Identity theft gets a raise. - Hacking Humans

Summary6 min read

Podcast Summary: Hacking Humans — "Identity theft gets a raise." Release Date: March 5, 2026
Host: Dave Bittner
Co-hosts: Joe Kerrigan, Maria Varmanzas
Production: N2K Networks / CyberWire

Episode Overview

This episode dives into the evolving landscape of social engineering with a focus on new trends in identity-based scams. The hosts analyze recent cases where criminals have bypassed technical defenses through clever manipulation of human processes, discuss scams targeting authors, and explore recent law enforcement victories against gold bar scammers. The tone is investigative yet accessible, peppered with personal anecdotes and humor.

Key Discussion Points & Insights

1. The Power and Pitfalls of Language, AI, and Personalized Communication

[00:38–09:17]
Hosts kick off with light banter about language (“irregardless”), illustrating how collective behavior changes norms. This segues into a listener comment about the outputs of AI models like ChatGPT differing due to user settings and interaction history.
Quote:
“Language adapts over time and people change it.” – Joe Kerrigan (02:11)
The team discusses how AI can personalize interactions based on user context or directives, and how these tools can become study partners or digital assistants.

2. Story 1: Payroll Pirates—Social Engineering in Healthcare

[10:51–18:06]
Dave breaks down a true story from The Register about payroll diversion via social engineering at a healthcare organization.
- Attackers accessed a shared mailbox using compromised credentials (11:48).
- They observed internal communication patterns to impersonate a physician, then called the help desk claiming an urgent lockout (12:25).
- Help desk, pressed by urgency, reset the physician’s credentials—including multi-factor authentication—granting the attacker access (12:55).
- The attacker changed payroll direct deposit info, rerouting the victim’s salary to their account undetected until the real physician noticed missing funds (13:44).
- Because the actions came from the trusted network and appeared routine, no security alerts were triggered (14:05).
Notable Quotes:
“There was no malware, there was no flashy exploit, just pure social engineering and some weak processes within the organization.” – Dave Bittner (11:21)
“The security tools just saw what looked like a normal internal user. And there were no alarms.” – Dave Bittner (13:44)
The group reflects on the risk of shared mailboxes and lax internal controls, emphasizing that any financial transaction (like payroll changes) should demand extra scrutiny, akin to wire transfers.
Takeaway:
Identity is increasingly the “new perimeter”—technical defenses mean little if trust is exploited at the human level.

3. Story 2: AI-Driven Author Scams and the Rise of Personalized Fraud

[18:15–29:49]
Maria presents a piece from the New York Times about scammers targeting authors—especially those self-published or less well-known—via highly personalized phishing emails, often powered by AI.
- Scammers impersonate industry professionals, leveraging detailed flattery about obscure works (19:06).
- Fake offers include marketing, proofreading, republishing, club appearances, and mentorship—eventually leading to requests for hefty fees (22:00).
- Resources like fraudulent “National Book Foundation” websites mimic legitimate institutions (20:08).
- The same scam strategies are targeting academics with offers for predatory journals and fake conferences (24:09).
Notable Quotes:
“Authors famously have a lot of money, right?” – Maria Varmanzas (19:22, irony)
“These scams are targeting a lot of these authors’ insecurities... preying on people’s hopes and ego.” – Maria Varmanzas (25:43)
The hosts note the role of AI in escalating both volume and credibility, burning through spam filters and making targeting more convincing than ever.
Related anecdote:
Dave and Maria share that even podcasters receive similar AI-driven scam emails.

4. Story 3: Cracking Down on Gold Bar Scams

[31:16–45:29]
Joe reports on law enforcement busts around gold bar scams targeting the elderly, particularly in Texas.
- Victims receive calls claiming their bank accounts are compromised and are instructed to convert savings into gold for “safe keeping” (31:58).
- Stolen gold is channeled to jewelry stores who melt it down or export it (33:22).
- Multiple raids have resulted in dozens of arrests and the seizure of millions in gold and cash, though only a small fraction of total losses has been recovered (34:09, 45:29).
Notable Quotes:
“The jewelry business is tough… so if you can eliminate the cost of gold and just scam people out of their life savings… all profit operation.” – Joe Kerrigan (36:05)
The hosts discuss the unique challenges of tracking precious metals, the minimal regulation on melting gold, and share skepticism about jewelry business practices.
Side anecdotes include stories about old classroom science practices and the changing landscape of school safety (39:56–44:54).

