A

You're listening to the Cyberwire network, powered by N2K. Do you know how the space and cybersecurity domains connect T minus Space Cyber Briefing is your guide through the space based systems that expand the attack surface. I'm Maria Varmazis, host here at N2K CyberWire and I'm excited to share that T minus is back now as a weekly podcast, the T minus Space Cyber Briefing. We have a new dedicated focus on two great things that are even better together. Space and cybersecurity. Because whether we realize it or not, we all depend on space based systems that are, by the way, increasingly Internet enabled. We're talking cybersecurity technologies, policies and organizations that are securing the critical space based infrastructure that powers, protects and connects our lives here on Earth. So join me for T minus Space Cyber Briefing, new episodes every Sunday.

B

Hello everyone and welcome to the Hacking Humans podcast where each week we look behind the social engineering scams, phishing schemes and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Buettner and joining me is Joe Kerrigan. Hey Joe.

C

Hi Dave.

B

And our N2K colleague, Maria Vermazes. Maria.

A

Hi Dave. And hi Joe.

B

We've got some good stories to share this week, but first let's get into some follow up here. Joe, what do we got?

C

So Ben wrote in and he was following up on my story from a couple of weeks ago about the rental scam.

B

Okay.

C

He says, hi folks, a longtime listener, still loving the show, which is great.

B

Thank you, Ben.

C

Following on Joe's rent to own story where he when you asked, we all asked, why would a scammer go to the extent of getting the key combination and follow up and so on. In other words, this, what happened was initially the scammer told the the would be tenant, the scammed tenant, just break the lockbox off the house and you have my permission.

B

Right?

C

But then he engaged with the property company to make it look like a showing. The property company sent the combo to the lockbox and they opened up the house and moved in. And the next day they showed up and the property company showed up and said, hey, you guys can't be here. And they were a victim of a scam. But our question was why did they go through all the trouble? Why not just take the money and run? And Ben says that he was actually yelling in traffic hoping that we would answer it or hoping that we'd hear it. And of course we didn't. Ben, I'm sorry, you gotta Yell louder, buddy. Yeah, but Ben makes a very good point here. He says assuming no one shows up to claim their property, that family would've stayed in there for a month or maybe two or three or more. Each month means rent money is coming in, not a. You know, so in other words, investing five minutes. The scammer to get the. To get the lockbox code has the potential of having repeat income.

B

Oh.

C

Which I think is a. Is a brilliant observation.

A

So the people who got passive income for a scammer.

B

Right. So the people who got scammed and moved in into the house, if they go unnoticed, they're going to keep paying rent to the scammer up until the moment the actual owners of the house realize someone's squatted in their house.

C

Yes.

B

Interesting.

C

Yeah. And I think that's a good observation and probably the exact motivation, because you know what? Scammers want more money.

B

You know, my grandfather, I have that

A

in common with them.

B

My grandfather bought a piece of land one time that had a house on it, and there were some squatters living in the house when he bought the land, and he made a deal with them that they could stay as long as they helped clear the land. The land was totally overgrown. In fact, when he bought the land, there was a barn on the land that he did not know there was there until months after he.

C

Really?

B

Yeah. Wow.

C

It was so overgrown.

B

And then one. And it was a family, you know, a man, woman, and a child. And they were like, squatting in this little house. And then one day they were gone. They moved on. But up until that, they were pleasant and helped and worked around, and then they were just gone. And that's the way it went.

C

Huh. Weird.

B

Yeah. Yeah.

C

I mean, probably not weird. Probably fairly common, but weird to me.

B

Yeah. You just never know. All right, we got another bit of follow up here, Joe.

C

Yes, this one comes from Sue. If you recall, this is a chicken update. So

B

I just want to preface this by saying, listeners, we hear you. We know there are some of you who are enthusiastic about our chicken updates, and there are others who are not. So we're going to go through this quickly.

C

Okay. So I was having the problem with the chickens not going into the coop at night. They're sitting on top of an old run inside.

B

Right.

C

And sue says, why do chickens roost up high? They're programmed to perch high because they're trying to evade ground predators. Chooks, as she calls them because she's Australian, typically do not fly direct to their perch. Instead, they tend to make small Hops from one branch up to another to achieve the elevation they will fly if frightened or if they know they can achieve better food by flying over a fence. I've also seen them fly to keep up with the flock. Like one chicken suddenly realizes she's alone and she will fly across the yard to get with the other chickens.

