Despicable donation request scamming. - Hacking Humans

Summary6 min read

Hacking Humans: Despicable Donation Request Scamming
Hosted by N2K Networks
Release Date: January 30, 2025

Introduction

In the latest episode of Hacking Humans, hosted by Dave Buettner, Joe Kerrigan, and Maria Vermazes, the team delves into the intricate world of cyber deception, focusing on donation request scams that exploit empathy and generosity. This episode provides a comprehensive exploration of various scam techniques, their real-world implications, and the psychological manipulation employed by cybercriminals.

AI-Generated Scams: The "Grace" Leather Goods Fraud

Timestamp: 01:17 - 11:38

The episode opens with a discussion on a sophisticated scam reported by Ampix Cyber, wherein scammers use artificial intelligence to create fake personas selling counterfeit goods online. The focus is on "Grace," a fictitious leather artisan supposedly retiring after 34 years of craftsmanship.

Joe Kerrigan introduces the scam:
"Grace is hanging up her tool belt. She's worked her career and it's time to retire. But before she does, she's putting everything on sale." ([02:03])
Maria Vermazes questions the authenticity:
"Are the goods real?" ([01:59])
The hosts analyze the deceitful tactics, noting the realistic portrayal of Grace through images and videos, making it difficult for unsuspecting buyers to detect the fraud.
Dave Buettner observes:
"She looks like an older woman you'd enjoy having a conversation with. No red flags about Grace herself, but of course, Grace is not real." ([02:42])

The scam involves enticing offers like up to 80% off genuine leather bags, which upon purchase, deliver low-quality, plastic-based products labeled as "PU Leather." Attempts to return these products are thwarted by misleading processes that mimic legitimate platforms like PayPal, as highlighted by customer complaints and poor Better Business Bureau ratings.

Romance Scams and Tragic Outcomes

Timestamp: 11:38 - 23:30

Transitioning from product-based scams, the hosts discuss the devastating impact of romance scams, citing recent legal actions and tragic personal stories.

Maria Vermazes shares a CBS News story about the sentencing of six individuals involved in a romance scam, including Jennifer Gosia, a former US Post Office employee and Iraq veteran. While two Nigerian nationals received substantial prison terms (10 and 20 years respectively), Jennifer was sentenced to three years of probation due to her limited involvement and coercion by her ex-boyfriend.
"The judge did note that the woman who only got six months was not really all that involved and may have also been coerced into it." ([13:03])
The tragedy of Laura Kowal from Galena, Illinois, is recounted. Kowal, a retired healthcare executive, was scammed through Match.com, resulting in her loss of $2 million and her subsequent disappearance. While authorities classify her death as a suicide, discrepancies like the presence of a burner phone suggest possible foul play or further victimization.
"Her last text message to one of her friends was all is fine... but in her car, they found the packaging for a cell phone, a burner phone that she didn't have in her possession, which is kind of strange." ([14:22])

The discussion emphasizes the manipulative cycle where victims, after losing significant funds, are coerced into becoming money mules, perpetuating the scam network.

Joe Kerrigan reflects:
"These guys are all based out of, I think it says West Africa, but they're probably out of Nigeria and another one says here Ghana... the Nigerian government is actually pretty cooperative with the United States in extraditing these guys." ([17:13])

The hosts advocate for increased awareness and research into effective support systems for victims to prevent further exploitation.

Restaurant Reservation Auction Scams

Timestamp: 23:30 - 35:28

Shifting focus, the episode explores how online reservation systems for popular restaurants are being exploited through black market auctions and botnets.

Dave Buettner describes his personal frustration:
"Going up to a restaurant that looks completely empty with a group of four plus people and being told actually we're completely booked, even though there's nobody in the restaurant." ([25:03])
Data Dome's research reveals that bots are mass-registering reservations during events like New York City's Restaurant Week, scalping tables for exorbitant prices (e.g., $500 per reservation), disrupting both consumers and restaurant operations.
"These online reservation systems... are completely vulnerable to botnets, basically snatching up huge amounts of reservations at a time before a real person could and then scalping them." ([27:03])
Maria Vermazes proposes a potential solution:
"If a restaurant said, okay, you're gonna make a reservation with us, the average per person bill here is say $50. Your reservation is going to cost you $25 per person." ([32:10])

The hosts discuss the sustainability of such practices and the ethical dilemmas faced by restaurants in balancing exclusivity with accessibility. They also touch upon the broader implications, including possible denial-of-service attacks against competitors through reservation manipulation.

Dave Buettner lamentingly states:
"It's all something that should be free. It should be free to make a reservation." ([33:50])

The segment concludes with thoughts on how restaurants and reservation platforms might innovate to mitigate these scams without alienating genuine customers.

Scams from Reddit's r/scams: Despicable Donation Requests

Timestamp: 35:28 - 41:52

The episode features an engaging skit mimicking scam interactions found on Reddit’s r/scams, illustrating the deceptive strategies used in donation requests.

Joe Kerrigan and Dave Buettner role-play a scammer and a victim engaged in a fraudulent donation request that initially appears credible but quickly shifts into a classic gift card scam.

Example Dialogue:
- Joe (as Scammer):
  "Hello, I came across your campaign ad on GoGetFunding.com about needing donations for your cause... May the good Lord be with you through this hard time." ([36:19])
- Dave (as Victim):
  "I see. Yes, please proceed. What should I do?" ([39:30])
- Joe (as Scammer):
  "To complete the biometric signature security settings, you can activate your account to receive the donation. You are required to go to the nearest store to get an Apple iTunes gift card of €50." ([39:47])

This simulated exchange underscores the manipulative tactics scammers use to exploit goodwill, culminating in the demand for gift card purchases as a means to "release" funds. The hosts highlight the emotional manipulation and the deceptive façade that makes such scams particularly pernicious.

Maria Vermazes critiques the scam:
"Taking advantage of someone in need, stringing them along by saying you're going to help them... despicable." ([41:21])

Conclusion and Takeaways

The Hacking Humans team wraps up the episode by emphasizing the importance of vigilance and education in combating various forms of cyber scams. They encourage listeners to stay informed, verify the legitimacy of online interactions, and support victims in recovering from these malicious exploits.

