A

You're listening to the Cyberwire Network, powered by N2K.

B

Hello everyone and welcome to the Hacking Humans podcast where each week we look behind the social engineering scams, phishing schemes and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Buettner and joining me is Joe Kerrigan. Hey Joe.

C

Hi, Dave.

B

To welcome and our N2K colleague and host of the T minus Space Cyber Briefing, Maria Ramazes.

A

Maria hi Dave. And hi Joe.

B

We've got some good stories to share this week. Do we have any follow up? Joe?

C

Yes, we do, Dave.

B

Okay.

C

This came up on one of my phones, actually. My, my work phone, which is an Apple phone, caught my eye. It's from Arun Vishwanath. Vishwanath. He's a technologist writer at Dark Reading. And it talks about, he says, the beginning of the end of social engineering. And I thought about making this my story today, but it really doesn't lend itself to that. It's an opinion piece.

B

Okay.

C

And Arun's idea is that because everybody's putting AI into the operating system, that eventually this will stop people from doing the things that attackers need them to do in order to compromise their machines or get inside of a network. I don't know how I feel about that. First off, the fact that everybody's putting AI into everything, I think even Ubuntu is putting AI into their operating system. I live in a sphere, Dave, where people are not really happy with that.

A

I live in that same sphere.

C

Right.

A

Yeah.

C

You might call it conspiracy theory minded, but I don't think this is really far reach, like flat earth or anything. You mean big tech companies want to gather more information and process it. Want to process it on their AIs. Big companies want to. Big tech companies want to put AI models or systems on our computers and use our computers as their processing, probably for free. Wouldn't look if I could eliminate the cost of all these computers and just offload that to the customer. Okay. So, you know, everybody I've talked to about this is not happy about it. Like I'm actually seriously considering about changing to some version of Linux that doesn't have built in AI on it. Anyway, Arun's statement I think is, or at least thought here is a good one. And you know, maybe this will be something, something that's good, that helps people in the long run.

B

So is the notion that the AIs built into your operating systems will basically be looking over your shoulder to keep you out of trouble, Right?

C

Exactly.

B

Okay.

C

You know like take, for example, that captcha scam. That's not really a captcha at all. It says, hey, we need to verify you're human. Click here, copy this text, paste it into a command prompt, and we'll authenticate you. You know, if you could pair an AI that reads that and sees you starting to do that, it just goes, hey, wait a minute, don't do that.

A

So there was back in the 90s, there were people clamoring for the idea of having a hand that would come out of the monitor and slap you before you did something stupid.

C

Yes.

A

So it sounds like that's actually maybe happening.

B

I thought just a mild electrical shock in your chair.

C

Right.

A

Just a little slap.

B

Right smack. I like it.

A

Okay. All right.

B

You know, I wouldn't have a problem with that if it was something you could turn on or off and then also dial in like, you know, you could on your phone or your computer or your whatever, your iPad, you know, put it into grandma mode.

C

Right, right. So it's always on all the time.

B

Right? Right. Yeah. Just have different ways of dialing it in depending on. So that you're not feeling. If you're someone who's technically capable and feels like you can handle these things on your own, you might dial it down a notch.

C

Right.

B

But you're also protecting people who can't protect themselves or, you know, just are challenged in that way. So.

C

Yeah. Yeah. Interesting.

B

All right, well, we'll have a link to that story in the show notes. It's an interesting approach, I suppose.

C

Yes.

B

Let's take a quick break to hear from our sponsors. And when we come back, we will dive into our stories. Every attacker counts on one thing. Environments that trust too much. Threat Locker closes that gap with default deny at execution. Unknown software blocked. Trusted apps contained with ring fencing Configurations verified with Threat Locker DAC so you stay secure and compliant with ThreatLocker delivers the visibility and control CISOs need without adding operational pain, making zero trust real for teams of any size. Stop ransomware at its earliest point. Book a demo@threatlocker.com N2K. And we are back. I'm going to kick things off for us here this week. I have a story from Infosecurity magazine and this is a warning that came from the FBI. They're saying that the FBI is warning that courier cash pickups are fueling cryptocurrency investment scams. So we have talked about how the banks, the stores, the places that sell gift cards, the bank tellers are getting more and more educated and are getting in the middle of these transactions, when people are in the middle of a scam. And that's all good, but of course, the bad guys are pivoting because of that. And they're saying that. The FBI is saying that the cryptocurrency scammers are using cash couriers to collect money from the victims. So rather than having you go to a bank or you transfer money through something like that, they'll have someone come and pick up cash in person. And that avoids the scrutiny that an electronic transaction gets. So how does this work? Well, it starts off as any sort of these types of scams the person's persuaded to invest money through a fraudulent cryptocurrency investment platform. Maybe there's a romance scam angle to it where the scammer shows affection toward the person, and so the victim will attempt to invest more funds or withdraw their profits. And then the scammers will say that additional investments are required, or that there's some taxes or penalties or fines that have to be paid before any withdrawals can be processed. And then they'll tell the victim that their account has been flagged, which makes normal bank transfers impossible.

