One thing I wonder if we know

24:13

that there's mention of of as as we

24:15

set a family member who's a police officer.

24:18

I. Wonder if bringing in a higher

24:21

level law enforcement person could be

24:23

helpful than might at the level

24:25

of loss that we've had here.

24:27

I would think first of all,

24:29

Get. In touch with your local police

24:32

ah but then also your local F

24:34

B I field office know. I'm

24:36

as A maybe have made the Alamo

24:38

with you if you saw a friend

24:40

of the police departments. maybe get like

24:43

twenty police officers together and have them

24:45

all tell her it's a stamp or

24:47

the Chief of Police Syracuse someone who

24:49

who she would mean to me and

24:51

F B I agent coming to the

24:53

home right? Ah might be. An

24:56

increase in authority that she would take

24:58

seriously and are and I someone in

25:00

that position or someone who deals with

25:02

the scam side of this. Might.

25:05

Be able to break that spell right? Able to

25:07

say you know? I bet this is what happened,

25:09

right? And Nana will say how did you know

25:12

and the personal sake of that was what always

25:14

happens right in the that's. That. Sort

25:16

of thing to try to. I'm.

25:19

In a. Metaphor

25:21

for the Cdc Crab provide the

25:23

soldiers and saker remember to break

25:25

the spell of what's going on

25:28

here. The but

25:30

you know is he sees her own person

25:32

and there's not any. It's

25:34

her money to do with what she

25:36

wants rights the thing. it's legally. She

25:39

wants to. You know, take

25:41

all her money and throw it out in

25:43

the streets. He's allowed to do that right?

25:45

And yes, and Ahmed. I don't know that

25:47

that's a problem, but in this case, in

25:49

these cases, it certainly is a problem. right?

25:53

Now. it is a

25:55

crime for someone to be

25:57

defrauding her yes so Do

26:00

you come at it that you

26:02

know that my my relative is a victim of

26:05

a crime? But

26:07

but again, you know trying to get

26:10

them to To

26:12

lock things down is really hard You

26:15

can there are things you can do if you

26:17

were if you're able to get some Some

26:21

buy-in from her there are things you

26:24

can do like having Alerts

26:27

on bank accounts and things like that. Yeah,

26:29

these are useful for the elderly. So for

26:31

example I

26:33

have a thing with One an

26:35

elderly member of my family where if more

26:37

than let's say five thousand

26:39

dollars Flows out of a

26:41

bank account I get a notification right

26:43

right now in order for that to happen

26:45

That person had to agree to that so

26:48

you can't just have it done

26:50

right if If

26:53

you could convince her that this is in

26:55

everyone's best interest for no other reason than

26:57

just to slow things down Maybe

27:01

it'll help. Yeah Our

27:04

heart goes out to you Deanna and this

27:06

is not an easy situation. No, this is

27:08

terrible Yeah, it is really heartbreaking our listeners

27:10

have anything to say that might help Deanna.

27:12

I would love to hear it Yeah,

27:15

if there's anybody out there who's had

27:17

success here in breaking that spell I'd

27:21

love to know what worked. Yeah,

27:23

because I suspect there are folks out

27:25

there who've been in this harrowing

27:27

situation so Thank

27:30

You Deanna for sending in your

27:32

note We do appreciate

27:34

you taking the time for that and like I

27:36

said, we're we we're sorry that you're in this

27:39

situation And we hope for you the best We

27:42

do indeed. All right, Joe. Well,

27:44

let's go from there and let's

27:46

take a moment and switch gears

27:49

And it's time for our catch of the day Barker

28:00

to the day comes from Kenneth who

28:02

just sent us a been email of.

28:06

Your. Dogs Dave I love dogs. We got.

28:09

We. Have Fred sitting right here in

28:11

Essence, Effects, etc. Dogs is in studio

28:13

today. Thread has come back for the

28:15

cyber security is season on his best

28:18

behavior. He has not started are going

28:20

through a D trash can, sort of

28:22

nosing anyone or anything like that. So

28:24

Fred there's been a very good boy

28:27

is he is in now You've said

28:29

his name is coming up Now I've

28:31

read. The ruin

28:33

of Fred success as ah Ok so when

28:35

we got him go. Sorry. Last,

28:37

if you like dogs is this is a puppy scam.

28:40

Oh. It's a it's

28:42

a letter from an esteemed cardiologist.

