A

You're listening to the Cyberwire Network, powered by N2K.

B

Hello everyone and welcome to the Hacking Humans podcast where each week we look behind the social engineering scams, phishing schemes and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Buettner and joining me is Joe Kerrigan. Hey, Joe. Hi, Dave. Maria is once again on vac this week, so joining us is friend of the show, Michelle Kellerman. Michelle, welcome back.

A

Gentlemen.

B

We've got some good stories to share this week, but first we got some follow up here. Actually, let's start with you, Michelle. You're, you're still pitching your worthwhile charity here. What do you got for us?

A

Y Just for the last sub in, I believe while I'm going to be doing this campaign, we are halfway through the Blood Cancer United States Visionary of the Year charity fundraiser that I'm doing to support my best friend whose daughter had infant leukemia for the Blood Cancer United Society, formerly the Leukemia and Lymphoma Society. And we are halfway through and I am not halfway to my fundraising goal, tragically. So anybody willing to donate would be very much appreciated. It goes to a great cause. This helps with treatment, with family support, with education, with any resource that somebody experiencing this may need. It's a wonderful foundation.

B

All right, well, we will have a link to that in the show notes, so listeners, please do step up and help out. All right, we got another bit of follow up here. Joe, this is for you. This is from listener sue in Australia. In Australia, right. Who's keeping you straight with your chickens?

C

Yes. Sue wrote in and sent an email and actually you forwarded this to me almost immediately, which I think is great because I've already tried this. We'll talk about this in a minute. Oh, but it begins. Hello, Joe. So you have an attacking rooster problem. If you remember, a couple of weeks ago I talked about my wife getting attacked.

B

Yeah. It wasn't so much you had the rooster attacking problem as your wife did. Well, you had it by extension. I guess it became your responsibility to mitigate, right?

C

It's my responsibility.

B

Yeah.

C

This is how you fix it.

B

Okay.

C

Okay. Take 10 minutes every day. Over a two week period, she actually says fortnight, which I really appreciate.

D

Okay.

C

Over a fortnite period, wait for the hens and the rooster to go to bed. Then go to the hen house and grab the rooster by the legs with one hand, pull the rooster into an upside down position. He will flap about trying to right himself. This is a submissive position.

B

Yeah. I'd say so. Right.

C

I don't like being held up by my legs.

B

I don't know anybody who does. Maybe. I don't know.

C

I got a granddaughter that loves it,

B

say gymnasts, people who work at the circus.

C

This kid will. I will hold her upside down by her legs and she will do crunches. And she's like the only thing 3 year old I know that has abs.

B

Yeah, I don't think I could do that.

C

Yeah, I can't. When he runs out of puff flapping, put your other hand under his breast and right him and hold his legs at all times. Spend the next 10 minutes touching his comb, wattles, beak and neck area and put the rooster back in with the hens. You'll probably only need to put the rooster in the submissive position three times. Uh, and then you have to do the picking him up every day and rubbing his comb and head every for about, about two weeks. Okay, so what this does I'm gonna summarize here. Cause I'm not really all that good at reading. What this does is lets the rooster know, number one, you're in charge. Yeah, right. That you're, you're the, you're the, the actual power animal in the cage. Right.

B

You're not just the free ride for food.

C

Right. Yeah. Um, and also it lets him know that you're not a threat, which is why you have to be nice to him. Uh, one of the things that might be, he might be thinking is that something bad is going to happen to the hens when I pick them up. Particularly this. My. She mentioned snugglebug, who I talk about, who always hops up and wants me to pick her up.

B

Yeah.

C

Uh, and then I have another one, the, the other Americana hen that is actually taken to me a little bit better and it's okay for me to pick her up too. The other three hens really don't want anything to do with me, and I'm fine with that. As long as I have my other two hens that still like to talk to me, that's fine. Okay, so snugglebug may not be giving off distress. Any distress call, which would normally brings in the rooster and other hens to display this behavior. But still, seeing it can. Can trigger a response, a protective response. Sue says she only had to do this on one occasion. Did not. I did not spend time handling my rooster when he was young, which I also didn't do specifically because when we were talking about it with my daughter, she said, don't handle the Rooster, you don't want to do that. You want him to be unhandled so that he is more aggressive and protective. I didn't know that would mean he would attack people. So that's what's happened here. I was administering a tablet for Mason's eye worm to my rooster, and he took a chunk out of me, which, when roosters fight, they don't just peck. They twist their beak in order to draw blood on. The other rooster did this handling him, and she got a problem. Your wife also needs to put the rooster in a submissive position and have interactions with the rooster. He needs to learn that humans have more strength than him. Asian breeds will be more aggressive after. Can be more aggressive. If after a fortnight of handling, he still attacks, then you need to get rid of him.

B

Oh. Oh.

C

And she also notes that snugglebug is called a chickabe. Chicka babe. Chicky babe. Chicky babe. Yeah, I'm gonna say chicky babe. She is the smallest, youngest, and gets picked on the most by the other hens. She's actually not the smallest. The Americana is the smallest, but of. She is the second smallest. She's definitely the smaller of the two breeds that we have. And the other two, we have three breeds. We have Easter Eggers, Olive Eggers, and Americanas. And I only know which ones are the Americanas. But I went into the coop on Tuesday night to feed them because, you know, they're out of food. They were low on food and water, so I had to feed and water them. And while I go in there to feed them, this ingrate rooster starts getting uppity with me. And, you know, he puts his head down, he sticks his neck out, and he starts charging at me, and I put a foot out to stop that, and that doesn't stop him from doing it. So I chased him around the run and pinned him down and reached under him, grabbed his feet and took him out of the run and just held him upside down for a little bit. And he. He sure did try to reach up and. And peck my hand. He does not have the abs to do that, though.