Notable Quotes

Joe Kerrigan on AI-generated scams:
"Grace does not exist. No. And in this image, she's wearing what you would expect a leather worker to wear." ([02:13])
Maria Vermazes on romance scams:
"Once you've been victimized by these guys, they continue to victimize people by coercing them and then having them become the legs here in the United States for getting the money and moving it around." ([17:36])
Dave Buettner on reservation scams:
"It's all something that should be free. It should be free to make a reservation." ([33:50])

Final Thoughts

This episode of Hacking Humans provides a sobering look into the evolving tactics of cyber scammers, from AI-generated personas to sophisticated romance and reservation scams. By dissecting real-world examples and engaging in thoughtful discussion, the hosts equip listeners with the knowledge to recognize and resist these deceptive practices.

For more insights and detailed analyses, visit hackinghumans2k.com.

Loading summary

Transcript282 lines

[00:02]
Dave Buettner
You're listening to the Cyberwire Network, powered by N2K.
[00:15]
Joe Kerrigan
Hello, everyone, and welcome to N2K, CyberWire's hacking humans podcast, where each week we look behind the social engineering scams, phishing schemes, and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Buettner, and joining me is Joe Kerrigan. Hi, Joe.
[00:31]
Maria Vermazes
Hi, Dave.
[00:32]
Joe Kerrigan
And our N2K colleague and host of the T Minus Space Daily podcast, Maria Vermazes. Hello, Maria.
[00:38]
Dave Buettner
Hello. Hi.
[00:39]
Joe Kerrigan
We've got some good stories to share this week, but we will be right back after this message from our sponsor.
[00:50]
ThreatLocker Sponsor
And now a few thoughts from our sponsors at ThreatLocker, the tactics used by cyber criminals are becoming more and more advanced every day. The shift from a default allow approach to a default deny is more critical than ever. This is where ThreatLocker comes in. Stay tuned for how ThreatLocker allow listing and ring fencing has your back.
[01:18]
Joe Kerrigan
All right, we have no follow up today, so we're going to jump right into our stories. And I'm going to do the honors this week. This is actually a story from an organization called Ampix Cyber, a cybersecurity company. But they have kind of like a scam reporter on staff who kind of does awareness videos about scams. And this is one I had not seen before. This is about artificial intelligence generated fake people selling scammy goods online.
[01:59]
Maria Vermazes
Are the goods real?
[02:01]
Joe Kerrigan
Well, we'll get to that.
[02:02]
Maria Vermazes
Okay.
[02:03]
Dave Buettner
Okay. All right.
[02:04]
Joe Kerrigan
There are goods. Whether or not there are good goods, we're gonna get to. So what this comes down to is someone pretending to have a leather goods store online. And we're talking about a leather artisan named Grace who puts in her ads that after more than three decades of artisan leather work, Grace is hanging up her tool belt. She's worked her career and it's time to retire. But before she does, she's putting everything on sale.
[02:41]
Dave Buettner
Oh, how generous.
[02:42]
Joe Kerrigan
A good, good sale. So you could get up to 80% off these amazing leather bags. Now, Grace, I don't know if you guys can click through to the link I put in the show notes. Grace is a fine looking, I'd say older woman. She has silver hair. She has a very nice smile. Looks like someone you would enjoy having a conversation with. Someone you could put your trust in. No red flags about Grace herself, but of course, Grace is not real.
[03:11]
Maria Vermazes
Grace doesn't exist.
[03:13]
Joe Kerrigan
Grace does not exist. No. And in this image, she's wearing what you would expect leather worker to wear. She's got Kind of a leather smock on. She's got some work gloves.
[03:24]
Maria Vermazes
It does seem to me like she's missing a finger in this picture.
[03:28]
Joe Kerrigan
Okay.
[03:28]
Dave Buettner
She looks like an aged up version of Princess Catherine, now that I look at it.
[03:34]
Joe Kerrigan
Take your word for it.
[03:36]
Maria Vermazes
I'll have to take your word for that as well.
[03:38]
Dave Buettner
I'm not like a big royal watcher, but it just struck me immediately, I'm like, she looked that her face looks almost exactly like her, which is eerie. Yeah.
[03:46]
Joe Kerrigan
Okay.
[03:46]
Dave Buettner
That's.
[03:46]
Joe Kerrigan
I'd say. I mean, she looks. She's looking right at the camera. She appears to be someone who has confidence. Right. Certain amount of style. So, again, this is someone I would put my trust in. No red flags about herself, just definitely, no hesitation. Yeah.
[04:04]
Maria Vermazes
Except I'm still wondering how she lost that finger.
[04:06]
Joe Kerrigan
Yeah. Well, I mean, she's a leather worker, you know.
[04:10]
Maria Vermazes
Right.
[04:11]
Joe Kerrigan
That tracks.
[04:12]
Maria Vermazes
Cut it off with the leather scissors.
[04:14]
Joe Kerrigan
Right. That's like what you say about it. To have confidence in your shop teacher, they should have all of their fingers. So what happens is these ads pop up in your social media feed and specifically Facebook and Instagram. And as I said, she's shutting down her workshop after 34 years. But you can own a piece of her legacy. She says our handcrafted leather bags are not just accessories. They're statements of style and quality. Each one tells a story, not just of leather and design, but of dedication, passion, and the journey we've been on together, you know?
[04:50]
Dave Buettner
Together.
[04:51]
Maria Vermazes
Hold on.
[04:52]
Dave Buettner
I just met you, Grace.
[04:54]
Maria Vermazes
Right. This sounds to me like every artisan. I mean, it sounds like whatever AI is doing, this is pulling from all the artisan crap that's already out there as its training data.
[05:06]
Joe Kerrigan
Yeah.
[05:06]
Maria Vermazes
You know, no, there is no story behind this bag. There isn't a story behind the bag until I buy the bag and take the bag with me everywhere. Like my big backpack. We talk about that all the time.
[05:17]
Dave Buettner
Yes.
[05:18]
Maria Vermazes
Why do we talk about that? Because I've had it for 10 years, and it's Joe's backpack.
[05:21]
Joe Kerrigan
Right.
[05:22]
Dave Buettner
Even I know about your backpack.
[05:23]
Joe Kerrigan
Right. I've learned you need a backpack. Sherpa is what you need, Joe.
[05:30]
Maria Vermazes
Yeah. So, I mean, so it sounds to me like the AI is just pulling from similar, you know, sales, marketing.
[05:36]
Joe Kerrigan
I think that's exactly right. I mean, it's kind of. What was the joke? What was the Jay Peterson on Seinfeld? All of the. They had similar descriptions of products.
[05:46]