Memorable Moments & Quotes

Shared mailbox risk as a “window into the organization” (17:04):
“It was a window into the organization and their processes.” – Joe Kerrigan
On scam psychology:
“If you’re already primed to think highly enough of yourself that other people are going to see what you have to say, does that prime you for these people coming in and reinforcing that notion?” – Dave Bittner (26:47)
On Keanu Reeves scams:
“Keanu Reeves has zero social media presence deliberately… if you ever get anything on social media from somebody claiming to be Keanu Reeves, it is not Keanu Reeves.” – Joe Kerrigan (52:37)

Timestamps for Important Segments

[10:51] — Introduction to Payroll Pirates story
[13:38] — Details of how the payroll diversion was executed
[15:45] — Risks of shared mailboxes; discussion of email administration alternatives
[18:15] — Start of AI-driven author scam story
[24:09] — Academic scam extension and Nature journal expose
[31:16] — Gold Bar Scam crackdown story begins
[34:09] — Details of gold melting operations and legal nuances
[46:11] — Catch of the Day: Keanu Reeves imposter scam

Catch of the Day

Keanu Reeves Impersonation Scam
[46:11–53:09]
Maria and Dave perform a scammer exchange where a fraudster, posing as Keanu Reeves, awkwardly flatters and attempts to build rapport with a potential victim, eventually asking personal questions while mangling English and missing basic facts about the real actor.
- “I am Keanu Reeves, a Canadian actor, musician, and producer renowned for my best roles in major action franchises like the Matrix and John Wick…” – “Keanu Reeves” scammer (47:26)
- “Keanu Reeves has zero social media presence deliberately…if you ever get anything on social media from somebody claiming to be Keanu Reeves, it is not Keanu Reeves.” – Joe Kerrigan (52:38)

Key Takeaways

Identity is Now the Prime Vector: As technical barriers grow, social engineering increasingly exploits trusted identities and human processes.
Personalization Elevates Scams: AI allows threats to be hyper-tailored, making even obscure creatives and professionals vulnerable.
Old Scams, New Tricks: Classic scams (e.g., gold cons, vanity press) are being revitalized and scaled by technology and globalized fraud networks.
Vigilance is Paramount: Both individuals and organizations must reevaluate processes and maintain skepticism—especially when flattery, urgency, or unexpected windfalls arrive.
Critical Controls: Treat changes to sensitive information (like payroll or deposits) as high-risk financial events needing extra verification.
No One is Above Social Engineering: From doctors to authors to academics—anyone with an ego or reputation to defend is a target.

For full stories and resources, see linked show notes from the episode.