B

Okay.

A

I did not anticipate the amount of work of chicken psychology that exists out

C

there, nor did I. I thought having chickens would be a lot easier than this, but it isn't.

A

Well, not even that. I just figured, you know, the expectation is like, they're dumb, so we're not going to try and figure it out with dogs. They are working animals. They serve a purpose in a lot of situations for other animals that we observe closely. Like, I used to volunteer with dolphins at the aquarium. Learning. Yeah. I used to moonlight. I like to do side quests, learning about the psychology of, like, the dolphins and stuff. But, like, chickens. I didn't expect that we were gonna, like, have an analysis and, like, a tried and true. This is what they need to communicate in chicken, right?

C

Yeah, well, you communicate. You communicate in chicken physically. Yeah. So it's. It's kind of. You can communicate with a dog verbally and. And they'll get it. But, you know, your dog, you still need. You still need some kind of. There's some physicality involved, whether it's like, posture, you know, because you bend down in front of a dog, the dog gets excited. Oh, we're gonna play. Okay. Because that looks very much to them like a play bow. So there's. There. Yeah, there's. There's all kinds of dog psychology, and then there's chicken psychology as well, I guess. So. Anyway, once. Once he tired himself out, I. I just kind of held him upside down for, you know, maybe 30 seconds and saw him relax and just go limp. He ran out of steam really quickly, and then, you know, his eyes started closing. And once that happened, I flipped him over and I said, okay. And then I just started petting them a little bit and went back and I put him in the coop. Now, I haven't had the time because I'm going to classes two nights a week, so I'm not there every, you know, every single night. And I get home at 10:30 some nights. And the last thing I want to do with that is go out and grab a rooster by his feet and turn him upside down. I just want to go to bed. So I'm going to keep doing this and see. See if this is effective. But I probably won't be able to do it for two weeks until. Until after classes end, which is about a month. But once I put him back, I was able to walk into the. Into the run with no. No challenge or anything. He was like, okay, well, so. So it is effective. Thank you, sue, for sending this to me.

B

It's a good thing you didn't choose to ra. Right?

C

Yeah. I do not want anything to do with them. Did I tell you about my 1 run in with it with. With emus? If you go to.

A

Why. If.

C

You know, why do I have a running with amuse?

A

I give up.

C

I was. My son and I were doing a bike ride around the BWI Trail, which is a great trail. It goes all the way around BWI Airport Yeah. And as we're riding up the. Riding up one of the hills, I get the feeling that something's watching me. Right. And I look over. More than usual. Right. More than usual. Right now, it's actually a feeling. I don't know why we get that, but we do get that. Maybe it's something. Your peripheral vision triggers something. But I get the feeling something's watching me. I look over at this fence line, and there in the fence line is this velociraptor looking bird. It's an emu. And he's just staring at me like, hey, in Maryland.

B

So he's behind a fence.

C

He's behind a fence, yeah.

B

Okay.

C

But, you know, he's menacingly staring at me like, you know, we went to war with Australians and we won.

B

That's true. Yeah. Yeah. Well, Clark's farm has an emu near us. Yeah, they have one. I mean, you know, they can be nice or, I don't know, habituated, I guess is probably the way to say it, but.

C

Yeah. They're venomous, too. They have a venomous spur on their. On their legs.

B

I would not want to get in a fight with an emu.

C

No.

B

But the cassowary is the one that'll really.

C

Yeah, that'll kill you.

B

Yeah, that's a dinosaur. You can't convince me of otherwise.

C

They're all dinosaurs. I'm looking at my chickens and they look.

B

Cassowary is like straight line from dinosaur to cassowary. He was just hiding out the whole time.

C

Yeah.

B

Yeah.

C

Survived the impact in the Yucatan.

B

Right. Through sheer force of will and disdain, it survived. Every attacker counts on one thing. Environments that Trust too much. ThreatLocker closes that gap with default deny at execution. Unknown software blocked. Trusted apps contained with ring fencing. Configurations verified with Threat Locker DAC so you stay secure and compliant. ThreatLocker delivers the visibility and control CISOs need without adding operational pain, making zero trust real for teams of any size. Stop ransomware at its earliest point. Book a demo@threatlocker.com N2K. And we will now move on to our stories. And Joe, you're up. What do you got for us?

C

I have got a banger this week, Dave.

B

Okay.

C

This one comes from Daniel Kaplan at the Guardian. And this kind of exposed something I didn't know existed. But it seems if you are a professional athlete, which I will never be, there's still time. No. No, there isn't.

B

You can still be a bowler.

C

I could maybe be a curler.

D

Curler?

B

Yeah. Sure, sure.

C

Right.

A

Somebody's dad is really great at that. Yeah.

C

So there are borrowing. Borrowing products available to you from companies like Aaliyah Sport and All Pro Capital, and these loans are brokered through companies like sure Sports. So I didn't even know this market existed.

B

What do you mean by. Yeah, help me understand. What's the borrowing product?

C

It's a loan, essentially.

B

Okay.

A

Against what?

C

Again, I don't know. Against what?

B

Maybe against your contract, against your athletic prowess.

C

Right.

B

Okay.

C

Yeah. I don't. It doesn't go in enough detail. It really. I mean, this. I really want to look into what this is because, you know, one of my big concerns about professional athletes is you get these guys that are, like, between 18 and 22 years old, and you just dump millions of dollars into. Into their laps.

B

Yeah.

C

You know, and what are they going to do with that money? What happens? I know that there are all the. All the leagues have, like, financial advisors set up for them, but I'm. I'm concerned this might be a step. A step too far in terms of what goes on.