B

Okay.

C

That's when they're free ranging. Have you put an object near the cooperation which the chicks can utilize as a stepping stone to get on the roof of. Actually, it's not the coop, it's a run. Another, a little run inside the big run. If the answer is no to this question, you will need to clip their wings. This reduces their flying ability and reduces their flya their wing size temporarily. Sue was kind enough to send along pictures of exactly how to do this in the email you forwarded to me. Dave. So we. They don't necessarily fly up to this thing. They are capable of going from the ground directly to the roof of this little run. It's sitting there. And the top of the run is higher than the door to the coop. So I think my next step here is actually the next step is my wife is not happy with the design, with the way the coupe and the run have turned out. So she says it does not look bougie enough for her.

B

Oh.

C

So we are.

A

Oh, ha ha ha.

C

Yes.

A

Bougie chicken. Okay.

C

She does want a bougie chicken habitat.

B

Right.

C

So we're going to begin working, retooling it and working on it. And one of the things we're going to do is put like swings in there for them. But I'm gonna try to put them away from the door to the coop.

A

Okay. Swings.

C

Oh, chickens love swings. Yeah, yeah.

B

She's building a little chicken Taj Mahal.

C

Right. It's really just a two by four and a couple of ropes. Marie. It's nothing fancy.

A

Okay.

C

Chickens are pretty easy to impress.

A

Same. But yeah, I also like swing. So I guess I'm just a chicken. Yeah.

B

Okay.

A

All right. We have a lot in common.

B

Yeah.

C

So thank you, Sue. I'm also probably just going to take this run out, this little run out soon.

B

Now, are you starting over with your new bougie coupe or are you going to just upgrade the one you have?

C

I'm going to upgrade the run that I have. Probably leave most of it in place. The roof is not. It doesn't look great.

B

I see.

C

So it's gonna have to come off and we're gonna. My wife. And tonight we're actually sitting down We've been meaning to do this for like a week. We're gonna sit down and we're gonna draw out what we want. My wife really wants me to just go out and spend. She found a good looking coop for about $1,800 and she says, you should just buy this. It meets your needs and you'll save all the time. And I'm like, yeah, but then I still have to do the roof again. Yeah. She's like, oh, yes, you have to redo the roof.

B

And you are a notorious tightwad.

C

I am a notorious tightwad. And I'm also pretty handy, you know, so I could build a coup.

B

Well, what does she think about your hand? I mean, obviously she's not, you know, she doesn't like. She doesn't like the one. Doesn't like version one.

C

Right. Well, it came out exactly as I thought it would. And I was like, hey, that looks pretty good. And she's like, no, it doesn't.

A

It came out exactly like I thought it would. Feels like damned by faint praise right there.

B

Right? Like Homer Simpson's car.

C

Right.

A

It's a structure made of two by fours. What else do you possibly want? Right?

C

That's exactly right.

B

You know, maybe you get, Maybe you get ChatGPT to design your new chicken coop. You just put in your specifications and your wife can just keep saying no bougier, no bougier till you get.

C

You joke, Dave. But that is exactly what she has done. Just with Gemini instead of chatgpt, she has done that. What would this look like if Joe painted this? I don't paint it. Period. I don't do paint. I'm not a painter. You're the painter. I'm not the painter.

B

Yeah. So the question is ultimately, is your own efforts going to exceed the $1,800 that you would spend on these store bought prevail. Yeah.

C

And actually I'm only looking at the delta of would my efforts exceed the delta between the material cost and the $1,800.

B

Right.

C

There's probably going to be like $600.

A

The labor is free.

B

Right.

A

Or worthless, depending on how you want to look at it.

B

That's right. All right, tell you what, let's take a quick break to hear from our sponsors. When we come back, we will dive into our stories. Stick around. Every attacker counts on one thing. Environments that Trust too much. ThreatLocker closes that gap with default deny at execution. Unknown software blocked. Trusted apps contained with ring fencing. Configurations verified with ThreatLocker DAC so you stay secure and compliant. ThreatLocker delivers the visibility and control CISOs need without adding operational pain, making zero trust real for teams of any size. Stop ransomware at its earliest point. Book a demo@threatlocker.com N2K. And we are back. Maria, why don't you kick things off for us here today? What do you got?