Loading summary

Transcript363 lines

[00:02]
Maria Varmanzas
You're listening to the Cyberwire Network, powered by N2K.
[00:15]
Dave Bittner
Hello, everyone, and welcome to N2K, CyberWire's hacking humans podcast, where each week we look behind the social engineering scams, phishing schemes and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Bittner and joining me is Joe Kerrigan. Hi, Joe.
[00:31]
Joe Kerrigan
Hi Dav.
[00:32]
Dave Bittner
And our N2K colleague and host of the T Minus podcast, Maria Vermazes. Hello, Maria.
[00:37]
Maria Varmanzas
Hi, Dave. And hi Joe.
[00:38]
Dave Bittner
We've got some good stories to share this week, but first let's get to our follow up. I want to start off with some Maria. Joe, I think it's fair to say one of my favorite things to do on this show is to poke Joe.
[00:54]
Joe Kerrigan
Yes.
[00:55]
Dave Bittner
No, because I don't know.
[00:57]
Maria Varmanzas
Rage baiting.
[00:58]
Dave Bittner
Joe, would it be fair in your list of ways you describe yourself, would one of them be excitable?
[01:04]
Joe Kerrigan
Yes, I would say senable. I'm easily triggered, if that's what you mean. Yeah, sure. There are things that really make me angry.
[01:12]
Dave Bittner
I was thinking about.
[01:13]
Maria Varmanzas
Grind your gears.
[01:15]
Dave Bittner
I was thinking about you the other day. I was scrolling through the old book of the face and along came something from the good folks at the Merriam Webster dictionary. And they said, okay, we promise this isn't rage bait, but the word irregardless has been used since 1795. This is just a fact. Its inclusion in the dictionary is not a sign the English language is falling to pieces incorrect or proof of the educational system failing.
[01:47]
Joe Kerrigan
Also incorrect.
[01:47]
Dave Bittner
We include irregardless because it has been used by a large number of people for a long time with a specific and identifiable meaning. The fact that the word is generally viewed as non standard or as illustrative of poor education is not important. Dictionaries define the breadth of the language and not simply the elegant parts at the top. Irregardless. We're sorry and or you're welcome.
[02:11]
Joe Kerrigan
Yes, that's very funny. Merriam Webster presiding over the decay of the English language. Now I get their point is their point is that language adapts over time and people change it.
[02:24]
Dave Bittner
Right?
[02:25]
Joe Kerrigan
And I heard a linguist talking about Appalachian dialect. Appalachian dialect. And I have family that's family members that are Appalachian and sometimes throw out Appalachian dialect words. And one time we were after hanging out for him for a while, I actually used the word throwed in a sentence instead of through. I said throwed, which I don't like doing. But because I had been steeped in the culture for a couple of days it rubbed off on me a little bit. And of course, my son, like, everybody stopped, and my son looks at me and says, did you just say throwed?
[03:08]
Dave Bittner
They're waiting for their chance to pounce on you.
[03:10]
Joe Kerrigan
Right? They did. And they all start laughing. And I said, and this is probably one of my son's best jokes in his entire life. But I said, you know what? I'm just gonna go off and live in the woods and I'm not gonna talk to anybody else. And my son goes, all right, there. Henry David Throde.
[03:25]
Maria Varmanzas
Wow.
[03:26]
Dave Bittner
Nice.
[03:27]
Joe Kerrigan
Yeah, he was like 12 when he made that joke to me. Surprisingly well read. 12 year old.
[03:32]
Maria Varmanzas
Jeez. Like, wow. I gotta hand it to him.
[03:36]
Joe Kerrigan
Yeah, that was a good joke.
[03:38]
Dave Bittner
That's pretty good.
[03:38]
Joe Kerrigan
I was mad, but I did compliment his wit. That was a good joke.
[03:42]
Dave Bittner
All right.
[03:43]
Maria Varmanzas
That is a good one.
[03:44]
Dave Bittner
Well, next week we'll do decimate. All right.
[03:46]
Joe Kerrigan
Ah, yes.
[03:47]
Dave Bittner
So. Oh, no, we have.
[03:49]
Maria Varmanzas
We've moved on from chickens to grammar curmudgeons. Okay.
[03:52]
Dave Bittner
Well, speaking of chickens, Joe, I saw your lovely bride posted a photo on Facebook.
[03:59]
Joe Kerrigan
Yes.
[03:59]
Dave Bittner