B

It's hard to handle.

C

Right. Hard for me to handle. But currently, what I'm about to talk to is not agreed to. So everything in the story is actually alleged.

B

Okay.

C

Okay. But there is a football player named Luther Davis who was a college football player for Alabama. He was part of the team that won the 2010 national championship game.

B

Oh, okay.

C

I don't know what that means because I don't follow college football and. Or college sports or American football, but.

B

Well, it's a real mystery. But based on the name. Joe, what. What do you suppose the national championship game could possibly mean?

C

Here's the thing. Do they have. Because they have, like, different bowls. I mean, after every January 1st, there's like 15 different bowl games.

B

Yes, that's right. If your team has something close to a winning record, chances are you'll be invited to a bowl game.

C

Okay, so then.

A

But this is like the ncaa, like, league championship.

B

This is. Yes, there is a national championship game, which is.

A

Yeah, they win college football.

B

Correct.

C

Okay, so is there.

B

They're considered to be the national champions.

C

So do they. Are these people that have already played in bowl games or are they.

A

No, bowl games are after.

C

Bowl games are after.

B

And my rec. I believe it's changed in the past few years in terms of, like, being more of a play in kind of thing. Like the Super Bowl. I want to say back in 2010, I believe it was still chosen by journalists.

C

Yeah, I think it's journalists that rank these stand. And you know, how Arbitrary of a system is that. I mean, that just doesn't seem right to me.

A

Well, I mean, it was originally college kids, you know, and you're in it for the love of the game at that point.

C

Okay.

B

Yeah. Which is. We've long since dispatched.

C

Yes. So Luther Davis and one of his partners, CJ Evans, have both tentatively agreed to a plea deal in a scam where Davis would pose as current NFL players to obtain fraudulent loans from these lending companies, these athletic lending companies.

B

Okay.

C

Thirteen of them are alleged totaling $19.8 million.

D

Wow.

C

19.8 million. The criminal information document, or as they say, CI document, only contains about three of these loans, totaling about $11.6 million.

B

Okay.

C

And it only lists the initials of the people that were impersonated in this scam. But the Guardian actually goes ahead and lists. And lists them out in the article. But they ran this scam from May of 2023 to October of 2024. And here's how they did it. First, Davis and Evans would register companies in Georgia, the US State, Georgia, with names closely related to the people they were impersonating. Or maybe they start a company with just the initials of the person they were impersonating. Then they would open bank accounts for these companies and create email addresses. And Evans is described in the court filing as being the founder and operator of a company called deedchasers llc, which operated as the registered agent for these companies in the state of Georgia. So all these LLCs were started in Georgia, and Deeds was the registering agent for them. Deed chasers, rather. Then they would get fake identification documents. I kind of think they would do this before setting up the bank accounts. It doesn't make. But the order's not really important. But then they would fabricate financial statements, including personal finance statements. Then they would reach out to the brokers and provide financial fake documents for the loan evidence. Davis would attend loan closings virtually disguised as the athlete he was impersonating. He used wigs and makeups. Makeup. And in one case, he actually wore a do rag. Because the person he was impersonating is often seen on TV wearing a do rag.

B

Okay.

C

So, you know, sure. You think durag. You think this particular football, you know, football player. These are all NFL players, by the way.

B

Yeah. Well, whatever the person is known for, if they have a signature look, right. You want to emulate that.

C

So this guy would. They would go so far as to do. To look like the person they were. They were impersonating. They had driver's licenses that had the. The NFL players names on Them, one of them had a fabricated driver's license number, and the other one was just a number for just some random woman in Georgia. So it was a real number. And there's a good chance they just fabricated the number and just hit on it, right? Yeah, that could be the case. But Davis and Evans have both notified the court that they intend to enter guilty pleas, and they have a hearing scheduled for April 27, which will be after the drop date of this podcast. So at that time you can hear about it. But they are charged with aggravated identity theft. Right, Michelle? Aggravated identity. That means they stole identities in order to commit other crimes, including conspiracy to commit wire fraud. And both these sentences. The latter wire fraud, as we discussed last week, can carry a sentence up to 20 years in jail. So we don't know what the plea agreement says yet in terms of how much time they've agreed to, but I think these guys are probably going to do some time.

B

I wonder how they got caught.

A

Well, I was looking at the sure Sports, the website for one of these services, and the contracts are very specific. You can only. They're only open to certain people. So, for example, for draft eligible players, it's only for the top 100 NFL draft prospects and the top 40 NBA draft prospects, it's for certain college athletes based on an expected revenue structure. There are only a certain number of people that could possibly get these loans.

C

Right. A small number of people can get the loans, and there's capital companies out there ready to provide the capital, and then the brokers are there just to be the middlemen.

B

Wow. Yeah. I mean, imagine you're one of these players and there's somebody out there, you know, gobbling, Using your good name. Right. To. To gobble up money. Yeah.

C

Yeah. And, you know, I don't. I don't know. Again, I would. I think this is where I would just be like, yeah, I don't know who that is, but that wasn't me. That's not my signature. This is not. This is not a Joe Kerrigan problem. This is a. What is it? Sports capital problem.

B

Yeah.

A

That's why I'm surprised that they would go this route. This is. You get caught. All other frauds, you want to blend into all the other things. You want to not be noticeable. There are only a certain number of people that can get these. It seems like a really unusual path to fraud.

C

Yeah.

A

Highly identifiable, highly traceable people. Pay attention to this stuff.

B

Yeah.

