A

You're listening to the Cyberwire Network, powered by N2K.

B

Hello, everyone, and welcome to N2K, CyberWire's hacking humans podcast, where each week we look behind the social engineering scams, the phishing schemes and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Buettner and joining me is Joe Kerrigan. Hey there, Joe.

C

Hi, Dav.

B

Our N2K colleague and host of the T Minus Space Daily podcast, Maria Vermazes. Hello, Maria.

A

Hi, Dave. And hi, Joe.

B

We've got some good stories to share this week, but first let's get to our follow up. We have no follow up. Oh, no.

C

I'll tell you, the chickens are doing fine, but there's no update.

A

Oh, there it is.

B

All right, well, that's fair enough. Fair enough. Now that you can't have. We had amazing follow up last week. So the follow up is on vacation this week. Like the car talk guys used to say about the puzzler. Right.

A

I miss.

B

I know. The follow ups on vacation. All right, well, in that case, let's jump right into our stories here. And Joe, you have the honors this week. What do you got for us?

C

I do, and I've got two quick stories. One is from wsbtv, which is apparently some manner of news broadcast station, I don't know, tv, radio. It's not really a big story, so I'm gonna have another story after this. But there's last week. Do you guys. Are you guys Verizon users? Did you suffer from the Verizon outage?

B

I didn't know. I didn't.

A

Yeah, I'm a Verizon customer, but my service never dropped. But everyone I know was having problems, so I don't know why I was spared.

C

But my son got hit by this. We are not Verizon customers, so we didn't have a problem with it. But there is a new scam that is following the news. And like any, any good scammer, these guys know that the, that Verizon had a an outage last week and they're issuing credits to the customers. Yeah, so that's what the scam is based on. This is a Verizon credit scam that's starting customers after the outage. This is from a Georgia sheriff and apparently it's just a plot to steal money or identity. I mean, a stone that would steal money. Who would think of it? But the sheriff's office says people have been getting text messages and emails claiming to be from Verizon offering the credit to their accounts. So, of course, that probably just goes to some fake landing page. You enter your Verizon. Verizon login credentials, and they are in your account. And if they're in your account, God only knows what they could do then.

A

Yeah, could they pay my bill for me? That would be nice. They're very welcome to do that.

C

They probably could, but they're not going to do that.

A

Pay off the balance on my mortgage.

B

The first rent somewhere.

C

Right, Right.

B

Your mortgage has been paid off. Congratulations.

A

Yay.

B

Strangers on the other side of the world have paid off your mortgage.

C

I would love to see that now. You're joking, but I have a story that has a happy ending today. Oh, okay. Yes. This story is about a woman named Jeanette Voss, who, way back in 2024, 2021, actually, she was 67 years old, and she opened up her laptop to watch Netflix. And when she opened up the laptop, there was a page on her website with a siren and a loud blaring noise that says, hey, your computer has been hacked and you need to call Microsoft. Here's the phone number. So she called the number and was told that her Social Security number had been compromised and that she needed to protect her financial accounts. And of course, these guys are going to help her until such a time as the US Government issues her a new Social Security number. Then they walked her through the process of securing the money. I say in scare quotes, because all they were doing. All she was doing was giving them her money, and she wound up giving them close to million $950,000.

B

Holy smokes.

C

This was her life savings. And to do this, they convinced her to go out and get a burner phone, which she then referred to as her bat phone.

B

I like her spirit.

C

Right? And these guys work with her for, like, three months to get all this money out of her. And once she had withdrawn all of her stocks and CDs and everything from her retirement funds, she had put them in cryptocurrency wallets that these guys provided. And then at the end of this, they disappear. And because she had made a $950,000 withdrawal from her IRA or from a retirement fund, she now owed taxes on $950,000.

A

Oh, my God. Insult to injury. Geez.

C

So she was stuck with a huge tax bill. I. I don't know. I have to talk to my son about this. But I wonder if she can write that off as a loss and say, you know, I don't. I don't owe taxes on this because I didn't you know, yes, I, I took the income, but I immediately lost it to a scam. So I don't, I don't have any, I have any money anymore. So she was living on just Social Security checks and actually had to apply for and get food stamps as well, which she didn't really plan on, on getting. But the story came up. That's the old story. I had to go looking for the old story, but this new story came up. Talking about from Vermont Public. She lives in Vermont. This new story talks about how for four and a half years she's been living a very frugal life, doing things like unplugging her coffee maker after she makes her coffee because that's how tight her budget is. She can't have the coffee maker consuming power when it's not running, when it's not making coffee. And there's a bunch of frugality measures you ever heard about, like power vampires. Like when your TV is plugged in, it's still drawing just a little bit of current so that it knows when to turn on so you can unplug your TV and save yourself a little bit of money that way. It's not a lot, but this woman was concerned about it.