C

Hmm.

A

Okay.

B

Yeah, yeah, the good old flagged.

C

Yeah.

A

Oh, hey.

C

What does that mean? It makes no sense to me.

A

By whom, for what?

B

But they have you this far along, I guess they're assuming that you're trusting them.

C

Right.

B

So instead of wiring money, the victim is instructed to withdraw cash and then give it to a courier when the courier comes. And they'll do some kind of. The scammers will do some kind of system with, like, a password with the courier and you, the victim. So when the courier comes, the courier will say, what's the password? Or you'll ask the courier, what's the password? And they'll tell you the password. You give them the cash. They say this creates a false sense of legitimacy and trust.

C

Right.

B

But then after you hand off the cash, the victim will see what appears to be an increase in their cryptocurrency holdings or their account balance on the fake investment platform.

C

Yeah, that's easy enough to do.

A

Oh, yeah, yeah. Okay. Yep.

B

Right. And of course, the balances don't mean anything.

C

Right? They're meaningless numbers.

B

Right. But they are designed to encourage maker money than normal.

A

Yes.

B

Yeah, they're just encouraged to. They're designed to encourage additional investments. So when the victim tries to withdraw their profits again, the scammers claim further taxes or fees or penalties, and they say additional cash pickups are arranged. Rinse and repeat.

C

Right. Right.

A

I could see this because a lot of people, frankly, don't understand how crypto anything works because it's not the same as, you know, sort of standard money stuff. So I remember when I dipped my toes in it a few years ago, it was just a totally different world. So it's. I could see people just going, I. I don't. I don't get it. This must be one of those crypto things. So. Must be legit.

B

Yeah.

C

If you don't know anything about cryptocurrency and you get all of your information, 100% of your information, from a scammer.

A

And how would you know?

C

You believe it?

A

Yeah.

C

How would you know?

A

How would you know?

B

Yeah. Right.

C

And I mean, for many reasons, right? No, because I'm sure there are people out there that goes, what's the difference between that and someone who starts some kind of blockchain? Cryptocurrency. Right.

A

Yeah.

C

He's going to just speak a bunch of mumbo jumbo to me. I'm not going to get it.

A

So, I mean, same goes for regular money for a lot of us, to be honest.

B

Honestly, 100%.

A

The moment you start scratching the surface, it's like, I don't get it. I don't understand this. Okay.

B

Right.

A

That's why I pay people to figure this out for me, because I don't get it.

B

Am I going to be able to retire someday?

A

Yeah. Yeah.

B

That's what I need to know.

A

Computer says no.

B

You know, okay, so the normal scam information applies here. The scammers make initial contact through things like social media platforms, maybe through unsolicited text messages, fake cryptocurrency experts or investment advisors. They'll appear to be wealthy, successful, knowledgeable, all of those kinds of things. Those are tales as old as time. We mentioned that there might be a romance scam element to this. And then According to the FBI, they had some stats here that they said nearly 73,000 investment fraud complaints were reported last year, and victims lost more than $8.6 billion.

C

That is a lot of money per. Per unit there.

B

Yeah. So the FBI has some tips here. They say, protect your personal information. Never share banking details with anyone you don't know. Be wary of unsolicited contacts, verify identities independently. We talk about that all the time. Never trust someone saying they are who they are, or never call a phone number that they give you for your bank or anywhere where you'd be exchanging money. Watch for love bombing. This is when they overwhelm you with affection and short Circuit your rational thinking by making you feel loved. They say avoid suspicious links and pop ups. Research before investing and hopefully you'll be able to protect yourself.

