Cyber Groundhog Day and romance scams. [Only Malware in the Building]

A

You're listening to the Cyberwire network, powered by N2K.

B

And now a few thoughts from our sponsors at ThreatLocker. The tactics used by cybercriminals are becoming more and more advanced every day. The shift from a default allow approach to a default deny is more critical than ever. This is where Threat Locker comes in. Stay tuned for how Threat Locker allow listing and ring fencing has your back. Selena, I don't know what's going on with Rick. He has been acting super weird lately.

A

Yeah, ever since that day. Well, the day, you know.

B

Here it comes.

C

Here comes it happened again. Guys.

B

Hey, Rick.

A

How's it going?

B

Yeah, you okay, buddy?

C

No, I'm not okay. Every day is the same. I wake up, grab my coffee, and it's like nothing changes. Same emails, same headlines, same spammy pop ups. It's like my life has been caught in a loop.

A

Caught in a loop. Or maybe you just forgot to clear your cache.

C

Oh, very funny. Okay, but this is serious. Yesterday I saw an article about a phishing scam. Today, same article. Even the typos are identical.

B

Okay, Rick, let's think this through. Are you suggesting that you are stuck in a time loop?

C

Time is a fun yes. It's like I'm reliving the same day over and over. Yesterday. Or was it today? I did the crossword puzzle and guess what? I knew all the answers.

A

That sounds like muscle memory.

C

It's not just that. I can even predict what you'll say next. Like. Selena, you're about to tell me to relax.

A

Well, I was going to say that.

C

See?

B

Okay, okay, Rick, this is getting ridiculous. Do you know what's really going on here?

C

What? Some kind of time looping ransomware attack? Or maybe, wait, a new apt messing with my brain.

B

Rick, you retired?

A

Congratulations, Rick. Enjoy your retirement. Please hand in your badge, company laptop and your American Express business credit card. There is free coffee and Pop Tarts in the lobby. Thank you.

C

What?

B

Yeah.

A

Rick, this isn't Cyber Groundhog Day. It's called retirement.

C

No way. Retirement wouldn't feel like this.

A

Sure it would. It's called free time.

B

Lots and lots of free time.

C

You mean this is it? The same day on repeat until the end of time?

A

I mean, only if you make it that way.

B

Why don't you pick up a hobby? Pottery's nice. Or maybe skydiving.

C

Skydiving?

A

Or maybe write another book.

C

Okay, that's actually not a bad idea.

B

See? There we go. Welcome to retirement. Day two.

A

I was gonna suggest maybe write some malware, Rick, but a book is A much better idea.

C

Yeah, I'd be really good at writing malware. Yeah, sure.

B

How are your coding chops?

C

Let me fire up ChatGPT. OK.

A

Well, today, given that it is February, a month of romance, I thought, you know, it might be good to talk about romance scams and the unfortunate variety that we see that can be very, very successful, very, very expensive, and unfortunately, very sad.

C

Dave, let me explain this to you. This romance thing, okay, you probably don't have any experience with it, so, you know. Yeah, it's very complicated.

B

I was gonna say how adorable it is how young Selena is that she thinks of February as being a month of romance. Like how comparatively early she is in her marriage experiment. Where or experience, rather. Did I. Paging Dr. Freud. You know, I don't know. It's 32 years for me. Rick, how many years of marriage for you so far?

C

I am over 40.

B

This is a quiz.

C

Yeah, it is a quiz.

B

You gotta get it right.

C

Exactly right.

B

Yeah. Well, you better. I mean, I don't know. I know for me there are consequences, but I don't know how it is for you. So, yeah, we'll tell you what. Let's just go along with that. Yes, Selena, an entire month of romance.

A

Well, unfortunately, the scammers don't have a specific month in which they will target people. It is open season all months of the year. And I think it is pretty insidious and definitely worth talking about pig butchering, or as Interpol recently said, we should call it something like romance baiting. So the typical.

C

We don't like what pig but touring because it elicits such great romance ideas. Is that the idea?