28:45

Died at says hello. My name

28:47

is Doctor Doris Linda I am

28:49

and cardiologist by priests. Since I

28:51

work for major hospitals, I came

28:54

across your email address to surfing

28:56

the internet affiliated with the Us

28:58

Chamber of Commerce. My late grandmother

29:00

was a puppy breeder see died

29:03

about four months ago and see

29:05

left of see mail English bulldogs

29:07

and a female yorkie before she

29:09

died. One of the female. Puppy

29:12

Recently had a litter three puppies. They

29:14

are so adorable but due to my

29:16

job as an cardiologist it does not

29:18

give me the proper time to take

29:20

good care of these babies. I would

29:22

have loved to take care them myself

29:24

but due to the nature of my

29:26

jobs are almost do not have time

29:29

for myself. So I am currently after

29:31

finding for them a caring and loving

29:33

parents who would take good care of

29:35

them and are willing to adopt. If

29:37

you are generally interested in having one

29:39

or more of them, please do feel.

29:41

Free to email me immediately

29:44

for more details and information.

29:46

Doctor Doris Linder. Sent.

29:49

From my Android device with canine mail

29:51

please excuse my brevity. funny that the

29:53

using too much and I mail client

29:55

which is. Of. On

29:58

Android mail client and there are as real

30:00

think that a lot of get guess I'm

30:02

afraid I don't like that's. kind of odd.

30:04

I thought it was just reinforcing the scam

30:06

like this: This person loves dogs so much

30:08

they're even using a good dog email program

30:10

for us in our the real amp. Okay.

30:14

Guys. This is on. This is obviously

30:16

just a scammer. Was just going say

30:18

send you pictures of of dogs when

30:20

they sat on the internet and then

30:22

demand money from you and riders sense

30:24

and the money into dogs ever going

30:26

to show up? There is no.as a

30:28

sort of oh that's right, right we're

30:30

going to try to get see on

30:32

the hook for who knows, spaying and

30:34

neutering, or. Silly. Powder or effort

30:36

or whatever something the dog needs Gas you

30:38

go if you go like get another dog

30:41

like Fred gender to puppy a golden little

30:43

puppy cause. Oh to Grant?

30:45

Yeah, We we adopted

30:47

Fred from. A rescue in

30:50

paid nearly that much And to

30:52

pay the it off cincy add. Add.

30:55

Two thousand and there's a lot of money and dogs to

30:57

death. In. Answer Same

30:59

it is. All. right?

31:01

Well thank you can it for sending that

31:03

and we do appreciate it and por sua

31:06

we would love to hear from you or

31:08

you can send us your sense of the

31:10

day to hacking humans as and a. Getting

31:26

your organisation before your users

31:28

even see them. The new

31:30

Ccr Plus from Know Before

31:32

was developed to help you

31:34

supercharge your organization's email security

31:36

defenses. How you get a

31:38

unique crowdsourcing advantage? More than

31:40

ten million highly trained Know

31:42

before end users from across

31:44

the globe catch and report

31:46

militias emails that makes it

31:48

through all the filters. Know

31:50

Before is that lab then

31:52

validate said with a I

31:54

and with human researchers. Fish

31:56

he are plus blocks, fishing threads,

31:59

other tools, Myth and proactively

32:01

remove them from your users in

32:03

boxes. Not quite time travel like

32:05

we think you'll agree, it's a

32:08

vital capability in any info says

32:10

professionals Arsenal. Visit. Know

32:13

before.com/products/since the are-plus

32:16

to learn more

32:18

that's Know before.

32:21

com/Products slashed S

32:23

E R. Us.

32:26

And we take know before for sponsoring are. Ah

32:41

Joe! I recently had the pleasure of

32:43

speaking with Bogged Down by desire to

32:46

who is the Director of Threat Research

32:48

said it defender and were talking about

32:50

a hot topic. this is audio deep

32:52

fake my is our conversation. Dubbed.

32:55

Short stories that we're investigating are

32:57

scams that the of propagate through

32:59

social networks. For instance, because we're

33:01

working on a solution that house

33:03

people detect such scams. I'm not

33:05

going to a while going through

33:08

too much detail about a product.

33:10

but one of the things that

33:12

makes it stand out these this

33:14

unique combination of technology and human

33:16

intervention. You know that to stay

33:18

on top of these rats we

33:20

need to a mob a manual.

33:23

They analyze that them look into.