C

I think, you know, if I was going to do this better, I wouldn't have used my Buddy's llc. As the registration agent for my llc, I would have just gone gotten some LLC registered in Delaware and set it up that way, because there are companies in Delaware that will just register any llc. You don't have to ever show up. I've done it.

A

I did my LLC registration online.

B

Yeah. I also wonder, to what degree did these folks see their downfall just out of greed? In other words, they got away with it once.

C

Right. They got $4 million and they go, we could do this again.

B

Yeah, that was easy. Right, right. And $4 million isn't quite enough to retire on. I need two yachts.

C

Right.

B

And, well, you got to split it 50.

C

50, Dave.

B

So that's true.

C

Yeah. I mean, these were large loans. I think if I do this once, I just count my lucky stars and then try to spend all the time hiding the money.

A

This feels like hubris, not intelligence, to go this path. You're already just too big for your britches at the start, Right? So, yeah, this doesn't surprise me at all, actually.

B

Yeah, interesting.

A

Very weird.

B

All right, well, we'll see what happens. It seems like justice is going to be serv. I wonder if the banks will get their money back or at least maybe some of it. Who knows? Depends on how much of it they spent already.

C

Yeah, actually, I'm really not that concerned about these banks or about these capital companies. I'm just not. I mean, I think they might be doing something exploitive. And of course, they are taking advantage of young, inexperienced people who just got NFL contracts or NBA contracts.

A

They even have, like, bridge loans if you're between college and your draft. Based on your draft perspective.

C

Yeah.

A

Is crazy.

C

That's nuts. All right, so, yeah, I don't feel bad about the finance people losing their money, but, you know, it is theft and if they get it back. Okay, that's fine.

B

Yeah. All right, well, we'll have a link to that story in the show notes. Michelle, you're up. What do you got for us this week?

A

Mine is a very different target from who is being targeted for the scams. This comes from Spectrum News. Madison McArthur wrote it for the local news in Columbus, Ohio, about people scammers targeting families and loved ones of recently incarcerated people. Yeah. So basically they are. These scammers are calling families of loved ones who are recently incarcerated, and they are saying, we can help get your loved one released. They help arrange the release by paying fees, by paying bonds, whatever. And obviously this is fraudulent, but they make it seem time sensitive and they'll commonly request payments through gift cards, prepaid debit cards, wire transfer or other non traceable methods. They may also attempt to get sensitive financial information such as bank account or credit card details. It's apparently very rampant. So I started looking around and it's a common enough scam that actually a county in Nebraska, that's in Omaha, Nebraska, they stopped posting their jail roll for who are, who's in their county jails for any reason because people were targeting these specific individuals and their families. Because when you think about it, a lot of people, there are a lot of potholes in the criminal justice system. People, these are typically low income, where you're getting jammed up for, you know, petty theft or smaller crimes because you don't have enough money, things like that, and you don't have a good understanding of the legal system. And there are tons of fees just randomly about that you wouldn't know of and you wouldn't know that it's fraudulent or not. And it's a particularly gross, in my opinion, targeting tactic. But it makes sense because you have uninformed people doing something that's incredibly stressful. You have no idea, especially if it's your first time, how this stuff works, what to expect.

B

Right.

A

That fear is already pre included. They have to do nothing to bring it to the situation.

C

And even if you have someone who's actually downright guilty, these scammers aren't targeting that person, they're targeting their family. Right. Which yeah, reprehensible, but these guys have no conscience.

A

And then there's also, I can understand from a family member's perspective, you don't feel like you have somebody to call and ask questions. It's not like the system is really welcoming to try and figuring out the system for people. They're not exactly gonna be a sympathetic ear to be like, what's, you know, well, you know, this happened. I'm confused. Nobody's answering the phone being like, oh, let me help you out.

C

Right.

A

It's just there's already. It's the perfect environment for taking advantage of people.

B

Right? Yeah. Good news.

A

Yeah, yeah, it's really, it's tragic. So. And court cases are public record. So I outta curiosity, I started poking around the Maryland court public records and if you have somebody's last name, that's all you need for information on everything, just the last name. And you can pull up court records for everybody with that last name. You can have their first name, you can talk, you can look for certain types of cases too, or at courts of certain levels. So if you know something About a certain level. It's a free for all of information.

B

Yeah. I'm just imagining that person whose loved one has been put in jail for whatever reason. And so of course they're despondent about that. And someone calls up and says, I can make this all better, we'll work. You know, I have your back, I am on your side.

A

Or, you know, he's due to be released because they saw the court case saying like, due to be released. And it's like, we're here to set up the ankle monitoring system upon his release. There are so many ways to get them if they don't know.

B

Right, right.

A

What the circumstances are. And like, oh, he can't be released until this is set up.

B

Right, right, right. And there's so much fear that naturally comes from ignorance. If you don't know how any of this works and someone says, well, they're not going to let your loved one out unless you get this lined up ahead of time, what are you going to do?

A

The scammer has to do next to nothing to make all those situ. All the circumstances that are required to make somebody give money away. It already comes pre installed into the situation.

C

Right. Yeah. The emotional duress is already there.

B

Yeah. I wonder how you balance this, because I do understand the sort of public good of having a database of people who've been incarcerated. Like that makes a certain sense to me. But at the same time, if you've got people taking advantage of that for scams, how do you find the happy medium between those two things?

A

Well, the story from Nebraska, they did say that after they took their public jail roll off the record, after they stopped posting mug shots and who was currently incarcerated in their jail system, scams dropped off drastically because it stopped being easy pickings. So they did report that that was a very impactful solution.

B

Interesting.

C

And then were they holding people in jail that had not been convicted yet or were they just like accused of a crime?