A

Oh, yeah. So let's take a page from our scammer liturgical calendar. Let's flip back through. As of the time of this recording, we are in the thick of college graduation season.

C

Yes.

B

Yes.

A

So, yes. Commencements a go go.

C

My daughter just graduated a couple weeks ago.

A

Well, congratulations. That's a wonderful milestone. Yeah.

C

She is now a charger, just like I am. She graduated from Capital Technology University.

B

Okay.

C

With her answer.

A

Okay. I thought you meant like she was charging phones. I was confused. Oh, that's okay. You meant like a horse. Okay.

B

Trying to breach a wall or a moat.

C

Well, I'm a. I'm a big fan of ctu, but the. The charger is. Is a play on words because it is a big. I mean, it is a hardcore engineering school. Colors are black and red, representing the colors of the poles of an electronic power supply.

B

A little on the nose.

C

Right. They started off as a radio repair school for the Navy, and they have bloomed into a full blown technical college. They have remote classes. I cannot. I'm an alumni, so I'm a big fan of the school, but it's really a good school.

A

All right. All right. So. And then is there a team of people who dress in green who are very well grounded?

C

No. That's funny.

A

Thank you. Thank you.

C

That's really good.

B

I mean, there's an opportunity if they ever build frat houses.

C

Right, Right.

B

Just imagine, like, the rivalries. The rivalries. The hot, the cold, the neutral.

C

Right.

B

Yeah.

A

Sorry. Had to go for it. Glad I did. Okay.

B

So, all right, moving on. Go ahead, Maria. So your story.

A

So, yeah, scammer liturgical calendar season for college grads. And there are classic scams that go after these newly minted young adults who are now, you know, like baby deer, wandering out on their wobbly legs into the world and going, blink, blink.

B

Wow.

A

What is all this?

C

Right, so they're about to have their spirits crushed.

A

Yes. The real world's about to get real gross. And so we've. There are three scams that tend to rear their ugly heads, especially towards this time of year, and targeting young adults who are, it's worth reminding, no less susceptible to scams than any other group. So, yes, it's always worth mentioning that so the first one, this is very pertinent to us in the United States, our student loan scams, because we make our students pay out the nose for school. So victims will receive a call, email or text claiming that they qualifor qualify for loan forgiveness, lower monthly payments on their student loans, or full on debt relief programs. And as you might imagine, the goal of all these kinds of things is to get financial information out of the victim, Social Security numbers, banking info, and of course a fee that they will try to levy, an up upfront processing fee. And there are some interesting, and I say interesting in a bad way, interesting flavors of this scam that can also be an unpaid tuition scam where it doesn't just target the student, but also potentially their family members. So maybe not even a person who is on the hook for the loan, but just someone who just gets a call saying that the degree for the young adult in question will be revoked immediately if payment isn't received. Right. The heck. Now for the tuition that was unpaid. So can you imagine like you just went to your nieces or nephews or. Yeah, the graduation ceremony and then like a week later you get a call saying you must repay the tuition that they didn't pay or now they have no degree. I mean, that's crazy.

B

I had something like that happen. For real? Yeah.

A

Like a scam or actually unpaid tuition?

B

No, no, it wasn't unpaid tuition, but it was so. So I went to a state school and four year college for my bachelor's degree, which is the only degree I have. And before you go in for your final semester, they bring you in to review and make sure that you're on track and that everything's as it should be and that you're going to graduate on time. So I went through all that, finished up my final semester, walked across the stage, they handed me a poster because they don't actually hand you the diploma, they send that to you later, I suspect, after they verify that all the payments have been made. Right. So I do all that. I'm back home, I'm looking for work and I get a letter that says, hey, we don't think you fulfilled your requirements for your degree. Please come in.

A

Ooh, but you got a letter.

B

Got a letter.

A

You got a letter.

C

You didn't get a phone call, Come to the university.

B

Told me to come to the university. So I called and made an appointment and I went. And of course I'm both annoyed and nervous because I don't want to have to go through another semester or whatever you Know, I'm just. What I don't want.

A

You're done with school at that point.

B

Why the heck.

A

So done with school?

B

I was so ready to move on.

C

So done. You've never gone back.

B

That's right. So I go down there and I meet with the person and a very nice woman says, well, what about this credit here? This credit doesn't go to that. And I said, well, I wasn't using it for that. I was using it for this. I was using this for that. And she said, oh, that makes sense. Okay, we're good. Thank you. That was. It sent me back home.