A

I mean, in New England, our energy costs are much, much higher than the rest of the country. So my mother does this also, even though she's not in dire straits like that. This is actually kind of a normal New Englandy thing to do, right?

C

It makes sense. It makes sense. I've considered it. But when I sit my ever widening butt down on the couch.

B

I don't.

C

Want to get up again. I just want the TV to come on when I finally find the remote.

B

Right in between the couch cushions.

C

In between the couch cushions, right wherever some kid has stuck it. Anyway, you know, she, she had, she had planned on traveling and, you know, visiting friends and everything. She, of course, she felt ashamed and embarrassed. In her golden years, largely became, there's a quote in the article. In her golden years largely became confined to her small house at the end of a dead end street. Now that to me doesn't sound so bad, right? You know, this is where I am. Don't bother me. That's me.

B

You want to have your own. I'm just imagining your wife.

A

Please scam him.

B

And Joe's out in the backyard in his Unabomber shack with his ham radio and his chickens, right?

C

You know that's right.

A

He's living the life. It's what he wants.

B

Coming up with hundreds of different ways to make Eggs, Right. Solar stove every day.

C

I don't even waste any gangs posting.

A

On the Reddit, the subreddit, the prepper subreddit. Yep. Okay, yep, we got you, Joe.

C

That's right. So every day she would check her bank account to make sure nobody else had stolen any money out of her bank account. But on Christmas Eve of last year, 2025, she logged in and she saw that somebody had deposited a seven figure sum into her bank account. Seven figures? $1,333,000. What had happened was investigators had, with the Secret Service had managed to actually track down the cryptocurrency and managed to get it back when they, when they busted one of these scammers.

B

Wow.

C

So she was one of 20 plus victims, according to this article, that got her money back. And she got some money back in addition to what she lost. So she got back like $80,000, which is not a good return for four years on almost a million dollars. But still. Yeah, it's this interest. Yeah, yeah. Plus a little bit of interest. So Ms. Voss says that overnight her life has changed. So good job, Secret Service. Thank you for getting this money back. That's awesome. Jeanette Voss. I don't know. I doubt that Jeanette Voss is one of our listeners, but if she is, your name is now out there as someone who has an extra $1.033 million.

B

So thanks to Joe saying it over and over again.

C

Right. It's in this article. I mean, it's all over the Internet.

B

Right.

C

And there's another great article in here. Since the crime, Jeanette has struggled to know who to trust. Well, here's who you trust. Jeanette. Nobody.

B

Joe.

C

Joe, don't trust Joe. Anybody. So when he calls you and says, hey, your Social Security number's been hacked, just hang up.

A

You know, tell them to go ham on it. Just enjoy. I mean, at this point, who doesn't have my social? Just go for it.

C

Right? Everybody has your social. Yeah. That is if you're, if you live in the United States and you're older than maybe like 18 and 2 months old, just, just believe that your Social Security number is out there and everybody has it. Our catch of the day has some, is kind of related to the amount of information that's out there about you. But it's, I'm very glad that, that Jeanette got her money back. I hope this, I don't think this is going to happen to her again. She sounds like she's very wary of these people coming again and she doesn't want Anything to do with this, These people stealing the money from her. She is going to do some traveling. Oh, one of the things she did was she bought some raw shelled peanuts. Still in the shell. Peanuts for the squirrels in the back, who were very comforting for her when she.

B

That's adorable.

A

I lost her already. She's so good.

C

My dog caught me feeding peanuts to squirrels. She would be very cross with me. She'd be like, I don't know who you are, but we kill those things. We don't let those things near the house. Yeah, those, those things are evil.

A

Joe, can, can we go back to something at the beginning of the story that I think is worth us talking about a little bit before we move on? One of the first things that you mentioned was that a message appeared on her screen with a siren like screech. And then she got those popups that tell her that she's been hacked.

C

Right.

