Hacking Humans

Digital evidence that a system or network has been breached.CyberWire Glossary link: https://thecyberwire.com/glossary/indicator-of-compromiseAudio reference link: ‌”Suicide or Murder? | The Blind Banker | Sherlock,” uploaded by Sherlock, 18 October 2015

Martin Rehak CEO & Founder from Resistant AI sits down with Dave to discuss how organizations should be worried about shallow fakes vs. deep fakes. Listener Joe writes in with some follow up on Joe's statement about not using legacy OSes, and how it is unfortunately not an option for many. Both Joe and Dave share two stories this week. Dave's first story follows how the Maryland Attorney General, Brian Frosh, is warning residents about purchasing flood-damaged cars. Dave's second story is about how a Japanese woman was fooled by an astronaut imposter who wooed her into buying a "return ticket to earth." Joe's first story is about a potential scam brewing in Springfield, as people are collecting money on the side of the street for a teenagers funeral, police are warning residents stating they have heard of this scam in neighboring cities. Joe's second story follows a new horrifying scam after a woman fell victim to a phone scam where the scammer claimed to have the victims daughter and they would kill her if she did not do what they asked. Our catch of the day comes from listener Richard who writes in sharing his experience with an email that may or may not be a phish.Links to stories: Consumer Alert: Attorney General Frosh Warns Consumers about Purchasing Flood-Damaged Cars An Imposter Claiming to Be an Astronaut Wooed a Japanese Woman Into Paying for a 'Return Ticket to Earth' Springfield police warns drivers of “potential” funeral scam Greenfield Police warns about "terrifying" kidnapping scam Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A system that monitors for malicious or unwanted activity, and either raises alerts when such activity is detected or blocks the traffic from passing to the target.CyberWire Glossary link: https://thecyberwire.com/glossary/intrusion-detection-systemAudio reference link: “Network Intrusion Detection and Prevention - CompTIA Security+ SY0-501 - 2.1,” Professor Messer, uploaded 16 November, 2017

Thanks for joining us again for another episode of fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch each of the selected scenes, describe the on-screen action for you, and then they deconstruct what they saw. Grab your bowl of popcorn and join us for some fantastic scams and frauds.Links to this episode's clips if you'd like to watch along: Rick's clip from Hustle: S1 Ep1 The Con is On Dave's clip from Cheers: S6 Harry the Hat

Larry Cashdollar from Akamai sits down with Dave to discuss their research, "The Kit That Wants It All: Scam Mimics PayPal’s Known Security Measures." Joe shares an incredible story regarding impersonation and man sharing his first hand experience with impostors impersonating him to get a job, luckily a good samaritan shared this information before the damage could be done. Dave's story follows raids happening in Cambodia with connection to alleged cyberscam compounds. We have two catches of the day this week, one is from listener Eric who sends in a romance scam email asking for love from one desperate scammer. The next one comes from Uberfacts on Twitter and is an instagram DM from someone pretending to be Queen Elizabeth II.Links to stories: Someone is pretending to be me. Authorities Raid Alleged Cyberscam Compounds in Cambodia Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Hackers bypass, multifactor authentication schemes by sending a blizzard of spamming login attempts until the accounts owner accepts the MFA prompt out of desperation to make the spamming stop. CyberWire Glossary link: https://thecyberwire.com/glossary/mfa-prompt-bombingAudio reference link: movieclips. “Sneakers (2/9) Movie Clip - Defeating the Keypad (1992) HD.” YouTube, YouTube, 29 May 2011, https://www.youtube.com/watch?v=oG5vsPJ5Tos. 

Pete Ford from QuSecure sits down with Dave to discuss what exactly cyber quantum computing is, what it means for the country, and how other countries are using quantum. Dave and Joe share follow up on 2 stories, one Bleeping Computer reports, discussing the teen that hacked Uber and Rockstar Games has been arrested. Second, we share some listener follow up from last episode about medical documents being shared and how easy it would be to falsify your identity to obtain children's documents. Dustin, a Registered Health Information Management Technician, shares his thoughts on the matter. Dave's story follows the FCC’s new plan to require phone companies to block spam texts from bogus numbers. Joe has the story on how two Abbotsford residents lose approximately forty six thousand dollars in a bank scam. Our catch of the day comes from listener Joseph who shares a strange email he received from a scammer claiming to be PayPal, which could have seemed real if it weren't for a few mistakes Joseph found to be peculiar.Links to stories: FCC advances plan to require blocking of spam texts from bogus numbers Two Abbotsford residents lose $46K in bank scam UK Police arrests teen believed to be behind Uber, Rockstar hacks Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

An optional security mode for macOS and iOS that reduces the attack surface of the operating system by disabling certain commonly attacked features. Audio reference link: “How NSO Group’s Pegasus Spyware Was Found on Jamal Khashoggi’s Fiancée’s Phone,” FRONTLINE, YouTube, 18 July 2021.

This week Carole Theriault sits down to interview author Jamie Bartlett on his book, "The Missing Cryptoqueen - The Billion Dollar Cryptocurrency Con and the Woman Who Got Away with It." Dave and Joe share some follow up from listener Dustin who shares an interesting experience he had involving his child's medical documents and how easy it was to obtain them, making scams even easier. Joe's story follows a young teen hacker and how they allegedly were able to hack Uber and Rockstar Games. Dave has got the story on Queen Elizabeth II and how giving condolences could lead you right into a scam. Our catch of the day comes from us here at the CyberWire. We received an email from one Vladomir Petrova, a citizen of Ukraine, which gets more suspicious the longer the email reads.Links to stories: Social Engineering: How A Teen Hacker Allegedly Managed To Breach Both Uber And Rockstar Games PHISHING ALERT: GIVING YOUR CONDOLENCES FOR QUEEN ELIZABETH II CAN LEAVE YOUR DATA IN THE HANDS OF CYBERCRIMINALS Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A security awareness training technique in which authorized, but fake phishing emails are sent to employees in order to measure and improve their resistance to real phishing attacks. CyberWire Glossary link: https://thecyberwire.com/glossary/simulated-phishingAudio reference link: “Blackhat (2014) - Hacking the NSA Scene (4/10) | Movieclips.” YouTube, YouTube, 19 Apr. 2017.