B (15:12)

Oh, absolutely, yeah. 100%. You're 100% right. AI is taking all types of fraud, specifically phishing and vishing. Right? So phishing, which is email vishing, which is voice scams, and smishing, which is fraudulent text messages. It's taken that to an entirely new level.

A (15:35)

Well, can you walk us through the kinds of, I don't know, the state of the art that's in play these days when it comes to these scammers trying to take advantage of people at tax season?

B (15:47)

Well, it is amazing when you start to look at what and how they're doing it. So as I just talked about a second ago, they're actually coming at poor victims in three different ways, right? From three different angles.

A (16:03)

Right?

B (16:03)

They're doing it from the fact of you are a. You're getting emails, you're getting voice messages, and what they're doing is they're creating this kind of pretext call. So it'll start out with statements such as an email, your refund is on hold, pending identity verification or unusual activity on your IRS account, or you owe back taxes, final notice. And this right, gets your attention, it gets a victim's attention. And then the AI now is smart enough to start to understand and actually get into a conversation with a victim, right? So it's like near perfect email tone. All their emails look exquisite. They match all the pages. When you start to write, you engage with them. The, The AI is now smart enough to read the tone of the victim, right? So now you have, now you have the situation where you are communicating with the AI and they are. It's reading your tone. So if. If you are not sounding like you are, you know, nervous, they'll up the tone of your. Of the. Of the email, they'll up the tone of. Of the actual conversation using different words like, you know, search warrant or arrest warrant or something like that. So the, the AI, the large language models, are really adept now at engaging with the victim and actually playing along with that victim.

A (17:40)

To what degree is this still a shotgun approach? Or how easy is it for these scammers to have some information about their victims ahead of time?

B (17:52)

You know, historically it was very much a shotgun approach, but there is. There's a ton of, you know, data. Remember, think about all the breaches that you and I see get reported in the news all the time, right? And so you get information, all those breaches, all that data, right? The millions and millions of personally identifiable information that gets out there and sold on the dark web. You got to realize the threat actors are taking that data, they're putting it in these huge data lakes and they're writing algorithms that kind of bounce that data off of each other. And they are able to create some highly tactical profiles of individuals where they've gotten enough data from various different breaches out there in the world, but they're now targeting them.

A (18:46)

What are your recommendations then? I mean, given the rise in sophistication of these tools, what's the best way for folks to protect themselves?

B (18:56)

I mean, they need to. First of all, they need to breathe in, breathe out, take a deep breath and understand that the fraud piece of this is a real thing and it can really happen to them. And so they need to be vigilant. Right? So. And to avoid the email scams, it's what we talk about all the time, Right? So the IRS is only going to communicate with you via U.S. postal mail.

A (19:28)

Right.

B (19:28)

They don't contact people by email or text messages. Right. And if you know someone is demanding from the IRS this immediate payment, that's all fraud, Right? So you have to be vigilant. You need to look at that email and you need to physically go up into that bar at the top and understand that it needs to come from the IRS.gov domain.

A (19:56)

Right?

B (19:56)

And if it doesn't come from IRS.gov domain, it's fraud.

A (20:00)

Right.

B (20:00)

And if there's someone calling you and the voice sounds boxy or you sense they're creating a sense of urgency on you, that doesn't seem right. Start asking questions that seem kind of off the cuff. But if you ask that question to the AI, what's the address of the building? And you're right now you start asking those types of immediate, what I call environmental questions, the AI will stammer and the AI will break because they're not used to it. It's not part of their script. And so if you get one of those answers that doesn't fit, then you immediately hang up because you know it's AI generated imposter.

A (20:48)

Are there resources that the IRS has? And the FBI, for example, I know you are former FBI. Does the FBI want to hear from folks who feel as though they may have been scammed?

B (21:00)

Oh, absolutely. Right. So ic3.gov, right, the Internet Crime Complaint center is the FBI's website where you should absolutely, 100% report this. You can also. There's also a website that is run by the irs and it's phishing ph I s h I n g r s.gov where if you suspect a phishing attempt, you can actually go to that site and it will help you verify whether or not there is anything out there coming from the IRS about you.

A (21:38)

You know, I think when people get hit by these sorts of things, it's very easy for them to feel like they're alone or they're isolated. You know, they don't have anywhere to turn. And what I hear you saying is that that's not the case.

