Loading summary
Transcript256 lines
- [00:02]
Dave Buettner
You're listening to the Cyberwire Network, powered by N2K.
- [00:15]
Joe Kerrigan
Hello, everyone, and welcome to N2K, CyberWire's hacking humans podcast, where each week we look behind the social engineering scams, phishing schemes and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Buettner and joining me is my co host, Joe Kerrigan. Hey, Jo.
- [00:32]
Maria Varmazis
Hi, Dave.
- [00:32]
Joe Kerrigan
Along with my N2K colleague and host of the T Minus Space Daily podcast, Maria Ramazas. Hello, Maria.
- [00:38]
Dave Buettner
Hi, Dave. You're back.
- [00:39]
Joe Kerrigan
I am. I am pleased as punch to be back. And we will be right back after this message from our show sponsor.
- [00:52]
ThreatLocker Ad
And now a few thoughts from our sponsors. At ThreatLocker, the tactics used by cybercriminals are becoming more and more advanced every day. The shift from a default allow approach to a default deny is more critical than ever. This is where ThreatLocker comes in. Stay tuned for how ThreatLocker allow listing and ring fencing has your back.
- [01:19]
Joe Kerrigan
All right, as we said, I am back from vacation. I am well rested, tan and ready to go. So before we dig into our stories here, we have a bit of follow up. What do we got here? Joe, is this your doing?
- [01:33]
Maria Varmazis
Yes, this is my entry from a couple weeks ago ago. Last time we were all in the studio together, we had a person from Australia who wrote in and said that their friend had been scammed out of like 70 grand in a, in an employment scam.
- [01:47]
Joe Kerrigan
Right.
- [01:47]
Maria Varmazis
So I, I, I stumbled on this link this week that is out of Australia from an organization called scamwatch.gov au that's the website and it we'll put a link in the show notes. But this is just a collection of people telling their stories about how they were scammed. Okay, so maybe if our listener. I can't remember our listener' I'm sorry about that. But maybe if our listener. Oh, it's Dave. It was Dave because we were talking about another Dave. So maybe if Dave can hook up with scamwatch.gov au they might have more local resources for that person that got scammed.
- [02:25]
Joe Kerrigan
Right. All right, very good.
- [02:27]
Maria Varmazis
This also helps you know that you're not the only person that this happens to. Perhaps that will provide a little bit of comfort.
- [02:32]
Joe Kerrigan
Yeah. Nice to have a local for the listener resource also coming out of Australia.
- [02:36]
Maria Varmazis
Yes.
- [02:37]
Joe Kerrigan
All right, well, let's jump into our stories here. Maria, why don't you take the honors this week and lead us off?
- [02:44]
Dave Buettner
All right. Well, I thought I would take a little look at the Pokemon evolution of toll collection scams that have been going on because we've had a couple of listeners write in about some variants of it they've received in other parts of the country. And I've been getting a ton of these actually myself, but I've been hanging onto them and just sort of watching how they've changed over the last couple of weeks. And I, I, I was sitting on this story until I saw a post on the Massachusetts subreddit with the title Bro, they're they making PDFs now was really okay, which made me laugh just reading that out loud. And the person who received a spammy SMS with nothing but a PDF sent to them did the thing they should not do and opened it on their phone. Big, big no, no. But they took a hit for the team, I suppose, and I just, I figured I would thank that person for doing the terrible thing. But just quickly, just look at the evolution of what have people have been getting sent, including myself. And I've been getting easy Pass alerts, fake ones from the Philippines saying I have an unpaid toll bill with a total amount of 699 due to, I presume, the state of Massachusetts. And then I'm directed to a spammy link that starts with easydrivema.com a bunch of characters top and a bunch of other stuff. So a really, really suspicious link. And then the instructions at the bottom of the SMS that says please reply Y then exit the SMS and open it again to activate the link or copy the link to my Safari browser and open it.
- [04:18]
Maria Varmazis
Interesting.
- [04:18]
Dave Buettner
I really love that. Very specific.
- [04:20]
Maria Varmazis
Yeah, they know that you're on an Apple device, huh?
- [04:23]
Dave Buettner
Yes, because it's being sent through imessage so they do.
- [04:25]
Maria Varmazis
Oh, I see. Yes.
- [04:26]
Dave Buettner
Yeah. But it is interesting that a lot of these I've gotten specifically from the Philippines or the uk, but it says it's supposed to be from the state of Massachusetts. I don't think we've outsourced that stuff yet, but who knows, maybe that's going to happen. And I got another one actually last night which was really funny. I was being told, please pay my Massachusetts tolls by March 12, 2025. Thank you for your cooperation and wish you a happy holiday. I was wondering, are they wishing me a happy Holly? I'm not really sure which holiday they're referring to in March.