A

Yeah. So actually, it's actually kind of interesting and I'd be curious to get your guys take on this as journalists and folks who talk to a wide variety of people, from your everyday users to CISOs at various companies. But Interpol is really calling for a shift in the language because, you know, it could be dehumanizing or victim shaming, using the term pig butchering. But I've seen people who are actually working in this space and are experts in pig butchering and have done a lot of work that say no. That language that we're using is actually getting to the core of this. Like, the idea of big butchering is an investment scam. They talk to the potential victims, they sort of quote unquote, fatten them up with, you know, these ideas and. And romance, and they get them to invest lots and lots of money and they get, you know, little payouts over Time that appear to be growing their. Their investment. And then, of course, the rug is cut out from under them and their money is stolen. And that's where the sort of the butcher comes in. But it's actually originated from the Chinese shaju pan. I might be saying that incorrectly, but it was when that translation was a little bit like pig butchering. So that threat originated in China, and when it came over to the west, they started using this term, pig butchering. So it's kind of interesting even having a debate over the language itself, but it is very, very insidious. And there have been reports that it can be up to 75 billion. $75 billion lost to pig butchering overall. From some recent reporting that came out last year from the University of Texas, Austin, we've seen reports from IC3, of course, in the scam report, that was $3.6 billion lost to cryptocurrency investments. A lot of this is pig butchering. So it's obviously, regardless of the name, it's a very, very costly threat.

B

I think the term pig butchering is okay as a term of art within the security community, but I think it's correct to not use it with the victim, to not come at the victim and say, hey, you got pig butchered. That's not helpful. It reminds me of back decades ago. You wouldn't call a girl ugly. You'd say, she has an unconventional beauty.

A

A face for radio Dave, one might say.

B

Right, right. When I look at you, time stands still. In other words, you have a face that could stop a clock.

C

Well, I'm with you, Dave. I really. Especially for the security community, names are important. All right? And sometimes they kind of all kind of mush together. They all sound so similar. Pig butchering has the benefit of standing out. It's like, whoa, pig butchering. Okay. At least I know what that is. But I agree we shouldn't shame those victims and call them things like that. But I wasn't going to do that anyway, so I guess we're okay.

A

Absolutely. Well, and I think one thing that has shown throughout 2024, and hopefully a trend that continues into this year, is victims who have been impacted by this scam. Oftentimes people who they're close to or their families are talking about it, and they're saying, you know, this is how the scam works. And for those of you who might not be familiar, it's actually really interesting, underpinned by organized crime, much of it originating in Southeast Asia. And essentially, it is a text message, a WhatsApp message, some chat that says on various social media platforms, hey, if I'm messaging you, Rick, they would say, hey, John, how's it going? How are you? Or I can't bring that casserole dish to the potluck later. And they have these sort of benign conversation starters. They're trying to entice you into a conversation. And then ultimately, very often they tend to be romantic flavors targeting people who often have money that they can potentially easily part with. But then it builds up over time in this relationship that you have with this person on the Internet turns out to be a scammer.

C

There's a couple of things there, Celia, that you can help me clarify here. Right. There's kind of two pieces. First, it's a long range scam. I mean, the long running scam, this is not going to benefit right away. It takes days, weeks, months to get the payout if they're successful. Is that correct?

A

Oh, absolutely. They do take the time to really build up that relationship. And there's often times where you can get some of your money out. So they'll let you take some of your money out to sort of lend credibility to this platform that you're investing in or this opportunity that you're investing in.

C

So I can get more later.

A

So you can get more later. Yeah. And of course, it's not a real platform that you're investing in. It's the scam. And they're showing you what you want to see and they're trying to convince you of things and you're never able to pull out more than you've invested in the platform. So they do have, you know, that type of control over your money.

C

And the second thing is this is not, you know, teenagers in the basement doing this. This is warehouses of people.

A

Yes.

C

Trying to do these scams. Right. And also they're. Am I right about this? They're mostly indentured serpents. Is that a fair way to say that?

A

Oh, absolutely, yeah.

B

There's a human trafficking element to all this behind the scenes.

C

Yeah, yeah.

A

It's really sad. It is very much organized crime, both in the physical space and the digital space. Many times people are lured into, essentially trafficked into doing this type of work. They're presented as, oh, we have this job for you in this physical location. Fly to this country or this region and we'll meet up with you at the airport and take you to a compound in which you are basically forced into working like this. And the New York Times actually did some fantastic reporting about this a few Months back and there's been some other investigations into many of these compounds in Southeast Asia that are essentially, you know. Yeah, it's like modern day slavery or like you were saying, indentured servitude for a lot of these things.