A

And I think there's something to be said that what does it look like if you've been hacked for real? People don't actually know because they think of, you know, Hollywood depictions. So for those of us who have some idea of how things work in this realm, we, we would go, oh, that's ridiculous. You know, there's not going to be.

C

A siren or these, there's not anything that happens.

A

That's right. But a lot of people don't know that.

C

Yeah.

A

And they think this, that there's a signal that, hey, you've been hacked, that it's going to be obvious in some way.

C

Yes, that's correct. There is. Usually if the attacker is good or even modestly equipped and your system is vulnerable, you really won't notice that anything is going on. You might notice that your system slows down. That is a telltale sign, like you're spending a lot of time waiting for applications to load or waiting for some data processing to happen. But if you're just using your computer for streaming Netflix, say, or even writing emails and things, surfing the web, that's not a very processor intensive thing. So your computer can do that and run the malicious software in the background. Now, the big, the big problem there is that you might have something on your computer like a keylogger that is taking information from when you log into a bank, website or something like that. So the solution for that is hardware based two factor authentication. And even if they only offer you a code over your phone, that's better than nothing.

A

Yeah.

C

Multifactor authentication is how you protect that.

A

And it's also worth just saying On a macro scale, if somebody is. If you are actually being actively attacked or hacked in some way, the attacker doesn't want you to know that they're there. Like, they usually are gonna go through great pains to make sure that they are not detected and that they can hang around as long as possible without you knowing. So the idea of sirens and stuff is like, that's theatrics and it's not what's gonna actually happen.

C

Right. This is just a webpage that plays a sound.

A

Oh, yeah.

C

And when. When she called the number that was on the screen, the person. It doesn't say how, but the person was able to get the sirens to stop.

B

Oh.

C

I mean, that could have been something.

A

As simple as in the corner.

B

Yeah, yeah.

C

Control f or. Yeah. Control f to close the tab and you're done.

B

Right. I wonder if they could help stop the voices in my head.

C

Control.

B

Say that out loud.

C

That was. That was. That was a thought you should have shared with.

B

Or is that one of my voices? I don't know.

C

Who knows? Anyway, congratulations, Jeanette. I'm glad that you got your money back. And just remain vigilant because your name is out there and these guys know now that you have this. So you're going to get calls from people pretending to be police. You're going to get calls from people pretending to be Microsoft. It's just maybe get a new phone number.

B

Well, hats off to the folks at the Secret Service.

C

Yeah, that was excellent work.

B

I actually met someone from the Secret Service about a week or two ago.

C

Really?

B

Yeah. They were here in the office doing some cyber business, but they were also a fan of this show and of the Cyberwire, so was able to chat about that and hopefully we'll find a way to have them on sometime soon. Yeah, I'd like learn a lot about what goes on behind the scenes with the Secret Service.

C

I'd love to know that. I'm fascinated by money laundering.

B

Yeah.

C

And they. They do a lot of investigation into that.

B

They do, they do.

C

You know, my son just started his grad school for finance and accounting. He's going to Hopkins.

B

Oh, nice.

C

Yeah, we were joking about that last night. My wife and I were like, we should bust into his room and like, be behind him with a beer bong and. Yeah.

A

Woohoo.

B

College.

C

Of course. We did not do this. Yeah. He would never have forgiven us. Yeah, it's. Grad school is a completely different thing than undergrad.

B

Oh, that's what I've heard. Yeah. Yeah. Never. Never did it. But I'VE heard.

C

But anyway, the, the, the thing I wanted to say was often I've said this before, but often when I'm talking to people that want to get into law enforcement, I tell them, if you want to get the attention of the FBI and like, as a good candidate for employment there, major in computer science or major in accounting, one of those two fields. Don't major in criminal justice because the FBI needs people, and I imagine the Secret Service also needs people who can trace the money and do the computer forensics, because that's how these crimes are committed now is they're all done with computers and the ability to be able to track blockchain transactions across probably multiple blockchains. I imagine these guys probably tumbled this cryptocurrency and all that. And if they're doing it on public blockchains, it's pretty easy to track that stuff down. And even if they're doing it on privacy preserving blockchains, there's still ways that they have of doing that. I'm not exactly sure how it works, but if you're on a public ledger, like on the Ethereum ledger or on the Bitcoin ledger, all those transactions are just out there for the public to see. There's not really a lot of privacy that goes on in those cryptocurrencies.