A

This could have been an email or phone call back then.

B

Right.

A

Wow.

C

I have a friend who had a very similar experience at another school. He went in to apply for graduation, and they said, you need one more class to graduate. He's like, no. My advisory tells me, and the guy grabs the student handbook, and, like, the back, the spine of the book is broken to one page, and he just flops it open to that page and there's one sentence highlighted on it, and he slides it across to my buddy. And the sentence says, ultimately, the student is responsible for assuring he has met all graduation requirements. And he was like, I have to go for one more semester for one class. And he's furious.

A

That sucks. That really sucks.

B

All right, back on track.

C

Yes.

A

Yeah, no, I'm enjoying hearing these stories, but. All right, Dave, you got a phone call, and that's pretty crucial that. No, you got a letter. Rather you got a letter. And that's pretty crucial because that is the way one should expect to get this kind of communication. Even nowadays, as we've often said, you do not trust an inbound phone call about any of this kind of thing. Right. All these scams have that urgency and, you know, that terrible threat. And one of these cases about you won't have your degree anymore, we're going to revoke it. I mean, that's pretty terrible. Pretty awful threats right there. So those are all classic scam tactics. Definitely hang up if you get a call like this, and if you're genuinely worried about it, you can reach out to the school. I'm sure they will happily take more of your money if it's being offered.

C

Right.

A

So, yeah. And similar situation with legitimate loan servicers are going to contact you through official channels. And again, that's usually the mail. And something I didn't know because I didn't apply for federal loans when I was in college way back when, is that a lot of them do not require Repayment to begin until six months after you graduate. So if you're getting a call like a week after you graduate, most likely that's definitely, I mean, as we've been saying, don't trust an inbound. But apparently there's a bit of a grace period there. So. Yeah, I did not know that because it's been a long time for me. I might have known that back when I was in college, but I have certainly forgotten that information.

C

Yep.

A

Anyway, so those are student loan and tuition scams. A second one affects new college grads, especially because they're looking for jobs. So fake job scams are abound right now and they haven't gone away. There's just even more of them, especially right now, targeting people who are entering the job market for entry level jobs. So a lot of listings will, will be absolutely too good to be true. High paying remote jobs for entry level positions requiring what they describe as little experience, which is the definition of an entry level job in theory, but also like with flexible schedules and amazing vennies. And if you actually try to go for this kind of job, the interview will be suspiciously short. Although if this is your first time entering the job market, you might not know what a short interview seems like. They'll offer you a job on the spot and all they need is just a little bit of banking information or even an upfront payment to, you know, get your equipment going or some something you got to pay for up there. And of course that is the scam. None of that's legit and you've never been through the process of getting a job before. You might not be able to spot that right away. So they're definitely banking on your inexperience there. And then there's a twofer version of this scam where sometimes in addition to asking victims to pay up front for some sort of equipment, they'll also give you a bad check and they'll ask you to send back the extra. So it's a check cashing scheme on top of everything else, which is like, well, they're just piling the schemes upon schemes upon schemes on these poor young adults who just may not know what's going on. And then a third scam that we see all the time, but again, it's going to hit young people especially hard right now are rental scams. And in high, highly competitive, hot rental markets year round, this is always a problem. But you know, it's especially tough if you've just graduated and you're going, I need a place to live. Or I just got a job across the country and I just need a place to live at while I'm getting settled. And you can't exactly scout the market before you get there. So people are trying to get a rental remotely and they're, you know, looking at these rentals with these great prices and the photos look totally legit. And because they are, the criminals are reposting legit property listings and reposting them at like, stupid low prices. And then the. The way the scam works is the victim is told you gotta send a upfront first month, last spot and deposit or some other thing before you can see the property. And then that deposit never makes its way back to you. Cause the whole thing is a scam. So these are just. These scams are always around, but they tend to get especially worse right around now. And it just. The scammers know that this is an exciting but very stressful time of life for young adults. And they have a lot of inexperience and a lot of enthusiasm. So, you know, they're going for it, but they don't necessarily have the life skills and experience yet to know that some of this stuff is a scam. So.

B

Yeah.

A

So just remember, it's easy to get

B

caught up in the excitement, right?

C

Yeah, it is.

B

And you're just, you're ready to start your life. You got, you know, you're done with school and here it's time for the next phase. Let's go.