Your chickens have been extra bountiful.
[04:03]
Joe Kerrigan
Yes, they've been very busy. And I went out there one day and there was this huge egg in one of the nesting boxes. And I'm like, man, this must have hurt.
[04:11]
Dave Bittner
You know, do you think, what, did we have a. Did an ostrich come visit?
[04:15]
Joe Kerrigan
It was not that big, but, you know, maybe a duck that lays colored eggs.
[04:19]
Dave Bittner
Yeah.
[04:19]
Joe Kerrigan
Because all my eggs are. They're not white. They're brown, green, pink.
[04:23]
Maria Varmanzas
They're getting ready for Easter.
[04:25]
Dave Bittner
Yeah.
[04:25]
Joe Kerrigan
Well, actually, two of the birds we have are called Easter eggers.
[04:28]
Maria Varmanzas
There you go.
[04:29]
Joe Kerrigan
I couldn't tell you which ones they are. Yeah. Because I haven't watched them lay eggs. But two of them are Easter eggers, two of them are olive eggers, and two of them are Americanas.
[04:37]
Dave Bittner
Okay.
[04:37]
Joe Kerrigan
And they are true Americanas. They match the breed standards. So I may set them aside for a little while and take some of their eggs and try to breed these chickens. See if I can just make Americana chickens.
[04:49]
Dave Bittner
Okay.
[04:50]
Joe Kerrigan
And who knows, if I. If I'm successful, I might have some chicken down the road to eat, I mean.
[04:56]
Dave Bittner
Yeah.
[04:57]
Maria Varmanzas
Yeah. Mm.
[04:59]
Joe Kerrigan
I don't know how prepared I am to do that, though.
[05:01]
Maria Varmanzas
Yeah.
[05:03]
Joe Kerrigan
But we'll find out.
[05:04]
Dave Bittner
Pets or food?
[05:06]
Joe Kerrigan
Yes. So my wife cracked this egg open yesterday morning, actually, and it was a double yolk egg. So there were two yolks inside, which is amazing.
[05:16]
Dave Bittner
Yeah.
[05:16]
Maria Varmanzas
Lucky.
[05:16]
Dave Bittner
Lucky. The yolk is on her.
[05:20]
Joe Kerrigan
So of Course, me being the chicken nerd that I am, I immediately go to, could this. Would this have been a viable egg? Would you know, would this have been twins? Would this have been two chicks and one egg?
[05:32]
Dave Bittner
Right.
[05:32]
Joe Kerrigan
What would have happened? And I don't know. I don't know the answer to that. Are double yolk eggs viable for hatching chickens out?
[05:39]
Dave Bittner
Right. Can two embryo chick embryos make it to full term right inside the same shell?
[05:47]
Joe Kerrigan
Yeah, I don't know.
[05:48]
Dave Bittner
I wouldn't imagine so.
[05:49]
Joe Kerrigan
I wouldn't imagine that. It's possible. Yeah.
[05:50]
Dave Bittner
Yeah. But who knows, you know?
[05:52]
Joe Kerrigan
But I know.
[05:53]
Dave Bittner
Life finds a way.
[05:54]
Joe Kerrigan
Yes, that's right. As we learned from Jurassic Park.
[05:57]
Dave Bittner
That's right.
[05:57]
Joe Kerrigan
And actually, much of Michael Crichton's writing.
[06:01]
Dave Bittner
All right, well, we've got a little bit of follow up here. Maria, do you want to do the honors here and read this for us?
[06:07]
Maria Varmanzas
Sure. This one comes from our listener, Michael, and he writes. Hello. I recently listened to the latest episode of the Hacking Humans podcast. Thank you, Michael. And I wanted to bring up a point about the differing outputs between D. I just mixed up the first letters of your name between Joe and Dave on ChatGPT. Interestingly, this AI platform allows users to modify the personality of the model. For instance, I made my CHAT box witty, but strictly objective. This might have influenced the differences in their outputs on the show. Very respectfully, Michael, gentlemen, what are your thoughts on that one?
[06:42]
Joe Kerrigan
Entirely plausible.
[06:44]
Dave Bittner
Yeah, I think so.
[06:47]
Maria Varmanzas
Have you done any modifications or.
[06:49]
Dave Bittner
Well, I have some. What do they call them, GPTs, some specific instances. Because you can specify specific instances that you want to do specific things.
[07:03]
Joe Kerrigan
Right. And they just maintain the context.
[07:06]
Dave Bittner
So I have a specific instance that is designed to do strict attribution. So sort of try to head off any hallucination or anything like that. And it has, I don't know, eight or nine pages of instructions for how it's supposed to handle things.
[07:25]
Maria Varmanzas
Wow.
[07:25]