B

Mm. All right, well, we will have links to all of Joe's stories here in the show notes. I tell you what, let's take a quick break. We'll be right back. Every attacker counts on one thing. Environments that trust too much threat locker closes that gap with default. Deny at execution. Unknown software blocked. Trusted apps contained with ring fencing. Configurations verified with ThreatLocker DAC so you stay secure and compliant. ThreatLocker delivers the visibility and control CISOs need without adding operational pain, making zero trust real for teams of any size. Stop ransomware at its earliest point. Book a demo@threatlocker.com N2K foreign. I am up next and I. I want to start off with a leading question for the three of us.

C

All right.

A

Okay.

B

I know. Well, just speaking for myself here, I am just bombarded with these ads for these weight loss drugs that are all the rage.

A

Yes.

B

Right. I think the category is the GLP1 drugs. And ozempic is probably the most well known brand name.

C

Yes. The ads are fantastic. They always show you somebody doing something really cool and creative, like painting a mural or something.

B

Yes. In slow motion.

C

Right.

B

Because they have to fill the ad time.

C

Yeah. For all the disclaimers that they have to.

B

Right, right. So we're in agreement that we've seen these. Yes, absolute. We've seen these ads. They're everywhere. And I have spoken to friends who are on these drugs and love them. They work. In fact, the most common description, my friends, I've asked about it, they say it's a miracle drug.

C

It works.

B

I've lost the weight, and I'm really happy and all that kind of thing, which is wonderful. You know, like it is. I mean, that is a miracle for people who had challenges losing weight, keeping it off, all that stuff, you know, to contribute to better health.

C

Jim Gaffigan, in one of his standup routines, said he was on it for a while. Cause he was trying to lose weight, and somebody said, that's cheating. He goes, look, I'm just trying not to die.

A

Right, yeah.

B

Cheating death.

C

Right, yeah.

B

Yeah. So the downside is that these drugs are expensive.

C

They are. Yeah.

B

And extraordinary for most people, they're not covered by insurance unless you're using them to treat diabetes.

C

Right. You have to have some kind of comorbidity, they call it.

B

Right, right. So if you want to just get on one of these drugs to lose weight, it's expensive. Hundreds of dollars a month, even thousands of dollars per month, depending on what you're doing, how you're doing it, and all that good stuff. So, of course, this means that this is a category that is ready and loaded for scammers. And really, they're doing just that.

C

It's the new Viagra, if you will.

A

Yes. That's a good way of thinking of it.

B

It's a good way of putting it.

C

Actually, because when Viagra came out, man, my inbox got filled up before spam filters got really good. Yeah, My inbox is just absolutely filled up with fake Viagra ads.

B

Yeah. Yeah. Well, I'd say another miracle drug. It's a great time to be alive, Joe.

C

That's right.

B

Yeah. But, you know, and so people want these, but they also want to try to get a deal and save money. So according to this story that we will link to here, the Better Business Bureau has been tracking lots of reports from consumers who were sold. And I'm going to use scare quotes, discounted diet medication. So the scam falls along the lines of a lot of things that we track here. Typically, you're scrolling. Where are you scrolling, Joe?

C

On Facebook.

B

Facebook.

C

You're minding your own business on Facebook.

B

You're scrolling and minding your own business on Facebook. And one of these ads comes up that says, good news, you can get one of these miracle drugs for a fraction of what it would cost to get elsewhere. And so they have an example here of a person who was actually searching for this medication and they came across an ad which took them to a website that was offering the drug. They had to fill out a pre screening application, they had to submit their insurance information and they had to pay a fee that was over $500 for approval.

C

Which adds up. Right? I mean, at least that makes sense. Although you really don't have to get a fee fee.

B

I don't know.

C

What's the approval for? What are they saying the approval's for?

B

Well, I mean you have to get a prescription. Right. So that has to happen. And I could see that taking some time, but it turns out that the fine print, which as we know from the poet Tom Waits, the large print giveth and the fine print taketh away.

C

Right.

B

The 500 fee. Turned out it was for a website membership, so they were joining a club and the actual medication would cost more out of pocket. So the $500 was just for the opportunity to spend more money. And of course they'd agreed to all this in the eula.

A

Yes, we all read that so carefully.

B

Right, exactly. And so this person says, I want to quote them here. They say, I feel that I was deliberately delayed and ignored past the three day window. There was a three day refund available.

C

I see.