A

Let's freaking go. Yeah, exactly. So just, it is always good to remember, although no one wants to be nagged at that age or any age, that as a young person, you're not immune to scams. And, you know, maybe run some stuff by a person with a little more life experience if you're not sure. But always be wary. Be wary. Be careful.

C

Indeed.

B

All right, well, we will have links to that story in the show notes. Joe, you're up next. What do you got for us this week, Dave?

C

I have a glimmer of hope. That's what I have. But mind you, it's.

A

That's not allowed.

C

Just a glimmer. So this comes from WRAL out of Raleigh, North Carolina. And it's actually an AP story put together by Erica Kenitz and Julia Linderman. And it is talking about the Joint Economics Committee, Economic Committee. Joint Economic Committee out of the U.S. legislative branch of government. When it's joint, it comes from both houses of Congress.

B

Okay.

C

So there's representatives and senators on here. And they are talking about the level of tech Scams that go on. Here is a statement that was released from Representative David Schweikart and Maggie Hassan. They are. Schweikart is a Republican from Arizona, Representative, and Senator Hassan is from this Democrat from New Hampshire. Customers need to be able to trust the calls and texts they receive from their doctor's office or their child's school, for example, are authentic. Scam communications, however, are increasingly difficult to distinguish from legitimate messages and too much of the burden is is falling on customers. So they have wrote a detailed request to AT&T, Verizon and T Mobile. So they're trying to get more information. They're seeking information on these companies efforts to collect data and monitor for scams and cybercrime and take action against bad actors. Right. Nothing's really happening right now, but this could be the beginning of something. Their scrutiny, they say, comes from a lot of concern in Washington after the explosion of scams targeting U.S. citizens. And they are also looking at not just the telecoms, but they're also looking at like Starlink, satellite services, online dating sites, artificial intelligence companies, data brokers, and a range of federal agencies. And they're asking them about their roles and responsibilities and responses to cyber crimes. Back in 2019, the Congress passed and the President signed the law, the TRACED act, which obviously came from the Department of acronyms because TRACED is all capitalized. And I don't know what TRACE means, but it gave the Congress and the fcc. The Federal Communications Commissions require large carriers now to implement some kind of authenticity behind caller ID and also make it easier for law enforcement to identify bad actors. However, despite passing what I'm sure is a great law that adequately addresses the problem. Okay, that was a little bit of sarcasm. It's still a problem.

B

Wait for laughter, right?

C

I was waiting for laughter.

B

Nobody laughed.

C

Crickets. Wireless providers last year, or in 2024, rather, blocked 55 billion scam and robotext calls, and they were able to flag or block 45 billion scam calls per year, according to an industry group that follows this kind of stuff. But unwanted messages are still able to break through. In fact, umail, I've talked about UMAIL before. They said that Americans received more than 50 billion with A B robocalls in 2025. And another company called Robo Killer, which works on spam messages, text messages, said that those messages have reached peaks of 19 billion a month. How many people are in the United States? We said this last week, 350 million. So this is like two orders of magnitude larger than that. So there's Some people out there getting more than a hundred of these every month.

A

I'm probably one of those. Yeah. Honestly, I get so many, it's ridiculous. I have Robo Killer just, I had to get one of these damn apps and pay for it. It's just, it's unreal. And yeah, I'm looking at the 55 billion dollar 55 billion spam blocked. And that's only half looking at what you just said here that you know, the. We received 50 billion calls, but they blocked 55 billion. So we're blocking half of them.

C

Right.

A

Which does not seem like even close to enough.

C

Right. I think that you mail Number of 50 billion in 2025 is just from their customers. That's just the calls that Robo that you mail blocked in 2025. So that I don't have Umail. Dave, do you have email?

B

No.

C

Maria, do you have umail?

A

I do not.

C

Okay, so that's a small, safe to say that's a small section of the American economy that has UMail, which looks like it might be worth it. And they blocked 50 billion robocalls. So yeah, this is not, not going as well as it had hoped. Now I just looked at my spam and blocked messages and going back, I received one yesterday, one on the 11th, one back in March and claimed my free box, ooh, DVD box set. What's this about? So I'm not gonna look at it. I was kidding.

A

Yeah, it's.

C

Yeah. Too late.