C

Yeah. If you don't know how cryptocurrency works, there are plenty of places online that will show you don't listen to some scammer or your boyfriend who's fake probably telling you, man, I'm making bank and crypto.

B

Right?

A

Yeah. An ad on social media also, probably not going to. Yeah, there's a lot of the I made a ton of money on crypto ads. I see them all the time. Yeah. I mean, again, how would you know? It all just seems like it's got that same veneer of trustworthy. Ish.

C

Right.

A

Because even the most up and up crypto stuff to me doesn't really always pass the sniff test. But it's technically legit. I don't know.

B

Yeah, I mean, I don't know. Would you guys agree with the notion that if the word crypto is involved in any kind of investment plan or scheme, that it shouldn't be any money that you can't afford to lose 100% of?

A

Yeah, that's say that for any money of any type. Money in general, of any kind.

C

My statement is if you can't afford to walk out into the street and set that money on fire, don't put it into crypto.

B

Okay, fair enough. Fair enough. All right, well, we will have a link to that story in the show notes. Maria, you're up next. What do you got for us?

A

Oh, this is a really interesting article that was in Time magazine. The headline was A rock band went viral. Then AI Scammers moved in. And this is by Andrew Chow. Fun fact, at the beginning of my journalism career, I actually started off as a music journalist. So I would hang out with rock bands and stuff in my early 20s. It was a lot of fun.

B

So did Joe.

C

Yes.

A

No. Yeah, that's why we're best friends.

B

Right.

C

Who's the biggest band you hung out with?

A

Oh, nobody you would have heard of. Yeah. Because they were predominantly Japanese.

C

Oh, okay.

A

Yeah, so I doubt you would know them.

C

Unless it's Babymetal. I don't know who they are.

A

Babymetal didn't exist yet when I was.

C

But, oh, what about loudness? I do remember loudness.

A

Loudness is a great band. No, I never got to hang with them though. But they're a great band. No, I actually knew a roadie for loudness though.

B

Really?

A

Yeah.

B

Anyway, how about you? What was the biggest band you got

C

to hang out with Metallica. Oh, wow. Okay. Only got to hang out with Jason Newsted. He was the only one cool enough to talk to us. The rest of them were kind of jerks.

A

That's awesome. That is awesome. Well, for anyone listening who knows who this group is, I actually worked for X Japan and that was part of my claim to fame for a little bit. And you can google them and find out what I mean later. Anyway, so I was very interested in this story because of my those years way behind me. And this was about an indie band that made it big recently. They are the Nashville based rock band called Sons of Legion. Have either of you heard of these guys?

C

Not yet.

B

Sounds like a rock band name.

A

Yeah, it sure does. And admittedly I just want to just be on the up and up. Their music is not my cup of tea. I'm not saying they're bad. That's not what I'm saying. Just not like the type of music I listen to. But they got recently very popular.

C

I think I may have heard of these. Yeah, look them up and look at their logo.

A

Yeah, look them up. It might be your cup of tea. I have absolutely no idea. They went from apparently 12,000 followers on Facebook in just last year, January 2025 to 2.3 million today. So that is a massive blow up. Like the kind that most indie musicians literally dream of from time of childhood. I mean, that is an incredible success. And as a result of their newfound popularity, they actually have embarked on a 50 city sold out tour. Opened for Jelly Roll, if you've heard of him. And I, I, I, I grabbed this little description from their website. Their music, featuring standout tracks like Brand New Day Power and Firestarter, has garnered over 55 million streams and is featured on major platforms like ESPN, Dodge Ram commercials, Netflix and NBC. So there you go. Like they've made it big. Congratulations to them. That's awesome.

C

Yeah, good.