B

So they were ignored past the three day window so they could cite the three day window as a policy and keep the $500. And of course the drugs never came. So there are multiple versions of this. There are some where you never get the drugs. There are some where you will get something that claims to be the drugs but is not. It's, I'm just gonna say a sugar pill or you know, something that's not.

C

Hopefully that's what it is.

B

Well, yeah, I mean it wouldn't be in these folks interest to provide you with anything that would actually do you harm.

C

Right.

B

Because that would really get, you know, somebody seriously after them. Yes, they're, they're looking for you to be embarrassed and just move on. Or they're looking for you to start taking the medicine and have a nice placebo effect and drop some weight and.

C

Think, okay, this is great, the placebo effect is measurable.

B

Maybe I'll buy some more. Yeah. So the lesson here is just, or the message here rather is just be careful of these things, especially on Facebook. There are so many ads for these medicines if you want to pursue this. And lots of people are talk to A friend who's done it successfully. Talk to your doctor, of course.

C

Absolutely.

B

I understand a lot of people are having success going to med spas to get this, where you can either get the shots, they've got some pills available now, but just. You don't want to mess with your health. And this is not the kind of thing you want to buy online from a source that you have no recourse with.

A

Yeah, it requires a prescription. You can't just. Yeah, it's not otc. You have to talk to a doctor about it.

B

Right.

C

And for good reason.

B

Yeah.

C

There's a number of side effects with this. There's risks with the drug. I've talked to my doctor about it. She seems to think that I should just, you know, buckle down and lose the weight, which I've been trying to do.

B

Stupid doctor.

C

Yeah. Come on, man. Give me the pill.

B

I know. Can I just throw money at this problem? Right, right.

C

You know, she's more of a holistic doctor.

B

I like that. Yeah.

C

I like her a lot, though.

B

She's really good.

C

But, you know, if you're really interested in these drugs, a lot of the comorbidities, not just diabetes, but, like, high blood pressure.

B

Yep.

C

If you have high blood pressure, that. That can be a comorbidity. If you have a history of blood clots, like some people in this room might. Yeah, that might be a comorbidity.

B

Yeah.

C

Lots of things could be more.

B

If you can get your insurance to kick in on it, I mean. Yeah. More power to you. That's great. That's great. Yeah. So I think that's everything I wanted to cover here. Just be careful. It's. You know, this is a drug. You're putting it in your body.

C

That's right.

B

I get it from a legit plate. Even the temptation to save money is understandable, but this is not something you want to mess around with.

C

When I was getting my undergrad, I had a psychology teacher who had a great saying. He said, the only control you have over a drug is whether or not it goes into your body or not. Once you put that drug in your body, you're in for the ride.

B

Oh, yeah.

C

He was talking more about other recreational. Recreational drugs.

A

I don't think he was talking about prescription drugs at that point.

C

He actually was talking about, like, psychoactive prescription drugs, you know? Oh, I think like Prozac and other things. But he made it clear he was talking about talking about, you know, recreational drugs as well. And, you know, once you take it, once you do that, once you Put it in your body. That's. That's whatever's going to happen is going to happen.

B

Yeah.

C

So keep that in mind. Even with these fake drugs.

B

Yeah, yeah. Boy, there's. Yeah. The endless number of stories of. Of people going on those rides. My.

C

My favorite thing about these prescription ads, which I hate, by the way, is just how they gloss over all the side effects. Rare cases, death has been reported. And they say with such a cheery tone. Right.

A

You could die. You might not.

C

This medication might kill you. I mean, I don't think Ozempic or any of the other ones have any of these other weight loss drugs have that as a side effect, but they do have other side effects.

B

Yeah. Don't take Ozempic if you're allergic to Ozempic. Well, how am I supposed to know unless I take it if I'm allergic to it or not?

C

I think they have to put that in there for legal coverage. If you ever take it and you have an allergic reaction and then you see the ad and you go, well, maybe that allergic reaction wasn't so bad. They have to say it.

B

Yeah, yeah, yeah. There's another one that gets me, which is side effects may include viral infections. Like. Wait, wait, wait, wait, wait, wait. Shouldn't the side effect be reduced resistance to viral infections, like.

C

Right.

A

Yeah, it can induce a viral infection.

B

Right. Like the drug doesn't come with the viruses, you know, as a candy coating.

C

Unless there's something wrong with the purity standard. You know, the. Maybe I wanna say purity laws, but that's a German thing for beer.

