Podcast Summary: Hacking Humans – "Gold Bars and Bold Lies"

Podcast Information:

• Title: Hacking Humans
• Host/Author: N2K Networks
• Description: Deception, influence, and social engineering in the world of cybercrime.
• Episode: Gold Bars and Bold Lies
• Release Date: June 19, 2025

Introduction and Follow-Up

The episode opens with Dave Buettner and Joe Kerrigan welcoming listeners to "Hacking Humans," a podcast dedicated to unveiling the intricacies of social engineering scams and cyber exploits affecting organizations globally.

Key Quote:

• [00:14] Dave Buettner: "Welcome to N2K, CyberWire's Hacking Humans podcast, where each week we explore the social engineering scams, phishing schemes, and criminal exploits impacting organizations worldwide."

Before delving into main stories, the hosts address recent developments and listener feedback, ensuring accurate information dissemination.

VIN Swap Scam Incident

Joe Kerrigan recounts a recent VIN swap scam case from Nevada, where a man named Sherman Habibian fell victim to purchasing a stolen GMC truck via Facebook Marketplace. The police intervened during the VIN verification, leading to the arrest of the scammer.

Key Quotes:

• [01:32] Joe Kerrigan: "A guy in Nevada found a GMC truck on Facebook Marketplace, negotiated a deal, but when he went to register it, the cops pulled him over and discovered the car was stolen."
• [03:19] Maria Vermazes: "Jeez."

The incident highlights the importance of verifying vehicle identities at official VIN inspection stations to prevent similar scams.

Listener Correction on FinCEN and Cryptocurrency Taxes

A listener, Lippard, clarifies misconceptions regarding FinCEN reporting and the use of cryptocurrency for tax payments.

Key Quote:

• [03:54] Listener Voice: "Banks are required to submit suspicious activity reports to FinCEN under the Bank Secrecy Act and respond to law enforcement requests under the Patriot Act. What is voluntary is participation in Patriot Act Section 314."

The hosts discuss the complexities and potential risks associated with using cryptocurrencies for tax payments, emphasizing the increased likelihood of fraud.

Social Engineering Attack on KnowBe4 Employee

Joe Kerrigan shares a compelling story from Stu Shauerman, CEO of KnowBe4, about a failed social engineering attempt targeting a VP named David B. The scammer impersonated the head of HR, attempting to extract funds under false pretenses.

Key Quotes:

• [06:01] Joe Kerrigan: "The scammer started by impersonating the head of HR, Ani, and even spoofed her phone number."
• [10:39] Joe Kerrigan: "Have a password or ask some knowledge-based authentication... like, what are you doing this weekend?"

Dave Buettner adds practical advice on recognizing red flags, such as unfamiliar protocols like the "Phish Alert Button," and the importance of verifying identities through established channels.

Gold Bar Scams in Maryland

Maria Vermazes presents a disturbing case of a gold bar scam involving a 75-year-old couple in Bethesda, Maryland. Believing they were securing their funds with the FDIC, the couple was manipulated into transferring $36,700 into gold bars, only to realize it was a sophisticated scam.

Key Quotes:

• [17:30] Maria Vermazes: "The couple was told to convert over $200,000 each into gold bars and hand them over to an FDIC representative to prevent their money from funding Russian missile suppliers."
• [21:33] Joe Kerrigan: "They're basically targeting wealthy counties because gold bars are easy to move and universally valuable."

The police intervened by setting up a sting operation, resulting in the arrest of Yong Xian Huang, a young courier who was unknowingly part of the scam. Montgomery County alone has reported losses totaling $6.6 million from such scams, indicating a widespread issue.

FBI's Warning on AI in Financial Fraud

Dave Buettner discusses a recent FBI public service announcement highlighting the burgeoning use of generative AI in financial fraud. The FBI warns about AI-generated text, images, and voice cloning that enhance the sophistication and success rates of scams.

Key Quotes:

• [31:14] Maria Vermazes: "Don't say it on a podcast."
• [32:21] Dave Buettner: "The dead giveaways that used to be there in phishing emails are gone because AI can make them sound perfect and grammatically flawless."

The hosts emphasize the need for heightened vigilance and better verification methods, such as secret phrases and scrutinizing communication for subtle imperfections.

Catch of the Day: Trunk Box Scam Impersonating FBI Agent

Joe Kerrigan introduces the "Catch of the Day," a deceptive voicemail message impersonating an FBI agent named Chad B. Yarbo. The scammer uses official-sounding language and legal references to intimidate victims into complying with fraudulent requests.

Key Quotes:

• [36:19] Dave Buettner: "They intercepted two consignment boxes with large sums of money and backup documents bearing your name as the beneficiary."
• [38:46] Joe Kerrigan: "If you start talking to them, they're just going to say you need to pay this fee and this fee and this fee."

The hosts analyze the scam's components, noting the inclusion of real legal codes to lend authenticity and the use of outdated grammar to target vulnerable individuals.

Conclusion and Final Remarks

The episode wraps up with the hosts reiterating the importance of skepticism and verification in all financial dealings. They encourage listeners to share their experiences and stay informed about evolving scam tactics.

Key Quote:

• [35:11] Joe Kerrigan: "There's a lot that goes into that system. But know that it does get logged and it does help them go after the things that they do."

Listeners are reminded to utilize resources like the FBI's Internet Crime Complaint Center (IC3) for reporting and seeking assistance.

Notable Quotes with Timestamps:

• [00:14] Dave Buettner: Welcome to the podcast.
• [01:32] Joe Kerrigan: Details of the VIN swap scam.
• [03:54] Listener Voice: Clarification on FinCEN reporting.
• [06:01] Joe Kerrigan: Description of the social engineering attack.
• [17:30] Maria Vermazes: Overview of the gold bar scam.
• [31:14] Maria Vermazes: Advice on secret phrases.
• [36:19] Dave Buettner: Introduction to the trunk box scam.

Key Insights:

• Scammers' Tactics Evolve: From VIN swap scams to sophisticated social engineering attacks, scammers continuously adapt their methods to exploit victims.
• AI as a Double-Edged Sword: While AI enhances legitimate cybersecurity measures, it also empowers scammers to create more convincing and scalable fraud attempts.
• Importance of Verification: Establishing secret phrases and independently verifying identities are crucial steps in preventing falling victim to scams.
• Gold as a Target: Gold bars offer anonymity and ease of transport, making them an attractive asset for financial fraud.

Conclusions: The episode underscores the necessity for individuals and organizations to stay vigilant against evolving scam techniques. By understanding the tactics employed by scammers and implementing robust verification protocols, one can significantly reduce the risk of falling prey to such deceptive schemes.