- [04:58]
Joe Kerrigan
St. Patrick's Day.
- [04:59]
Dave Buettner
St. Patrick's Day.
- [05:00]
Joe Kerrigan
I mean people in Massachusetts aren't known for their drinking, so that probably Evacuation.
- [05:06]
Dave Buettner
Day to us all. Indeed. Maybe that's the one they meant. But yeah, again it was an easy drive.ma.com bunch of characters xin URL. And again that same set of instructions of reply why exit the text message activated specifically in Safari. I did not do any of these things. And then I took a look at the screenshot of the spammy PDF that somebody opened on the Massachusetts subreddit, which again, don't do that. And the it was there's again a 699 overdue toll that was apparently due back in January. And there's a link in the PDF that says in big green letters pay now. And it comes apparently from the Toll Enforcement Authority with all rights reserved.
- [05:47]
Maria Varmazis
That's the copyright.
- [05:49]
Dave Buettner
Yeah, apparently this needs a copyright. So, I mean, I don't know. I mean everybody seems to be getting these. I think it's very interesting that now, bro, they making PDFs now that they're just spamming out a PDF with no text. It's literally just a PDF in a SMS, hoping that someone will go what is this? And open it. Please don't do that. But the biggest problem for me is that they're saying that a toll would be 699 in the state of Massachusetts and that's just not the case.
- [06:15]
Joe Kerrigan
Is that right?
- [06:16]
Maria Varmazis
Is that low?
- [06:18]
Dave Buettner
As if it would ever be that cheap. So there's the flaw in their whole scheme.
- [06:22]
Joe Kerrigan
I see. That's interesting.
- [06:23]
Dave Buettner
I'm just curious how this will continue to evolve.
- [06:26]
Joe Kerrigan
A couple things stood out to me here. First of all, the URL link that they include in this, as Maria, you said it starts out with easydrivema.com but then there's an EM- so it's actually going and then the actual place where it resolves to.
- [06:46]
Maria Varmazis
Right.
- [06:46]
Joe Kerrigan
But for some reason that EM dash stands out to me because as a delineator, it really makes the easydrivema.com stand out on its own, as if it were the legit place that you're gonna be going to, and that everything on the other side of that EM dash is, you know, extraneous. The normal stuff you would see after a slash.
- [07:11]
Maria Varmazis
Yep.
- [07:11]
Dave Buettner
Yeah. Yeah. Because that makes Easy Drive ma the subdomain of some domain that's com. Bunch of characters top or xim. Very clever.
- [07:20]
Joe Kerrigan
Yeah, it is clever. And I don't know that I've seen that using EM dashes. I'll admit this is about as geeky in the weeds as you can get. Not a big fan of EM dashes. I know.
- [07:34]
Dave Buettner
Bullet through my heart. Oh my gosh, I'm a big fan.
- [07:36]
Joe Kerrigan
I mean, I get it. But I just find them typographically.
- [07:41]
ThreatLocker Ad
Bulky.
- [07:42]
Dave Buettner
Pretentious.
- [07:43]
Joe Kerrigan
No, bulky. They're just a little too. Just give me a regular dash, maybe an EN dash, but an EM dash, I don't know. Now you're a little full of yourself.
- [07:51]
Dave Buettner
As I said, they are pretentious.
- [07:53]
Maria Varmazis
I have learned more about dashes than I wanted to know. I thought there were only two dashes, like the dash and the EM dash, But there's an EN dash, like, with it. Like, it is the length of the.
- [08:04]
Dave Buettner
Letter N and an EM dash is the length of the letter M. Yeah. That is the differences.
- [08:09]
Joe Kerrigan
And believe me, Joe, there are many dashes. And there are folks who will tell you which ones are appropriate and which ones are not and all the different use cases for them, and they feel very strongly about that. And I'm happy for them. Right.
- [08:26]
Maria Varmazis
It's like their religion.
- [08:28]
Dave Buettner
They're all knowledge majors or journalism majors.
- [08:31]
Joe Kerrigan
It's its own little tiny subcategory of pedantry and something that somebody else uses.
- [08:38]
Maria Varmazis
To feel superior over everyone around them. Don't know which dash to use.
- [08:42]
Joe Kerrigan
That's right. We all have our things that we.
- [08:45]
Dave Buettner
Do we mad at them way too.
- [08:46]
Joe Kerrigan
Much about and feel like it's our responsibility to enforce them.