A

Yeah, jail is for just being accused a lot of the time. It's not presidents pre conviction. So you can get picked up for a bunch of stuff.

C

Yeah, yeah.

A

So you can get picked up for anything.

C

You know, in France, they really take the presumption of innocence seriously. And I wish we did that here in this country. More like you're not allowed, the media is not allowed to do a perp walk in France. You just can't do it. You can't say, look at all these people we arrested. And the reason you can't do that is because you're essentially Dragging them through the mud when they haven't been convicted of any crimes. And that happens here in the United States so much. Yeah, it's. Yeah, I don't like that part of our justice system.

B

It's an interesting point. I mean, should it be that your name is not public until there is actually a conviction?

A

It's a hard balance.

C

Yeah, that's another hard balance. Because what if there are people that want to. Want to come and testify and court records are public records here in the U.S. yeah.

A

And I get the court record thing of it, but definitely the publicity angle could be tamped down. So not having the jail roll, not having perp walks, not releasing identities to, like, the news or something, like, just not doing the publicity side, the public record side. You have to, like, really go out of your way for to a degree, you have to know it's a little bit less tabloidy, you know, Whereas, like, doing the publicity angle, that is very inflammatory and is a lot more ripe fur problems.

B

I wonder too if, like, they could have it be a verification system, but not publishing a list. In other words, if I call the jail and say, hey, is Machine Gun Kerrigan in there today? And they'd say, yes, he is.

C

Right.

B

But they wouldn't just publish a list for people to poke through. Right. You know, kind of like if you call a hotel, you can't just say, connect me to room 513. They'd be like, well, who's in room 513?

C

Right.

B

And if you don't know that, they're not gonna connect you.

C

Huh.

A

So it's just zeroing in on the most vulnerable people in the most vulnerable circumstances. And they have no advocates. At least with bank scams, banks want to help you out. The jail is gonna be like, stop bothering me. To a degree, like, they don't have a single friendly ear in the process unless they can afford a lawyer. And if they do, then this probably wouldn't be impacting them as much if they had the ability to afford counsel.

B

Interesting. All right, well, we will have a link to that story in the show notes. I'll tell you what, let's take a quick break here to hear from from our show sponsor. We will be right back after this message. Most environments trust far more than they should and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With threatlocker allow listing, you stop unknown executables cold. With ring fencing, you control how trusted applications behave. And with threat locker DAC defense against configurations, you get Real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. It's powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable, even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today. And we are back. My story this week I bring to you both and to our audience with a little bit of trepidation.

C

Okay, I'm intrigued now.

B

It is. So this is a report that was just published in the past couple days. This is Amazon's trustworthy shopping experience report.

C

Oh, geez. From Amazon?

B

Yes.

C

So is this Amazon reporting on Amazon?

B

Correct.

C

Oh, okay. So we can trust this without any hesitation.

A

Wait, are we certain that it's. That it's from Amazon? Cause it's trustworthyshopping. About Amazon.com Good.

D

Good question, Michelle.

A

It's not.

B

We're not sure. Amazon.com they could be just using Amazon's logo. Although I don't know what would be in someone else's interest to make Amazon look good.

A

Joe, click on the link.

C

Yeah, hold on. I'm doing a quick who is lookup. Go ahead.

B

All right, so this is a full report about what Amazon is doing allegedly on our behalf to make things better on Amazon. Before I dig in here, why don't we just go around the room here and ask. I'll start with you, Michelle. Have you. To what degree do you feel like your interactions with Amazon are satisfactory and legit and above board?

A

Pretty well. My stuff usually doesn't come back as fraudulent. I also don't buy weird stuff. I'm not an impulse buyer, so I think I'm less susceptible to the. Oh, that's cooler, that's cuter. I would love that. I have taken steps to not be an impulse shopper.

B

Okay.

C

On the whole, Joe, first let me tell you, I think this is an Amazon domain. It is. The registrant contact is host master at Amazon legal department, Amazon Technologies Incorporated. Okay.

A

Trust but verify, people.

C

Yeah, Second off, I have. I have not had any problem with my shopping at Amazon.

B

Yeah.

C

So, you know, I order something, it comes. The agreed upon price is there. When I have a problem with the. Like, the last thing I had a problem with was a crappy vacuum cleaner I got for getting all the crumbs out of my toaster drawer. Because my wife is. Does not let me keep a toaster on the counter.

A

We're going to whistle past that, right?

C

Nor does she like it when it's still plugged in. Like, she thinks that's a fire hazard. And she will argue with me. And I'm like, no. And we. This is a source of consternation in the Kerrigan household, obviously, but moving the toaster constantly leaves some crumbs in the drawer. So I bought a vacuum cleaner. The vacuum cleaner did not work. I called Amazon and said, hey, this thing's a piece of crap. And they were like, I actually didn't even call them.

A

I just used the app. Is that how you called?

C

I used the app. I said, this thing just is not holding a charge and doesn't work. And they said, here's 10 bucks. Here's your 10 bucks back. And I use that 10 bucks to buy another one, which does work and works great and sucks all the crumbs out of the toaster drawer.

B

That is a specialized item. Yeah, a toaster vacuum.

C

Well, it's just a little precision vacuum with little brush on the front of it. So it just fits the need I have. But I did have, early on in my Amazon usage, an issue where they charged a credit card twice because I canceled an order and they didn't release the first charge.

B

Okay.

C

And the credit card didn't have. I was buying something. I was buying a laptop. The credit card had a small limit. So because they didn't release the first hold, I couldn't buy the laptop because it was, you know. And I was very frustrated. And I actually had Amazon on the phone with, I think, Capital One at the time. And Amazon's going, we have not charged your card twice. And the person on the capital one says, Amazon has charged your card twice.