Dave Buettner
Oh, my God, the catalogs. Yes.
[05:48]
Joe Kerrigan
Right, Right.
[05:49]
Maria Vermazes
That's the one where. That's the same Place where Elaine starts getting comma, happy. One episode, right?
[05:54]
Joe Kerrigan
Yeah, yeah, yeah.
[05:55]
Dave Buettner
Dang. I haven't thought about that in a while. Yeah.
[05:57]
Joe Kerrigan
As this article points out, Grace is fake. Deepak analysis shows that they are. The images of her are very likely generated by AI she actually speaks in some of the ads because there are video clips, and people are pretty convinced that that's AI generated as well. So what do you guys suppose happens if you decide to buy one of these bags that are 80% off? So, just for example, bags that once listed as high as $695 now sell for $139.95.
[06:34]
Maria Vermazes
You get a. You get one of two things. Either you get nothing.
[06:37]
Joe Kerrigan
Yep.
[06:37]
Maria Vermazes
Or you get like a $20 bag out of somewhere in Asia or Bangladesh or. Well, Bangladesh is in Asia, but you know where these things are made. And they just make some kind of bag that looks generic, like it would be artisan. And then you get that, and it costs the company 20 bucks, and they sell it to you for 100 and some odd dollars.
[06:56]
Joe Kerrigan
Yes, Maria, that sounds about right. You concur? Well, ding, ding, ding.
[07:01]
Dave Buettner
Yes, I would concur with that. Yep.
[07:04]
Joe Kerrigan
That is exactly what happens. You do get a bag, but the bag you receive is made out of plastic, not leather.
[07:11]
Maria Vermazes
Oh, it's not even that good. So it's not even like a.
[07:14]
Joe Kerrigan
No, it's vegan leather.
[07:15]
Dave Buettner
Right.
[07:16]
Maria Vermazes
It's not the alcohol.
[07:17]
Joe Kerrigan
They have a term. Pu. Leather. Pu.
[07:20]
Dave Buettner
Leather. Pu.
[07:21]
Joe Kerrigan
This stinks.
[07:22]
Maria Vermazes
Right?
[07:24]
Joe Kerrigan
Which is like poly.
[07:26]
Maria Vermazes
Just polyurethane.
[07:27]
Joe Kerrigan
Is that what?
[07:27]
Maria Vermazes
Puurethane?
[07:29]
Joe Kerrigan
Yeah, polyurethane.
[07:30]
Dave Buettner
Plastic Leather.
[07:30]
Joe Kerrigan
Yeah, polyurethane. So it's plastic.
[07:32]
Maria Vermazes
Pleather.
[07:33]
Joe Kerrigan
Remember back in the day, Joe, we called it pleather.
[07:35]
Maria Vermazes
You had pants made out of that.
[07:37]
Joe Kerrigan
Right, Right. They were hot, not breathable. Pleather. Yeah. Literally heavy metal band days. Joe, did you ever have pleather pants?
[07:44]
Dave Buettner
No.
[07:44]
Maria Vermazes
I was not the. I was not the pleather band kind of heavy metal guy. I was the jeans kind of heavy metal guy.
[07:49]
Joe Kerrigan
Gotcha.
[07:50]
Dave Buettner
Gotcha.
[07:51]
Maria Vermazes
Yeah.
[07:51]
Joe Kerrigan
So there are lots of complaints about these. People say things like, if I could give zero stars, I would not leather. Nothing like the image or description on the website. Total trash. Vinyl, not leather. Smell horrible. So there's the pu.
[08:05]
Maria Vermazes
Right.
[08:08]
Joe Kerrigan
So these organizations got an F rating from the Better Business Bureau because the ads are deceptive. But if you try to return this, that is very troublesome because there's no.
[08:22]
Maria Vermazes
Way to do that.
[08:23]
Joe Kerrigan
I'm sure there's a way to do it, but you have to send the Bag back to China, which is where the bag was made. Joe, you called that. This is not an artisan craftsperson here. I imagine we're all imagining a little shop somewhere in the suburbs of Boston or. Right.
[08:41]
Maria Vermazes
Like the old auto leaves, falling trees.
[08:43]
Joe Kerrigan
Right.
[08:44]
Dave Buettner
Right there out back. Working on his leather.
[08:50]
Joe Kerrigan
Right, exactly, exactly.
[08:52]
Maria Vermazes
That was a woodworking show. Yankee Workshop.
[08:53]
Joe Kerrigan
It was, yes.
[08:55]
Dave Buettner
And it was the new Yankee workshop, which was always on after this old house.
[08:59]
Joe Kerrigan
Right, exactly. Right. But before we begin, let's take a moment to talk about shop safety.
[09:06]
Maria Vermazes
I will say this. The Yankee. New Yank. Yankee workshop guy never really talked about safety a lot because, you know, he didn't have power tools. It was all hand tools.
[09:15]
Joe Kerrigan
Is that so?
[09:16]
Dave Buettner
Really?
[09:17]
Joe Kerrigan
Anyway, no, not really. I've looked at that. New Yankee Workshop had lots of power tools. I know what you're thinking of, Joe, but it's not that show.
[09:23]
Maria Vermazes
No, no, no. What am I thinking of then?
[09:25]
Joe Kerrigan
What's a guy?
[09:26]
Maria Vermazes
Okay. I don't know.
[09:26]
Dave Buettner
He had like all power tools. His. His collection was the envy of everyone I know who does woodworking. He had like all.
[09:33]
Joe Kerrigan
The metal shop was something to be seen.
[09:36]
Dave Buettner
Yeah.
[09:36]
Joe Kerrigan
Absolutely. No sawdust floating around in that.
[09:39]
Dave Buettner
No. Yeah. Sorry, I was like. I dispute that, sir.
[09:43]
Joe Kerrigan
There's other scammy things about this. If you try to initiate a return, they make it look like you're contacting PayPal, but it's not actually PayPal. It's a page on their website that looks like PayPal but isn't. The people who wrote this article tried to get in direct touch with the folks who are running this operation, and they insist that it's all on the up and up and these people really exist and blah, blah, blah. But that's worse somehow, obviously. Yeah. It's not true.
[10:16]
Maria Vermazes
Right.
[10:17]
Joe Kerrigan
So the bags are low quality bags, mass produced, made out of plastic in China. And if you buy one and try to return it, you have to jump through lots of hoops, send it back to China, and you'll only get a fraction of what you paid for it. So these folks who wrote this article also reached out to Facebook and Instagram where the ads are largely running.
[10:40]
Maria Vermazes
Oh, boy. Let me guess.
[10:41]
Dave Buettner
Sure, they had a lot of luck. Sure went real well.
[10:44]
Joe Kerrigan
Yep. Yeah, no luck there. But it is interesting that there are dozens of stores and I'm putting scare quotes around stores that are spun up with this whole Grace scam.
[11:01]
Maria Vermazes
Grace being the model's name?
[11:02]
Joe Kerrigan
Grace being the model's name, yeah. So it's multiple stores that are spun up doing this, and evidently it works. It's a scam that works. So be mindful. We will have a link to the story in the show notes. There's also a helpful video here that kind of takes you through it. If you want to see the videos that the scammers are putting up that is using the AI to try to convince you to buy this, you can take a look. So buyer beware. And that is my story this week. As I say, we will have a link in the show notes. Joe, you're up next. What do you got for us?