A

I feel like there's bigger problems if we're talking about the purity of a drug being.

C

Yeah, right. I mean, but, you know, there's sanitation regulations for the delivery. Cause these are all injectable. I think one of them is coming out as an oral pill you can take.

B

Yeah, no, it's out now.

C

Okay.

B

Yeah. So it's like 100 bucks a month instead of whatever it was, you know, 100 bucks a week.

C

Yeah.

B

So, yeah, I mean, look, I am. And I don't think there's any shame in any of these things. It helps you get where you want to be.

C

You can lose the weight through a drug. That's fine.

B

Great, Great. Time to be alive.

C

Yeah.

B

You know, just that these options are there.

C

Correct.

B

All right, that is my story this week. I'll tell you what. Let's take a quick break here to hear from our show sponsor. We will. Will be right back after this message. Most environments trust far more than they should. And attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With ThreatLocker allowlisting, you stop unknown executables cold. With ring fencing, you control how trusted applications behave. And with ThreatLocker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. It's powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today. And we are back. And that means, Maria, it is your turn. What you got for us this week?

A

Well, I, in typical New Englander fashion, I want to talk about the weather. Right now it is 8 degrees Fahrenheit where I am, which I did calculate In Celsius it's negative 13 degrees Celsius. So I'm cold. It's cold out. We're in a really bad cold snap right now for a lot of us in the northeast of the United States and North America. And that comes with it really high utility bills. That's been a big topic of discussion for a lot of people that I know. Cause it was cold starting unusually so, not just regular winter cold, but even in December we've had a really bad cold snap. So people's utility bills are quite high and that means a lot of people can't really afford to pay them. And then what often happens is there are people who maybe are afraid that their heat will get shut off by their utility. And when I was thinking about what story to do for today, I was recognizing that a lot of tax documents are coming in. I was thinking of doing the liturgical calendar, tax season stuff. But I'm going to do the utility shut off scams instead today because they're, because they come around every year in the winter and they, they always get a bunch of people. And I think it's just worth reminding folks that they're happening right now. And a number of news organizations, at least around the United States, are warning people through utility companies of certain bad practices to be aware of. So the scams that happen around this time of year are basically shut off scams where someone gets a phone call, a text message, or even someone showing up to your place of residence. In person saying, unless you pay us right now, right now, there's that urgency, we are going to turn off your heat. And of course, it being as cold as it is, that is a very, that is a life threatening threat. So utilities go through pains to mention that shutoffs are never, you know, sudden people will have a lot of written warning. And on top of that, there are a lot of states where it is literally against the law for utility to turn off your heat in cold winter months. So that is just something to put a pin in. But if you live in a place where heat is something that is literally needed to live, and in a lot of cases there are laws protecting you from a, from a shutoff and there's a lot of steps you can take to work with the utility to get some kind of payment through, even if you can't afford to pay your heat in full. So if someone shows up to your door threatening heat, shut off right away. Unless you pay them in crypto or debit card or gift cards, utilities don't ever accept payments in those ways. And there is no reality to your utility or your heat being shut off within minutes. But of course, if someone's at your door, that's a very scary thing. So that's, you know, that makes it seem very serious. But you can just close the door and walk away.

B

And then especially if they've got a reflective vest and a hard hat.

C

Right.

A

And a clipboard. The clipboard is often. Yeah, I used to get in the place I used to live. I lived in a very dense neighborhood, like a lot of very, very housing, dense neighborhood. And we used to get these scammers to our door all the time. They would really scare people. It was either the shutoff scam or another one. But they would look very official and they would have a badge and everything. And the police would have to come out pretty much weekly and say these people are actually scammers. But certainly they wouldn't be out there if it wasn't working on somebody. So if you ever have questions about whether or not your utilities are in danger of being shut off, find the number on your utility bill, because certainly you've gotten one of those and call that number directly. Don't do anything door to door or text or someone calling you out of the blue, that's a scam for sure. And then another scam that goes around that's a utility scam this time of year is saying that you're actually owed a refund, which sounds like great news. You overpaid on Your exorbitantly high utility bill and you're gonna get money back. Wow, I'm in. That sounds great. I would like that money yesterday. Yeah, free money. Yeah, that sounds fantastic. And there's a utility in Kentucky actually that was just warning about this recently, saying the scammers are calling people saying you've overpaid your bill. And look, we're going to prove to you that we're legit by mentioning the routing number for your bank. All we need in return is your account number or maybe your Social Security number just to get that money to you to process the refund. And just worth noting that routing numbers for banks are public information. You can find this very easily on any bank's website. So that is not privileged info that proves anything about who anyone is who's calling you. That's something I can find in a two second web search. So yeah, if by some miracle you are owed money by your utility, they know how to get that money to you. They don't need you to prove anything.