B

Of course.

C

And I've got a conference call going on. I'm like, Amazon, did you hear what Capital One said?

B

Yeah, yeah. Who you're going to trust, right? Oh, man.

D

Yeah.

B

I guess my overall experience has been quite good as well. And I don't know that I've gotten any. What do you call it? What's the fake stuff? What do you call it?

C

Rushing scams?

B

No, no. When something's fake. When someone.

C

Oh, counterfeit. Counterfeit.

B

Counterfeit, yeah. That's the word I'm looking for. I don't think I've gotten any counterfeit items that I can think of. Overall, they're pretty efficient. I guess the things that annoy me most about Amazon are when I'm going to order something and they say order now and it'll be here by tomorrow. And I'm like, oh, that's great. And I order now and it says good news, it'll be here next week. And I go, wait, what just happened?

C

That's irritating.

B

Yeah. But overall I do get the thing I want and they make it relatively easy to return things. So I'm pretty pleased. I guess I'm wondering, like Michelle, that sigh that you had at the outset when I announced what this story was about, I wonder how much are we sort of mixing in our minds Amazon and other places like Facebook Marketplace when

A

it comes to trustworthy shopping in Amazon? I think it's because the side was more of Amazon's practices of having the sponsored content first. And you know what they decide is going to be the thing that you should buy is I remember reading a story that was like you have to go down like to halfway through the second page before you get what would be based on your search, the best product because it's just all sponsored. And their incentive structure to the sellers is so like money based. And so for the seller, you're already getting screwed. And then the buyer, they're kind of already pre selecting a lot of stuff to the point where if Amazon Basics comes out with something that's a copy of your product, you just shouldn't even bother selling it anymore because it will not get to it. So trustworthy shopping is like, you gotta be digging around I think for some weird stuff or some weird like Facebook advertisement for a weird Amazon product. But if you go straight through the Amazon portal or website portal. Wow, straight through like the Amazon website and landing page, I think it's a little bit harder to find and stumble across some fraudulent stuff.

B

Yeah, well, I'll go through some of the things that they've outlined in this report here. They say that their core strategy and approach for trustworthy shopping is built on four proactive controls. Advanced technology enforcement against bad actors and consumer education. They say that all new sellers have to complete identity verification before selling and that includes government IDs, business credentials, bank statements and address checks. Okay.

C

Yep.

B

Oh, fine. They have authenticity protections. They say they use direct product validation with accredited safety labs. Okay, I'm skeptical of that.

A

I just don't believe this.

C

Right?

A

None of this, from everything I've seen seems legitimate.

B

They say they use, ooh, wait for it AI to scan billions of listing changes daily for intellectual property violations. So I guess that would be the counterfeit things.

C

Yes.

B

They say more than 99.9% of suspected infringing listings were blocked before brands reported them.

A

Hmm, Interesting.

B

Okay. And they've verified 2.7 billion product units as genuine. Okay. All right. It's funny again, it's like where none of us have any enthusiasm.

C

Yeah. This doesn't impact at all.

A

It, no, it's, it's more. I'm wondering where the number is. We've, we've verified more than 2.7 billion product units. Are 2.6 of them Amazon, like right. Version of it. Like I don't, I have no frame of reference for what these numbers mean.

B

And do they list 10 trillion items on Amazon? Right.

A

Because we can't fathom the volume of what Amazon does. It's. Nobody has done it before to this scale. So like these numbers just mean nothing to me.

C

Yeah.

B

They say they use automation and AI for fraud detection. They analyze seller behavior, listing content, supply chain signals and network relationships. And they look for coordinated abuse networks. They said they analyze tens of thousands of suspicious URLs every week. Their phishing site takedowns increased by more than 10% in 2025. A meaningless statistic.

C

Well, I mean that's. Yeah, that is meaningless. But it's good that they're actively going after the phishing sites and taking the domains from the scammers. Yeah, because that's impacting customers.

B

They said they active. They actively enforce scam calls impersonating Amazon. So that's good.

C

How do they do that? I'd like to know.

A

That's part of what I'm wondering. I would love to see some type of presentation about how they do this. So that way Facebook can't come and say we have no way of monitoring for this.

B

Right.

A

You know, I'm curious to see the applicability of this.

C

Amazon's doing it because it's costing them money.

A

Exactly right.

B

They say their counterfeit crimes unit has pursued more than 32,000 bad actors since 2020. Over 15 million counterfeit products were seized and disposed of in 2025. Legal actions shut down more than 100 scam and fake review websites in 2025. Mmkay.

A

Oh, a hundred fake.

B

Well, I mean, fake reviews on Amazon. Shocked, shocked.

C

Here.

B

There are fake reviews on Amazon and then they say they're working with Chinese authorities and that led to detention of 151 fake seller registration brokers. So people who are getting you on Amazon in a fraudulent way. And they did 70 raids on counterfeit operations.

C

I wonder what's gonna happen to those people in China.

B

Yeah.

A

Yeah, this just feels like them blowing smoke a little bit about like, yeah, we are doing stuff, but there's not a lot that's, like, meaningful.

B

Yeah. They talk about their partnerships with law enforcement, which. Which makes sense. But at the same time, if you get scammed by something that happens on Amazon, you can call the FBI. Right. You know what's going to happen? I guess. I mean, on the other hand, Amazon could make it right. You get something scammy. I imagine Amazon's going to send you the real thing.

A

Yeah, that's more like where I was. Where I was thinking is like, because they already. They will absorb any problems. They will. They have enough market share that. And you see it with the taking returns after 30 days, even if the product is not in the original packaging, even if it's, you know, they can't resell it is. They are willing to absorb a ton of the financial strain of returns or scams or whatever to keep you shopping on their platform.