C

So that was being nice. It's not really that at all. It's trafficking is what Dave said.

B

You were not given the option to leave. And the article I was looking at in Wired said that they believe over 200,000 people have been trafficked to some of these scam centers in Southeast Asia. So think about that. That's, that's a community.

A

Yeah, absolutely. And what I think is really interesting is this entire business model, because that's what it is, right? It's a business model. I hate, you know, I hate applying that idea of, you know, that's exactly what it is, entrepreneurship to criminals. But yeah, this business model is essentially based purely on social engineering. So it doesn't take a whole lot of technical ability to lure these types of victims. Obviously you have to have the Internet, you have to have a mobile device, you have to do, you know, oftentimes it does do some research, for example, looking at people's LinkedIn or social profiles or you know, various other digital footprints to see what might work. You know, what type of lure can I use on this person or what are they kind of interested in? And you know, if you are given a script, you work off a script. These people are saying, you know, this is a tried and true method of social engineering, somebody into investing money into this fake platform. So you know, it's, it's a step by step script based process. And it's interesting because it's, it's, it really is like it's a digital thread but it's also very much a psychological threat. And I think that, that in my opinion, I've said this, you know, many a time, but in my opinion the worst types of crime are like the romance scamming are the type are the ones that sort of really prey on people's vulnerability as individuals and as people and emotions. You know, obviously you don't want businesses to lose lots of money, but these types of things can force people. And there have been reports where people have done self harm as a result of a lot of, a lot of this loss. So it's, yeah, it's really sad.

C

So it's go with Dave's number. It's 200,000 people running these kind of ops and assume they're trained. How many ops can they run at the same time? Do you suppose it's in the 20s, 50s, hundreds at the same time? What do you think?

A

Oh, yeah, I would say hundreds, because, you know, these people are going to be talking to multiple people at the same time. Yeah, and it's pretty interesting. I have a colleague that regularly engages in these types of conversations and to see, you know, the playbook, it's the same playbook over and over that they're using. And, and from a technical perspective, it's interesting because they're sort of using the same web design, the sort of the same backend. So you can write detections pretty easily for a lot of these sites if you know what you're looking for in terms of the code on the website, the various web responses, some of the domains that they're using, you can track them that way as well. But from the more social and psychological perspective, they are, the ttps, if you will, of, of human brain hacking are also very similar. The same language, the same conversations, the same sort of, like, enticement. So it's, it's very interesting and it's been incredibly successful, but at the same time, I think more and more people are becoming aware of it, so that's a positive.

B

I know someone who is falling victim to this sort of thing.

A

Oh, no.

B

Yeah, it's a neighbor of mine. And it came to my attention because this person who is a good bit younger than me, said, I ran into this person, you know, out on the street, you know, in the neighborhood where we live. And they said, hey, good news, I'm engaged. And I thought to myself, oh, well, that's all right. Congratulations. That's really great, you know, and, well, tell me about her. Right, well, she doesn't live here. She lives in Florida. But, you know, I'm super excited. And, you know, this is a person who is a little bit down on their luck. This is a person who has some physical disabilities that keep them from having full mobility. So they spend a lot of time online and playing video games and, you know, all that kind of thing. And I ended up chatting with this person's mother and she said, yeah, this, this person is, is scamming him, like, just, she's just bleeding him out of money. And, and it's not large amounts of money, and we're not talking about losing someone's retirement account or anything like that, because this person doesn't have the kind of money to, to be stolen. But there's no talking him out of it. I've spoken to him, his mother has spoken to him. You know, there's the, the veil is so much over his eyes and the, the allure of just having someone who has interest in him.

C

Yeah. Pay attention.

B

Is so powerful that. And I guess you balance that with. He can afford it. Right. I mean, it's not putting him out on the street.

C

It's not like watching a ball game, going to a baseball game or something.

B

Exactly, exactly. And so, you know, who knows how many dozens or hundreds of of folks this person has on the hook. And it seems to me like this is a low level kind of person compared to the folks who are running this out of foreign countries. But it's heartbreaking. It is absolutely heartbreaking because like I said, there's no convincing this person that the love is not true. And everyone else can see that it's a scam. And I don't know how you fight that. I don't know how you help someone who's in that situation. And it's so hard to see someone you care about, even if, you know, a friend, a neighbor, falling victim to this sort of thing.