33:25

What the outcome? Sober specific

33:27

scams arts so I'm know

33:29

what we're doing is. ah

33:31

jeez, these towns on the

33:33

social media dissecting them are

33:35

looking gastro wonder scammers are

33:37

using how they're going to

33:39

monetize or or or other

33:41

going to capitalize on his

33:43

victims and then we are

33:45

logged these into a fire

33:47

of course. The fun part

33:49

of the investigation is. Reporting

33:52

them to their social network that.

33:55

Drive this the advertising. But up

33:57

until now we're. Pretty.

34:00

Skeptical about the outcomes of

34:02

reporting it is can still

34:04

problem gate the still keep

34:06

going because probably cybercriminals serve

34:08

a bumpy huge amounts of

34:10

money to our and on

34:12

display to potential victims. Solar

34:14

This is briefly why we

34:16

know so much about the

34:18

skanks were not using my

34:20

exclusively automated technologies to have

34:22

identified as camps are we

34:24

have a the old people

34:26

looking into that and. Will.

34:29

A little let's dig into some of them

34:31

here. I mean, for our listeners, can you

34:33

describe what a typical. One. Of these

34:36

looks like to it would kind of celebrities or were

34:38

talking about and what are they trying to do here.

34:41

Okay are I'm going to go

34:43

with the high profile list of

34:45

celebrities. I'm not sure if have

34:47

too many. All of our listeners

34:49

know where Romania it's A it's

34:51

a small country in the European

34:53

Union on that has the capital

34:55

city in Bucharest and is mostly

34:57

known for the stories about Dracula

34:59

is granted olive Board of interest

35:01

Romania right arm Wells I have

35:03

a president and the National Bank

35:05

governor and a couple of high

35:07

profile celebrities that are always strive

35:09

to the news cycle and. The

35:11

summer coming on. decided to go

35:13

for all of these people, impersonate

35:16

them and put words into their

35:18

mouths. Ah so because they have

35:20

huge presence. On

35:22

television and on the internet

35:24

is very easy for cybercriminals

35:27

to sample out mom pcs

35:29

all video and audio with

35:31

them. With all of these

35:33

information he to a been

35:35

on the a I've algorithm

35:37

and ah have samples of

35:39

their voice. Train. Right

35:41

after this happens or they

35:43

will usually a regular footage.

35:46

And. Listings are specific

35:48

text. Are usually asthma

35:51

claiming that were these

35:53

people are endorsing giveaways

35:55

or rob investment opportunities

35:57

or what not to.

36:00

Gullible. People And when these

36:02

endorsements fake endorsements are they

36:04

will purchase ads on platforms,

36:06

target specific audiences and and

36:08

have everybody c a one

36:11

minute or the the old

36:13

How to get rich Quick

36:15

and of course a lot

36:17

of people. Are. Fall victim

36:19

to that's because these celebrities, ah,

36:21

have a very. These

36:24

calls are olympics I would say

36:26

in a into the nice and

36:28

when the president that was you

36:30

bad or the or get rich

36:32

quick scheme that ago other members

36:35

of the governments are are hiding

36:37

away from you You will tend

36:39

to believe that because it has

36:41

everything is has agreed that has

36:44

the conspiracy theory aid schools and

36:46

is being there raised in by

36:48

of whoa who first a new

36:50

flesh and bones behind the camera

36:52

or has. Some.

36:55

Of the ones that you all sent over

36:57

for us to look at, their there was

36:59

one here from Oprah. And

37:02

there was one from Jennifer Anniston, who

37:04

are certainly well known celebrities here in

37:06

the United States. It is interesting to

37:08

me that. They. Both. Really?

37:11

Follow the same pattern that

37:13

these are giveaway scams. Ah,

37:16

Oprah was giving away some kind

37:18

of a car seat and Jennifer

37:20

Anniston was giving away on a

37:22

Mac book Pro. Both

37:24

for ridiculously low amounts of. is

37:26

that sort of the pattern of

37:28

that? This is very common here,

37:30

where. It's some kind of deal with to the

37:32

to be true. This

37:34

is this. Goes even better than

37:37

that though. Y p Something for

37:39

bar goods when you can can

37:41

get them for free. Ago couple

37:43

more weeks ago there was the

37:45

a Stem campaign. Or

37:47

impersonating Mr. Be Mad that's

37:49

a youtube celebrity. ah that's

37:51

very know A well known

37:53

for a charity work ah

37:56

see. allegedly was giving away

37:58

three I phones. He seemed

38:00

to have people All you

38:02

had to do was a

38:04

for shipment and the device

38:06

when yours. So. I'm

38:08

and of the city you know

38:10

what why and why our that

38:12

these devices boys for supply ah

38:14

on the south of the supermarket

38:17

and stores. She. Has than thousand

38:19

units to get. All.