Dave Bittner
Yeah. Now, when I asked the question on our last show, I was not using that model. I was using just the regular one. But what I don't know is, is it possible for the two to bleed into each other? Or, you know, has ChatGPT built a larger, broader model on my overall use so it kind of figures out how I like my answers to be?
[07:45]
Joe Kerrigan
Yeah, that's entirely possible. I have not done any fine tuning on it, aside from the voice. For the voice interface, I found that remarkably useful. I was using it last night on the way home because we. Again, I'm in class, so we were talking about statistical Things, and I needed a refresher on some, and I just essentially open it up, and it comes up like a phone call on the car's Bluetooth, and I just start asking it questions about statistics, and I go, oh, yeah, that's right.
[08:11]
Dave Bittner
Oh, yeah, yeah. Okay.
[08:14]
Joe Kerrigan
It's asking about null hypotheses and alternative hypotheses and things like that. It was great.
[08:19]
Dave Bittner
So, like having a study partner, right?
[08:21]
Joe Kerrigan
Exactly. I use it for that a lot.
[08:23]
Dave Bittner
Wow.
[08:24]
Maria Varmanzas
As you drive, too, that's really making the most of your time.
[08:26]
Joe Kerrigan
Yes, well, I don't have a lot of time, Maria. So, like, somebody recommended.
[08:31]
Dave Bittner
None of us do, Joe. None of us do.
[08:33]
Joe Kerrigan
Somebody recommended some books to me on World War II, and I'm like, I really want to read those, but I just don't have. My library system has audiobooks. I think I'll get them on audiobooks and see if I can listen to them on the way into work and the way out.
[08:45]
Dave Bittner
There you go. Yeah, very nice.
[08:47]
Maria Varmanzas
Have you heard of this thing called podcasts?
[08:48]
Joe Kerrigan
Yeah.
[08:49]
Maria Varmanzas
Well, a lot of people like to listen to those as they drive.
[08:52]
Joe Kerrigan
Right.
[08:53]
Dave Bittner
Hardcore history. Is that.
[08:54]
Joe Kerrigan
That's the one I'm listening to right now, actually. I'm listening to the. Which is, by the way, one of the best podcasts I've ever listened to. Second only maybe to this one.
[09:06]
Maria Varmanzas
Okay, well, they both start with hh, so that's obviously the reason.
[09:10]
Joe Kerrigan
Right, right.
[09:11]
Dave Bittner
People accidentally stumble upon ours when they're looking for that one.
[09:14]
Joe Kerrigan
Right.
[09:17]
Dave Bittner
All right, well, very good, and thank you, Michael, for sending in that kind note. We do appreciate it, and of course, we'd love to hear from you. If there's something you'd like us to consider for the show, you can email us. It's hackinghumans2k.com. Every attacker counts on one thing. Environments that Trust too much. ThreatLocker closes that gap with default deny at execution. Unknown software blocked. Trusted apps contained with ring fencing configurations verified with Threat Locker DAC so you stay secure and compliant. ThreatLocker delivers the visibility and control CISOs need without adding operational pain, making zero trust real for teams of any size. Stop ransomware at its earliest point. Book a demo@threatlocker.com N2K. All right, let's get to our stories here. This week, I'm going to lead things off for us. My story comes from the folks over at the Register, and it's a article about payroll pirates and business social engineering. So I think when most people think about cybercrime, they're probably thinking about ransomware. Or maybe phishing emails. But this particular story starts with something a little more ordinary, which is a phone call to a help desk.
[10:52]
Joe Kerrigan
Who makes the phone call?
[10:53]
Dave Bittner
Well, we're gonna get to that. Okay, so back in December of 2025. So last year, a couple months ago, there was the threat research team at Binary Defense. They call themselves Arc Labs. They investigated a case. They investigated a case rather that John Dwyer, who is the company's chief technology officer, says should get every organization's attention. So this had to do with a physician, A doctor. His paycheck was quietly redirected into a criminal's bank account. There was no malware, there was no flashy exploit, just pure social engineering and some weak processes within the organization. So the attackers began with compromised credentials that were tied to a shared mailbox at a healthcare facility. So file that away. Shared mailbox. Right.