C

Yeah. Mostly cyber people reach for the technical solution and there isn't one here. Right, Right. We, you know, there's, we know that it's a scam. Everybody else knows it's a scam.

B

Right.

C

But you got to convince the brain that it's right.

B

This person's an adult. It's their money. They can do, you know, what they want with it. So could be a lot worse.

A

It's a good point too, that you mentioned. You know, it's lower dollar values because pig butchering or the sort of investment. Romance scams are just one type of romance scam. Right. I mean, there's a lot going back centuries, confidence scammers have, have happened. In fact, I was just reading Agatha Christie. She has multiple books in which young men scam elderly women out of their money because, you know, they pretend that they're, you know, interested in them or whatever. And it's kind of like a tale as old as time. And it kind of goes back to your point, like there isn't really a technical solution to this. It's an awareness issue. It's a discussion issue. I think it's part, it's an education issue. But yeah, I mean, I think what makes me have some hope are you see people like celebrities coming out and talking about these types of things, like, hey, someone is using my likeness to pretend to be in love with you. Don't fall for it. Like one of my favorite NBA players, Jared McCain, he was going to be rookie of the year, got injured, plays for the Philadelphia 76ers. He's amazing. Um, but he did a little PSA, an Instagram ad that says, hey, you know, if you get a DM from someone pretending to be me, don't fall for it. And he did this great educational video, really, targeting younger people who might not necessarily be aware of these types of things and who might, you know, get really excited that a famous basketball player is going to potentially be, you know, interested in them or whatever. And so I thought that that was, it was really cool to see because it just randomly popped up on my feed and I'm like, wow, this is great that we're thinking about ways of better educating people, having people in high profile positions be like, hey, you know, this isn't. This is how these scams work. And kind of breaking it down in, you know, young people speak hip zoomer language.

C

I'm so past that milestone that I have no idea what you're talking about about this.

B

Yeah, I miss you.

A

Stay tuned. There's more to come after the break.

B

So let's return to our sponsor, Threat Locker. Threat Locker is a zero trust endpoint protection platform that strengthens your infrastructure from the ground up. Where traditional cybersecurity tools require you to create a list of things you don't Want to Run, ThreatLocker enables you to easily curate an allowlist of everything you need in your environment and network and block everything else by default. With ThreatLocker allowlisting and ring fencing, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the internal level that enables you to allow everything you need and block everything else, including ransomware. The ThreatLocker Zero Trust Endpoint Protection platform deploys in a learning mode that analyzes the operations of your company, using machine learning to assist you in developing your allow list for approved applications, what they can do on the endpoint, what can interact with your data, and even east and west network traffic. We thank ThreatLocker for sponsoring our show. I think when it comes to some social engineering scams, we have made progress, right? And I think about things like gift card scams where they're trying to send people off to the drugstore or the grocery store to buy gift cards. And I think we've done a good job of educating the folks who work at the grocery store or wherever where someone walks up with a, you know, fistful of gift cards that they're going to intervene.

C

That sounds like a Clint Eastwood movie.

B

Fistful Gift card? Yeah, it's the, it's the remake. I don't know how it's going to. How it's going to. They kind of brought it up to date, but Fistful of Bitcoin. Right. Um, and it's even to the point where the, the automated systems, you know, that the, the, the actual point of sale device, if it notices a bunch of gift cards coming through, it'll pop up a thing to the, the person running the, the register or if you're going through self checkout, you know, it'll say, hold on here, here are some questions to ask. So I think we're doing well in recognizing that this sort of thing is happening and putting some steps in place to slow people down. But I wonder if either of you have any thoughts on, like, what are some of the things we could put in place for this to slow people down, to get in the way of the process here?

C

Oh, you're talking about a cure for loneliness, Dave. And like Selena said, that's been going around since the beginning of time. I don't know what, I don't have a good solution for this.

A

Well, I do think that when it comes to technical solutions, a lot of it does kind of depend on platforms taking action. Right. Because a lot of this is technically enabled by various platforms and the platforms.

C

Are going in the opposite direction of moderation.

B

Right.

C

So that's not going to happen. Okay.

B

Pig butchering is free speech.