- [08:50]
Maria Varmazis
Dave, while you were gone, I got to educate Maria about the difference between a chicken and a Polish chicken.
- [08:56]
Dave Buettner
That was not a very elegant segue into chickens. I just have to say, trying to.
- [09:01]
Maria Varmazis
Shoehorn him in every episode now, I.
- [09:03]
Joe Kerrigan
Feel like this should have started out with a priest and a rabbi. Walk into a bar and say, hey, do you know the difference between a chicken and a Polish chicken? Well, you know what? I'm gonna have to go back and listen to that episode. Cause I have not yet listened to it. But I understand that there was quite a lot of scintillating discussion about chickens.
- [09:24]
Maria Varmazis
Yes.
- [09:25]
Joe Kerrigan
Okay.
- [09:25]
Dave Buettner
This is what happens when you're away, Dave. Somehow it's your fault.
- [09:29]
Joe Kerrigan
Well, you can never leave us on track.
- [09:32]
Dave Buettner
That's right.
- [09:34]
Joe Kerrigan
Yeah. Well, I guess to wrap this up, I mean, Maria, you are 100% right. Like, this is an active scam. Everyone I know is getting toll violation notices right now, which means it must be working.
- [09:48]
Maria Varmazis
Can I add something to this?
- [09:49]
Joe Kerrigan
Yeah.
- [09:49]
Maria Varmazis
For some reason, my easy pass system stopped working. I don't know why they stopped charging my credit card. And one day I just got a letter in the mail from Maryland. Easy pass. And it was just full of pictures of all of our tolls from the past month. And it was like, maybe $25 with the tolls. Because around here the tolls are not nearly as expensive as they are up north. And I've driven through Massachusetts and yes, those tolls are expensive.
- [10:20]
Dave Buettner
They are, yeah.
- [10:21]
Maria Varmazis
But like we have a road around here called the icc, which we use frequently. I use it when I go to my parents house. But I actually got documents in the mail and they were saying, pay this. And I'm wondering if this, the use of this PDF is like an evolution of this scam because they know now that when actual humans get actual tolls, they get a document. So why not fake the document and just send them some. Send them a PDF that they open and have the PDF take the, Take them to the link.
- [10:56]
Dave Buettner
Yeah. I mean, the thing that I would love to test if I could figure out a way to do this or maybe a listener can help me out with this one. I have a Massachusetts cell phone area code, so I know that's an easy one for the scammer to say, you know, spam this everyone with a Massachusetts area code.
- [11:11]
Maria Varmazis
Right.
- [11:11]
Dave Buettner
I'm curious if someone has an area code that doesn't match where they physically live, if they're getting it according to their area code in a different state. Then again, we've had some listeners write in and say they've gotten tolls for out of state visits. Like somebody drove through California and then they're not from California and they got a spam that was about a California unpaid toll.
- [11:30]
Joe Kerrigan
Right.
- [11:30]
Dave Buettner
Which made us go, is this an insider threat of some kind? So, I mean, I'm always driving on toll roads, so it's kind of impossible for me to figure out if, if something's going on. Like they noticed I had driven on a, on the Mass pike or something. But yeah, I'm so curious if someone's had experience with that. You know, they live in New Mexico, but they actually have a California area code or something. If you have, I'd love to know.
- [11:52]
Joe Kerrigan
Yeah. Because I remember one of the things we speculated about a while back when these things started was whether or not the scammers were using location data from apps on your phone. So in other words, you know, if I can inexpensively buy location data from your flashlight app and then basically geofence you. So if I see that you've gone onto a toll road, then I'm going to send you a text message that says, hey, pay me. Because early on, some of the messages we were getting from listeners were saying they were getting these text messages while they were on the toll road or immediately after they'd Been on the toll road, and that made me think perhaps there was some kind of location thing. To me, this seems much simpler than that, that they've. They're going the cheaper, easier route now and just, you know, sending it out randomly.
- [12:48]
Dave Buettner
I'm so curious what the end game is for this. I mean, if this is working, maybe they're just going to keep doing this or if this is going to build to something else. Right. Yeah.
- [12:55]
Joe Kerrigan
$6.99 at a time. It's practically a nuisance fee. Yeah. But I guess it adds up.
- [13:01]
Maria Varmazis
Oh, yeah. And I guarantee you the credit card is stolen as soon as you enter the information as well.
- [13:06]
Dave Buettner
For sure. For sure. Yep.