38:21

For free him if he be a

38:23

mess. Enough of that you know way

38:25

winning moonlight When people see that there

38:28

is goods of high value given away

38:30

for free, don't take the tax right?

38:32

Particularly they had a love of a

38:35

debit card a prepaid card that

38:37

does a series. two months of had

38:39

the was. so even if you fall

38:41

victim to that's yeah a not going

38:44

to miss out to watch money.

38:46

but thing is that when you

38:48

getting out this information the stem goes

38:50

further on. This people

38:52

are are collecting credit

38:54

card information. So.

38:57

They can wire money to your

38:59

account and then use the credit

39:01

card data to do online shopping

39:04

and they're usually a no purchase.

39:06

Ah, digital currencies like or

39:09

bitcoin for a Syrian. To

39:11

launder money coming from different other

39:13

victims. So even if you're not

39:16

losing anything because you have, you

39:18

have no money into that account,

39:20

You're still helping people out launder

39:22

money coming out. some cybercrime so

39:24

nothing gets wasted in this industry.

39:28

It's. A really interesting insight into some

39:30

of the psychology behind this he noted

39:32

suit. It's like. Some. Of

39:34

the people who. I

39:37

don't remember. I'm I'm I'm sorry. Want to say the word,

39:39

Fall for it? because it sounds like. For. Some

39:41

people it's like playing the lottery. You know

39:43

where? they as probably part of their mind

39:45

that knows this is a scam. But.

39:48

For five dollars or for ten

39:50

dollars or for free. What? Have

39:52

I got to lose? straighten and I may come

39:54

away with a Macbook? Pro? Yeah,

39:57

yeah of among that there's this.

40:00

Man, now this example I keep

40:02

bringing up to the point though

40:04

where I'm repeating myself way to

40:06

offer on there's a law well

40:09

known com make a great in

40:11

by Xkcd eat of I'm I'm

40:13

sure that you're familiar with were

40:15

a city that ah is called

40:18

the Ten Thousand Damone alone. Least

40:20

com A to is that. Every

40:23

single day. There's.

40:26

Ten thousand people discovering what happens

40:28

when you mix coke with mental.

40:31

These. Discoveries for the first time. They

40:34

had no idea what happened and they

40:36

learn what happened the same day. This

40:38

goes. Absolutly perfect with

40:40

cyber friends every single day. There's

40:43

by analogy, ten thousand people for

40:45

being defrauded for the first time.

40:47

They have no idea cybercrime existed.

40:49

They were like, you know, virgin.

40:52

And at this point they.

40:55

Encountered the scammer for the first time

40:57

and they're falling victim for that because

40:59

they don't have the education and they

41:01

don't have the experience to stay away

41:03

from that. So yeah, they only learned

41:05

that cybercrime me this the hard way.

41:09

It's. Interesting to me also that you

41:11

mentioned in the you and your colleagues

41:13

do report this to the social media

41:15

platforms but. I. Mean, I suppose

41:18

you could say it's against their interest

41:20

to try to set these things down

41:22

because of. What? They're being paid

41:24

for. They are they're They're being paid to put these

41:26

in front of people. I. Was not allowed

41:28

to say that out loud but the i think

41:30

you for him and bordering on of people are

41:32

going to and i doesn't agree with mates. S.

41:37

Now I'm sure that is it's

41:39

not married exclusively. It's not just

41:41

above. Move will lead that run

41:43

over that the and Iran anttila

41:45

his budget get a depleted I'm

41:47

sure that are are. There are

41:49

some technical challenges are like the

41:52

you know video is very difficult

41:54

to inspect automatically I'm I'm not

41:56

going into detail that. You

41:58

know of sites like Youtube? Fingerprint

42:00

for instance, server video for

42:02

a copyrighted music and they

42:04

can I do that for.

42:08

This damn straight line person has

42:10

been a sudden right before bizarre,

42:12

I'm probably durga under seal a

42:15

volume off as the networks Ron

42:17

would not allow them to manually

42:19

police each and every video. As

42:22

that, they deliver. But they could

42:24

do better than they could, for

42:27

instance, automate, ah, both, or. Prioritize

42:30

in an automated ways. Ah adds

42:32

that get a huge number of

42:34

reports because the is not just

42:36

us for reporting these ads. it's

42:39

a lot of people who are

42:41

that sounds in south, stumbled across

42:43

them for the board them and

42:46

then nothing happens. The.