A

Yeah, I love it. That's a great success story. And, and Sons of Legion says that it is being totally overwhelmed by AI powered impersonation scams that are targeting their fans and that's not their fault. It's like this is a huge bummer and this is an incredible case study. I'm really pleased that Time magazine is surfacing this because I was fascinated. Beginning to end. So they the Andrew Chow interviewed a number of the band members, including their lead singer, and the band said that they estimate 50 to 60 new fake fan accounts or fake groups for Sons of Legion appear every day predominantly on Facebook. You could have seen that one coming probably, but also on other platforms. And the lead singer, his name is Adam, Adam McGinnis, he actually sent a screen cap of all of these fake groups on Facebook that they're just dealing with all the time. And a lot of them have at least 10,000 members with over 40 posts a day in them. And this list is just insane. And it just apparently just keeps going every day. And a lot of them are like buy and sell groups for tickets. And again, they're in the middle of a tour right now. So this is a huge problem. The scammers are creating these fake groups, fake band pages, and also fake profiles that are pretending to be predominantly the lead singer, Adam McGinnis, as well as the other band members. And then, as you might imagine, as often happens with scams like this, which predominantly are romance scams, once the fans engage with the fake accounts, the scammers are then urging them to move conversations somewhere more private where they can be alone, like telegram signal or Zangi. I, I actually don't know Zangi, but there you go, it's another platform. And then the. The AI angle for this, as we've talked about from many other types of similar scams, is the scams are using AI generated voice messages, photos and videos that closely resemble the real musicians. Apparently they, they. One of the examples I was reading about was in a romance scam lore, they actually generated videos of the lead singer coming out of the shower and sending this to people, like, just crazy. And then Adam McGinnis, the lead singer, was saying that some of the AI generated content is so convincing that even he's startled by how realistic it looks like he's wondering, did I actually take that video? Maybe I just forgot in the frenzy of getting ready for a tour. So, as I mentioned a little earlier, as you can imagine for something like this, the goal is usually romance fraud. The victims of these scams are led to believe that they're in a personal relationship with a band member, again usually the lead singer. After the scammers build the trust with the unsuspecting victim, the scammers will ask for money, often claiming that they need help with tour expenses. Tours are expensive medical bills or other emergencies. And then of course, the payments are requested as crypto. So if the. If the victim does become wise to it, it's going to be really hard to get that money back, if not impossible. And there's more to this, which is like the story keeps going. Scammers are not just doing romance scams. In this case, they're also selling fake merch, fake concert tickets, fake VIP memberships and backstage passes. And so the band has said many times at the concerts and the tours that they're doing, fans show up with their counterfeit credentials being like, yeah, let me in. I bought my backstage past. And the staff gets to be the bearers of bad news that all that stuff is not legit. And then even worse, band members say that they regularly meet fans at their concerts who genuinely believe that they were dating lead singer Adam online. And one victim apparently reportedly left a 40 year marriage and sent roughly $50,000 to a scammer that was impersonating Adam. And in other cases, other victims have sent intimate photos in reply to intimate AI generated videos of the band members.

C

This guy's like Keanu Reeves.

A

Yes, well here, let's get to that though. And then those intimate photos are then later used in sextortion. Yeah, yeah. So it's okay. So you mentioned Keanu Reeves. And this is what was very interesting to me about this story because I. My mental paradigm was that these kinds of scams were for the big leagues, like Keanu and Tay Tay or whoever. And I mean no offense to these guys. I hadn't heard of them, but you know, 2.3 million fans is a lot. But it's not like, you know, bajillions like Taylor Swift. I didn't think that AI scammers would bother going after groups, you know, smaller groups like these guys. But there's two particular reasons in this article that apparently this type of scam is so effective. Firstly, this band, unfortunately, fortunately their fan base does tend to skew a little older. So sorry, they're more primed for romance scams.

C

Right.

A

Don't want to put you find a point on it, but it's true. And the second reason is actually because they are an indie band. They're not part of some major record label. They're basically going on their own. They have a manager, but like they're otherwise, they're doing a lot of self publishing. And they're not alone. A lot of creators are trying to go this way nowadays. So a lot of crowdfunding, think of like Patreon or Kickstarter, those kinds of things. So in, in that kind of situation, when you're indie like that, it is not at all unusual for you to go directly to your fans and go, hey, we fell on hard times. I actually, if you wouldn't mind buying some of my merch, I'd appreciate it. Or you know, could you, could you front off Some money for this new initiative so we can record a new album. That's not a weird thing anymore at all. So if a scammer is then going to the fans and making a request like, hey, we're in dire straits right now, it's not going to set off any alarms. It's not a red flag at all because the groups are legitimately also doing stuff like that all the time. Like, if Taylor Swift did it, you'd be like, yeah, why is Taylor Swift asking me for money? But an indie band, like, that's a totally legit.

B

The tour bus got a flat T and we're stuck in Alabama.