- [13:09]
Joe Kerrigan
All right, well, that is an interesting one. Do we have links to that one? No links to that story, but certainly that's not a hard one to look up. If you're interested in it, just look up toll scams. They are widespread. All right, well, let's move on. My story this week actually comes from a blog post that was brought to my attention. This is someone named Joan Westenberg, and she took it upon herself to write about what she describes as digital snake oil merchants who are stealing from the already broken. And what this centers around is a scam called PDF farming. Is this something either of you are familiar with? This was new to me.
- [13:53]
Maria Varmazis
This is a new term for me.
- [13:55]
Dave Buettner
I've never heard the term, but I think I might know what it's referring to.
- [13:58]
Joe Kerrigan
Yeah. So turns out PDF farming is when you basically spin up a lot of inexpensive PDF documents. You either steal from someone else who's an expert on something, just copy and paste, create a PDF, or these days, the new hotness is to make them AI generated. Go into ChatGPT and say, I want to make a PDF that is about something that people often need help understanding. And the notion is that you create a bunch of these over time, maybe a couple every day, and you post them on places like Amazon or ebay or some of the publishing platforms. For a few dollars, people will find them, they will buy them. Over time, you build up a library, and suddenly you've got thousands or tens of thousands or hundreds of thousands of dollars of passive income coming at you every month. Now, what's really going on here is that the people who are making the money are the people who are selling you the kit to teach you how to make or how to do the PDF farming.
- [15:20]
Maria Varmazis
Yes. Okay.
- [15:22]
Dave Buettner
Yep, yep.
- [15:24]
Joe Kerrigan
So, for example, this one they're talking about, it's $99. You get a complete kit that has templates teaches you everything you need to know. Several hours of video content to show you how you can be on easy street by creating PDFs and publishing them. Now, you will not make money doing this. That's the bottom line. These markets are so flooded, especially since these AI tools came on, that the idea that you would make $50 a day, which is what they talk about, is just not realistic.
- [16:06]
Dave Buettner
No.
- [16:06]
Joe Kerrigan
The amount of money you'd have to put into marketing and this notion of passive income by publishing these things, it's just not realistic and it's not gonna happen. But the folks who are selling these kits, they're going after folks who are already vulnerable.
- [16:23]
Maria Varmazis
This reminds me of an old joke. Okay, I'm gonna write a book and put it on Amazon and it's gonna be called how to Make a Million Dollars on Amazon. And the price is gonna be $1 million. Right. That's what this makes me feel think about is that you probably buy this on Amazon, this kit.
- [16:42]
Joe Kerrigan
Yeah.
- [16:43]
Maria Varmazis
And then like you said, the only people making the money are the people selling the kit.
- [16:48]
Joe Kerrigan
Right. Do you guys remember there was briefly an app on the Apple App Store called I'm Rich?
- [16:55]
Dave Buettner
Yes, I was just thinking of that. Was it like $505,000 just to download it?
- [17:00]
Joe Kerrigan
$10,000. Yeah, I remember that it was $10,000. All it did was put the icon on your phone that said I'm Rich and that's all there was.
- [17:10]
Dave Buettner
Stupid enough to buy this.
- [17:11]
Maria Varmazis
Stupid. Why was it taken down? Was it taken down because Apple, it was too successful?
- [17:17]
Dave Buettner
Dang it.
- [17:18]
Joe Kerrigan
Yeah.
- [17:18]
Maria Varmazis
Was it really?
- [17:19]
Dave Buettner
Well, I don't remember.
- [17:20]
Joe Kerrigan
Well, we're buying it and Apple got their $5,000 cut or whatever it was. I know they're. What do they get? Like 30 some percent. So Apple got their cut, but ultimately I think it got taken down because it got too much attention. And Apple thought to themselves, this is not in our best interest. This must be in violation of our terms of service somewhere.
- [17:43]
Maria Varmazis
Ask the lawyers how this violates.
- [17:45]
Joe Kerrigan
Right.
- [17:45]
Maria Varmazis
Which they can do for any app that's on their App Store.
- [17:47]
Joe Kerrigan
So they did eventually take it down, but not before several people who were indeed rich amused themselves by downloading it and sticking it on their home screen so people could see that they were indeed rich. In this case, you are not going to get rich.
- [18:02]
Dave Buettner
No.
- [18:03]
Joe Kerrigan
So don't bother.
- [18:05]
Dave Buettner
A lot of MLMs and stay at home mom type businesses, that is, they really want to get. Yeah, they really, they. They tell a lot of people who are looking to make some income at home While staying home with kids. Like you can totally sell courses or make some PDFs and sell them on your website through your social media. And you can, this is how you can supplement your family's income. And now there's people preying on that whole thing too. So it's just like the snake eating its own tail. But yeah, it's quite amazing.