C

Pig butchering is free speech. That's a sentence I never thought I would hear.

A

Yeah, I mean, I think it's, it's an interesting puzzle when it comes to kind of putting the onus on platforms regardless. But there is some good news in this. So back in November, it was reported that meta removed 2 million accounts that were related to pig butchering scams. And there was essentially a coalition that was announced, the Tech Against Scams coalition that has a lot of. Some of these major players, big social networks, technical vendors that are kind of trying to come up with solutions to this problem. And I think, you know, in much the same way that we have become collectively better at identifying, detecting and preventing things like gift card fraud, for example, is a great example where you have these like, checks in place. I think in large part that awareness and some of those checks in place kind of forced the evolution to maybe leaning in a bit more to things like investment scams. And I think there was this like perfect storm, this maelstrom of like cryptocurrency exploding, Matt Damon being on the super bowl saying, invest in Bitcoin, you know, beautiful people in your community.

C

Is that what that commercial was about? I did until you said that. I did not know that.

A

Yeah, just like, like these, yeah, these commercials being like, oh yeah, like crypto is for everyone. And so you have this like this perfect storm of like, okay, we're aware of these other scams. But you know, I have, I have people who I trust telling me that it's okay to invest in these things. And then you have these scammers being like, oh, have you heard of this? And kind of like leaning in and you know, holding on to that idea of, you know, people being interested in an investment. And what's, what's actually kind of interesting too is proofpoint recently put out some research about how some of the groups that are conducting the pig butchering and romance fraud have also expanded to include job scamming. So some of these lures are a lot more related to employment. So we're in an interesting time right now where, you know, a lot of people are looking for jobs. There's, you know, especially sort of work from home, remote jobs. A point potentially in our society that is, is sort of exploiting this potential vulnerability of people who are looking for jobs and saying, okay, like this could be something easy for me. I can click on, do these reviews and make some cryptocurrencies. Of course it's fake, but it's interesting because if you look at some of the wallets, there is overlap in the scam types and the payments and you know, there's this romance fraud, but it's also this job fraud. So it's, it's, it's like a whole ecosystem of fraud. I think that's really reactive to what is most convincing to a general populace at this time.

C

I did hear a rumor of a potential solution for this. It's the. And you guys can tell me if you see this is happening. But the generation behind Selena, the teenagers that are in school now, there is a small but growing movement of self selecting off the social media platforms. They're deciding that it has not been good for the generation in front of them. And some of them. And it's a growing movement. Like I said, it's only a rumor. I can't give you any data, but that sounds very promising to me.

B

Well, here's hoping.

A

Honestly, I love that. Learn from our mistakes as millennials.

B

Oh yeah. That's what humans do best is learn from previous generations mistakes. You know, I did hear a story and I think we might have covered this on hacking humans. I Can't remember but where a gentleman who got scammed is going after the banks that set up the accounts that his money was transferred into and he's going after them saying that they had inadequate know your customer procedures in place. Because obviously banking is highly regulated and there are these regulations where banks supposedly have to know who their customers are. And if they fall short on that, then what this person's looking for is liability. And I think, you know, there's another way to move the needle. If you put someone on the hook for this, then now you've got someone who has a vested interest in shutting it down. Right.

C

I love that idea. And the banks have been pretty good about stuff, you know, and credit card companies have been good at those kinds of things. And you know, the anti fraud stuff they've done over the last 20 years has been phenomenal. I've always thought that the social media platforms should have something like that. You should know who all your customers are. Then it starts getting to free speech issues and all that kind of thing. And I don't think it's ever going to happen. But I would love to know that that person on the other line, Facebook, is really who she says she is.

B

Right? Yeah.

A

And I think too we've seen this with cybercrime. There have been, we've talked about this on the podcast even previously over the last year, some really good collaborations across law enforcement, public private sector, both in the US and abroad with law enforcement partners to focus on doing these takedowns and disruptions and you know, arresting people. Certainly things like sanctions against various countries we often see in response to things like significant apt attacks, things like that. And so I think, you know, having sort of like broad coalition of people who are focused on disrupting this problem because I think part of the reason why it got so bad is because there is a bias in cybersecurity and technology that scams are just not as important or worth, you know, focusing on. There is, it can oftentimes it can be harder to sort of track it down.