A

Honestly, I was just thinking, recently there was a performer who got in like a catastrophic bus accident where like the entire band basically got sent to the hospital and they needed help paying for their hospital fees. That's America for you. And it's like, yeah, this was a legit thing. But I remember when that ask went out, I had to really research and make sure, was this legit or is this the scam? But it was legit. But, yeah, the bigger story here is of what AI is doing to what we have sort of covered as more traditional celebrity impersonation scams. So the scammers can now generate realistic voice notes, videos and conversations at scale. So it's not a threat for only the biggest names now. And the scam works because the fans already feel a really strong emotional connection to these indie artists. It feels more one on one. You can have those conversations with the lead singer or like, they will interact on their fan pages. It's part of the appeal of getting to know an indie group. It's the fun of it, right? And again, since these scams can happen at scale, indie creators of all kinds who are sort of in that sweet spot of having some recognition and an engaged fan base and also will make a direct request of their supporters, they're actually especially vulnerable to be targeted by a scam like this now. And the kicker to me is because these guys are indie or independent, they also generally don't have the resources or the time to be fighting scams like this. Like, they're trying to stay afloat. So in this case, Sons of Legion, they actually did have to pay for a deep fake protection and takedown service, which I'm sure was the last thing they needed. Yeah, that money would have gone way more further on a lot of other things. I'm sure the list is a mile long. But they had to pay for a service like this, which. Which really stinks. So I've kind of spoken a lot, but I'll just get to the takeaway real quick here. Even with your indie groups, you should always be skeptical of unsolicited messages. You know, these guys are, you know, they're not Taylor Swift and that's great, but it doesn't mean that they can't also be getting hit by AI impersonation scams. As we've talked about a lot on this show. Anytime someone says, let's take this to a second location, as Joe, as you often say, never trust that. So as soon as they say, let's get off of Facebook and let's talk on Telegram instead, or any other encrypted messaging app that is the hugest of huge red flags. And any request for any kind of money in any type, whether it's crypto or regular degular money, gift cards or financial assistance, like always do your due diligence. Don't just hand that money over. Like really, really be skeptical before you part with your money. And if anyone, indie or famous or in between, is contacting you personally, privately and asking for money, you are almost certainly talking to a scammer. So yeah, none of this conversation should ever be happening behind closed doors like the bands. If they need the money or support, it should be a public post that they're making so everyone can see it as opposed to a one on one because that's just not how it's done. So there you go. I was super fascinated by this story.

B

I wonder, is it almost, I wonder if they get a better hit rate by going after fans of an indie band like this, in other words.

A

Most certainly, yeah.

B

Because it's more plausible. Yeah, right. It's much more plausible that this indie band guy who's on the way up is going to be more interested in just a regular fan than, you know, like you said, a Taylor Swift.

C

Taylor Swift, Yeah.

B

So, yeah, yeah.

A

And I think when you hang around groups like this, I don't do this anymore. I'm too old. But I remember in my 20s especially, there are always sort of cultural touchstones of, you know, everybody has heard of a fan or heard of a fan of a fan or a friend who is totally besties with the lead singer and, you know, she helped him out or something. You hear these sort of, these wacky stories. So it sort of feels plausible that, you know, he saw you from the stage and he realizes that you're just his number one fan and that's why he reached out to you specifically. It's just, it's a classic thing. And I mean, I've heard so many flavors of this in my life, but it just feels like a really old trope that's kind of gotten this terrible new update. And, you know, he saw you from across the crowded room, but with an AI scammer twist.

B

The fact that he was a rock and roller in his 30s and you're a 70 year old woman doesn't matter. The heart wants what the heart wants. That's right.

A

Yep. Absolutely.

C

Yeah. I'll tell you, there's a band, a local band from around here that we follow when we go see from time to time. And they stick around after the show, you go talk to them and they, you know, they're great. They're wonderful. Yeah, they're called Carbon Leaf. They're awesome. I mean, you will not find more talent in one group of five guys anywhere else. And you know, they've produced so much music that's just amazing to listen to. Yeah, but we've been there, we've gone to these shows and every time we go to the show, we stay for the meet and greet and we meet them and we say, hey.

A

Yeah. And you hear in the crowd, I'm sure, like some really wacky things that people believe. I mean, I don't know about you, but I always, I overhear conversations where I'm going. Really? You really think that that's real? It's kind of wild. So, yeah, it's just kind of amazing that AI scammers have decided to add accelerant to that. It's crazy.

