Hacking Humans

Rohit Dhamankar from Fortra’s Alert Logic joins Dave to discuss the decline in ransomware attacks and lessons learned from the front lines. Dave and Joe share some listener follow up from Keith regarding Dave's story from last episode and how he recognizes the scams being mentioned and offers his opinions on the matter. Joe shares two stories this week, one about his ironclad gift he gave to his wife, with his second story following the buzz surrounding OpenAI, creators of ChatGPT, their new interface for their Large Language Model (LLM) and how it works. Dave's story also follows ChatGPT in a different direction. His story is on the latest popular app and its rise to fame in the app store, now charging users almost 8 dollars to use the AI technology. Our catch of the day comes from listener and friend of the show Joel who writes in about how he was contacted at his place of business by a "DEA agent" who claims Joel was committing malpractice, and if he wanted these charges to go away he would need to pay $2500.Links to stories: OPWNAI: AI THAT CAN SAVE THE DAY OR HACK IT AWAY Sketchy ChatGPT App Soars Up App Store Charts, Charges $7.99 Weekly Subscription [Update: Removed] Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Malware that disables a system in exchange for a ransom, usually by encrypting the system's data until the user pays for the decryption key.CyberWire Glossary link: https://thecyberwire.com/glossary/ransomwareAudio reference link: https://watch.amazon.com/detail?gti=amzn1.dv.gti.d6a9f744-47b0-ac70-aa56-b31fd0f58482&territory=US&ref_=share_ios_season&r=web

Chip Gibbons, CISO at Thrive, sits down with Dave to talk about how to defend against social engineering attacks in banking. Dave starts us off this week with a story about Amazon opening up its selling market to Pakistani residents, and what consequences that led to for the organization’s business. Joe's story follows a scam targeting soldiers in the Army. The Army warns against unknown individuals purporting to be noncommissioned officers that are calling said soldiers and asking them for money to fix a "pay problem" and, if questioned, threatening them with a punishment. Our catch of the day comes from listener Manie who writes in about a scam found when trying to download a HDRI (High Dynamic Range Image). The scam involves a fake ad asking for people’s cell phone numbers as soon as they click on a button that reads "download here". Manie shares how after she clicked the ad, she realized the mistake and immediately researched more before proceeding further.Links to stories: Amazon finally authorized Pakistani sellers. A wave of scammers followed Army Warns of Scam Targeting New Soldiers Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The name of a wireless access point.CyberWire Glossary link.Audio reference link: SSID Management - CompTIA Security+ SY0-401: 1.5, Professor Messer, uploaded August 3rd, 2014.

Guest Eric Levine, Co-founder and CEO at Berbix, joins Dave to discuss identity fraud. Dave and Joe share comments from listener Chris on a series of SMS messages he got from "Wells Fargo." Joe's story previews what is coming for social engineering attacks in 2023 and how to prepare to improve your safety online, while Dave's story is about sextortion scammers in rural India and how they are blackmailing victims. Our catch of the day comes from listener George who's been receiving a lot of scam messages via WhatsApp and how he played along with one of them.Links to stories: Social Engineering Attacks: Preparing for What’s Coming in 2023 The sextortion scammers of rural India Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A U.S. Government specification for data encryption using an asymmetric key algorithm.CyberWire Glossary link: https://thecyberwire.com/glossary/advanced-encryption-standardAudio reference link: papadoc73. “Claude Debussy: Clair De Lune.” YouTube, YouTube, 6 Oct. 2008. 

Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn and join us for some fantastic scams and frauds.On this episode, Dave and Rick are joined by guest contributor Amanda Fennell. You can find Amanda on Twitter at @Chi_from_afar.Links to this episode's clips if you'd like to watch along: Dave's clip from the movie Zombieland Rick's clip from the movie Traveller Amanda's clip from the movie The Girl with the Dragon Tattoo

Merry Christmas and Happy Holidays from the CyberWire and our friends! Enjoy our rendition of the 12 Days of Malware created by Dave Bittner and performed by Dave and friends: Rachel Tobac, Jayson Street, Ron Eddings & Chris Cochran, Ray [Redacted], Dinah Davis, Camille Stewart, Rick Howard, Michelle Dennedy, Jack Rhysider, Johannes Ullrich, and Charity Wright. Ba dum bum bum. Sing along if you are game! Check out our video for the full effect!The 12 Days of Malware lyricsOn the first day of Christmas, my malware gave to me:A keylogger logging my keys.On the second day of Christmas, my malware gave to me:2 Trojan Apps...And a keylogger logging my keys.On the third day of Christmas, my malware gave to me:3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the fourth day of Christmas, my malware gave to me:4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the fifth day of Christmas, my malware gave to me:5 Zero Days!4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the sixth day of Christmas, my malware gave to me:6 Passwords spraying...5 Zero Days!4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the seventh day of Christmas, my malware gave to me:7 Scripts a scraping...6 Passwords spraying...5 Zero Days!4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the eighth day of Christmas, my malware gave to me:8 Worms a wiping...7 Scripts a scraping...6 Passwords spraying...5 Zero Days!4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the ninth day of Christmas, my malware gave to me:9 Rootkits rooting...8 Worms a wiping...7 Scripts a scraping...6 Passwords spraying...5 Zero Days!4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the tenth day of Christmas, my malware gave to me:10 Darknet markets...9 Rootkits rooting...8 Worms a wiping...7 Scripts a scraping...6 Passwords spraying...5 Zero Days! (Bah-dum-dum-dum!)4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the eleventh day of Christmas, my malware gave to me:11 Phishers phishing...10 Darknet markets...9 Rootkits rooting...8 Worms a wiping...7 Scripts a scraping...6 Passwords spraying...5 Zero Days! (Bah-dum-dum-dum!)4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the twelfth day of Christmas, my malware gave to me:12 Hackers hacking...11 Phishers phishing...10 Darknet markets...9 Rootkits rooting...8 Worms a wiping...7 Scripts a scraping...6 Passwords spraying...5 Zero Days!4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys.

This week, Carole Theriault sits down to interview Dr. Jessica Barker from Cygenta to discuss the latest Instagram scams and how to avoid them. Dave and Joe share some follow-up on Apple, why they are being sued, and how you can protect yourself, as well as a new USPS scam affecting Connecticut. Dave's story follows a message board on smartphones being stolen and what happens after the thieves obtain the stolen phone. Joe's story is on a complex scam where the scammers choose ambitious individuals to turn into the scammers. Our catch of the day comes from listener Jay, who writes in, sharing a LinkedIn post from Dave Harland about him messing with a scammer trying to bamboozle him.Links to stories: USPS text scam hits Connecticut residents What happens to your smartphone when it gets stolen? Dreamers say father and son lured them to scam artist LinkedIn scammer thread Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A set of tools designed to safeguard data while in use in motion and at rest. CyberWire Glossary link: https://thecyberwire.com/glossary/data-loss-preventionAudio reference link: HistoryHeard. “Data Loss Prevention - CompTIA Security+ SY0-501 - 2.1,” Professor Messer, uploaded 20 November 2017