[11:39]
Maria Vermazes
So first off, I would like to say, no, I was not thinking of the New Yankee workshop. I was thinking of the Woodwright shop, which is the guy I used to love to watch. Did everything with old style hand tools and because of that, didn't really talk a lot about safety. Although I guess when he was swinging that ax between his feet, it was a great show. I loved it. I mean, it was like that and Bob Ross. I could watch either one of those things for a whole day.
[12:05]
Joe Kerrigan
Very gratifying. Yes. Just watch. Yeah. Yeah.
[12:08]
Maria Vermazes
So I kind of went down a rabbit hole with my story because I wound up with the first story, which is. We're gonna put a link to both these stories in the show notes. They're both from CBS News. This first one is from Shima SAMUI @, @ CBS and it is talking about the sentencing of six people in a romance scam. So one of the, one of the women, or actually the one woman that was sentenced, her name is Jennifer Gosia. She is a former US Post office employee and Iraq veteran who was sentenced to three years of probation, plus with the first six months being on house arrest with limited movement for her involvement in the fraud case. Now, I'm going to come back to the victims, to the victim here because that's the rabbit hole I went down.
[12:56]
Joe Kerrigan
Okay.
[12:57]
Maria Vermazes
But the, the other two people that were sentenced were both Nigerian nationals. One of them pled guilty and got 10 years. The other one pled not guilty and was convicted on all accounts, all counts rather, and got 20 years in prison.
[13:14]
Joe Kerrigan
Wow.
[13:15]
Maria Vermazes
The. The reason that Ms. Gosha only got six months was because she was kind of duped into this by her ex boyfriend who was one of the scammers. And she says she regretted getting sucked into this dumbass scheme. Is the quote from her.
[13:37]
Dave Buettner
Oh, all right.
[13:39]
Joe Kerrigan
Eloquent testimony, right?
[13:41]
Maria Vermazes
It doesn't say so. Okay, Yes, I will agree with that. But one of the victims connected to this scam was Laura Kowal. And then they linked to another Story where they talk about Kowal's disappearance. She was a retired healthcare executive from Galena, Illinois. And this group of people Kowal got involved with in a romance scam through match.com with somebody who called themselves Frank Borg. Resistance is futile. I had to say it.
[14:15]
Joe Kerrigan
I know. If you did. Maria was.
[14:17]
Dave Buettner
Yeah, I was thinking it.
[14:20]
Maria Vermazes
And what started out as a telephone romance quickly increased to more and more desperate requests for money. At first, Ms. Kowal sent money willingly. She was a widow, by the way. And later it appeared that she was being coerced. And over two years, they wound up getting $2 million out of Ms. Kowal.
[14:40]
Joe Kerrigan
Holy smokes.
[14:41]
Maria Vermazes
So the story that this story links to talks about her disappearance and her unfortunate eventual death. So what happened is she wound up, they found her car near a river, and further downstream they found her body. And her daughter is very involved in this case and doing all kinds of work to try to find out what happened. But the police have classified this as a suicide. However, there's weird stuff going on. Like her last text message to one of her friends was all is fine, or everything's okay, or something like that, which may or may not indicate. Indicate suicide. But in her car, they found the packaging for a cell phone, a burner phone that she didn't have in her possession, which is kind of strange. But she started getting involved as a money mule after she had been scammed out of the money. And I think, I don't know, maybe her daughter suspects that at some point in time, she said, I can't do this anymore. And maybe this was not a suicide. So it's an interesting couple of stories. We'll put links to both of them in the show notes. But the first story is the good news that somebody has been punished for this, and a couple of people are getting a good amount of time out of this. 10 years and 20 years. The judge did note that the woman who only got six months was not really all that involved in it as well, and. And may have also been coerced into it. So, you know, the funny, the. What strikes me about this whole set of stories is you don't really think about what happens after the romance scam and how there's really an opportunity here for someone who's malicious to just move in and go, well, you know what? Maybe we can help you out. Maybe you can make some money back. Maybe you can start doing this for us and moving the money around. Now, these guys are all based out of, I think it says West Africa, but they're probably out of Nigeria and another one says here Ghana. Yeah. So the money eventually winds up over in, in. In Africa somewhere. And it's. You know, there are. We know that there are tons of groups over there. We know that the Nigerian government is actually pretty cooperative with the United States in extraditing these guys. I'm quite sure that's how these two Nigerian nationals wound up over here to get tried and sentenced. If you think you hate Nigerian scammers, try, try being Nigerian. And in the government over there, they, they really don't like it.
[17:31]
Dave Buettner
Yeah, I can imagine.
[17:32]
Maria Vermazes
Not. They want, they want to help and get these guys busted as quickly as they can.
[17:36]
Joe Kerrigan
Right.
[17:37]
Maria Vermazes
So they're, they're very happy in getting them, getting them extradited, but the, the fear and the coercion. I want to get back to that, that, that once you've been victimized by these guys, they continue to victimize people by coercing them and then having them become the legs here in the United States for getting the money and moving it around and sending it back to Nigeria. And there's tons of ways, once you get a mule, that you can do that. And if you don't care about the mule, if the mule is expendable to you, you can even have them commit crimes that will eventually get them caught. And then you just move on to another mule. So I don't know what, how do you defend yourself against this? I mean, there's all the telltale signs of the romance scam in all these stories, but again, we've talked about this as well, that when these people are in the thrall of these scammers, it's really difficult to talk them out of it.
[18:37]
Dave Buettner
Yes.
[18:38]
Maria Vermazes
I don't know, maybe there's got to be some kind of research that has to be done into this. Into what the most effective way to do this is. And hopefully it doesn't just involve you losing all your money as the victim or being re. Victimized or being re. Victimized. Exactly.