C

Yeah, but what did you say the dollar figure was? You said it was in the billions or was it trans.

A

Well, I saw one study that said $75 billion lost to pig butchering that was published last year. And then with, you know, just in, in the last year the FBI IC3 report said it was 3.6 billion to investment scams. And that's of course just here in the U.S. so it's, it's a significant issue. And I think, you know, when we, there's This. I think there's a mindset that a lot of people still have that, well, you shouldn't fall victim to that. This is your fault because you are susceptible to this. Like, this is your fault, as opposed to you are a victim of this predator and this crime that happened. And so I think that narrative is changing a lot, is shifting a lot. And I think that that can only be good for tracking, targeting, and disrupting this type of threat.

C

And I think it might be easier, too, especially if you're thinking these warehouses of scammers. Okay. I think you can find the country that's upscale up in the network where the traffic has to go through and say, we should not be allowing that warehouse to be functioning. I think that could be done technically, and since it's so much money, it might be worthwhile doing. It'd be. It's different if it's just grandma, you know, but if it's. You know, if it's 500 people scamming billions of dollars, that might be worth shutting that IP address off.

A

Yeah, exactly. Like the enterprise. Like, you gotta disrupt the whole. The whole business. Yeah, yeah.

B

And there has been some progress with that. There's been, you know, international political pressure from folks like Interpol who have taken down some of these places. But it's the old whack a mole. There's always a place somewhere in the world where somebody's willing to look the other way for some kind of grift. And I think there's also the attitude that as long as you're not scamming your countrymen, then that's probably okay.

C

Yeah. It's somebody else's problem.

B

That's hard as well. Yeah. Well, this is a tough one. And I think education is key, I think, kind of to Selena's point that it's really important to let all your family members know that there's no shame in this. Right. That you are a person that they can go to if they find themselves falling victim to something, that they're not going to judge them. You're not going to think they're stupid. You're not going to make fun of them so that they don't feel embarrassed or alone or that they have nowhere to go. That's a huge part of this as well. These people are so good at isolating their victims. Right.

A

They are.

C

Okay. And. And great at moving them down the ultimate path of giving them lots of money. Right. That's like Selena said, it is a campaign that works. It just hit repeat.

B

Yeah. I think it's Also really frustrating because certainly local law enforcement are not equipped to deal with this. You know, time and time again, I hear stories where somebody gets scammed out of even just a few thousand dollars, which that's a lot of money. You know, in the pig butchering world is not a lot of money, but to an individual, that's a lot of money. And they think to themselves, what am I going to do? And they call the local police, and the local police say, I'm sorry, there's nothing we can do for you. It's just gone. And I don't know how we get past that because I mean, the fact of the matter is it is gone. There is no getting it back. But I also think there's an attitude with law enforcement that because this is a non violent crime, that it's not worth running down.

C

They have to prioritize. Right. Because, you know, law enforcement has limited resources. Do you want them, you want them spending time on this or, you know, solving the eight murders that came across their desk? Right.

B

And so, but I think looping back to something Selena was talking about earlier, it is not victimless. Right. The emotional and psychological burden that people take on when they fall victim to this is huge. So this idea that it's victimless, I think we need to get past that idea as well.

C

And that's really hard because when that stuff comes up, our initial reaction is always, how could you fall for that? You know?

B

Yeah.

C

You know, we're always judging the people. And you're right, we need to get past all that.

A

Well, and I think a very effective way of communicating some of these things is using media and pop culture. So, for example, there was an episode or the last season of True Detective, there was a romance scam subplot where one of the characters was having a romantic relationship with a woman overseas via text. And it was very similar. Oh, we're getting engaged this and that. And you know, from a viewing audience, as soon as the phone was on the screen the first time, I said, I know what is happening here.

C

We all did. The only person that didn't was the guy on the phone.

