Hacking Humans: Gold Bars and Bold Lies Hosted by N2K Networks | Released on December 19, 2024

In the latest episode of "Hacking Humans," hosted by Dave Buettner, Joe Kerrigan, and Maria Vermazas from N2K Networks, the trio delves deep into the intricate world of deception, influence, and social engineering within cybercrime. Titled "Gold Bars and Bold Lies," the episode unpacks sophisticated scams that exploit unsuspecting individuals and organizations, highlighting real-life cases and providing invaluable insights into recognizing and preventing such fraudulent activities.

1. VIN Swap Scams and Listener Insights

The episode kicks off with a discussion on VIN swap scams, a prevalent issue in the automotive market. Listener Sherman Habibian shares his firsthand experience:

Sherman Habibian [01:53]: "I saw this come across the news feed today when I was looking for a story for today, and it was a VIN swap scam. ... the police have arrested him."

Habibian recounts purchasing a seemingly legitimate GMC truck on Facebook Marketplace, only to discover it was stolen upon attempting registration. His diligence in requesting the seller's driver's license and capturing a photo of the fake ID played a crucial role in the perpetrator's arrest. However, the financial loss remains unresolved, hinting at a larger network behind the scam.

The hosts then address a listener correction regarding FinCEN reporting, emphasizing that while certain aspects are mandatory under the Bank Secrecy Act and the Patriot Act, proactive information sharing remains voluntary. Additionally, the conversation touches on the novel idea of paying taxes with cryptocurrency, a topic generating mixed sentiments among the hosts.

Dave Buettner [05:07]: "Voluntary taxes, really."

Joe Kerrigan [05:18]: "Yeah, it just sounds like a bad idea to me."

2. Social Engineering Attack on a KnowBe4 Employee

Joe Kerrigan narrates a compelling story about Stu Shaurman, CEO of KnowBe4, detailing a thwarted social engineering attack targeting an employee, David B.:

Joe Kerrigan [06:14]: "And it is the title of this is Real Social Engineering. Attack on knowbefore Employee Failed."

David B., the VP of Asia Pacific in Japan, received a call from someone impersonating the head of HR, Ani. The scammer employed tactics like claiming a poor phone connection and requesting urgent financial transfers, including a demand for 30,000 Singapore dollars to access his account. David's familiarity with KnowBe4's internal security protocols, such as the Phish Alert button, and his knowledge of Ani's personal preferences (like her favorite local dish) raised suspicions, leading him to terminate the communication.

Dave Buettner [07:00]: "Yeah, that's why it's being targeted."

This case underscores the importance of contextual knowledge and internal security measures in detecting and preventing sophisticated social engineering attempts.

3. The Rising Tide of Gold Bar Scams

Maria Vermazas introduces a disturbing trend: gold bar scams targeting affluent individuals, particularly in wealthy regions like Montgomery County, Maryland. She recounts the plight of a 75-year-old couple who were deceived into handing over $36,700 in gold bars to someone they believed was affiliated with the Federal Deposit Insurance Corp. (FDIC).

The scam unfolded through a series of escalating fraudulent interactions starting with a deceptive text message about their Apple ID being compromised. The situation quickly spiraled into more severe threats, including accusations of child pornography and warnings about Russian missile suppliers, coalescing to pressure the victims into transferring substantial funds into gold bars.

Maria Vermazas [12:53]: "Another gold bar scam, which I'm... amazed to see these and saddened."

Despite the significant financial loss amounting to $6.6 million in Montgomery County alone, the investigation revealed that the perpetrator, Yong Xian Huang, a 23-year-old who only speaks Cantonese, acted as a mule, potentially unaware of the broader criminal operations.

Joe Kerrigan [21:54]: "Yeah, he's a mule."

This segment highlights the complexity and scale of modern scams, emphasizing how easily gold bars can be leveraged for large-scale fraud due to their high value and ease of transport.

4. Insights from the FBI on Generative AI in Fraud

Briefly touching upon a public service announcement from the FBI's Internet Crime Complaint Center (IC3), Dave Buettner discusses the emerging threat of generative AI being exploited for financial fraud. The episode highlights how AI-driven phishing emails have become more sophisticated, making them harder to detect with perfect grammar and automated scalability.

Dave Buettner [31:07]: "...crucial to verify the identity of the person calling you..."

Hosts advise listeners to adopt traditional security measures such as creating secret words or phrases with family members and being vigilant about imperfections in images and videos as AI-generated content becomes more prevalent.

5. Catch of the Day: Impersonation Scams and Old Tactics

The episode concludes with a humorous yet cautionary Catch of the Day, where the hosts craft an elaborate advanced fee scam email purportedly from an FBI agent named Chad B. Yarbo. The spoof email mirrors official communications with references to specific U.S. Code sections, adding a veneer of legitimacy to the fraudulent message.

Joe Kerrigan [39:37]: "It's basically a trunk box scam, right?"

This segment serves as a reminder of the enduring effectiveness of traditional scams, even in the age of advanced technology, by capitalizing on fear and authoritative impersonation.

Key Takeaways and Recommendations

1. Vigilance Against Sophisticated Scams: The episode underscores the need for constant awareness and skepticism, especially when dealing with unsolicited financial requests involving unusual methods like gold bars.

2. Internal Security Measures: Organizations should strengthen internal protocols, such as KnowBe4’s Phish Alert button, to empower employees to recognize and respond to potential threats effectively.

3. Public Awareness and Education: Sharing real-life scam stories and listening to expert advice, such as the FBI's recommendations, can arm individuals and communities with the knowledge to protect themselves.

4. Integration of Security Tools: Leveraging integrated security tools, as promoted by sponsors like KnowBe4, can enhance an organization's ability to detect and counteract social engineering attempts in real-time.

Notable Quotes

• Sherman Habibian [01:53]: "He found a GMC truck for sale on Facebook. Marketplace, negotiated a deal... the police have arrested him."

• Dave Buettner [05:07]: "Voluntary taxes, really."

• Joe Kerrigan [06:14]: "An attack on KnowBe4 Employee Failed."

• Maria Vermazas [12:53]: "Another gold bar scam, which I'm... amazed to see these and saddened."

• Joe Kerrigan [21:54]: "He's a mule."

• Dave Buettner [31:07]: "...crucial to verify the identity of the person calling you..."

• Joe Kerrigan [39:37]: "It's basically a trunk box scam, right?"

Conclusion

"Gold Bars and Bold Lies" offers a deep dive into the evolving tactics of cybercriminals leveraging social engineering and high-value assets like gold bars to execute sophisticated scams. By dissecting real-life cases and integrating expert insights, the episode serves as a crucial resource for individuals and organizations aiming to bolster their defenses against the ever-changing landscape of cyber threats.

For more detailed discussions and updates on the latest in cybercrime, tune into "Hacking Humans" by N2K Networks.