[18:55]
Dave Buettner
Yeah.
[18:55]
Joe Kerrigan
Right. Right. Yeah. You think about what it must do to someone's feelings of self esteem and self worth and all that sort of thing to. To have lost that much money.
[19:06]
Maria Vermazes
Right.
[19:08]
Joe Kerrigan
And to have to face your family. Yeah, yeah.
[19:11]
Dave Buettner
It's an existential crisis like how you pay your bills. You gotta do something to fix this. Right. I'm sure a lot of people are in a tailspin after this has happened and they're trying to fix it. I wonder for people who've gone to the press with their stories about their romance scams also, I'm hoping, has anyone clued them into them, this being a possibility for being reached out to you via the scammers as a follow up?
[19:36]
Maria Vermazes
Yeah, I don't know. I don't know about that specifically. So like when you come forward, I think that once you come forward, I don't know, maybe you're more inoculated than the average person against these kind of things. But there are follow on scams that happen to people, but usually it's not when they've been, when they've come forward and they go, you know what? I got scammed. There was a story a couple of weeks ago about, I think it was a French woman that got scammed by the Brad Pitt scam. You know, Brad Pitt in the hospital.
[20:07]
Dave Buettner
Did we cover that?
[20:08]
Joe Kerrigan
I wanna say no, we didn't.
[20:10]
Dave Buettner
No, we didn't.
[20:11]
Maria Vermazes
But the French newspaper took it down because people began haranguing her and blaming her.
[20:18]
Dave Buettner
That helps.
[20:20]
Maria Vermazes
Yeah, exactly.
[20:22]
Dave Buettner
Well, maybe the discussion needs to be, for those of us who talk about stuff like this, that we need to add this into how we discuss things about romance scams saying, you know, even after you think the scam is done, there can be sort of this even.
[20:36]
Maria Vermazes
More awful next follow on scam.
[20:38]
Dave Buettner
Yeah. Because I don't know if people are aware that this is even a thing. One would hope that people's awareness would be higher after experiencing this scam. But as we've often covered, oftentimes it's the families are involved and they're trying to help and you know, there's emotions are caught up in this. So do people's families even understand that there could be a follow on scam? I mean, gosh, make a bad situation worse. But again, that instinct comes into play with wanting to fix the problem that maybe you started and it just gets you in a deeper hole. So maybe that just needs part of our conversations, not just here, but more broadly.
[21:13]
Joe Kerrigan
Yeah, right. The only other thing I'll add is that if you feel as though you have a strong enough relationship to do so, you can set up alerts on your loved one's bank accounts. Right.
[21:31]
Maria Vermazes
If they let you.
[21:31]
Joe Kerrigan
If they let you.
[21:32]
Maria Vermazes
Right.
[21:33]
Joe Kerrigan
So if you can say, if a transaction larger than this amount occurs, let me know.
[21:40]
Maria Vermazes
Right.
[21:41]
Joe Kerrigan
And so that's a way to help with this sort of thing. But not everyone, you know, money's a funny thing, right. People have a tremendous amount of privacy when it comes to money. And it's just one of those things that people always like to share information or access to and that's understandable, but particularly if someone gets older and if you're a family member looking to help protect their nest egg, hopefully you can make the case to say, look, I want to do this to help protect you.
[22:13]
Maria Vermazes
Right. Maybe there's a place for a creative banking product here where your bank is now somehow responsible for the management of the money. And if they think that you're getting scammed and they see the evidence of it, then they can just say, no, we're not sending this money to these people because we think you're getting scammed.
[22:33]
Joe Kerrigan
Right.
[22:34]
Dave Buettner
I'm sure that'll go over well. Yeah, I mean, but I understand that.
[22:39]
Joe Kerrigan
Yeah, I mean, that's the thing. You're an adult. It's your money, right? You can do whatever you want with it.
[22:46]
Maria Vermazes
What would you call that? It wouldn't be a custodial account, but it would be some kind of protective account. I don't know.
[22:51]
Dave Buettner
Because as we age, just like, hey, just, you know, we're not gonna say you can't do this, but we're just gonna maybe say, gotta wait 48 hours or something.
[22:58]
Joe Kerrigan
Or I'm sure there's stay figure, cooling off period.
[23:02]
Dave Buettner
Cooling off period. But I'm thinking one of your family.
[23:04]
Maria Vermazes
Members to buy in.
[23:05]
Dave Buettner
Yeah, well, I mean, what about people who are going through all this and their family has no idea? A lot of times people go through these romance scams, they get scammed, and then it becomes shame. They don't talk about it anywhere and, you know, they don't reveal it, and they go, okay, well, I got scammed, I got taken, but I don't need to tell anyone again. Are they aware that there's actually a follow on that could be coming days, weeks later? So I think this needs to be part of the discussion.
[23:31]
Joe Kerrigan
Yeah. All right, well, we will have links to both of the parts of this story in our show notes. Let's take a quick break to hear a message from our sponsor.
[23:48]
ThreatLocker Sponsor
So let's return to our sponsor, ThreatLocker. ThreatLocker is a zero trust endpoint protection platform that strengthens your infrastructure from the ground up. Where traditional cybersecurity tools require you to create a list of things you don't want to run. Threat Locker enables you to easily curate an allow list of everything you need in your environment and network and block everything else by default. With ThreatLocker, allowlisting and ring fencing, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level. That enables you to allow everything you need and block everything else, including ransomware. The ThreatLocker Zero Trust Endpoint Protection platform deploys in a learning mode that analyzes the operations of your company using machine learning to assist you in developing your allow list for approved applications, what they can do on the endpoint, what can interact with your data, and even east and west network traffic. We thank ThreatLocker for sponsoring our show.
[24:59]
Joe Kerrigan
And we are back. Maria, you are up. What do you have to share for us this week?
[25:04]
Dave Buettner