B (21:53)

Oh, absolutely. Yeah. No. There are a lot of resources out there. Even your local police departments are now trained in how to deal with this. But certainly at the federal level, you are absolutely not alone.

A (22:08)

Is this primarily a social engineering type of thing? I mean, we talk that people should have antivirus and ad blockers and all those sorts of things, but this particular type of scamming really strikes me as being human to human.

B (22:23)

Yeah, this is not something that, you know, a, a software program that, you know, McAfee or whatever your, whatever you use. Yeah, that's not going to stop this. This is, this is social engineering, but this is social engineering where you're being bombarded from, from all aspects. Again, voice, text, email, you know, it could be a telephone call. And again, all of this data is out there, you know, on the dark web and threat actors have access to it. If you've been, you know, your, your Panera Bread, you know, account was compromised or, you know, any, any of these breaches that happen out there, all that data is being sold on the dark web. And so it is. It is absolutely imperative for you to think about it in those terms. Right. It's not just an isolated attack. You're really being targeted.

A (23:18)

That's James Turgal from Optiv. What's your 2am Security worry? Is it, do I have the right controls in place? Maybe are my vendors secure or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. And it fits right into your workflows. Using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently, and finally get back to sleep. Get started@vanta.com cyber that's v a n t a dot com cyber foreign. Maybe that's an urgent message from your CEO, or maybe it's a deep fake trying to target your business. Doppel is the AI native social engineering defense platform fighting back against impersonation and manipulation. As attackers use AI to make their tactics more sophisticated, Doppel uses it to fight back from automatically dismantling cross channel attacks to building team resilience and more Doppel outpacing what's next in social engineering? Learn more@doppel.com that's-o P E L.com. And finally, in a newly amended complaint, the Authors Guild alleges that federal humanities grants were terminated not through policy review, but by a pair of DOGE appointees armed with a keyword list and ChatGPT. According to the filing, Nate Kavanaugh and Justin Fox flagged National Endowment for the Humanities grants by prompting ChatGPT to determine in under 120 characters whether a project was related at all to DEI. Fox reportedly fed in short descriptions and accepted the chatbots verdicts without defining what DEI meant. Grants mentioning terms like lgbtq, tribal or black landed on cancellation lists labeled craziest grants or other bad grants. None so identified were moved to the Keep folder unless tied to favored initiatives. Termination emails were then sent from a private server bearing the acting director's name, though he later said he neither selected the grants nor drafted the letters. Efficiency, it seems, came with a chatbot and a grudge list. And that's the CyberWire. For links to all of today's stories, check out our daily briefing@thecyberwire.com be sure to check out this weekend's research Saturday and my conversation with Tomer Barr, VP of Security research at Safe Breach Labs. The research we're discussing is titled Prince of Persia, A Decade of Iranian Nation State APT Campaign Activity under the Microscope that's Research Saturday. Do check it out. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K senior producer is Alice Carruth. Alice has been a steady, generous force at N2K CyberWire, someone whose fingerprints are all over the quality and care our work is known for. As a senior producer, she's been instrumental in shaping T minus, bringing clarity, rigor and calm to a fast moving beat while also lending her sharp instincts and production wisdom across the cyber side of the house. She made hard things look easy and she did it with grace. More than that, Alice has been a trusted teammate, thoughtful, collaborative and always focused on making the work and the people doing it better. Today is her last day with us here at N2K CyberWire. We're thrilled for her as she steps into a true dream job, even as we'll miss her deeply here. Alice, thank you for everything you've given this team. We're cheering you on as you take on new challenges and can't wait to see what you do next. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our Executive Producer is Jennifer Ivan. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here next week. If you only attend one cybersecurity conference this year, make it RSAC 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the global security community for four days of expert insights, hands on learning and real innovation. I'll say this plainly, I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26 I'll see you in San Francisco. Ever wished you could rebuild your network from scratch to make it more secure, scalable and simple? Meet Meter, the company reimagining enterprise networking from the ground up. Meter builds full stack zero trust networks including hardware, firmware and software, all designed to work seamlessly together. The result? Fast, reliable and secure connectivity without the constant patching, vendor juggling or hidden costs. From wired and wireless to routing, switching, firewalls, DNS security and vpn, every layer is integrated and continuously protected in one unified platform. And since it's delivered as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to make switching effortless, transform complexity into simplicity, and give your team time to focus on what really matters, helping your business and customers thrive. Learn more and book your demo@meter.com cyberwire that's M E T E R.com cyberwire.