B

All right, well, we will have a story or we will have a story to that link. We will have a link to that story in our show. Not. And let's take another quick break to hear from our show sponsors. We'll be right back after this message. Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With ThreatLocker allow listing, you stop unknown executables cold. With ring fencing, you control how trusted applications behave. And with threat locker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. It's powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source and regain control over their environments. Schedule your demo@threatlocker.com N2K today. And we are back. Joe, what do you got for us this week?

C

I've got two because they're short, actually three. But two of them are from the same source and they're talking about the same source thing. But first, before we get to that, let's get to Reuters story about hsbc. Are you familiar with hsbc?

B

Go on.

C

World worldwide banking conglomerate.

B

Oh, okay.

C

Yes. Their Australia unit is going to pay $24.6 million in fines over scam protection failures. And this is from the. They were, they were sued in Australian court for failing to maintain adequate controls over internal transfer systems between May 2023 and May 2024. This is like one year. And this is the Australian Security and Investment Commission. ASIC has sued them and they, and they, they actually have capitulated. Before going to trial, they said this is an agreement. The bank was also aware that as early as 2021 growing threat from impersonation scam was. Was coming and they didn't, they didn't do anything about it. So. H. HB hsbc. Hsbc.

B

Thank you.

C

I wanted to read their comment in here. This is, this is one of my favorite parts of it. It's the. From an HSBC BC spokesperson. Two Reuters. We reached an agreement to resolve the proceedings with the ASIC which recognizes our customer redress program and significant enhancements made to our fraud and scam prevention, detection and response. There they are again, Dave and Maria telling us everything is better now that the, you know.

B

Right.

C

We have closed the barn doors.

B

That's right. That's right.

C

Those horses won't get out again.

B

We're getting new horses.

C

Right. We're going to have to get new

B

horses just like the old horses.

A

Right.

C

So, you know, good, good for Australia and the asic. Good, good job. I don't know if that's a big enough fine to impact anything. I'd like to know the total number of losses in Australia that were reported because I'll bet it's larger than that. And if they went to court, they may have to just start reimbursing people. Who knows. Any thoughts?

B

Well, hopefully it puts the other banks on notice.

C

Yeah.

B

I mean there's an enforcement regime in place.

C

Yeah. It's actually 35 million Australian dollars.

B

Okay.

C

Was the amount. And for some reason Reuters puts everything in US dollars probably because that's currently the global currency. That's right, yeah. So my other two stories come from the Michigan Area in, in Grand Rapids area. And these are both coming from WOD tv. And the first one is about a couple busted in Ada Township because they were scamming old people out of money by telling, telling them they're federal agents. And it had this couple cash out 25 or 2 point, sorry, $250,000, turn it into gold and they hand it handed or were asked to hand it over to the report doesn't say if it, if it actually was given to these guys. But the available details indicate that investigators stopped the alleged scam before the quarter million dollars was transferred.

B

Wow.

C

Now on to my favorite story and my favorite story of this. If you guys have clicked on this, go down to the mugshot, okay. And just look at the shock look on this guy's face.

A

Oh boy. Oh geez.

B

He could be the FBI director.

C

Right?

A

Yeah. Dead ringer for Kash Patel. Yeah, right. Yep.

C

Yug Chahun or Cha Cha Cha Chaan. Yug Chauhan has been arrested because he was trying to scam an old wood. Oh, a 79 year old Ottawa county woman out of $700,000 in gold. Now this woman went to an exchange where you can, you know, like some vendor that sells physical gold currency and says, I need to buy $700,000 in gold coins. And immediately this guy goes, uh huh. Let me make a phone call.

B

Good for him.

C

Yeah, good for him. Gets the authorities, of course they find out what's going on. So they send an undercover police officer and she is standing on the corner waiting for this guy to pull up and he does. And she was pretending to be on the phone with the other scammers. She says, are you the agent? And he says yeah. And he's wearing a white winter hat and sunglasses. Sit in the car and do I give him the box in. She says into the phone and is, is that the code? What's the password? They're exchanging passwords. Do I hang onto the box and the suspect is just sitting there watching. He goes, I'm supposed to give you this. I think it's all in there, sir. She says, do you want me to give him the box or do you want me to hold on. She's saying to the person on the phone, okay, Eric. And then she drops the phone and the box and grabs the suspect's arms, pulling them behind his back. As several more deputies move out from pull up an unmarked cruisers, which I think this is just fantastic. Okay.