B

Right. Chances are they're going to give you a credit.

C

Yeah, that's what it is. They're not going to give you the money.

A

Oh goodness, no, no. And they certainly are not going to.

C

Give you money and just give you a credit on your bill, right?

A

Yes, that's correct. So the safest move is always hang up or close the door and call the number on your bill and make sure that you're talking to someone official that way. Never ever trust somebody who just come into your door unexpected or calling you unexpected. And if, if things are complicated for you because you're not sure you can pay or you're maybe you are behind on your bills. Keep in mind that many, many states have protections in place for you. So it is the kind of thing you have to opt into. The utilities are not going to often offer this information to you that there's help, but it's sometimes the protections are not just by state, but also by the state as well. So whether you are an owner or a renter, in a lot of cases, if you live in a place where it gets cold, there is something available to you most likely to help protect you from utility shut off. So if you do get a utility. Yeah, go ahead.

C

I will bet that if, if there's some kind of program out there that pays your bill, the utility company would be happy to let you know about that because they're going to get their money.

A

I, I imagine they would rather get paid than not. That's true. Especially in some Cases, there are payment plan options. That's true.

C

Yeah. Payment plan, they might not be so enthusiastic about, but if there's like kind of public funding program that says, hey, if you're having a hard time making your bill and it's cold, we'll. We'll pay some of that for you. And.

B

Yeah.

C

You know, that way the utility company can get their hands on some money.

B

Yeah, there are a lot of energy assistance programs out there, but, you know, you have to. Yeah.

A

So you have to look for them in many cases. Yeah, yeah, it's. And if you are actually in eminent risk of having your. Your utilities turned off, that's where you know, your local or state reps, they should be able to help you with that. That is literally what they're there for.

B

Right.

A

But if you, if you are contacted by a scammer, their utilities actually really want to know. So in addition to reporting it to the ftc, a lot of your utility would actually love to know if you've been hit up by a scammer, because then they can put out a warning to other customers and just be aware of that. So there actually are things you can do to help combat that. So just be aware and stay warm.

B

Yeah. Gosh, Brace yourself.

C

Yeah.

A

Yep.

B

Yeah. I mean, it's just awful to think about people who are already struggling and they're struggling and they're cold and scammers come along and try to take advantage of that weakness to make it even worse.

C

Yeah, they're just trying to make a buck for themselves.

B

Yep.

A

Yeah. Yes, they are.

B

All right, well, we will have a link to that story in the show notes, and of course, we'd love to hear from you. If there's something you'd like us to consider for the show, please email us. It's hackinghumans2k.com Joe Maria, it is time for our catch of the day.

C

Dave, our catch of the day comes from. From the phishing subreddit. It's a text message that someone received. I'm going to go ahead and say it. This person has her battery at 33%.

A

And 201 unreads.

B

Does that make you anxious, Joe? 33%.

C

It does. That's a little low. And you're right, Maria. 200. I mean, who is. Is this me? Did I send this in? 201 unread?

A

Unread.

C

That sounds crazy. I got a text message from my cousin last Thursday and I just now saw it today. I've got to call her back. Hey, sorry I missed that. It was in There with all the alerts from the credit card companies going, hey, you bought this. Hey, you paid this. Hey, you did that.

B

And, yeah, my son is. My oldest son is one of those people who lives his life with his phone perpetually at 5%. I don't know how he does it. I don't know how you live that way.

C

I don't know either.

B

It's just always, you know, he gets in my car, he's like, do you have a charging cable? He walks in my house, hey, do you have a charging cable? And I've given him spare batteries. I've given him, you know, but he's just.

C

Have you ever given him a charging cable? Maybe that's what he needs.

B

Well, yes. Well, that's the thing. They all sort of grow legs and disappear.

C

Yeah, that happens to all my charging cables, too.

B

So. But I, I. Yeah, I. I don't know. I don't know. 33% probably wouldn't cause me anxiety because that's probably at least half a day worth for me, but, yeah, that's.

