Hacking Humans

Guest Andrew Rubin, CEO and co-founder of Illumio, joins Dave to discuss Zero Trust, Dave and Joe share some follow-up from several listeners including one with a variation on prison pen pals we discussed some time ago and some advice on Dave's Google Authenticator issue he mentioned last week, Dave's story is about non-delivery scams, Joe's got a story on Imperial Kitten doing some catphishing, and our Catch of the Day comes from listener Timothy about with a sextortion campaign.Links to stories: 5 reasons non-delivery scams work I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A software development philosophy that emphasizes incremental delivery, team collaboration, continual planning, and continual learning Audio reference link: https://thecyberwire.com/glossary/agile-software-development"Velocity 09: John Allspaw and Paul Hammond, "10+ Deploys Pe" John Allspaw and Paul Hammond, 2009 Velocity Conference,YouTube, 25 June 2009. 

John Wilson, Senior Fellow Threat Research at Agari by HelpSystems, discusses business email compromise attacks, Joe shares three stories on different types of scams, the first being a mystery shopper scam, where the scammer tries to get you to buy gift cards at a grocery store, the second one is on, scammers posing as DTE Energy representatives, seeking bill payments, and the final one is about someone showing up to a victims door and demanding money to collect “Money owed” for a family member, Dave's story is on criminals who are using apple pay to scam their way into going on spending sprees, our catch of the day comes from listener Jon, who shares how two men claimed to be owed money after Jon's death, when in fact, John was very alive.Links to stories: Mystery shopper scam: How it works and how to avoid it Phone scam alert: Metro Detroiters receiving phony DTE Energy calls Police: Man scammed elderly person out of $10K Criminals Abuse Apple Pay in Spending Sprees Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The flagship product of the controversial Israeli spyware vendor, the NSO Group, use for remotely hacking mobile devices, most notably iPhones, via zero-click exploits.CyberWire Glossary link: https://thecyberwire.com/glossary/pegasusAudio reference link:“Cybersecurity beyond the Headlines: A Conversation with Journalist Nicole Perlroth,” Kristen Eichensehr, and Nicole Perlroth, University of Virginia School of Law,YouTube, 14 February 2022

Thanks for joining us for the latest episode of our fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave and Joe are joined on this episode by Perry Carpenter, host of 8th Layer Insights podcast and chief evangelist at KnowBe4. Dave,Joe and Perry watch and discuss Dave's and Perry's clips on this episode. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab your bowl of popcorn and join us for some Hollywood scams and frauds. A heads-up for our listeners: there is a bit of spicy language in today’s clips, so use your discretion if you are tuning in with your kids. Links to this episode's clips if you'd like to watch along: Dave's scene from "Focus" Perrys clip from "Ferris Bueller's Day Off"

Pete Barker, director of Fraud and Identity at SpyCloud offers critical insights on the alarming evolution of fraud and how consumers and enterprises can protect themselves, Joe and Dave share some listener follow up from listener Micah on a catch of the day from last week, Joe's story is on a woman who was scammed out of $15,000 and shares her experience on how the hackers were able to gather so much info and money from her, Dave's story is on an android malware scheme that allows cybercriminals to intercept customer calls to their banks, our catch of the day comes from listener John, who shares a scam from people claiming to be Amazon, saying that the users secret phrase has been incapacitated.Links to stories: 76-year-old Fargo woman loses $15,000 in computer scam Android banking malware intercepts calls to customer support Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

An open source email authentication protocol designed to prevent emails, spoofing in phishing, business email compromise or BEC, and other email-based attacks. 

Brian Brushwood a former magician, joins Perry Carpenter, host of 8th Layer Insights, to talk about his new podcast, The Worlds Greatest Con, and how magic led him to discussing cons and scams on a podcast, Dave shares a personal story on login frustration, Joe's story is on a Cash App breach being confirmed after an employee was able to access a US customers data, and Dave's story is on inauthentic LinkedIn profiles and how fake accounts are requesting to connect when in fact the accounts are fake, our catch of the day comes from listener Richard who shares a scam he got sent through the mail to exploit his political views.Links to stories: Block confirms Cash App breach after former employee accessed US customer data That smiling LinkedIn profile face might be a computer-generated fake Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A condition announced by the US Cybersecurity and Infrastructure Security Agency (CISA) to draw attention to a temporary period of high alert, associated with expectation of a connected wave of cyberattacks prompted by either a widespread vulnerability or an unusually active and capable threat actor.

Laura Hoffner from Concentric, joins Dave to discuss online dangers and how they can very easily turn into real world dangers, Laura explains about the popular social media platform TikTok and how users are being stalked and shares one story in particular, Joe and Dave share some listener follow up, Joe's story is centered around cryptocurrency scams and how they are on the rise, and Dave's story is on the malware BABYSHARK and the internal process of investigation as well as lessons learned, our catch of the day comes to us from listener Andre, who shares a scam from a Commanding officer of the U.S Central Command and how they need Andre to keep his money safe.Links to stories: Targeted APT Activity: BABYSHARK Is Out for Blood BBB Study: Cryptocurrency is ripe for fraud and financial loss Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.