B

Right. Yeah. And of course, the sellers don't want bad reviews, so they'll do anything they can to try to settle it one on one. I had a thing, I think I shared. I know. I'm pretty sure I shared it with you, Joe, that I tried to buy a battery for one of my ham radios.

C

Yes.

B

And so I was shopping around and I saw this battery and it said, 4,000 milliamp hour battery. I said, oh, that's good. That's twice what the normal one has. I will buy that. And there's a picture of the battery and the label on the battery said 4,000 milliamp hours. I said, great. So I ordered it and arrived and it was 2000.

C

Just like the one that came with the radio.

B

Just like the one that came with the radio. Right. So I wrote to the seller and said, hey, this is what your thing says and this is what I got. And they said, oh, sorry, we'll send you the real one. Keep the one we sent you. We'll send you the one you want. I said, terrific. A couple days later, new one shows up, same thing, 2,000.

C

Well, Dave, now you have 4,000. Now you have 4,000 milliamp hours.

B

I do, I do. But I'm faced with the inconvenience of having to swap. Swap out batteries like an animal in the middle.

C

Like some kind of caveman radio outlet.

B

Right, exactly. I don't want to have to do that. I want to be able to operate uninterrupted for much longer than otherwise. So anyway, Amazon did nothing about that. And I Gave up. I was like, okay, I'm not gonna get what I want.

A

Right.

B

This isn't worth fighting about. I got two batteries that are, I guess that I didn't have before, have

C

the same power volume as the, the one you, the one you thought you were getting.

B

Yeah. So.

C

But you're right, the inconveniences there.

A

I'd be curious to see any information about how Amazon handles bigger purchases. So, like, I will say, I do not buy anything big on Amazon. I do not buy major electronics, I don't buy furniture, I don't buy high ticket anything on Amazon. I'm going to go in person to do those things. So I'm curious to see exactly how much the smooth, wrinkle free process of doing returns and dealing with scams would be for a larger ticket item if you take a bigger gamble on their platform.

B

Yeah, yeah. I imagine there's all kinds of trouble with things like laptops and I mean, I've definitely ordered things from Amazon that have arrived and I can tell they've been returned. Right. Like this is not. Yeah, like this is not how this was originally packaged.

C

You can just tell.

B

And so then you have to decide, is this worth the trouble of sending it back, backing it up, or is it new enough that I'm just gonna be okay with it? And most of the time that's what people do and that's what they count on. And Joe, that's how they get you.

C

That's how they get you. That's right.

B

Amazon says looking toward the future, they're emphasizing predictive detection, including monitoring social media signals to anticipate counterfeit activity before listings appear.

C

Interesting.

B

As if by magic. And they say that their trust protections are continuously evolving alongside retail threats. I just think it's interesting that all three of us are like, yeah, whatever. Yeah, we're just resigned.

C

Do my batteries show up in a day? I'm happy.

A

Yeah, I think it's more because we know what metrics kind of matter. We know what would pack a punch. And again, these numbers just have no context. This information is just a list of stuff.

C

Right.

A

That I, I have no idea if it's impressive or difficult or if this is a large percentage of what you're looking at versus a small percentage. I have no idea.

C

Right.

B

And the vast majority of the interactions we all have with Amazon are fine. Yeah, they're. They're not noteworthy at all.

C

Yeah. So, yeah, I agree with that. I mean, we talked last week about the Airbnb and VRBO scam with those two Guys who are gonna wind up doing prison time. And Airbnb's corporate statement was like, it's rare on our platform, and we're working to make it more rare. They use the word rarer, which I don't like, because it's kind of hard to say.

B

But, like, the Rural Juror.

C

Right, Rural Juror. That is a great show, by the way. 30 Rock. It's a 30 Rock reference. If you go back and watch 30 Rock, it's funny, but, you know, these things generally. Amazon has done a really good job with me. I don't have any complaints. Except for that one way back in the early 2000s. Other than that, it's been great.

B

Yeah.

A

You know, and when you hear stories, it's like dumb stuff of like, I got this. Like, this ended up being AI generated. And then you see the post and it's like, yeah, you should have noticed that.

C

Right.

A

I think that's a user error.

C

Did you return it? Yeah, I returned it. And they give your money back?

B

Yeah.

C

Okay.

B

Every now and then, like, a lawnmower will show up that you didn't order.

D

I wish.

B

What is this?

C

I wish that would happen. I wish a lawnmower would show up at my house that I didn't order. I have all the lawnmowers I need, but I'd like to have another one.

B

You want a spare, you need a backup lawnmower. You never know.

A

You pick the thing that would just make Joe's day.

B

Yeah, right. Yeah. Every now and then, something like we do a lot of. I think we have. I don't know what Amazon calls it. You have a regular standing order where things come on a schedule. Yeah.

C

A subscription.

B

Yes. There you go.

C

I have a couple of those as well. Yeah.

B

And mostly they work out, but every now and then, something shows up like, we didn't order this. Okay, whatever. They didn't charge us for it, so it all works out.

C

Right.

B

All right, well, again, we will have a link to that report in our show notes. Joe, Michelle, it is time to move on to our Catch of the day.

C

Our Catch of the Day comes from the R. Scambait subreddit, Dave. And it's just titled Paul McCartney Part One. So would that be Beatles or something?

A

Yeah, I'm looking at his picture. That is Paul McCartney, right?

B

Yeah.

C

I mean. Well, I mean, it's not Paul McCartney Part 2, which would be Wings, right?

B

Oh, I see what you're getting at.