- [18:32]
Joe Kerrigan
I would say whenever you see the term passive income, that should be a, a red flag because in general making money takes work.
- [18:40]
Maria Varmazis
Right.
- [18:40]
Dave Buettner
So news at 11.
- [18:43]
Maria Varmazis
Yeah. Or if you really want passive income, you can go out and buy some income based securities, you know, but there's risk associated with that as well. I mean, but, but you know, I mean you're, the thing is that those usually return like maybe 3 to 5%.
- [18:58]
Joe Kerrigan
Right.
- [18:59]
Maria Varmazis
So you're not going to live off that if you're, if you're just starting out.
- [19:03]
Joe Kerrigan
Welcome to Investor's Corner with Joe Kerrigan.
- [19:07]
Dave Buettner
You usually need to have some capital to start with.
- [19:09]
Maria Varmazis
Yeah, exactly. Oh yeah, you need to put. So if you put like $3 million in there.
- [19:13]
Joe Kerrigan
Yeah.
- [19:14]
Maria Varmazis
Well, you know, you have like $100,000 a year coming in.
- [19:17]
Joe Kerrigan
Yeah. This is the old Steve Martin joke. You could be a millionaire and never pay taxes. And you say, okay, first get a million dollars. All right, now. Yeah, it's easy to make money when you have a lot of money. Yes.
- [19:32]
Maria Varmazis
In fact, it just kind of happens when you have a lot of money.
- [19:35]
Joe Kerrigan
That's right. Yeah, that's right. What am I going to do with all this filthy green stuff? It's just coming out of the.
- [19:39]
Dave Buettner
Give it to me, give it to me.
- [19:42]
Joe Kerrigan
That's right. All right, so bottom line here, you are not going to make money with this sort of passive income kind of thing. The market is flooded with PDFs and ebooks and those sorts of things. The only person who's making money here is the person who's scamming you out of your money to try to sell you the kit to teach you how to make the money. And this is a scam that's been around for decades. I mean probably tale as old as time someone tries to sell you the secret for a get rich scheme.
- [20:12]
Maria Varmazis
Yeah, I think Maria has hit the nail on the head here with multi level marketing. That's pretty much all that is.
- [20:22]
Dave Buettner
Every social media like lifestyle influencer type, they all have a course or an ebook that they're hawking, if not multiple. And it's, it's been the advice for a long time for people who are trying to earn A little bit of cash was just figure out a way to sell a thing about how to be successful on social media and you'll suddenly be successful on social media and make money and kind of everyone's sort of looking at each other going, is this working for you? Are you actually making fun of money from this? No. Okay, maybe not.
- [20:52]
Joe Kerrigan
All right, well, we will have a link to the original blog post in our show Notes. I'll tell you what, before we get to Joe's story, let's take a quick break and hear a message from our sponsor.
- [21:08]
ThreatLocker Ad
So let's return to our sponsor. ThreatLocker. ThreatLocker is a zero trust endpoint protection platform that strengthens your infrastructure from the ground up. Where traditional cybersecurity tools require you to create a list of things you don't want want to run, Threat Locker enables you to easily curate an allow list of everything you need in your environment and network and block everything else by default. With ThreatLocker allowlisting and ring fencing, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware. The ThreatLocker Zero Trust endpoint protection platform deploys in a learning mode that analyzes the operations of your company, using machine learning to assist you in developing your allow list for approved applications, what they can do on the endpoint, what can interact with your data, and even east and west network traffic. We thank ThreatLocker for sponsoring our show.
- [22:19]
Joe Kerrigan
And we are back. Joe, you are up. What do you got for us here?
- [22:22]
Maria Varmazis
I got two today, Dave. Cause they're both kind of small. One of them is a follow up on a local story we covered a little while ago. This was about the woman who was scammed out of almost $800,000 in gold bars. Do you remember us talking about that story? She lived in Montgomery County, Maryland.
- [22:41]
Joe Kerrigan
Yeah, I do.
- [22:41]
Maria Varmazis
She still does live in Montgomery County County, Maryland. Well, a California man has now been sentenced to six and a half years in prison for that crime. And he was sentenced in Montgomery county in the circuit court down there, which I've been to that building. I got called in there once for jury duty.
- [22:58]
Joe Kerrigan
Okay.
- [22:59]
Maria Varmazis
Anyway, this woman lived in, wait for it, Leisure World, which is a 55 or better community. Yeah, actually my grandmother lived in Leisure World for quite some time.
- [23:13]
Dave Buettner
It's a real place with that name.