B

It's very cinematic, right?

C

It's a great story. So another, another, another, another win here. As Old Yug Chahan is now in, in pretty deep. He's charged with two 20 year felonies, which is. Yeah, looks like a young man probably won't look like that when he, when he gets out. Here's my issue with this. We are looking at the surface of the problem. There is an entire economy under this that operates. This is essentially gold jewelers who are crooked and they're looking for ways to source gold with as little cost as possible. So they're scamming people out of physical gold and then they're turning around and selling jewelry to people at impossible prices. Crazy Dave has lost his mind.

A

Good old Crazy Dave.

C

The manager's out of the office.

B

Right.

C

So we're selling everything at 50% off. So I think it's, you know, again, we're looking at. You know, I get this because this is exactly what I was talking about early on in the show with Microsoft and Google trying to offload all their computing stuff onto your computer.

B

Right. Make.

C

If I could, if I could turn this where I don't have to pay any overhead, I could turn this into an all cash business. Right. You know, you just make money hand over fist and I don't have to pay any expenses, so I wouldn't have to buy gold. I can just steal it and then I can make money.

B

You might be onto something, Joe.

C

Right. Yeah. That's what's going on. Because down in, I think, Louisiana, we had a story about this years ago. Yeah.

B

Just go to the top. Just go knock on the front door at Fort Knox.

A

Yeah, yeah.

B

Hi.

A

Hey.

B

I'm Joe Kerrigan.

A

I'm here to trim you.

B

That's right. I just want to look around a little bit. Don't mind these large pockets on my pants, your jinkos.

C

You know how heavy one gold bar is? So heavy.

B

Yeah.

C

That is a dense metal. So, you know, that's it. That's it for me. I'm just two of these. Two of these in one week. That's a good story.

B

Okay.

C

I hope they can use these, the three people they've captured here. Cause in the first story, they busted a couple. I hope they can use these people to get to the next people in line. Where were you going to take the gold? Where was it? What's next?

B

Right, right. And if there are indeed dirty shopkeepers who are helping launder the gold, they're part of it as well.

C

Gold is remarkably simple to launder.

B

Yeah.

C

So I mean, it's one of, one of the reasons they're going this route.

B

It's easy to turn it into other things. Yes, it's easily meltable. You can do it at home.

C

Yes, you can. For very, very low expense.

B

Right, Right. All right. We will have a link to all three of those stories in our show. Notes. Joe, Maria, it is time for our catch of the day.

C

Dave, our catch of the day comes from the scambait subreddit r.scambait. and this is called Eric. This.

A

Can we read that title?

B

Say B.

C

B. Oh, when you get to the

B

word, just say B.

C

Failed Bait. Because I'm such a B. Word Part one.

B

Okay, so Maria, I will play the part of Eric.

A

That's my husband's name. So this won't be weird at all.

B

No, no, not at all. So I'll be the one in white, you be the one in blue.

A

All right.

B

And we'll see where this takes us. Okay. I have to say, you seem like a very lovely and well put together person. I can imagine your husband must really appreciate having you as his wife.

A

He absolutely did when he was around.

B

So where is he now?

A

Not sure really. I had him declared legally dead in February. He disappeared while on a fishing trip. His body was never found.

B

So sorry for your loss. I am a widower with one son. It hurts loosing someone close to your heart.

A

I'd just like to know where he is and if he's okay. But I believe in my heart that he's dead.

B

Yeah, I think he's dead. So how long have you been a widow?

A

Well, that was a bit insensitive of you. I mean, it's okay for me to

B

say it with the way you explained it to me. That's why I said so.

A

Yeah, but you didn't have to be like, yeah, he's dead.

B

Okay. I'm sorry if that made you angry. I've been single for almost five years now. You?

A

Since December.

B

Do you live alone or with your family?

A

Oh gosh. I couldn't imagine being an adult and living with my parents. I have my own home.

B

I was just asking what is your age? M 60. You?

A

Almost 40.

B

Your look so young and beautiful.

A

I get that a lot. Do you like cheese?

B

Yeah, I do. You?

C

You?

A

Of course. What's your favorite kind of cheese?

B

Yeah, I like cheese. I'd say cheddar or mozzarella is my favorite.

C

This is great, by the way.

B

What about you?

