CyberWire Daily: Live from Orlando, It's Hacking Humans! [Hacking Humans]
Release Date: February 27, 2025
Host/Author: N2K Networks

Overview

In this lively episode of Hacking Humans, recorded live at Threat Locker's Zero Trust World 2025 conference in Orlando, Florida, hosts Dave Bittner and Maria Vermasis delve into the latest cybersecurity threats targeting individuals and organizations. Joined by special guest Seamus Lennon, Threat Locker's VP of Operations for Europe, the discussion covers a range of scams, from tax-related phishing schemes to broader trends identified by the Better Business Bureau (BBB). The episode also explores the evolving role of artificial intelligence (AI) in both facilitating and combating cyber threats.

Tax-Related Scams

Maria kicks off the discussion by highlighting the surge in tax-related scams, particularly ahead of tax season. She references a report by Kate Gibson of CBS News Money Watch, which exposes a prevalent IRS refund text scam falsely promising recipients a $1,400 refund for simply clicking a malicious link.

Notable Quote:
"You're not going to get a text from the IRS. That is really, really important to remember."
— Maria Vermasis [02:02]

Maria also shares a listener's experience involving a fraudulent tax firm exploiting misinformation about pandemic-related tax credits. These scammers deceive individuals into paying for nonexistent refunds while potentially compromising sensitive personal information.

Insights from Seamus Lennon

Seamus Lennon provides expert commentary on identifying red flags in such scams. He emphasizes the importance of skepticism towards unsolicited messages claiming to be from reputable institutions like the IRS.

Notable Quote:
"If I receive a text message from the IRS, I'm going to get really worried."
— Seamus Lennon [04:55]

Seamus discusses Ireland's recent regulatory measures through the Communication Regulatory Commission (Comrade), which mandates businesses to register their contact information. This move significantly reduces fraudulent communications by flagging unregistered numbers as potentially fraudulent.

Notable Quote:
"Now it's going to save like three and a half thousand people get juked every day in Ireland."
— Seamus Lennon [06:56]

Top Scams of 2024 per the Better Business Bureau

Dave shifts the focus to a report from the BBB, highlighting the top consumer scams of 2024. The number one scam involves fraudulent online purchases, where scammers create fake websites mimicking legitimate retailers to deceive consumers into paying for nonexistent products.

Notable Quote:
"People shop around. The bad guys pay to have these ads put in front of people... and you're never going to get the kayak."
— Dave Bittner [09:35]

Other notable scams include:

1. Phishing: Continues to be a major threat, leveraging deceptive emails and messages to steal credentials or install malware.
2. Employment Scams: Fake recruiting services, often linked to entities like North Korea, manipulate job seekers to funnel money illegally.
3. Debt Collection: Scammers pressure victims with false claims of owed debts to extract payments.
4. Counterfeit Products: Fake goods sold online deceive consumers and infringe on legitimate brands.
5. Travel, Vacation, and Timeshare Scams: Fraudulent offers lure individuals into paying for nonexistent travel packages or timeshares.
6. Government Agency Imposters: Scammers pose as officials from agencies like the IRS to extract sensitive information.
7. Tech Support Scams: Although less prevalent, these scams still target individuals by impersonating technical support to gain access to personal devices.
8. Investment Scams: Often tied to cryptocurrency, these scams promise high returns through fake investment opportunities or romance scams that culminate in financial exploitation.

The Role of AI in Phishing

Seamus provides a critical perspective on the current capabilities of AI in combating phishing. He argues that while AI has improved the grammatical quality of phishing messages, its effectiveness in stopping such attacks remains limited.

Notable Quote:
"What AI has actually achieved when it comes to phishing is corrected spelling mistakes. That's about it."
— Seamus Lennon [16:44]

He further explains how AI can be exploited by scammers to craft more convincing phishing attempts, making it challenging for individuals to discern fraudulent messages from genuine ones.

Personal Impact Stories

Maria shares personal anecdotes illustrating the real-world impact of these scams. She recounts how friends and family members have fallen victim to romance scams, highlighting the emotional manipulation involved. Maria stresses the importance of protective measures to safeguard those who might not be as tech-savvy.

Notable Quote:
"Nobody can know everything. And hopefully we have solutions like what you've been mentioning that can help people not have that burden of knowledge."
— Maria Vermasis [21:00]

Dave echoes these sentiments, expressing concern for friends and family who may not be equipped with the necessary tools to defend against sophisticated social engineering attacks.

Catch of the Day: AI-Generated Message Error

To conclude the episode, Dave presents a humorous "Catch of the Day" segment featuring an AI-generated Venmo support message riddled with nonsensical content. The message mistakenly refers to "frozen transfer activity" involving "cryopreserved embryos," starkly contrasting the intended subject of unauthorized financial activity.

Notable Quote:
"I got pregnant through Venmo."
— Dave Bittner [26:43]

Seamus humorously attributes the error to a lack of AI involvement, suggesting that the scammer manually crafted the confusing message rather than using AI tools.

Notable Quote:
"This is one hacker that actually hasn't found AI yet."
— Seamus Lennon [27:24]

Closing Remarks

The episode wraps up with acknowledgments to the show's production team and a reminder for listeners to share their feedback. The hosts emphasize the ongoing need for awareness and advanced cybersecurity measures to protect against the ever-evolving landscape of cyber threats.

Key Takeaways:

• Vigilance Against Scams: Always verify unsolicited messages claiming to be from official entities like the IRS. Genuine communications will not request sensitive information via text.

• Regulatory Measures Matter: Initiatives like Ireland's registration requirement for businesses can significantly reduce the prevalence of fraudulent communications.

• AI's Double-Edged Sword: While AI can enhance the quality of phishing attempts, its current capabilities are limited in preventing such attacks. Continuous advancements and adaptive security measures are essential.

• Personal Responsibility: Educating family and friends about common scam tactics is crucial, especially for those who may not be as technologically adept.

• Stay Informed: Regularly updating knowledge about the latest scams and cybersecurity practices can help individuals and organizations stay one step ahead of cybercriminals.

Notable Quotes with Timestamps:

• "You're not going to get a text from the IRS. That is really, really important to remember." — Maria Vermasis [02:02]

• "If I receive a text message from the IRS, I'm going to get really worried." — Seamus Lennon [04:55]

• "People shop around. The bad guys pay to have these ads put in front of people... and you're never going to get the kayak." — Dave Bittner [09:35]

• "What AI has actually achieved when it comes to phishing is corrected spelling mistakes. That's about it." — Seamus Lennon [16:44]

• "Nobody can know everything. And hopefully we have solutions like what you've been mentioning that can help people not have that burden of knowledge." — Maria Vermasis [21:00]

• "I got pregnant through Venmo." — Dave Bittner [26:43]

• "This is one hacker that actually hasn't found AI yet." — Seamus Lennon [27:24]

Stay tuned to Hacking Humans for more insights and updates on the latest in cybersecurity threats and defenses.