42:48

I have to say it's it's very frustrating

42:50

for me is. In. A someone who

42:52

does take the time to report these things.

42:55

Over. And over again and they

42:57

just keep popping up like are implying

42:59

that. It's it's it's maddening. Ever

43:03

mean as the as stays on

43:05

line is makes. A lot of

43:07

big them. Now. And know

43:09

another are a lot of victims because

43:11

I'm no forums and reddit threads are

43:14

a fool of people who gave their

43:16

account about how they got scammed and

43:18

a glove Help people that they have

43:21

learned a lesson the hard way. In

43:24

the business it's This is fun

43:26

because when when you're going through

43:29

these people are you realize that

43:31

there's not one single outcome that

43:33

hackers stick to. The have different

43:36

scenarios takes place people. there's ah,

43:38

Scenarios where they just one

43:40

that credit card number for

43:42

credit card fraud. they just

43:44

want more information for. A

43:48

Id theft or they might

43:50

want to enough swarm or

43:52

information for instance, to tweak.

43:56

the scam from a financial the ones

43:58

who are on a scam and to

44:00

a bigger financial one. There

44:03

are multiple outcomes. A couple of

44:05

weeks ago, we learned that some cyber

44:07

criminals would initiate a scam,

44:09

pay out a

44:12

low value return of investments to

44:14

the victim, and then

44:16

entice them to invest more and more and more

44:19

and more. By the time they have invested

44:21

a lot of money, they will

44:23

be like, you know what, you have

44:26

like $50,000 gathered in

44:28

your account. We need

44:31

you to withdraw

44:33

it. And we will happily assist you

44:35

wire the money into your account. You

44:41

don't have anything to do other than

44:43

plugging your phone into the

44:46

computer, install these two utilities,

44:48

and close your monitor off. Give

44:51

us 10, 15 minutes, and

44:53

then you'll have the money loaded into

44:55

your account. It sounds

44:57

stupid, but there's a lot of

45:00

people who heed that, and

45:02

they will connect the device. They will

45:04

install a piece of software

45:07

that automatically links the

45:10

phone to the computer via the

45:12

Android bridge, for instance. And

45:14

the second application would be a remote access tool.

45:17

So cyber criminals now have access to the

45:20

computer browser, and they have

45:22

access to the device that receives the

45:24

second authentication factor in the form of

45:26

SMS, for instance. And

45:29

all of a sudden, money will

45:31

start leaving the accounts rather than

45:33

arriving into the account because cyber

45:36

criminals will keep transferring all the

45:38

funds that the person

45:40

has in the banking account. That's

45:42

why a lot of European banks,

45:44

for instance, have become so paranoid

45:46

that they will lock down accounts

45:48

and temporarily freeze codes whenever

45:51

they identify a remote

45:55

desktop solution running along the

45:58

browser that opens up. end

46:00

up on your banking session. Interesting.

46:03

So what are your recommendations here?

46:05

I mean, for those of us who are

46:07

sharing this kind of thing with our

46:09

friends and family, I mean, what kind

46:11

of information should we share? First

46:14

of all, I would say

46:16

that education is a big

46:19

part of helping people navigate

46:21

through this new reality. If

46:24

there's one thing that we realized

46:26

in the event

46:28

of chat GPT, for instance, because we

46:31

keep referencing chat GPT as

46:33

the first formal AI

46:35

that the regular people could interact with.

46:38

You just chat with a bot, it

46:40

behaves like a human, it gives you

46:42

a solution. It isn't

46:44

empathetic, it is compassionate. It helps

46:46

you out. Right. That's

46:49

when people understood that AI

46:52

can have a huge, huge

46:55

power. The

46:58

event of this formal generative

47:00

AI is now

47:03

fueling cybercrime. It's fueling it

47:05

to saturate that we start

47:07

doubting whenever

47:10

we see something, whether it is

47:12

real or not, we start asking

47:14

ourselves questions. What

47:17

I'm seeing now, is it real or

47:19

is it special effects generated by the

47:21

AI? For

47:23

most people, it is very difficult

47:26

to answer that question correctly. There

47:28

will be a lot of people who are mistaking

47:32

AI generated content with reality.