A

Gorgonzola. But I'm lactose intolerant. Yeah, cheese just makes me lose boweled. What do you do for a living?

B

I'm a commercial sailor. I deal on the delivery of heavy duty generator plants globally. But planning on retiring soon so I can find a good woman I will spend the rest of my life with. What do you do for a living?

A

I'm a blood spatter analyst with the Essex County Police Department. I go to crime scenes and process the area, collect evidence and help the department solve violent crimes.

B

Nice job.

A

I see a lot of gruesome.

B

So what do you normally do when you're less busy, like your hobbies?

A

Hunting, bowling. I wrap things in clear plastic. Kickboxing, drag, breeding snakes, a little bit of this, a little bit of that.

B

Nice hobbies. My hobbies are swimming, going to beaches, dancing, writing, poem, dinner, love, animals of all kind. I'm a pretty good cook. Playing golf, walking around, watching TV and going to church as well. So you have snakes?

A

Yes, I have three. William Snakespear, Reese Slitherspoon and Julia Squeezer. They're all ball pythons. Do you have any pets?

C

Great snake names, by the way.

B

Wow. Don't you ever get scared of them? I don't because of my profession.

A

No. I've had them since they were hatched. They were so tiny and cute.

B

Wow. I would really love to have a view of your snakes.

A

I'm going to have a Reptarium built in the lot next to mine and breed them.

B

So what specie do you want to breed?

A

I told you what they were. You can only breed one species.

B

Okay. I would really love to extend our conversations a lot, but I'm not always online here.

A

Yeah, I don't really get much time online either.

B

I'm always online on telegram or teams.

A

In my line of work, when there's a crime scene, I often get called out in the middle of the night and all different hours. We have this really peculiar case going on right now. Some real sickos out there. We think he's driving around in a stolen ice delivery vehicle. We've nicknamed him the Ice Truck Killer.

B

So you're on it now?

A

Am I on what?

B

Are you on WhatsApp? About the crime you're telling me about.

A

Oh, well, no, I'm at home now, but it's an active and ongoing investigation. I can't really talk much more about it. Confidentiality and all that.

B

Okay. Where else do you communicate?

A

Mostly on Facebook. Messenger or telegram. Do you have Facebook?

B

Okay, send me your telegram username. I'm not on Facebook.

A

I don't think we have anything in common. Your interests and hobbies don't align with mine.

B

That's not a problem. We can just be Friends and know more about each other.

A

Kay.

B

So send me your telegram username so I can send you a text.

A

Just send it tomorrow. I have plans now and we'll end it there.

C

That's pretty good. I like the response that happened when she asked if he likes cheese.

A

Do you like cheese?

C

Do you like cheese? Like, you know, that's like, one of my favorite things to think about in this is just, like, obsess about something obscure.

B

Right?

C

You know, pick something you know and just get into, like, all the details of it. Like, maybe you want to talk. You know what I really like? I like ho trains. That's my favorite thing. And they just never stop talking about ho trains.

B

Right, right, right.

C

And then when. When the romance scammer is like, can we talk? No, no, that's not ho trains. That's not what I like talking about.

A

That is not a hair question. Yeah, no, absolutely not.

B

So were you forced them into trying to be romantic and sexy about ho trains?

C

H. Right, yeah.

B

Oh, keep talking about ho trains.

C

Or if you know a lot about cheese.

B

Right, Exactly.

A

I like the feta.

B

Just a random thing to throw out there and see if it throws them off.

C

That is one of my favorites. I love it. It's one of my favorite fresh cheeses, I'm telling you.

A

All right, well, Joe is not a scammer.

C

No, no.

B

We will have a link to that in our show notes and we would love to hear from you. If there's something you'd like us to consider from for our catch of the day, please email us. It's hackinghumans2k.com. Most environments trust too much and attackers know it. Threatlocker enforces default deny at execution, blocks unknown apps and limits what trusted apps can do. Stop ransomware at the source. Get your demo@threatlocker.com N2K. And that is our show brought to you by N2K Cyberwire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to hackinghumans2k.com this episode is produced by Liz Stokes. Our executive producers, Jennifer Ibin were mixed by Elliot Peltzman and Trey Hester. Peter Kilby is our publisher. I'm Dave Bittner.

C

I'm Joe Kerrigan.

A

And I'm Maria Varmazes.

B

Thanks for listening. I'm William Snakespear

A

or you actually go.