Hacking Humans

Guest Gil Friedrich from Avanan joins Dave to talk about how bad actors are infiltrating organizations using collaboration apps, we have two pieces of listener follow up from Michael and Tobias, Joe has a story about fake information, Dave's story is about message spam on LinkedIn, and our Catch of the Day is from a listener named Lucio with a questionable Reddit communication.Links to stories: Propaganda as a Social Engineering Tool Annoying LinkedIn Networkers Actually Russian Hackers Spreading Zero-Days, Google Says Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

 The practice of emulating known adversary behavior against an organization's actual defensive posture.

Guest Kurtis Minder from GroupSense joins Dave to discuss divergent ransomware trends, the guys have a listener reminder about it being CompTIA, Joe, Dave has a story about a coupon scam in the Houston area, Joe's story is about a real estate rental scam and a scammer who likes to talk about his work, and our Catch of the Day is from a listener named Craig with an email about an unprofessional colleague and a questionable attachment.Links to stories: A ‘dark-side coupon group’ scammed stores out of millions, police say. ‘They were just going through the ink.’ Housing scams abundant in Jackson. This scammer is proud of it Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A layer seven security orchestration platform deployed at the boundary between internal workloads slash data storage and untrusted sources that blocks incoming and outgoing network traffic with rules that tie applications to the authenticated user and provides most of the traditional security stack functions in one device or software application. 

Have you ever noticed how fundamental deception is to the human condition? Deception and forms of social engineering have been with us since the beginning of recorded history. And yet, it seems like we are just as vulnerable to it as ever. But now the stakes are higher because technology allows social engineers to deceive at scale.This episode explores the psychology of deception, provides a foundation for understanding social engineering, offers a few mental models for exploration and exploitation, and discusses how we can prepare our mental defenses.Guests: Rachael Tobac: (LinkedIn), CEO of SocialProof Security Chris Hadnagy: (LinkedIn); CEO of Social Engineer, LLC; Founder of Innocent Lives Foundation; Founder of Social-Engineer.org Lisa Forte: (LinkedIn); Partner at Red Goat Cyber Security; Co-Founder Cyber Volunteers 19 George Finney: (LinkedIn); Chief Security Officer at Southern Methodist University; Founder of Well Aware Security Notes & Resources: CSO Online article on Social Engineering OODA Loop Understanding Framing Effects More examples of Framing Effects Harvard Business Review article on the Principles of Persuasion A blog series I did on Deception (Part 1), (Part 2). PsychologyToday article on Social Engineering Recommended Books (Amazon affiliate links): The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick Ghost in the Wires: My Adventures as the World's Most Wanted Hacker by Kevin Mitnick Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You by Chris Hadnagy Influence, New and Expanded: The Psychology of Persuasion by Robert Cialdini Pre-Suasion: A Revolutionary Way to Influence and Persuade by Robert Cialdini Practical Social Engineering: A Primer for the Ethical Hacker by Joe Gray Social Engineering: The Science of Human Hacking by Chris Hadnagy Thinking, Fast and Slow by Daniel Kahneman. Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors by Perry Carpenter Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future by George Finney Music and Sound Effects by Blue Dot Sessions & Storyblocks.Artwork by Chris Machowski.

Guest Joe Payne of Code 42 joins Dave to discuss insider risks Joe has a story about Frank Abagnale who's conned everyone one way or another, Dave's story is about a real estate scam conning a single mother of her life savings, and our Catch of the Day is from listener Michael with an "Extremely Urgent Attention Required" email.Links to stories: Confessions of a Famous Fraudster: How and Why Social Engineering Scams Work Real estate scam robs Florida mom of $63K in life savings Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A network designed to obfuscate the location of a cyber adversary's command and control server by manipulating the domain name system, or DNS, in a way that rotates the associated IP address among large numbers of compromised hosts in a botnet.

The CyberWire's UK correspondent Carole Theriault returns to share an interview with Geoff White, reporter from the BBC and co-host of the Lazarus Heist podcast, Joe has some listener follow-up from Mike looking for advice on certifications for getting into cybersecurity, Dave's story is from Brian Krebs about catching an ATM shimmer gang, Joe's got a piece from MalwareBytes Labs about phishing for Bitcoin recovery codes, and our Catch of the Day is from listener Rohit with a pretty genuine-looking snail mail scam.Links to stories: How Cyber Sleuths Cracked an ATM Shimmer Gang Bitcoin scammers phish for wallet recovery codes on Twitter Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The process of converting plain text into an unrecognizable form or secret code to hide its true meaning.

Guest Matthew Gracey-McMinn joins us from Netacea to speak with Dave about security issues with streaming services, Joe shares some follow-up from listener Jason about a bracelet sale mentioned a few episodes ago, Joe's story is from UMBC about AI-generated fake news reports, Dave's got a story about a replacement scam for a hardware wallet used for storing cryptocurrency, and our Catch of the Day comes from a listener called R about a vishing scam for DirectTV.Links to stories: Study shows AI-generated fake reports fool experts Criminals are mailing altered Ledger devices to steal cryptocurrency Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.