47:36

For a very few pool of people, these

47:39

differences will be visible just because

47:41

it's advertising something too good to

47:44

be true. Back to

47:46

the original question, I would say that

47:48

education plays a key role because

47:52

there's no Greater

47:54

tools than common sense. When You see something

47:56

given away for free, that costs thousands of

47:59

dollars. You. Should ask

48:01

yourself why and my receiving

48:03

that and what makes it.

48:06

Possible. For people to blow

48:08

unlock this economical glitch that

48:11

brings infinite well when limited

48:13

resources. Is you're aware

48:15

of the sand? that nobody

48:17

gives anything for free. Just.

48:19

Out of the goodness of

48:22

their heart to strangers on

48:24

the internet you'll already the

48:26

already ah, have these systems

48:28

activated ah Secondly I would

48:30

say. L,

48:32

We should start looking easy to

48:34

our technologies that offer ah a

48:37

deeper level of protection than what

48:39

we're seeing Longstreet at this point

48:41

it's it's a little bit difficult

48:43

for technology to correctly identify a

48:46

I generated content that goes into

48:48

of. The real substance

48:50

blood on are these a I

48:52

generated content the is just the

48:54

top layer over more elaborate and

48:56

scam be you probably saw that

48:58

sir incident a couple of. Weeks

49:02

ago. In. Wage Singapore

49:04

Ah Employee. Or

49:07

was instructed to wire twenty

49:10

four million dollars to on

49:12

external. Bank account rain

49:14

and builder of of the

49:16

order came from the Ceo

49:18

himself. And. The

49:21

employee was like ah, i'm not sure

49:23

about that. You know I'll have to

49:25

validate with you were arguing the office

49:28

no I'm not in the office Ima,

49:30

I'm working remotely but can we urge

49:32

on quickly into a call? I'm going

49:34

to booting colleague X Why's that Combine

49:36

us and we're going to sit together.

49:39

Ah, they can make a decision and

49:41

then you will help. Ah squired the

49:43

my. And see indeed,

49:45

jump on on a zoom fall

49:47

or with the Ceo and three

49:50

other colleagues. They reached

49:52

an agreement. The employees are wired

49:54

the money just to learn out

49:57

that he was. The.

49:59

Only here. One in the car,

50:01

the other one day of the

50:03

the that recall a swerve or

50:05

a I bought and the seal

50:08

was a fraudster. So yeah these

50:10

camps are so elaborated that they

50:12

don't only rely on ago ads

50:14

are showing off or know people

50:17

streets. Of elaborated

50:19

stems usually start with a

50:21

background check on the victim

50:23

mode and the usual parts

50:25

of the keeled straight. ah

50:27

learning out there are phone

50:29

number their whereabouts. Their blood least

50:31

on colleagues they released of friends.

50:34

Fortunately, social media makes it so

50:36

easy for the other cybercriminals to

50:38

mount a lot of information bc

50:41

together and then generate does that

50:43

the perfect scam and Via A

50:45

is just the icing on the

50:48

kid is the final layer of

50:50

technology doesn't basically seals and you.

51:00

Go what you think, Damn. I really like

51:03

that admits offenders are examining the stamps to

51:05

the point where they're wondering what the endgame

51:07

is. No, don't they want to really understand

51:09

the anatomy of the scam, right? is great.

51:12

Courses always money is the end game but

51:14

he has been. They really want to know how

51:17

the scammers or didn't the victims there now and

51:19

they want to see with the damages. Are

51:22

it's interesting. That. Things

51:25

I thought was really telling in

51:27

this article was the body doesn't

51:29

think that reporting these scams to

51:31

social media comes to social media

51:33

companies. hops. It. He

51:36

said it, I don't think it helps and my first

51:38

thought was. I

51:40

want a lot of yeah again, social media

51:42

is making money from these scams as well.

51:45

I mean, they're right there, just the front

51:47

end of the parcel of the stamps. They

51:49

they like to pretend that they're not. Taking.

51:52

Part of this is and. In. But.