A

2. Potential spam, potential spam, potential spam. Yeah, looking at mine is similar situation, of course.

C

Here's one of my favorite parts in this article. Some telecoms see this as a profit opportunity, right? Charging for premium blocking services. Hey, wouldn't it suck if this thing just led you to getting scammed all the time? Why don't you give us 10 bucks a month and we'll stop that from happening. Be ashamed. That's a nice phone you got there. Be ashamed if something happened to it.

A

I mean, I'm one of those suckers who's paying for a service like that just because I can't deal with the. I just cannot deal with the volume of crap that I keep getting at my phone. It just drives me nuts.

C

Yeah, but you're paying for it from Robo Killer, right? Yeah, so, I mean, that's a third party company. These, these telecoms are actually doing this. I mean, you're the main infrastructure where the problem exists.

A

This is not me personally.

C

No, no, not you telecoms.

A

Okay.

C

I'm talking to the telecoms.

A

You're okay. Gotcha, gotcha.

C

This is your infrastructure. This is your problem. Don't charge me to make it my problem because what are you going to do? You're probably just going to turn around and buy subscriptions for $5 a month from someone like Robo Killer and tell me go install the Robo Killer app. Well, I'd rather just give 10 bucks a month to Robo Killer.

B

Yeah.

C

Then. Then pay my. My carrier again. Just makes me angry. This is from a consumer advocate, Eden Iskil, who is a senior policy manager at the National Consumer League. Companies will not go far enough until they actually feel some type of liability, which I agree with 100%. Some financial incentive really pushes them to go as far as they can to protect consumers. So if we make them liable for something is what this is saying, then they'll start paying attention and go, okay, maybe we won't charge a premium fee for this. We'll just go ahead and start implementing the technology that can block this, these kind of messages.

B

A couple things. I too paid for Robo Killer for several years and was a satisfied customer. There came a point where the built in capabilities of my iPhone got good enough that I let my Robo Killer subscription lapse. So I've been happy with that so far.

A

But interesting.

B

I can concur with Maria that it was a good product. While I was using it, it did what it said it was going to do. And for me at that time, it was totally worth it.

C

Right?

A

Yeah. Yep.

C

I'm pretty impressed with the Google solution. Yeah. I get notified that I'm getting a potential spam call and maybe it's from my carrier, I don't know. But the text messages, like I just had to go looking for my text message scam, spam scam, spam text messages. And I don't get very many of them it seems, but you know, when I do get them, they go right there.

B

Yeah.

C

I don't see them.

B

The only other thing I'll add that I think is important because we talked about this legislation over on the cyber wire a few days ago, probably a week ago or so. And one of the potential outcomes of this is that it could make it so that burner phones are illegal in the US Right.

A

Yep.

B

This is basically a know your customer kind of thing.

C

Yep.

B

So you might not be able to just go buy a burner phone and not everyone's okay with that.

C

Yeah, I'm not okay with that.

B

There are situations where you want to be anonymous and still be able to use a Phone, right?

A

Oh, absolutely. Yeah. Domestic violence victims, this is a big deal for them.

B

Yep, exactly. So that's some of the pushback against this bill. So hopefully they'll figure out a way to meet in the middle and maybe everybody will still get what they need. But no question that this spam thing just doesn't seem to matter. They always seem to find a way around it. So maybe someday we'll see some teeth.

C

Yeah, maybe.

B

Yeah.

C

That's why I said a glimmer of hope. Not telling anybody here to get your hopes up.

B

Yeah, we've been through this before.

A

We've been burned.

B

Yeah.

A

Isn't that depressing? We can't just fix this.

B

We will have a link to this story in the show notes. Let's take a quick break here to hear from our sponsor. We'll be right back after this message. Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With ThreatLocker allowlisting, you stop unknown executables cold. With ring fencing, you control how trusted applications behave. And with ThreatLocker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. Its powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today. All right, we are back. And my story this week. This comes from the folks over at Bleeping Computer. And some good news here, I think. And Joe, I will defer to you for some of the details as our resident Android user. Okay, but it looks like there's some nice features coming in an upcoming version of Android that's going to expand banking scam call and privacy protections. Ah, yeah.

A

Wow.

C

All right.

B

Right. So nice Android. Yeah, they're putting some stuff. A couple things caught my eye here. They're putting capabilities into the operating system for banking apps to include a database of their actual phone numbers that the incoming calls can be checked against. So, for example, let's say you have First national bank app on your phone. If a call comes in from first, you know, saying that they're from First national bank, the phone software on your phone that takes the Calls can check with the bank software on your phone to say, is this actually your phone number? To know whether it's legit or not.