- [23:15]
Joe Kerrigan
It's a real place. It's kind of the epicenter for easy senior living around Here it is a gigantic complex.
- [23:25]
Maria Varmazis
It is.
- [23:25]
Joe Kerrigan
It's been around for a long time. Of course, the locals refer to it as either Geezer World or Seizure World. Right. But no, it's not.
- [23:34]
Dave Buettner
That name doesn't sound real. Wow.
- [23:35]
Joe Kerrigan
It's a real place.
- [23:36]
Maria Varmazis
No. And it's.
- [23:38]
Joe Kerrigan
Yeah, big.
- [23:39]
Maria Varmazis
Quite nice, actually.
- [23:40]
Joe Kerrigan
No, no, it's a legit place, and lots of people live there and enjoy their senior years at Leisure World.
- [23:48]
Maria Varmazis
Got a golf course right in the middle of it.
- [23:49]
Joe Kerrigan
Yep, yep. One of those places people drive around in their golf carts and just enjoy their later years.
- [23:56]
Maria Varmazis
You need a. It's gated, so you need a badge to get in, but once the guards know you, they just wave you in because we used to go over there, pick up my grandmother, go shopping. Anyway, yes, it's a real place, but anyway, this guy's name is Wen Hai sun, and he had picked up gold bars from this woman and attempted to pick up another round with the hopes of swindling her out of $1.1 million. But the second pickup was actually set up by law enforcement, and that's when they grabbed him.
- [24:26]
Joe Kerrigan
Oh, okay.
- [24:28]
Maria Varmazis
So this guy will be spending about six years as a guest of Montgomery county in some kind of penitentiary or something. I don't know.
- [24:39]
Joe Kerrigan
Yeah. Did they get any of the gold back?
- [24:41]
Maria Varmazis
It doesn't say. Okay, the story does not say, but I'm going to bet no.
- [24:46]
Joe Kerrigan
Yeah, probably not. Well, that's good news.
- [24:50]
Maria Varmazis
Yeah, it is good news.
- [24:51]
Joe Kerrigan
Yeah.
- [24:52]
Maria Varmazis
And in the bad news department, this article comes from TechCrunch and it's from Amanda Silbering. I can. Soberling. Soberling.
- [25:03]
Joe Kerrigan
Okay.
- [25:04]
Maria Varmazis
I was about to say, see how well I nailed that name, but then.
- [25:07]
Joe Kerrigan
I totally botched it.
- [25:08]
Maria Varmazis
So this is quoting the FTC saying that Americans lost $12.5 billion to scams last year. And the follow up after the. I'm going to guess that's an M Dash. Dave, in the. It says social media. AI and crypto. Didn't help.
- [25:31]
Joe Kerrigan
That is an EM Dash. I just wanted to say.
- [25:33]
Dave Buettner
It sure is.
- [25:34]
Joe Kerrigan
That is an EM Dash with a space on either side of it. So it's just right there in all of its big old fat, wide glory.
- [25:41]
Dave Buettner
You're not supposed to put spaces around it.
- [25:43]
Maria Varmazis
Dang it kind of like me sitting in this chair.
- [25:45]
Joe Kerrigan
Yeah, your words, not mine.
- [25:47]
Maria Varmazis
Okay, Joe, so the stats on this are about 2.6 million people submitted reports about falling victim to fraud in 2024, totaling 12 billion. So some quick back of the napkin math. That's a lot of Money per person.
- [26:07]
Joe Kerrigan
Yeah.
- [26:09]
Maria Varmazis
It'S like a thousand bucks or 500 bucks somewhere around there. So this is also a big jump from the 2.5 billion that was reported to the FTC in 2023. Now, here's my question. Do you think that this is something that has resulted in more people being scammed or more people reporting their scam or some combination of the.
- [26:34]
Joe Kerrigan
Both, I would say. Yes. Probably both.
- [26:39]
Maria Varmazis
I would agree. I think there's probably better reporting, but I don't think the amount of scams has gone down or remain the same. I think that we're seeing more and more scams.
- [26:49]
Joe Kerrigan
Yeah, I think that's fair to say.
- [26:51]
Dave Buettner
Yeah.
- [26:52]
Maria Varmazis
The story actually talks about Charlotte Cowles, who was the author of that story that was on the Cut.
- [26:59]
Dave Buettner
Yeah, we talked about it.
- [27:01]
Maria Varmazis
Yeah, we talked about it. Yeah. And there's a great quote in here from her. It says, I'm not a person who panics under pressure and falls for a conspiracy theory involving drug smuggling, money laundering, and CIA officers at my door until suddenly I was. Which is exactly how these things work.