[11:47]
Joe Kerrigan
Okay.
[11:48]
Dave Bittner
And the researchers weren't sure exactly how the credentials were stolen. There wasn't any evidence of phishing or anything like that. And so they suspect they might have been harvested in an earlier breach. But once the bad guys were inside that shared mailbox, they sat back and they observed. They bided their time, they studied the internal communications. They figured out who was who and who had authority to unlock their next step. And once they figured that out, they called the help desk, and the caller claimed to be a physician who. Who was locked out of their account and unable to see patients. So what do we got here, Joe?
[12:27]
Joe Kerrigan
We got a very urgent call. That is the time horizon is now.
[12:34]
Dave Bittner
Yes.
[12:34]
Maria Varmanzas
Yeah.
[12:34]
Joe Kerrigan
Right.
[12:35]
Maria Varmanzas
It's about as big an emergency as it gets.
[12:37]
Dave Bittner
Yeah, I remember us talking about this, Joe, when you were at Hopkins downtown. That like. I remember you telling me that, like, if anything got in the way of doctors being able to do their doctor stuff, it wasn't in the way for long, right?
[12:52]
Joe Kerrigan
It got removed. Yeah, that's correct.
[12:54]
Dave Bittner
Yeah.
[12:54]
Maria Varmanzas
Especially at Hopkins. My goodness.
[12:56]
Dave Bittner
Right, so this is an urgent call. The name's all matched, the access level checked out. And so the help desk reset this person's password and their multi factor authentication. And just like that, the attacker had full access to a legit account. From there, the hacker authenticated through the healthcare's virtual desktop infrastructure. They registered new devices, then they logged in, and they changed the direct deposit details to an attacker controlled account. So basically what happens is, whenever this physician gets paid the money, instead of going to his account, goes to the bad guy's account.
[13:38]
Joe Kerrigan
And I imagine because they had the level of access they did, they were able to delete any email Notifications that were sent.
[13:44]
Dave Bittner
Right. And they point out in this article that because the login came from inside the company's trusted environment, the security tools just saw what looked like a normal internal user. And there were no alarms, there were no red flags. They were only tipped off when the physician called and said, why haven't I been paid?
[14:05]
Joe Kerrigan
Yes. Where's my money?
[14:07]
Maria Varmanzas
Oh, my God. Yeah.
[14:08]
Dave Bittner
Right, Right. So I think the point here is that in this case, it wasn't just about hacking systems, it was about hacking identity.
[14:18]
Joe Kerrigan
Right.
[14:18]
Dave Bittner
And they're talking about how a lot of organizations consider identity to be the new perimeter. When the attackers come after a trusted person, the perimeter defenses might not matter.
[14:30]
Joe Kerrigan
Yes, absolutely.
[14:31]
Maria Varmanzas
Yeah. Because I was thinking, as you were describing this, I'm going. This almost sounds like you could describe it as if it was like an insider threat, but it's not. That's not what an insider threat means. But if this was a legitimate person with bad intentions, that sort of would match that kind of idea of you wouldn't see the call coming from inside the house.
[14:49]
Dave Bittner
Right, Right. Yeah. So it's a way that the bad guys were able to get in and pretend to be the insider, which in a way, makes it an insider threat. It's a threat from someone who has insider access and privileges.
[15:02]
Joe Kerrigan
Yeah, but they shouldn't be there to begin with. They've already made the intrusion.
[15:05]
Maria Varmanzas
Yeah. It's not a disgruntled employee, which is like that classic insider. But, yeah, it's a bit of a Russian nesting doll situation.
[15:13]
Dave Bittner