51:54

Then says he doesn't want to say that

51:56

they are. Also the artist

51:58

and or another. money off of

52:01

this, Dave. And that's why they're not involved

52:03

in it. If nothing else, it just drives

52:05

engagement. Right. Right. Yeah. Which is,

52:07

which is almost like their currency. Yeah. So

52:11

they sell the ads, they collect the cash. Um,

52:14

and I just remain more

52:16

and more unconvinced that, that they're doing anything

52:18

about it. Yeah. I don't think this might

52:21

be part of their business model. I'm with

52:23

you. It's aggravating. It is. Uh, there

52:25

are person in Romanian political figures in

52:28

Romania. Vladimir Steppes would

52:31

not have tolerated that. Um,

52:34

but they're also doing Oprah and

52:36

Jennifer Aniston. And I actually looked up the video,

52:39

found the video of Jennifer Aniston. Um,

52:42

it sounds very much like Jennifer

52:44

Aniston. Yeah. It doesn't look like

52:47

it's exactly right, but it,

52:49

it does sound almost exactly, I

52:51

can't tell that it's not Jennifer Aniston. Um,

52:56

Mr. Beast is also a great target for

52:58

these scammers. Um, I have an

53:00

appreciation slash hate relationship with Mr. Beast. I

53:03

don't watch his videos generally. Yeah. I find

53:05

his, I find his presence on my YouTube

53:07

feed annoying. Okay. Uh, but my son is

53:10

a big advocate and says he does a

53:12

lot of philanthropy work and does give away

53:14

a lot of stuff. Yes. I have heard

53:16

that. But so I'm going

53:19

to, I'm going to put my personal disdain

53:21

for him aside and say, um,

53:24

it's terrible that he's such a great target for

53:26

this because he has a reputation of being such

53:28

a nice guy and of

53:30

giving stuff away. These scammers can take

53:32

advantage of that and impersonate him. Yeah.

53:34

And it's a great tool. I

53:36

mean, I say great. I mean, I imagine that

53:39

it's highly effective. Right. It's probably one of the

53:41

more effective ones that they have because

53:43

he does this kind of stuff all the time. All

53:46

of this is possible because there is tons

53:48

of training data out there for these people.

53:50

Yeah. There's tons of training data out there

53:52

for me and you too, Dave. Yes. So

53:55

I'm still waiting for someone to send in

53:57

an audio deep fake of me saying something.

54:01

So they gather up some of the training

54:03

data. They make the fake endorsement video with

54:05

the audio and then they buy ads on

54:07

the social media platform and they

54:10

push it out and people people get

54:12

hooked. Yeah. I there was

54:14

one thing you talked about with in

54:16

this thing where they will when they're talking about

54:18

get rich quick schemes, they will

54:21

they will invoke the conspiracy theory kind

54:24

of thing. I'm fascinated by conspiracy theories.

54:27

Yeah. I

54:30

don't think most people who are part of the Flat

54:32

Earth movement believe that the Earth is actually flat. Okay.

54:36

But I think that

54:39

I think there's an attractiveness to it. You know, we're looking

54:41

at a little bit of post law here, which means that

54:43

someone's online. You

54:45

can't tell if they're being serious or

54:48

not. Okay. And they talk about

54:50

something. But there are other conspiracy theories out

54:52

there like Kennedy assassination, right? You think about

54:54

that one. Sure. That

54:57

was actually technically a conspiracy, right? They were

54:59

more than one or maybe it was just

55:01

Lee Harvey Oswald. Where are we going

55:03

here, Joe? Right. Well, my point

55:05

is these things are attractive, right? Right.

55:08

They're attractive to believe in. They

55:10

they will hook somebody who's already kind

55:13

of vulnerable to believe in

55:15

the system that the systems rigged against them. And that's why

55:17

they haven't gotten rich. And now they're finally going to get

55:19

the secret. Right. Yeah. Like

55:22

I got an email one time that says, hey, we'd like you to join the Illuminati.

55:25

Yeah. And I was like, there

55:27

is a small I was like, yeah, right. But there's a small

55:29

voice inside in the back of my head that goes, you

55:32

can be so powerful. I

55:35

was like, you sit down. I don't want to hear from

55:37

you again. Well, but

55:39

it's also like we've talked about. There could

55:42

be a certain level of pre filtering. Yeah,

55:44

absolutely. Right. That's an excellent point. And

55:47

kind of what I'm dancing around here is that

55:49

you get the conspiracy theory guy and he's like,

55:51

oh, OK, now what do I got to do?

55:54

I know this isn't going to be free because

55:56

nobody gives away anything for free. And

55:58

they get the money. Hmm. Yeah.

56:01

There was one interesting angle that came

56:04

up in this story in this interview.