Well, no murder mystery. We're going to get to the heart of what really matters. Right now. I want to talk about restaurants and restaurant week and reservations. Oh, that's something completely different. So the, the last five or so plus years, due to me being a parent of a young kid, plus the pandemic, I have not been eating out at restaurants nearly as much as I used to when I was in my twenties. But the, the landscape of making a reservation at a restaurant has changed so much. It was never, you know, at popular places, it was never super easy. But usually it was like you call or you use an online reservation system and you could usually find something. I have found, at least for me in the last year or so, going up to a restaurant that looks completely empty with a group of four plus people and being told actually we're completely booked, even though there's nobody in the restaurant. And if you're lucky, you get maybe a table in the back and that restaurant just never fills up. And I've been trying to.
[26:02]
Maria Vermazes
I just don't want you in the restaurant.
[26:04]
Dave Buettner
Yeah, I smell that's actually what it is.
[26:06]
Maria Vermazes
I spent a lot, actually.
[26:07]
Dave Buettner
Yeah, it happens to me every single time. What's going on with that?
[26:10]
Maria Vermazes
Right.
[26:11]
Dave Buettner
And it's something I've been talking with my friends about. We've all been sort of noticing this anecdotally and we all stumbled upon something, finding out that there's a whole sort of black market auction system for reservations. That's been happening with the ease of making online reservations at popular restaurants. So, for example, there's a tiki restaurant in the Boston area that I love that's really tiny. I mean, it's literally right up the side of a bus station in Harvard Square. Can only fit a very small amount of people every day. And getting a reservation at this place was never easy, but now it's nigh impossible. And I found that if I wanted to make a reservation through this auction system, it's like $500 just to place a bet that I could maybe get that reservation. So to say nothing of actually paying for it. And coincidentally, our friends at Data Dome have put up.
[27:04]
Maria Vermazes
I'm confused.
[27:06]
Dave Buettner
This is a bidding system. Yes.
[27:08]
Maria Vermazes
Right. And I have to bid. I have to put $500, my own money, real American money, up. And if I don't get the reservation, am I out $500?
[27:19]
Dave Buettner
No. I would imagine it's like an ebay auction. Someone would outbid you and you just don't pay that money.
[27:24]
Maria Vermazes
Oh, oh, okay. So you have to make a bid and you don't actually pay the money, but in order to get the reservation, you're gonna have to pay the 500 bucks.
[27:33]
Dave Buettner
That is my understanding. I have never done this because I don't want to support this system. For the record, I think this is completely awful.
[27:40]
Joe Kerrigan
Is the restaurant in on this?
[27:42]
Dave Buettner
No, this goes to a third party broker. So here's. Yeah, so there's a big black market for this stuff. And I know New York City's trying to ban things like this, but it's a war of attrition and all that kind of stuff. And our friends at Data Dome, so security research coming out of Datadome have actually been taking a look at this. So it's not just me going, what the heck? They took a look at this whole system in the context of New York City's Restaurant Week. And are you both familiar with Restaurant Week? Should I explain what this is? I'm not sure if people know I'm familiar.
[28:14]
Joe Kerrigan
We have one here where we live, so I'm familiar with it, but go ahead and describe it for folks who might not be familiar.
[28:20]
Dave Buettner
Sure thing. Yeah. So the idea behind Restaurant Week, especially in New York, is twice a year for a week or so. Now it's like two weeks at a time. All the major restaurants or restaurants that want to bring new people in the door, they will offer a fixed price menu for that set period of time. And if you can get a reservation, you can eat an incredible fixed price meal at a really high end restaurant that maybe you couldn't normally have afforded. When I was a student in New York City, this was the way a lot of us would get access to restaurants that were otherwise completely out of our price range. So the Data Dome folks noticed that all of the online reservation systems that are used for doing Restaurant Week reservations in New York City were completely vulnerable to botnets, basically snatching up huge amounts of reservations at a time before a real person could and then scalping them, which in their research, they rightly point out, this actually hurts restaurants a lot because if people aren't going to pay, you know, 500 bucks just to bid on a reservation, then suddenly that restaurant has a reservation that isn't actually going to get filled. So, yeah, so this isn't a thing. This is not a thing for us as the end user to necessarily do something about, but it's something that I'm sure the restaurants are very well aware of, is a huge pain. And certainly it's great that these online reservation systems, I'm not going to name names, but they're very integrated in search result pages and they're very easy to sign up for. But unfortunately that means that the botnets also are finding them very, very easy to use. And Data Dome is asking that maybe these online reservation systems put some kind of a speed bump in the place to prevent mass signups just so we don't have, you know, credential stuffing or mass account creations or scalper activity happening. But that would, again, that would put some friction in the signup service that is probably not as great for end users. So I don't know what the conclusion is here, but I'm just glad that other people are noticing that it is really hard to get a reservation pretty much anywhere nowadays and it shouldn't be this darn hard. And maybe there's something going on on the black market that's making this worse. So it's not just me and I don't smell.
[30:31]
Joe Kerrigan
Yeah, I mean, I just, I don't, I don't see how it's possibly sustainable. Like, you know, you described earlier, the thing of going walking into a restaurant that's mostly empty.
[30:41]
Dave Buettner
Empty, yeah.
[30:43]
Joe Kerrigan
But them saying that we're completely booked and so you luck into a table but no one shows up for any of those, for the restaurant, that's not sustainable. Right.
[30:54]
Maria Vermazes
This is also a way you could do like a denial of service attack against a restaurant you don't like. Right. Just go out and make all the reservations and then have nobody show up.
[31:02]
Dave Buettner
Yeah.
[31:02]
Joe Kerrigan
Right, Yeah. I mean, so competing restaurants are going after each other this way.
[31:06]
Dave Buettner