- [27:21]
Joe Kerrigan
Yeah.
- [27:22]
Maria Varmazis
You know, Charlotte Cowles is not a dummy. Right. She is a smart. And I'm not. And I'm gonna go out on the limb and say most of these people that fall for these scams are not dummies. What happens is these guys come in, they flip the switches in their brains, in the victim's brains, and these. And they get these people into a state where they're panicked and they just want to get. They just want to get the quickest way out of that. And often the way these guys say, let me help you with that is give me some money.
- [27:53]
Joe Kerrigan
Yeah.
- [27:53]
Maria Varmazis
And we can make this all go away.
- [27:55]
Dave Buettner
Yep.
- [27:55]
Maria Varmazis
So that should be your big red flag. Crypto. The crypto part of this is that. Is that they're using cryptocurrency as a way to. To move the money.
- [28:06]
Joe Kerrigan
Yeah.
- [28:06]
Maria Varmazis
Sending people to crypto ATMs is one of the things we've seen people do. The bad part about crypto is about cryptocurrencies is as soon as you send that money out of your control, you are never getting that back. Unless you can do some kind of rubber hose cryptography with the person that received it. Or rubber hose cryptanalysis. That's the term of art.
- [28:26]
Joe Kerrigan
Actually, I was thinking the same thing.
- [28:28]
Maria Varmazis
Right.
- [28:29]
Joe Kerrigan
No, I wasn't. I had no idea what you're talking about.
- [28:31]
Maria Varmazis
Okay, so rubber hose cryptanalysis.
- [28:34]
Joe Kerrigan
Yeah, I'm good. I'm good.
- [28:36]
Maria Varmazis
It's really easy, Dave.
- [28:37]
Joe Kerrigan
Okay. All right.
- [28:38]
Maria Varmazis
It's really easy to explain.
- [28:39]
Joe Kerrigan
You have 15 seconds. Go.
- [28:41]
Maria Varmazis
Okay.
- [28:41]
Dave Buettner
All right.
- [28:42]
Maria Varmazis
I can either try to hack your crypto system, or I can hit you with a rubber hose until you tell me the password.
- [28:48]
Dave Buettner
That's how it works.
- [28:49]
Joe Kerrigan
Okay, got it.
- [28:50]
Dave Buettner
Okay. Got to hand it to you.
- [28:52]
Joe Kerrigan
You've been vindicated, Joe. That was good. That was good.
- [28:54]
Maria Varmazis
It's a really simple thing. So, I mean, that's what I mean. Like, law enforcement comes and they exert the force of. Of the. Of the government. Right? Because. Yeah, all power derives ultimately from violence.
- [29:05]
Joe Kerrigan
Right?
- [29:06]
Maria Varmazis
So the. The government will threaten to put you in jail, keep you confined, unless you cough up the money. That's really the only way you're getting cryptocurrency back. And if that person has already sent it on and you don't have access to somebody that has the keys, you're never getting it back.
- [29:21]
Joe Kerrigan
The other thing that grabs my attention here in this report is that the numbers here are just from folks who submitted reports, correct?
- [29:30]
Dave Buettner
Yeah, correct.
- [29:31]
Joe Kerrigan
So I don't know if there's any way to ever know this, but would we guess that this is a small percentage, a large percentage? Is it half?
- [29:41]
Maria Varmazis
I would say it's not close to half yet.
- [29:43]
Joe Kerrigan
Of, yeah. So what's actually happening and what's being reported? There's a big delta there.
- [29:48]
Maria Varmazis
Right. And I'm guessing. I'm speculating on that, but I'll bet that if you took a random sample of people and asked them if they'd been scammed and then asked them if they reported the scam to the ftc, you'd find that that was a small percentage.
- [30:03]
Joe Kerrigan
Yeah, you're right.
- [30:04]
Dave Buettner
People think, what's the point?
- [30:05]
Joe Kerrigan
We hear over and over again folks who call up their local police department and say something has happened, and the police will just say, I'm sorry, there's nothing we can do. It's gone. And so that, I assume, doesn't go anywhere.
- [30:17]
Maria Varmazis
I don't know that it goes anywhere, but it should be at least investigated and documented.
- [30:22]
Joe Kerrigan
I guess you can request it if you're trying to get, like, insurance or something like that. Yeah. All right, well, we will have a link to both of your stories in our show notes. Joe, Maria, it is time to move on to our Catch of the Day.
- [30:44]
Maria Varmazis
Dave, this week's Catch of the Day comes from the Scams forum on Reddit. A very important person is contacting you.