A

Yeah. But from like, if you're viewing this as a person who might have never been ext. Exposed to this before, like, I think that's a really interesting way of, you know, it's bubbling up to the mainstream. We're having these conversations. It's a, it's, it's a plot in a book that I'm currently reading is scamming elderly victims out of their money by Social engineering, them, essentially. And so it's, it's really interesting because I, for, for some reason, I've recently had a lot more sort of, like, these storylines are popping up in places where it isn't the main, like cybersecurity or technology isn't the main plot here. It's, it's conversations. It's. It's. It's leaking into murder mysteries, it's leaking into, you know, television. It's, you know, people on Instagram who have huge followings being like, I will never send you these. And so I think we have, I hope at least we've kind of gotten past that. We can't talk about this. This is so embarrassing. This is so humiliating. I think there's a lot of, like, scams tend to do that. They tend to make you feel. Feel bad. And oftentimes the tactics are, don't tell anyone that you're talking to me. Don't tell your mom that we're having this conversation. Don't tell, you know, your colleagues that you have a girlfriend. Like, they, they sort of try to isolate you. And I think human, Human nature, we want to talk to people, we want to communicate. And I think the more that we do that and the more that we can educate people and, and tell people about this and get it into, you know, parlance that isn't just like cybersecurity, pig butchering, but it's, you know, watching someone's dad fall victim to this horrible thing on the television show that you're watching is, I think, how we're going to kind of get past this and, of course, working together and solving these troubles. And I encourage everyone who works in cybersecurity and infosec to take a step back and when you hear something like this, try and remove your bias. Because, you know, like, Rick, you said the gut instinct is, well, you fell for this. Like, this is your fault. But I really, really encourage people to think about it from the perspective of the victim of someone who has been emotionally manipulated into doing something. And I think, you know, if we can all kind of get over these biases, we'll be a lot better equipped to help solve these problems.

C

Well, for one, I'm just grateful that you brought up the last season of True Detective, because it is excellent.

A

It's so good.

B

See, there you go, Rick. You got plenty of time out in your retirement.

C

I want to go look at that. Now that's.

B

He's just binge watching everything. You know, it's a shame. When Rick was working in tech, he was constantly pushing for innovation, and in retirement, the only thing he's pushing is the snooze button. What day is it?

C

Or repeat. Yeah, repeat.

B

No, no, no.

A

Well, you know, Rick, people in retirement tend to be high targets of some of the skills. Well, I was gonna mention to you.

C

Guys, I met this girl online, and she's, you know.

A

Is she sending you pictures of her food and her uncle's business? And my wife's not too happy about.

C

That, but I've told her it's totally legit. Okay, sure, sure.

A

It's real. It's real. Yeah, absolutely.

B

She's just looking for some mentorship.

C

That's all it is. That's right.

B

Absol.

A

We'll be right back.

B

All right, friends. Well, this was a very interesting conversation and not an easy one, but I think it's important. So hopefully this is the kind of show that folks can spread around and share with their friends and family and maybe vaccinate some folks against some of these scams. It's so important.

A

I'm sorry, guys. The mailman came, and Ben has a lot of opinions about this. And I think, you know, Dave, to your point, I hope our audience shows people that the people that they love use this as a Valentine's gram to warn them against the horrors that persist.

C

I just want Elliot, our sound engineer, to know that the dog barking wasn't mine. Okay, so, Elliot.

B

Yeah, yeah. Oh, nothing more romantic. Oh, honey, I love you. Here's a link to a podcast about scams.

C

A really depressing pig butchering discussion.

A

This discussion of brain hacking and emotional manipulation reminded me of you.

B

Yeah, that's right.

C

That's good.

B

All right, friends, thank you so much. Great fun. We'll talk to next time.

A

And that's only malware in the building. Brought to you by N2K CyberWire. In a digital world where malware lurks in the shadows, we bring you the stories and strategies to stay one step ahead of the game. As your trusty digital sleuths, we're unraveling the mysteries of cyber security, always keeping the bad guys one step behind. We'd love to know what you think of this podcast. Podcast. Your feedback ensures we deliver the insights that keep you ahead in the ever evolving world of cybersecurity. If you like the show, please share a rating and review in your podcast app. This episode was produced by Liz Stokes, mixing and sound design by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Our executive editor is Brandon Karp. Simone Petrello is our president. Peter Kilby is our publisher.

B

I'm Dave Bittner.

C

And I'm Rick Howard.

A

And I'm Selena Larson. Thanks for listening.

B

And of course, we want to thank this week's sponsor, Threat locker. Go to threatlocker.com HH and check out their Zero Trust Endpoint Protection Platform. That's the words threat and locker with no space.com HH where you can request a demo and neutralize the threat of malware running on your devices.