Yeah, yeah. I mean, I would love to hear from folks and I'm sure high end restaurants, they don't really care because they're always in demand and this makes them even seem more exclusive. So the value of those reservations seems to go up. And when I was reading the commentary on the bidding website for I don't want to name the website because again, I don't like this business model. They're basically arguing that, you know, high end hotels and their concierge Services. This is essentially the kind of thing that they used to do. You know, you'd go to like, like the Ritz and, and walk up to the concierge and go, can you get me a reservation at this hot restaurant? Here's some money, please make this happen. They're saying, well, we're just taking that process and putting it online. But again, there's no friction. So bots are just like, woo, let's grab all of these. So. Yeah, right.
[31:55]
Maria Vermazes
So how much? Here's, here's my question. And, or maybe a proposed solution here. Although I don't know that this would work. I'm assuming that everyone, every bot making a reservation costs this company nothing. Yeah. Is that a good assumption?
[32:11]
Dave Buettner
I would assume that for next to nothing pennies. Yeah.
[32:14]
Maria Vermazes
So if a restaurant said, okay, you're gonna make a reservation with us, the average per person bill here is say $50. Your reservation is going to cost you $25 per person.
[32:27]
Dave Buettner
Yes.
[32:27]
Maria Vermazes
And if you show up and you eat, we will apply.
[32:33]
Dave Buettner
Right.
[32:33]
Maria Vermazes
As part of being paid. Right. You make a deposit essentially. And now like I got a table for four, I gotta put down 100 bucks. And does that make this intractable for the reservation company, the reservation auctions.
[32:46]
Dave Buettner
I have seen that on reservations. Like there's a restaurant that my husband and I love to go to for our anniversary and they actually do that. But they are also one of the more high end restaurants, in our case in Boston. And so I think they can afford to do that. I imagine places that aren't as high end, that would probably drive away a lot of their customers. So I think restaurants are in a really, really a bit of a bind here because if you're, you know, super in demand, you can do whatever you want, right?
[33:14]
Joe Kerrigan
Yeah.
[33:15]
Dave Buettner
But if you're trying to drum up business, putting up that kind of a barrier, saying, hey, pay some money up front before you've had the meal, that's a lot to ask.
[33:23]
Joe Kerrigan
Yeah. Not good. Not great for goodwill.
[33:26]
Dave Buettner
No, it doesn't feel great.
[33:27]
Joe Kerrigan
Yeah.
[33:28]
Maria Vermazes
The problem is, you know, the restaurant is here. The restaurant is not, they're not part of the problem, Right?
[33:34]
Dave Buettner
No.
[33:35]
Maria Vermazes
They're just another victim in this scam. Or I don't know, maybe they're not victims if they're, if they're actually getting their, their reservations sold. But I mean, it's like ticket scalpers. These people are making money on this, on just being able.
[33:51]
Dave Buettner
It's all something that should be free. It should be free to make a reservation. Like, I don't Understand, that's just the fundamental thing that makes me mad. Like, you can't experience a new restauran. You can't, you know, try new stuff if there's all these money barriers being thrown up in your face. You know, happy to pay a bill after I've had the meal, but don't ask me to put money down first if I don't know anything about you. So it's just the other.
[34:13]
Maria Vermazes
The other solution is do what all the big chain restaurants do and just don't take reservations, right? Yeah, I hate that. I won't dine at them. If I call, I say I need to make a reservation, they'll be like, oh, we don't take reservations. I say, yeah, I'm not eating there. Have a nice night.
[34:28]
Dave Buettner
Yeah, there's all sorts of problems with that model, too. So, yeah, yeah, or just take phone only reservations.
[34:33]
Maria Vermazes
But yeah, phone only reservations. I mean, that's how I make a reservation.
[34:36]
Dave Buettner
I still call the restaurants, too. Now, like, Google will call you on. On, like, you can use that Google service that'll call the restaurant on your behalf.
[34:44]
Maria Vermazes
Yeah, I don't want that either. I want to. Yeah, I don't want any of this. Nobody asked for this.
[34:50]
Joe Kerrigan
Joe's just going to put his money into a good backyard grill, right?
[34:54]
Maria Vermazes
I have a really good backyard grill. It's a Weber.
[34:56]
Joe Kerrigan
It's nice.
[34:57]
Dave Buettner
Yeah, nice.
[34:58]
Maria Vermazes
Good.
[34:59]
Joe Kerrigan
Yeah.
[34:59]
Maria Vermazes
I'm not allowed. Burned everything up, but my wife and son use it and they do a really good job. I don't get. I don't get to cook beef anymore. I only get to cook seafood and other things.
[35:10]
Joe Kerrigan
Breakfast. All right, well, we will have a link to the story in our show notes. Joe, Maria, it is time to move on to our catch of the day.
[35:28]
Maria Vermazes
Dave, Our catch of the day comes from the subreddit scams over on Reddit. I haven't seen this one yet, Dave.
[35:35]
Joe Kerrigan
Well, this is a fun one. Okay, I tell you what, Can I.
[35:39]
Dave Buettner
Just tell you something? The. The op is very clearly Greek. I'm looking at it.
[35:43]
Joe Kerrigan
Oh, is that right?
[35:44]
Dave Buettner
Yeah. Okay, because there's a thing at the top that says translate into Greek. In Greek. In the. In the.
[35:50]
Joe Kerrigan
Oh, see, I wouldn't have known that.
[35:53]
Dave Buettner
Yeah, that's really funny. It doesn't. It doesn't have any relevance to the actual story, but it just. That's making me laugh looking at that.
[35:59]
Maria Vermazes
Is that with that Greek, the Greek.
[36:01]
Dave Buettner
Letter with the Google Translate thing that says translate into Greek, and then in the user's name it says Amena. Which means me. So that's. You can.
[36:09]
Joe Kerrigan
All right.
[36:10]
Dave Buettner
Yeah.
[36:10]
Joe Kerrigan
Well, I tell you what, Maria. Why don't you and I team up on this? And I will be. I will start off. So I will be the person reaching out to you, and you'll be the respondent.
[36:20]
Dave Buettner
I'll be Emena. Sounds good. I'll do that.
[36:22]
Joe Kerrigan
Yes, you'll be that.
[36:24]
Dave Buettner
I'll be that.
[36:25]
Joe Kerrigan
It starts off and it says. It says. Hello, I came across your campaign ad on GoGetFunding.com about needing donations for your cause, which I'm very touched by. However, I've not donated yet, but I will soon make it on your Go get funding campaign page once I'm done with what I'm doing. May the good Lord be with you through this hard time.