C

That was a bad joke. I apologize, everybody. I was trying to go, all right, didn't Work.

B

Wouldn't it be the Silver Beatles? Would be Paul McCartney, part one. Ha ha. I out beetled you, Joe.

C

I don't know what that is. Is that what they were called before they were just called the Beatles?

B

It is, yes.

C

The Silver Beatles.

B

Silver Beatles.

A

I did not know that.

C

That's new information for me. Not a big Beatles fan.

A

My dad was a huge one, so I'm surprised. I don't know that.

D

Yeah.

B

All right. I will play the part in blue. Michelle, you want to be the other person here?

A

Okay.

B

All right. It goes like this. Hello.

D

How are you doing today? Hope you're doing pretty good and hope your family's good too. I'm Paul McCartney, a very big and famous musician. I respect your privacy, but due to my management, they keep making it difficult for me to reach out to my tops fans all over the world for my safety. But I'm here to make new friends that doesn't want me for my fame or money. It'll be grateful if I know you more because I've been locked out of my verified account for so long. Thank you and God bless you.

A

No worries, I guess.

D

Oh, that's nice of you. Where are you from?

A

Kansas City.

D

That's a nice place. I've been there many times.

A

Cool.

D

You really seem so nice to talk to. As a friend would love to talk more. So my management will not find out about this. Okay. Do you mind if we talk on my private Zangi page?

A

That's weird, but whatever.

B

I guess that's how it is when

D

you're big and famous. I like how you talk.

A

Yeah, that's that brick wall aesthetic, right?

D

Here's my private Zangi number. Send me a message right away and let me know how to talk to you.

C

Dave, is that really how it is when you're big and famous?

B

Pretty much, yeah.

C

Okay,

A

you realize you're not really famous anymore, right? Maybe like 60 years ago, but not really now.

D

Oh, I am. It's just that I'm getting old, but I'm still strong and cool to talk to.

A

My app keeps freezing when I try to add you.

D

Send me your number. Let me try adding you then number.

B

All right, so here's a second interaction here.

D

Hello, it's me, Paul.

A

Got it.

D

Okay, good. Nice talking to you here. We can talk now. My management won't lock me out from this. Okay, thanks for your understanding too.

A

You realize that your management works for you, right? Not the other way around. You can fire them at any moment. Since you're so old, you might be Confused.

D

Oh, yes, I can do that.

B

I feel like I'm slipping into Canadian a little bit.

C

Right. You also sound more like George Harrison than Nick, dude.

B

Yeah, I know.

D

Oh, yes, I can do that. But they've been working with me for decades. Don't worry, we're fine. Okay.

A

You sound scared of them.

D

You know, I'm very big and famous. Don't get too worried about that. I will always get in touch with you here.

C

Okay.

A

Again, you're not famous at all. You're like 90 years old by now. Your time was 60 years ago. By the time I was born, nobody really knew who you were.

D

Oh, I am not. Just don't want questions from them because they keep doing that all the time. Oh, well, as long as my name is on the Internet, I am.

B

Ah.

A

Are they concerned that your mental health has been declining? You should probably do what they say. In that case, if they tell you to do something, you should listen to them since your mind isn't all there anymore.

D

Oh, yes, they are. But right now, I'm doing my thing my own way. That's pretty nice. You're young. I like your age.

B

We can stop there.

C

Yeah. Pretty good, Michelle. You do a good read, especially of the scam. Potential scam victim that really doesn't want to put up with this crap.

B

Yes. You have a lovely deadpan.

C

Right?

A

Yeah. I love being mean to people.

D

Oh, good to know.

A

I love being mean to people who are bothering me.

D

I see.

B

Joe. What's that like?

C

It's pretty awesome. It happened when we were in the same office. It was. It didn't happen every now and then. Michelle's always been very nice to me.

B

You just get cut down to your knees. Never saw it coming.

C

Well, Michelle is very nice, very frank, which I appreciate, actually, so.

A

And I'm actually very nice at work. Like, you don't even know. Right.

B

Okay.

A

I'm incredibly well behaved at work.

C

Yeah, I try to do that. Do that too, you know, different.

B

The real you comes out.

C

Right.

D

Yeah.

C

Yeah. I took my kids to take your kids to work day when they were. When they were little, my daughter came back and said, dad's like a completely different person at work. I was like, yes, yes, I am. Because if I act the way I act at home, they'll fire me. And then you'll have to live in a refrigerator box. And you don't wanna live in a refrigerator box, do you? That's why I have to be someone completely different at work.

A

Yeah. I was cracking a joke with our boss and I was like, yeah, I gotta be well behaved because we're doing this thing with one of our sponsors and he's like, have I ever seen you, like, fully well behaved? And I was like, no, actually, you get most of it, but never fully.

C

I'm always about 90%.

A

Yeah.

B

Yeah. All right.

C

So I'm getting the A.

B

Well, that is our catch of the day. Of course. We'd love to hear from you. If there's something you'd like us to consider for the. You can email us. It's hackinghumans2k.com. Most environments trust too much and attackers know it. Threat Locker enforces default deny at execution, Blocks unknown apps and limits what trusted apps can do. Stop ransomware at the source. Get your demo@threatlocker.com N2K. And that is our show, brought to you by N2K CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. If you don't like our show, keep it to yourself. Please also fill out the survey in the show notes or send an email to hacking humans2k.com this episode is produced by Liz Stokes. Our executive producer is Jennifer Ivan. We're mixed by Elliot Peltzman and Trey Hester. Peter Kilpe is our publisher. I'm Dave Bittner.

C

I'm Joe Kerrigan.

A

And I'm Michelle Kellerman.

B

Thanks for listening.