C

Well, that's 13% above. Above the low power.

B

Oh, I see. So if you go in there, you don't want to see that notice.

C

Right, right. Hey, we're switching to low power.

B

No, no, no. I might slow down my scrolling speed. Oh, no. Anyway.

C

All right, so this is just a text message that somebody got. We're going to use the name that's in here. I mean, we can.

B

I'll change the name.

C

You'll obfuscate.

B

To protect the.

C

Protecting.

B

Yeah, it says. All right, it goes like this. I need to take a deep breath.

A

Is there any punctuation in there?

B

There is one bit of punctuation. There are two bits of. Yeah, three. Three. Three punctuals. I don't know.

A

Punctuation point to exclamation.

C

Two of them are exclamation points.

B

I was trying to. Yeah. Trying to sound erudite and achieve the opposite.

C

Yeah.

A

Sometimes brain don't think so.

B

Good.

C

No.

B

No. All right, here we go. Hello, Mr. Jenkins, this is Chief of Police Stephen Cox with the City of Nichols Hills Police Department, and I'm contacting you in regards of a complaint that was made against you that we need to discuss as soon as possible pertaining to possible criminal charges that could be filed against you. Exclamation point. I need you to contact me back immediately or I will have to dispatch an officer over to your place of residence at 123 Main street to bring you into custody. I repeat, if I am not contacted back within the next five to 10 minutes, I will be having you arrested and bought into custody. Mr. Jenkins, this is your only and final warning before we proceed with moving forward. It's really bad when someone threatens to proceed with moving forward.

C

Yeah. So I did a real quick search.

B

Yeah.

C

And Steven Cox is, in fact, the chief of police at Nichols Hill, Oklahoma.

B

Really?

C

Yeah. Okay, so there is some factualness to this.

B

Yeah.

A

Do you know the name of your chief of police for your town or city?

C

Nope.

B

I do.

A

Yeah, I don't either.

B

I do.

A

Oh.

B

I'm friends with him.

C

Oh, okay.

B

Well.

C

I would wager most of us don't. Montgomery County.

A

Yeah.

C

One county south. But he's since retired, and it's my brother, so. So what's interesting here is that the name which you redacted and the address which you also redacted, are probably correct.

B

Yeah.

C

Right. That this is probably some data breach, and they just looked up where this person lives and they Googled that town's police department, found out. Found out what the. What the name of the police chief is. So that if you go and check who's the chief of police, then you see Stephen Cox, the chief of police, is never going to personally message you.

B

Probably not.

C

Pretty busy.

B

Right, Right.

A

By text.

C

Right. By text.

B

By text.

C

Also, if you're ever going to get arrested in real life, if the cops are ever gonna come to get you, they are not going to warn you about it. They're just gonna show up and take you into custody.

A

If you don't call me back in the next five to 10 minutes, I will be having you arrested. Doesn't matter if you're on the can. You better text me back right now.

B

Right. Why aren't you texting me back?

A

Like, my kid when she wants a snack? Like, come on.

B

Right, Right. I need you to text me back right now.

C

If this was me, I think I'd respond. You'll never take me alive, copper.

B

Come back with a warrant.

C

Right.

B

Yeah. The other thing that strikes me with this one is you have to reply in the next five to ten minutes.

C

Right. Well, that's the artificial time horizon. These scammers want their money now, Dave.

B

Yeah. Another telltale sign of this that our listeners can't see is that every single word of this is capitalized.

C

Yeah. So that's because it's all a title to a book.

B

Right? Right. Right. Not only is there no punctuation or very little, but it's all capitalized. Yeah. So. All right, well, that's a good one. And of course, again, we would love to hear from you. If there's something you'd like us to consider for our catch of the day, please do email it to us@hackinghumans2k.com. Most environments trust too much and attackers know it. Threat Locker enforces default deny at execution blocks unknown apps and limits what trusted apps can do. Stop ransomware at the source get your demo@threatlocker.com N2K. And that is our show, brought to you by N2K CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast, Apple. Please also fill out the survey in the show notes or send an email to hackinghumans2k.com this episode is produced by Liz Stokes. Our executive producer is Jennifer Ibin. We're mixed by Elliot Peltzman and Trey Hester. Peter Kilpe is our publisher. I'm Dave Bittner.

C

I'm Joe Kerrigan.

A

And I'm Maria Varmazes.

B

Thanks for listening.