Hacking Humans

Software or hardware that records the computer keys pressed by a user. 

Guest Mantas Sasnauskas from CyberNews joins Dave to talk about how he and his colleagues applied for a job with a ransomware gang, Joe and Dave reply to a listener named Christopher about certifications, Dave's story is about credential stuffing with payroll companies for $800,000,Joe shares a story about lewd phishing lures sent to people's email accounts, and our Catch of the Day is from from a listener named Stof who says, he “received this call just now, never heard one this convincing, nearly got me too!"Links to stories: How to hack into 5500 accounts… just using “credential stuffing” Lewd Phishing Lures Aimed at Business Explode Million-dollar deposits and friends in high places: how we applied for a job with a ransomware gang Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Digital assets that are cryptographically protected on a blockchain and contain unique identification codes and metadata that makes them one of a kind.

Guest Robert Capps of NuData Security joins Dave to discuss what businesses can do to bolster their protection against tax fraud, Joe and Dave have some follow-up from 2 episodes ago when they discussed a BazarLoader scam: Wired has a recent article with a twist about a totally fake streaming site called BravoMovies, Joe shares a story from a listener Jason about a friend of his who was targeted by a scammer on Facebook Marketplace, Dave's story is about scammers demanding ransom from families who report missing persons on social media, and our Catch of the Day is from Reddit on a Tron cryptocurrency scam.Links to stories: The Bizarro Streaming Site That Hackers Built From Scratch  Scammers Target Families Who Post Missing Persons on Social Media COTD post on Reddit: Crypto scammer doesn't understand compound interest and gives me a rate that would give me all of the crypto after 9 hours. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The use of two or more verification methods to gain access to an account.

Guests Jan Kallberg and Col Stephen Hamilton of Army Cyber Institute at West Point join Dave to talk about cognitive force protection, Joe and Dave have some follow-up from a listener named Obada about Apple only allowing 2FA through SMS, Dave shares a story about Google's plan to require MFA for all users, Joe's story is about a couple who had their Fidelity retirement account defrauded to the tune of $40,000, and our Catch of the Day is from a listener named Doal about becoming named the beneficiary of a similarly-named deceased person.Links to stories: Google to make multi-factor authentication its default mode ‘Sleeping Giant:' Thieves Target Retirement Accounts How to protect troops from an assault in the cognitive domain Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A programming technique where the developer doesn't specify each step of the algorithm in code, but instead teaches the algorithm to learn from the experience.

Guest Tim Sadler from Tessian on how oversharing on social media and in OOO messages can open the door for hackers, Joe shares a story about vishing emails from "Amazon" that had spam confidence levels of 1, Dave's story is about an elaborate BazarLoader campaign counting on a lot of human interaction, and our Catch of the Day is from a listener named Scott about a phishing fax, that's right, we said fax.Links to stories: Hello, Is It Me You’re Phishing For: Amazon Vishing Attacks BazarCall Method: Call Centers Help Spread BazarLoader Malware Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The process of turning raw information into intelligence products that leaders use to make decisions with.

Guest Kev Breen from Immersive Labs joins Dave to talk about how to address whaling attacks, Dave shares a discussion he had with. a colleague about password managers and elderly parents and Joe weighs in, Dave's story is about a smishing Trojan impersonating a Chrome app, Joe has a story about URL redirection making more effective phishing attacks, and our Catch of the Day is from a listener named Vaughn about a snail mail fraud scheme that references a website.Links to stories: Beware of this smishing trojan impersonating the Chrome app Exploiting common URL redirection methods to create effective phishing attacks Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.