[36:46]
Dave Buettner
Good morning. Thank you so much for your prayers and for your willing to help. It happened that I just read your email after arranging the final appointment for my baby's examination. However, we are still lacking the funds needed to travel to the clinic for the tests. And just before reading your message, I texted my husband. Let's pray we'll find a way to make it happen. I am so grateful to God for answering my prayers and to you for appearing in our lives with your help. God bless you.
[37:13]
Joe Kerrigan
Hello. I would like to inform you that I just donated €2,000 to your campaign to help your cause, and I hope it helps in every way possible. Furthermore, I got an email from them which I will attach a screenshot of the copy to this email as they said the funds would not be reflected or released to your account yet. As was stated in the email, there is an error at your end and you should reach out to them@gogetfundingrogrammer.net to get it resolved as soon as possible.
[37:41]
Maria Vermazes
Wait a minute. Is this two scammers working against each other?
[37:45]
Joe Kerrigan
Nope.
[37:46]
Dave Buettner
No, no.
[37:46]
Maria Vermazes
This person actually does have a Go get funding.
[37:49]
Joe Kerrigan
Yep. Okay. Wait for it.
[37:50]
Dave Buettner
Yes.
[37:51]
Joe Kerrigan
Okay. All right. And so the attached email says, this is to inform you that Pastor Tao Zhen donated €2,000 to your account. Still, the donation has been placed on hold in our escrow payment system and will not be reflected on the campaign page or released into your PayPal account until the error that prompted us to withhold the donation has been resolved. Reply directly to this email to learn more about the error. We'll then walk you through every step to fix your account and release the donation to your PayPal account. We're very sorry for the inconvenience. Thanks. The Go Get Funding team and then.
[38:32]
Dave Buettner
They say, hello, what's wrong with my account?
[38:36]
Joe Kerrigan
Thanks for using GoGet funding. This is to inform you that the donation of €2,000 has been made by Pastor Tao Zhen, but placed on hold by us until you have completed the biometric signature security settings. The biometric signature security settings is a procedure introduced to protect each of our platform users and also ensure the smooth flow of making and receiving donations without any issues or delay. Your account will not be activated to receive the donation that has been made to you until the biometric signature security setting has been completed by you, as it is only after then that the hold on the donation would be lifted and fully deposited into your account. Kindly reply to this email so we can walk you through the steps for completing the biometric signature security settings. Thanks. The Go Get Funding team.
[39:25]
Dave Buettner
Yes, please proceed. What should I do?
[39:29]
Joe Kerrigan
Thanks for getting back to us. To complete the biometric signature security settings, you can activate your account to receive the donation. You are required to go to the nearest store to get an Apple itunes gift card of €50. Did I say wait for it or what?
[39:47]
Maria Vermazes
I was wondering where this is going. And this just. I mean, this just takes a hard left turn.
[39:52]
Dave Buettner
Yeah, I was like, okay, okay.
[39:54]
Joe Kerrigan
What?
[39:55]
Maria Vermazes
Across three lanes of traffic, Right?
[39:58]
Joe Kerrigan
Exactly. Once you've gotten the gift card, take a picture of the gift card to reveal the code on it. As the card redeem code serves as an essential tool in facilitating the biometric signature security settings. Also, you are required to append your signature on a piece of paper and send a picture of it to us. You can also get the gift card online on our website, which would be delivered to your email to save you the hassles of going to the store. Once we've received the necessary information, the biometric signature security setting will be processed and completed to activate your account and receive the donation within 10, 15 minutes, along with €50 for the biometric signature security setting. Once the biometric setting is completed, the €2,050 will be released, deposited, and reflected in your PayPal account. This is the €2,000 and €50 used for the Apple Itunes gift card purchase.
[40:52]
Maria Vermazes
I see.
[40:53]
Joe Kerrigan
Thanks. The Go Get Funding team see, the.
[40:55]
Maria Vermazes
Fact that they're going to give you that money back makes it seem more trustworthy to.
[40:59]
Joe Kerrigan
Yeah, right. Yeah. And the gift card's just kind of a middle thing, right? Just a verification.
[41:05]
Maria Vermazes
Right, right. A verification thing.
[41:07]
Joe Kerrigan
But like the two. I mean, I made the exact same noise that both of you did when I was reading through this when it took the hard turn into a gift card scam. I did not see that coming. That was. No, that just came out of nowhere. So.
[41:21]
Dave Buettner
So it's just sort of Pastor Tao Zhen just put a different hat on and just.
[41:25]
Maria Vermazes
I'm guessing because, yeah, it's all the same guy.
[41:28]
Dave Buettner
Oh, yeah, definitely.
[41:30]
Maria Vermazes
Right?
[41:30]
Joe Kerrigan
Yeah. Yeah. So taking advantage of someone in need, stringing them along by saying you're going to help them, it seems like in this case is a medical need for a child.
[41:40]
Maria Vermazes
Right.
[41:41]
Joe Kerrigan
So how despicable is that?
[41:42]
Maria Vermazes
Yes.
[41:43]
Joe Kerrigan
And then ultimately just being a lousy €50 gift card scam.
[41:49]
Maria Vermazes
Right.
[41:49]
Joe Kerrigan
Awful.
[41:50]
Maria Vermazes
Awful.
[41:52]
Joe Kerrigan
All right, well, we will have a link to that in our show notes, and of course, we would love to hear from you. If there's something you'd like us to consider for the show, you can email us. It's hackinghumans2k.com.
[42:09]
ThreatLocker Sponsor
And of course, we want to thank this week's sponsor, ThreatLocker. Go to threatlocker.com HH and check out their Zero Trust endpoint protection platform. That's the words threat and locker with no space.com HH where you can request a demo and neutralize the threat of malware running on your devices.
[42:38]
Joe Kerrigan
And that is hacking humans. Brought to you by N2K CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to hackinghumans2k.com this episode is produced by Liz Stokes. Our executive producer is Jennifer Ibin. We're mixed by Elliot Peltzman and Trey Hester. Our executive editor is Brandon Karpf. Peter Kilpe is our publisher. I'm Dave Buettner.
[43:11]
Maria Vermazes
I'm Joe Kerrigan.
[43:12]
Dave Buettner
And I'm Maria Vermazes.
[43:14]
Joe Kerrigan
Thanks for listening.