C

That's pretty good.

B

Yeah.

A

Okay.

B

Wow. Seems like a step in the right direction. So another thing that they're adding is kind of a verification for apps to be able to access the accessibility settings on Android because that's been a long time kind of workaround for the bad guys to be able to do stuff on Android phones is they could take advantage of some of the legit accessibility functionality and use that for bad things like being able to put a screen up that hides whatever's behind it.

C

Right.

B

That's part of accessibility functionality and it has good use for people who need it, but the bad guys take advantage of it. So what it seems like Google's trying to do here is make it so that you actually have to prove it that you are worthy of having access to the accessibility functionality. So I thought that was interesting.

C

That seems like a good plan. I don't know how this works under the hood.

B

Yeah, but yeah, yeah. And then they say they're doing a better job with device unlocking and they're going to allow you to lock your phone with biometric authentication if you mark your phone as being lost. So instead of just needing a passcode or a PIN to unlock the device, you can set it so that you actually need your biometrics to unlock it. And that way if somebody steals your phone and runs off to some faraway nation with it, it's no good to them. It's basically bricked. Unless they cut off one of your fingers.

C

Right.

A

Well then you've got bigger problems.

B

Right, Exactly. The phone is the least of your problems. There's some other stuff they're adding here. They're putting post quantum cryptography for security and things like that. They're disabling 2G. So the old cell phone technology.

C

Yeah, that's good. That keep you out of Stingray devices, right?

B

Fairly well. 2G. Yeah.

C

Yeah.

A

But there are also some places where that's literally the only mobile connectivity you can get.

B

Right.

A

All right, well, all right. The security is worth it though. I get it.

B

Yeah. They also said they're reducing the number of PIN password guessing attempts that they allow and then they're increasing the delay between failed attempts. So just a bunch of little things to slow you down if you're a bad person trying to affect someone's phone. But the main one that really caught my eye here was the stuff trying to go against the scammers with the banking apps, I think that's an innovation that I think is interesting. Quite smart.

A

Yes.

B

So we'll see how that rolls out, if it actually works, and maybe some of the other phone providers will do the same. Here's hoping.

A

As often happens, Android will do it first, and then later the iPhone will try it out.

B

That's right. That's right. And pretend like it came from.

A

There's their idea. That's right.

C

We have this great idea that no

A

one else has tried, and we put a little I in front of it, so it's ours.

B

That's right. We put an I in front of it and we charge twice as much. And welcome to Planet Macintosh.

C

Yes.

B

All right, well, I will have a link to that story in the show Notes. If you are an Android user, it's a good article to check out because it lists all the things you can look forward to in the upcoming version of Android, and some of them are pretty good. I think it looks like a solid list of security updates.

C

Good.

B

All right, Joe, Maria, it is time for our catch of the day.

C

Dave, our catch of the day comes from Michael, who sent this one in. It's a traffic violation scam, and I have to point out, Michael, 62% battery life.

A

Okay.

B

There's no shame in 62% battery life.

C

That's fine. That's good.

B

Anything above half, right?

C

Yeah.

A

Is it 100 or bust with you? I mean, what's.

C

No, no, mine's. What's mine right now? Let's see. Mine's at 76, so.

B

Yeah.

A

How dare you, sir.

C

Michael also has his clock set to military time, which I do as well.

A

Oh, oh, okay. Also, the phone number the scam is coming from. What area, what country code is that?

C

We're going to get there? You're reading the head.

A

Oh, sorry, because I don't recognize that one. That's an interesting one.

C

Yeah, I got an interesting bit of background on this because I actually did some research on this one today.

B

All right, well, shall I read it then?

C

Yes, you should read it.

B

All right. It goes like this. California Supreme Court traffic violation reminder. Officer Linda Chen, Judge Samuel Ross. Clerk Stephanie Davis. Hearing scheduled May 5, 2026 at 9:40am Your attendance is required to resolve outstanding traffic violations. Missing the hearing will result in a bench warrant, license suspension, and your vehicle being impounded with wage garnishment and asset forfeiture. To follow, pay online immediately at ca.govbfk.help dmv. This notice is past due. Reply Y to confirm receipt or pay now to Avoid further legal issues.