- [30:52]
Joe Kerrigan
All right, I will, I will. I'll do the honors here. Okay, it goes like this.
- [30:57]
E
Contact me immediately. This is Mrs. Melania Trump, first lady of the United States of America. I'm giving you a gift of you and your family of ATM MasterCard, 80 millions dollars, United States DOL. For you to receive your funds. Please contact me with all your information. Thank you. Federal officeumail.com seems legit. Full name, home address, country. Your airport.
- [31:25]
Joe Kerrigan
Your airport. Airport.
- [31:27]
E
Your phone number, your email, your WhatsApp. I'll be waiting for your immediate response in my email as my delivery agent will be contacting you to deliver the card to your address. Thank you. Mrs. Melania Trump, first lady of the United States of America.
- [31:42]
Dave Buettner
Oh, I'm sold.
- [31:44]
Maria Varmazis
Yeah.
- [31:44]
Joe Kerrigan
So, pretty dead on Melania impersonation. Once you say so much, honestly, it's.
- [31:48]
Dave Buettner
Like she's right here smoking five packs at the same time.
- [31:51]
Maria Varmazis
Right. Which I don't believe she's a smoker, but.
- [31:57]
Dave Buettner
Well, I don't know.
- [32:00]
Maria Varmazis
So here's. This is interesting.
- [32:03]
Joe Kerrigan
Airport.
- [32:04]
Maria Varmazis
Why your airport?
- [32:05]
Joe Kerrigan
That's a good question. Why would anyone need. What does that even mean? Your airport?
- [32:10]
Maria Varmazis
Right.
- [32:10]
Dave Buettner
I have my personal airport.
- [32:12]
Maria Varmazis
Right. My airport is Joe's landing strip in my yard.
- [32:16]
Joe Kerrigan
Do we think that is a translation error from, like, what could airport mean? I don't know. Got your full name, your address, your country, your airport, your phone number. I don't even know what that means.
- [32:28]
Maria Varmazis
Oh, maybe it's city. Cause airports are normally based after city code. Yeah.
- [32:35]
Dave Buettner
If you get your home address.
- [32:36]
Joe Kerrigan
I don't know, maybe just to make.
- [32:38]
Dave Buettner
It seem like they're gonna rush it over to you. Like they'll get off the tarmac and fly over to you on a helicopter.
- [32:43]
Joe Kerrigan
Right, right. You have to meet Melania on Marine One.
- [32:48]
Maria Varmazis
Oh, Melania makes it clear that she's not coming. She's gonna send the Secret Service.
- [32:51]
Dave Buettner
Hands you a gift card delivery agent.
- [32:53]
Joe Kerrigan
Right, right, right.
- [32:54]
Maria Varmazis
It's gonna be someone from the Secret Service.
- [32:55]
Joe Kerrigan
Exactly. Melania will be looking at you the way she looks at Justin Trudeau.
- [33:02]
Dave Buettner
With an aircraft carrier.
- [33:04]
Joe Kerrigan
No, no, quite the opposite. With great admiration.
- [33:06]
Maria Varmazis
I haven't seen that yet.
- [33:07]
Joe Kerrigan
Yes, yes. Yeah. So, I mean, you know, I think what's going on here is pretty obvious. This is scam using a celebrity. Yep.
- [33:16]
Maria Varmazis
A recently installed celebrity, by the way.
- [33:18]
Joe Kerrigan
Just getting your information with which to scam you and probably try to string you along for something else as well.
- [33:25]
Maria Varmazis
Yep. You give them this information, it goes onto a list that gets sold on the Dark Web, and then you start getting scammed more.
- [33:31]
Joe Kerrigan
Yeah. All right, well, that is our catch of the day. If there is something that you would like us to consider for our show. You can email to us. It's hackinghumans2k.com.
- [33:48]
ThreatLocker Ad
And of course we want to thank this week's sponsor, Threat locker. Go to threatlocker.com HH and check out their Zero Trust Endpoint Protection platform. That's the words threat and locker with no space.com HH where you can request a demo and neutralize the threat of malware running on your devices.
- [34:17]
Joe Kerrigan
And that is Hacking Humans. Brought to you by N2K CyberWire we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to hackinghumans2k.com this episode is produced by Liz Stokes. Our executive producer is Jennifer Ibin. We're mixed by Elliot Peltzman and Trey Hester. Peter Kilpe is our publisher. I'm Dave Buettner.
- [34:47]
Dave Buettner
I'm Joe Kerrigan, Oregon and I'm Maria Varmazis.
- [34:51]
Joe Kerrigan
Thanks for listening.