Hacking Humans

On this episode, the CyberWire's UK Correspondent Carole Theriault talks with Iain Thomson from the Register about why he has no IoT in his house and what advice he offers for those who do. Joe's story features ten social engineering techniques. Dave has a story starts with an order by the FTC against Epic Games for tricking users to make in-game purchases in Fortnite using dark patterns. Our Catch of the Day comes from listener Lauren sharing a phishing attempt at her company where the scammers obviously did their homework on who to contact in the organization.Links to stories: Ten Social Engineering Techniques Used By Hackers FTC Finalizes Order Requiring Fortnite maker Epic Games to Pay $245 Million for Tricking Users into Making Unwanted Charges What are deceptive patterns? Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter

A technique used to create virtual networks within a shared physical network infrastructure.CyberWire Glossary link: https://thecyberwire.com/glossary/network-slicingAudio reference link: Whitehead, D.N., 2021. 5G Smart Networks Part 1: Network Slicing [Video]. YouTube. URL www.youtube.com/watch?v=dCt3rYODZ7g.

Eric Olden, Chief Executive at Strata, sits down with Dave to discuss the changing face of identity; where we’ve been, where are going, and the bumps along the way. Dave and Joe share some listener follow-up from Michael, who writes in about advertisements on YouTube and other social networks claiming magical results. Dave's story follows a new tool released by the National Center for Missing and Exploited Children (NCMEC) to help with slow and stop the spread of sextortion of minors. Joe's story is on a LinkedIn post by Gary Warner regarding why we have so much fraud. Our catch of the day is from listener Shon, who writes in about an email they received about “Meta Resources Recruiter” informing them of an open “CISO Lead role.”Links to stories: Teens can proactively block their nude images from Instagram, OnlyFans Why do we have so much fraud? Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter

The process of verifying that a device is known, secure, and uncompromised before allowing it to connect to a network or access resources.CyberWire Glossary link: https://thecyberwire.com/glossary/device-trustAudio reference link: “Favorite Scene of Alan Rickman from Die Hard.” YouTube, YouTube, 14 Jan. 2016, https://www.youtube.com/watch?v=mklnXM3LIXo. 

Mallory Sofastaii from Baltimore's WMAR 2 News sits down with Joe to talk about some recent stories on scams she's covered on Matter for Mallory. Dave and Joe share some listener follow up from Robert who writes in about the technical means to protect phones from robocalls. He shares some insight on how carriers up in the north are able to protect phones. Dave shares a twitter thread from Brian Jay Jones, who is an author of biographies of Jim Henson, George Lucas and Dr. Seuss, who shares how he would have almost had his Twitter account hijacked if it weren't for 2-step verification. Joe's story is on a gentleman pleading guilty in PAC scams, raising almost 3.5 million by making false and misleading representations in the 2016 election. This week we have a string of catch of the days from different listeners sharing different SMS scams.Links to stories: Associate of scam PAC operator pleads guilty Twitter thread of Brian Jay Jones Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter

A technology set design to support the cybersecurity first principle strategy of zero trust, that limits device people and software component access to only designated authorized resources and nothing more.CyberWire Glossary link: https://thecyberwire.com/glossary/zero-trust-network-accessAudio reference link: “Zero Trust Explained by John Kindervag.” YouTube, YouTube, 2 Oct. 2022, https://www.youtube.com/watch?v=-LZe4Vn-eEo. 

Dan Golden and Renee Dudley, reporters at ProPublica and authors of "The Ransomware Hunting Team: A Band of Misfits' Improbable Crusade to Save the World from Cybercrime," discuss their book. Dave and Joe share some follow up form listener Ignacio who writes in to share thoughts on Joe's preference to using open source options for password managers. Joe's story this week follows Coinbase, who recently had a cybersecurity breach but their cyber controls prevented the attacker from gaining direct system access and prevented any loss of funds or compromise of customer information. Dave's story is on people trying to gain cryptocurrency back after it was hacked and stolen from them, only to wait and receive nothing in the long run. Our catch of the day comes from listener Josh, who writes in about an email he received that stated that his wallet would be suspended if he did not download a verification link.Links to stories: Who You Gonna Call? The Ransomware Hunting Team. Social Engineering - A Coinbase Case Study These Companies Say They Can Recover Stolen Crypto. That Rarely Happens. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A data privacy legal framework that applies to all countries in the European Union, regulating the transmission, storage, and use of personal data associated with residents of the EU. CyberWire Glossary link: https://thecyberwire.com/glossary/general-data-protection-regulationAudio reference link: “Mr. Robot Predicts JPM Coin!” YouTube, YouTube, 14 Feb. 2019, https://www.youtube.com/watch?v=1ee-cHbCI0s. 

Corie Colliton Wagner from Security.org joins to discuss the company’s research of password manager tools and their benefits, identity theft, and the market outlook for PW managers. Dave and Joe share quite a bit of follow up from listeners Mitch, Neville, and Richard. Mitch writes in to share about gift card scams, and Neville and Richard both share their thoughts on the pros and cons of having a cloud-based password manager. Dave's story is about employees around the globe and their internet habits inside the workplace. Joe's story follows a new release of data from the FTC on romance scams, including the top lies being told by scammers. Our catch of the day comes from listener Gordy, who writes in about an email he received regarding a new position scammers are trying to fill in an open job.Links to stories: Are Your Employees Thinking Critically About Their Online Behaviors? New FTC Data Reveals Top Lies Told by Romance Scammers Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A conversational language model developed by the company OpenAI. CyberWire Glossary link: https://thecyberwire.com/glossary/chatgptAudio reference link: jeongphill. “Movie - Her, First Meet OS1 (Operation System One, Os One, OS1).” YouTube, YouTube, 29 June 2014, https://www.youtube.com/watch?v=GV01B5kVsC0.