A

Wow.

C

So that's. It's obviously. I mean, I don't think the California Supreme Court has time to deal with traffic violations.

B

Oh, that's a good point.

C

Right. That's number one.

B

Right.

A

A reminder to violate traffic. I like that one. And that it's a traffic violation reminder, just in case you forgot.

C

Right.

A

And also that your traffic violations are outstanding. They're truly outstanding.

C

Right.

A

I'm just making fun of the language for no reason. I just.

C

Yes. So back to your point, Maria, about the, the. Oh. Michael says he was neither dumb enough nor he's curious, but not dumb enough or smart enough to click the link.

A

Click the link. Don't do that.

C

And Michael notes that it's nice to know the Moroccans are now tied in with the California dmv. So, Maria, to answer your question, that country code is Morocco, however, a little

A

bit of a ways from California.

C

But here's the thing. When I looked at it, I thought I saw Michael's comment. I'm like, wait, isn't the area code for LA212?

A

No, that's new York.

C

It is New York.

A

It's Manhattan.

C

I got my wires crossed. I knew they were very close together, but no, it's 213 for LA. So it's very close to the LA area code. And maybe somebody makes the same mistake I did. But the weirdness of this telephone number with the spaces in it, it's the code for Morocco. Then a space, then a number, then a space, then it's just two digit numbers for the rest of the way. And that's the way Moroccan phone numbers are laid out. So if you Google Moroccan phone number format, you will see it says +212 and then it says Y space, xx, and then has a pair, four more pairs of Xs. So yeah, this is definitely coming out of Morocco. Or at least the phone number is a Moroccan phone number.

B

Hmm. This is interesting because I don't know that I ever made the connection or the possibility of a country code that would coincide with an area code with a US area code. Right. That's pretty clever.

C

Yes, yes. And maybe that's why they've chosen. These scammers have chosen this area code or this country code is because it does overlap with a very large area of, well, Manhattan.

B

Yeah, a prominent area code.

C

Right. But if you are someone like me who goes, isn't that the California area code? And you make that mistake, you go, oh, I bet this looks like it might be legit. It's just another thing that Might lend credence to it.

B

You know what kind of area that is, Joe?

C

What kind of error is it?

B

Off by one, off by one, off by one.

A

It's a very prominent and well known area code. It's sort of like 90210. It's just for Americans. It's a number that we sort of know is a real place.

C

Yes.

A

I may or may not use that area code all the time or zip code, rather, when I'm trying to unsubscribe to things.

C

Yes.

A

Change it to 90210. And it works real well, right? Yeah, yeah.

C

Because of California's privacy law.

A

That's right. Every time I want to do a one clinic, unsubscribe to something or from a service that doesn't let me do it, I just, I suddenly move to Malibu and everything's fine.

B

Oh, right, right.

A

It works a treat.

B

Yeah. Interesting that to pay this you're going to a help domain. That's a new one. I did not know there were help domain.

C

A couple of years ago, they approved a bunch of different top level domains that are now just scamlicious.

B

Yeah.

C

Scam alicious. Because now you can make the scam world blow up into all these different newly registered TLDs. Top level domains that you can then just go out and like, you can now go out and. And you could register like, I don't know, maybe Microsoft's already done this, but you could get Microsoft help.

B

Yeah.

C

So.

B

Well, Maria, what happens when you click through on this?

C

Right.

A

I'll get back to you guys next week. How about that? And for some reason my computer won't work dead. I know what's going on. Why does none of my machinery work now? It's great.

B

Where'd everybody go?

C

Yeah.

B

All right, well, that is our catch of the day. And thanks to Michael for sending that in. And of course, we would love to hear from you. If there's something you'd like us to consider for the show, please email us. It's hackinghumans2k.com. Most environments trust too much and attackers know it. Threat Locker enforces default deny at execution. Blocks unknown apps and limits what trusted apps can do. Stop ransomware at the source. Get your demo@threatlocker.com N2K. And that is our show, brought to you by N2K Cyberwire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show. Please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to hackinghumans2k.com this episode is produced by Liz Stokes. Our executive producers, Jennifer Ibin, were mixed by Elliot Peltzman and Trey Hester. Peter Kilpe is our publisher. I'm Dave Bittner.

C

I'm Joe Kerrigan.

A

And I'm Maria Varmazes.

B

Thanks for listening.