56:06

Rather. It's when Bogdan is talking about

56:08

the, uh, you know, you,

56:10

you, you play the lottery to

56:12

get the, the late crusade pot or something, or

56:14

the iPhone or the laptop, and you pay like

56:17

five bucks for the credit card. And

56:19

if they can get your, your credit card

56:21

information and your banking details, now

56:23

they can load money into your bank account and

56:25

spend it on your credit card. And

56:28

you may not be aware that

56:31

they're doing that because when

56:33

you log into your bank account, what do you look at?

56:36

The balance, right? You don't look at the

56:38

transactions right away. Maybe if you go through the fine

56:41

tooth comb, right? Right. Maybe once a month, you look

56:43

at that and you see what, Hey, something's going on

56:45

here. But if you're just logging in, you might not

56:47

see that for a while. And

56:50

with electronic statements, it's

56:52

not like the UPS guy is going to

56:54

show up with your transaction records, you know,

56:57

the truck is full of them. Yeah.

57:01

The UPS guy won't show up. Somebody from

57:03

the department of treasury will, because your money

57:05

laundering is what's going on. You're laundering money.

57:07

Right. And that's what these guys are doing.

57:09

They're, they're going out and spending it on

57:11

cryptocurrency. And now they've got their cryptocurrency and

57:14

they haven't had to risk anything. And

57:16

the only thing they've done is put you at

57:18

risk. Yeah. It's, it's the perfect crime, Dave. He

57:23

tells a story about people connecting their phone to

57:25

their PC with an app on it that gives

57:27

the user control of the PC. That's terrifying to

57:30

me. You know, cause this is all a mystery

57:32

to a lot of people. Just

57:34

install this app and then hook it to your computer

57:36

and I'll take it from here. Yeah. Turn your monitor off.

57:38

So you're not watching what's going on. I'm here to help.

57:40

Right. Also,

57:43

I think it's encouraging though, that banks are

57:45

now recognizing when someone is coming through over

57:47

a remote, remote desktop system, some kind of

57:49

RDP and they're shutting down the connections.

57:52

Just great. Yeah. That's fantastic. One

57:55

of the key points here is that the AI

57:57

generated media is just the new, he called it

57:59

the. top layer in very old scams.

58:01

We're still looking at scams that have been

58:03

around for years and years and years before

58:05

the internet was a big thing. Even

58:08

longer than that. They were just now we're

58:10

putting that veneer of AI on top

58:12

of it. So

58:14

what do you do to protect yourself? Of course you educate yourself.

58:17

Uh, educate those around you. Tell everybody you

58:19

can about what the scams look like. Um,

58:22

remember that something is too good to be true.

58:24

That should be a big red flag. Yeah, absolutely.

58:28

All right. Well, our thanks to Bogdan

58:30

Bhattazatu for joining us again. Uh, he

58:32

is the director of threat research at

58:34

Bitdefender and we do appreciate him taking

58:37

the time. We

58:46

want to thank all of you for

58:48

listening. And of course we want to

58:50

thank our sponsors at Know Before. They

58:52

are experts in helping users do the

58:54

right thing through new school security awareness

58:56

training. And

59:03

that's hacking humans brought to you

59:05

by N2K CyberWire. Our thanks to

59:07

the Johns Hopkins University Information Security

59:09

Institute for their participation. You can

59:12

learn more at ISI.jhu.edu. We'd

59:16

love to know what you think of this

59:18

podcast. Your feedback ensures we deliver the insights

59:20

that keep you a step ahead in the

59:22

rapidly changing world of cybersecurity. If

59:24

you like the show, please share a rating and

59:26

review in your podcast app. Please also

59:29

fill out the survey in the show

59:31

notes or send an email to hackinghumans

59:33

at n2k.com. We're

59:35

privileged that N2K CyberWire is part of

59:37

the daily routine of the most influential

59:39

leaders and operators in the public and

59:41

private sector from the 4K 500

59:43

to many of the world's

59:45

preeminent intelligence and law enforcement agencies.

59:48

N2K makes it easy for companies

59:50

to optimize your biggest investment, your

59:52

people. We make you smarter about

59:54

your team while making your teams

59:56

smarter. Learn how at n2k.com. This

1:00:00

episode is produced by Liz Stokes.

1:00:02

Our executive producer is Jennifer Iben.

1:00:04

We're mixed by Elliot Peltzman and

1:00:06

Trey Hester. Our executive editor is

1:00:09

Brandon Carr. Peter Kilby is our

1:00:11

publisher. I'm Dave Fittner. And I'm

1:00:13

Joe Kerrigan. Thanks for listening.