Podcast Summary: Hacking Humans – "Granny’s Got a New Trick"

Introduction

In the November 21, 2024 episode of Hacking Humans, hosted by Dave Bittner, Joe Kerrigan, and Maria Varmazas from N2K Networks, the hosts delve into innovative and audacious social engineering scams that are evolving in the cybersecurity landscape. This episode, titled "Granny’s Got a New Trick," explores various deceptive tactics employed by cybercriminals, offering listeners insightful discussions on how these scams operate and their implications for organizations and individuals alike.

VIN Cloning Scams

Timestamp: [01:57] – [04:03]

The episode kicks off with Maria Varmazas addressing a query from a listener named Michael about Vehicle Identification Number (VIN) cloning scams. VIN cloning involves criminals duplicating a vehicle’s VIN to perpetrate fraud, often by selling stolen cars or using cloned VINs on loan applications to falsely prove asset ownership.

Maria explains the process, highlighting cases where scammers buy totaled high-performance cars for minimal scrap value, replace the original VIN with one from a legitimate vehicle, and then attempt to sell or use these modified cars fraudulently. This not only causes financial loss to victims but also legal repercussions for unsuspecting buyers who may unknowingly purchase these tampered vehicles.

Notable Quote:

Maria Varmazas [02:30]: "Don’t go to Crazy Joe's Used Car Sales Lot. Unless you're willing to deal with the risk."

Bear Costume Insurance Scam

Timestamp: [08:35] – [15:32]

One of the most entertaining segments of the episode discusses an unconventional insurance scam perpetrated by individuals dressed in bear costumes. According to Maria, four people in California were arrested for staging fake car accidents while donning bear suits. The perpetrators would damage expensive vehicles, such as a 2010 Rolls Royce Ghost, and then submit fraudulent insurance claims, providing misleading evidence to obtain payouts.

The hosts humorously dissect the scam, pondering the practical difficulties of convincingly damaging a car in a bear suit and the likelihood of insurance companies falling for such an obvious ruse. They reference a viral but fictional story about a Chinese zoo employing a man in a bear costume to mimic a real bear, adding a layer of skepticism about the authenticity and success rate of such scams.

Notable Quote:

Joe Kerrigan [13:24]: "But suddenly, Daisy's draining the payroll account of O2 inadvertently. Yeah. So evidently, this is part of Virgin Media's campaign."

AI Granny: Battling Scammers with Technology

Timestamp: [15:32] – [21:25]

Shifting gears, the podcast highlights a cutting-edge initiative by Virgin O2 in the UK, which has developed an AI-powered "Granny" named Daisy. This AI system is designed to engage scammers in prolonged phone conversations, effectively wasting their time and resources. By mimicking a befuddled grandmother, Daisy interacts with scammers, answering their attempts to deceive and thereby reducing the profitability of such fraudulent activities.

The hosts express enthusiasm for this technological countermeasure, discussing its scalability and potential to significantly impact the volume of successful scams. They also brainstorm ideas for personal implementation, such as forwarding scam calls directly to Daisy, allowing individuals to protect themselves effortlessly.

Notable Quote:

Maria Varmazas [16:29]: "Hello, scammers. I'm your worst Nightmare. I'm an AI created by O2 to waste phone scammers time."

Holiday Season Scam Tactics

Timestamp: [23:13] – [29:03]

As the holiday season approaches, the hosts examine the surge in scam activities aimed at exploiting the increased consumer activity. Drawing from research by B4AI, they outline several prevalent scams:

1. Typo Squatting Domains: Scammers register domains that closely resemble legitimate retail websites (e.g., "Amaz0n.com" instead of "Amazon.com") to trick users into visiting malicious sites designed to harvest personal information or distribute malware.

2. Gift Card Scams: These involve deceptive offers promising money in exchange for completing surveys or other simple tasks. Victims are coerced into purchasing gift cards and providing the associated codes, which scammers then redeem fraudulently.

3. Crypto Wallet Phishing: Scammers lure individuals into entering their crypto wallet recovery phrases on fake websites, granting criminals access to digital assets.

4. Job Offer Scams: Exploiting the increased job-seeking activity during the holidays, scammers offer fake employment opportunities that require victims to perform tasks or provide financial information, ultimately siphoning funds without delivering any genuine compensation.

The discussion emphasizes the deceptive sophistication of these scams and underscores the importance of vigilance, especially during high-traffic periods like the holiday season.

Notable Quote:

Dave Bittner [26:21]: "Crypto, unfortunately. So in some cases these typo squatted domains, they look again like a very legitimate website, Amazon or whatnot."

Catch of the Day: Email Scam Analysis

Timestamp: [29:27] – [32:46]

In the "Catch of the Day" segment, Kenneth shares an example of a fraudulent email attempting to establish a contractor partnership with his cybersecurity company. The email purports to be from "Steve Ibrahim Gandhi" of Emirates Group, urging Kenneth to participate in a vendor registration process. However, upon closer inspection, several red flags emerge:

• Inconsistent Naming Conventions: The name combines Western and Eastern elements in an implausible manner.

• Suspicious Email Domain: The email originates from "adminisolo.it," a gambling site, rather than a legitimate Emirates Group domain.

• Overly Generic and Evasive Language: The email lacks specific details and requests unnecessary personal and financial information, such as bank routing numbers and copies of driver's licenses.

The hosts use this example to illustrate common tactics in email scams, emphasizing the importance of scrutinizing unsolicited communications for signs of fraud.

Notable Quote:

Joe Kerrigan [31:01]: "There's just a pitch too far. Yeah, exactly."

Conclusion

The "Granny’s Got a New Trick" episode of Hacking Humans provides a comprehensive exploration of innovative scam techniques and the evolving strategies used to counteract them. From the absurdity of bear costume frauds to the sophistication of AI-driven scam deterrents, the hosts offer valuable insights into the ever-changing landscape of cybercrime. Additionally, the discussion on holiday-season scams serves as a timely reminder for listeners to remain vigilant against deceptive practices, especially during periods of increased online activity.

By dissecting real-world examples and highlighting both humorous and alarming scam tactics, this episode equips listeners with the knowledge to recognize and protect themselves against current and emerging threats in the realm of cybersecurity.

Notable Quotes Recap

• Maria Varmazas [02:30]: "Don’t go to Crazy Joe's Used Car Sales Lot. Unless you're willing to deal with the risk."

• Maria Varmazas [16:29]: "Hello, scammers. I'm your worst Nightmare. I'm an AI created by O2 to waste phone scammers time."

• Dave Bittner [26:21]: "Crypto, unfortunately. So in some cases these typo squatted domains, they look again like a very legitimate website, Amazon or whatnot."

• Joe Kerrigan [31:01]: "There's just a pitch too far. Yeah, exactly."

Final Thoughts

Hacking Humans continues to shed light on the intricate and often bizarre methods employed by cybercriminals. Episodes like "Granny’s Got a New Trick" not only entertain but also educate listeners on the importance of cybersecurity awareness and proactive measures to safeguard against evolving threats.