Yeah. So I want to swing back around to this notion of shared mailboxes. They say that shared mailboxes create risk because if one set of credentials is compromised, that can be a launch pad for all sorts of impersonation and privilege escalation. And I think a lot of organizations use shared mailboxes for convenience. I know we have a couple that we use, you know, here for cyberwire stuff, for landing places for people sending us PR things. And, you know, there's all kinds of things.
[15:46]
Joe Kerrigan
But it has been years since I did any exchange or email administration. Yeah, but what does a shared mailbox get you that an alias or a mailing list could. Doesn't get you? Like, you know, you can. You can create a. In. In Exchange and Outlook. You can create a mailing list.
[16:06]
Dave Bittner
Right.
[16:07]
Joe Kerrigan
That then just sends email to whoever you need it to go to.
[16:12]
Dave Bittner
Yeah.
[16:14]
Joe Kerrigan
And I'm wondering if there's even if they had compromised an email account that had access to or received mail from that mailing list. Would the outcome have been the same?
[16:24]
Maria Varmanzas
Is the setup for one significantly easier than the other?
[16:28]
Dave Bittner
Yeah, I don't know.
[16:28]
Maria Varmanzas
Is it just friction for the process? I'm wondering.
[16:30]
Joe Kerrigan
Yeah, I don't know. I think setting up a mailing list is very easy.
[16:33]
Dave Bittner
But I guess the thing that maybe having a shared email box lets you do is that any of the people who have access to that email box can email from that email address.
[16:44]
Joe Kerrigan
Right. And then they can.
[16:45]
Maria Varmanzas
Everyone can see what's been sent.
[16:47]
Joe Kerrigan
Exactly. Or rent.
[16:48]
Dave Bittner
Right.
[16:49]
Maria Varmanzas
Yeah. And I'm also imagining a mailing list requires more maintenance from the IT team because people have to be added and removed all the time. Right. As employees come and go. Shared inbox. Hey, a new person just joined. Here's the credentials for the shared inbox. Just add it to your account or something. It's much less overhead.
[17:04]
Dave Bittner
Right. But in this case, it was a window into the organization.
[17:09]
Joe Kerrigan
Right. And their processes.
[17:10]
Dave Bittner
Yeah. And let them gather all that information to then go after a high value target. So they also point out, they say, obviously payroll and HR platforms are high value targets and direct deposit changes shouldn't be considered just administrative updates. They are financial events. So they should trigger some kind of red flag or extra level of scrutiny. They say that organizations should treat payroll changes like wire transfers with confirmation mechanisms, temporary holds and fraud review workflows. So I think that makes sense. They said the technology to do that already exists. The gap is often processed. I think that's right on.
[17:56]
Joe Kerrigan
Yes.
[17:56]
Maria Varmanzas
Yep.
[17:57]
Joe Kerrigan
I will agree with that.
[17:58]
Maria Varmanzas
That is often the case. Yeah, yeah, yeah.
[18:00]
Dave Bittner
And then finally they say when criminals target paychecks, every employee on earth becomes a potential victim.
[18:06]
Joe Kerrigan
Yeah.
[18:07]
Dave Bittner
And. Yeah, that's true. It's true. All right, that's my story for this week. We'll have a link to that in the show notes. Maria, what do you have for us?
[18:16]
Maria Varmanzas
Oh, this? I love this story. It's about authors and artists. So this one makes me happy, but sad that it's happening. But. So this story actually comes from the New York Times via a first person story from memoir author Dan Barry, who was talking about something that he flagged very quickly as a scam when he started receiving very flattering emails about a book that he had written 20 years ago that was long out of print, praising his work in excruciating or impressive level of detail. And in these emails that he was getting, he was also receiving offers of complimentary help to promote these books. And for a split second he was going, oh, someone is finally recognizing the genius of this old work. Of mine that's been long put in the garbage bin.
[19:07]
Joe Kerrigan
My talent.
[19:09]
Maria Varmanzas
Right. But thankfully within that split second he went, oh, this has got to be a scam. I mean, he identified it right away and he figured that out. Well, which is how this article starts. But his main question was why? