Hacking Humans

Coming May 25, 2021. Get ready for a deep dive into what cybersecurity professionals often refer to as the "8th Layer" of security: HUMANS. This podcast is a multidisciplinary exploration into how the complexities of human nature affect security, risk, and life. Author, security researcher, and behavior science enthusiast Perry Carpenter taps experts for their insights and illumination. Topics include cybersecurity, psychology, behavior science, communication, leadership, and more.

A cloud-based software distribution method where app infrastructure, performance, and security are maintained by a service provider and accessible to users, typically via subscription, from any device connected to the internet.

Guest Helen Lee Bouygues of the Reboot Foundation joins Dave to talk about social media’s effect within the misinformation ecosystem and how users can best fight fake news, Dave and Joe share some follow-up from listener Jonathan on two-factor authentication, Joe's story is about an employee in Scotland sued for making payments based on phishing emails, Dave has a story about fake order confirmation phishing messages prompting us to call rather than click, our Catch of the Day comes from a listener named Wyatt who received a phishing email from some fellow jackpot winners.Links to stories: Why You Should Use a Physical Key to Sign Into Your Accounts Publishing company defrauded of over £193,000 fail to appeal decision that ex-employee was not liable for damages Company sues worker who fell for email scam BazarBackdoor phishing campaign eschews links and files to avoid raising red flags Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A process of converting encrypted data into something that a human or computer can understand.

Our UK correspondent Carole Theriault returns to share her interview with Julie Smith from the Security Alliance and Kelvin Coleman from National Cyber Security Alliance about Identity Management Day, Dave's story is about how Pixar uses colors to hack our moods and minds to see colors we've never seen before, Joe has a story about ways malicious actors can break into accounts with multi-factor authentication enabled, our Catch of the Day comes from a listener named Brett who works in a PC repair shop and "HackerDont'comebacker" software.Links to stories: How Pixar Uses Hyper-Colors to Hack Your Brain How Social Engineering Tactics Can Crack Multi-factor Authentication Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A cryptographic hack that relies on guessing all possible letter combinations of a targeted password until the correct codeword is discovered.

Guest Stacey Nash, Head of Fraud and Central Operations at USAA, joins Dave to discuss romance or sweetheart scams, Joe and Dave share some listener follow-up, Joe's got a story about emails sent to British awards organizers asking them to transfer prize money to a PayPal account, Dave's story is about a Rolling Stones tribute band targeted in a bogus check racket, and our Catch of the Day comes from a listener named Konstantin about a fake tax refund.Links to stories: $40,000 Swindle Puts Spotlight on Literary Prize Scams Scammers can’t get no satisfaction Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A cyber attack designed to impair or eliminate access to online services or data.

Guest Margaret Cunningham from Forcepoint talks with Dave about cognitive biases that lead to reasoning errors in cybersecurity, Joe shares some follow-up from a listener named Alex about the Alexa phone call Joe mentioned a few episodes back, Dave shares a note from listener Brandon about finding similar DNS names (check out https://dnstwister.report/), Dave's story is about dark patterns to get you to do something on a website, Joe shares a story phishing emails and defenses against them, and our Catch of the Day comes from a listener named Big Mike about an old time radio podcast he heard recently with great examples of social engineering.Links to stories: Dark patterns, the tricks websites use to make you say yes, explained Why do phishing attacks work? Blame the humans, not the technology Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer’s Random Access Memory or RAM during the reboot process in order to steal sensitive data.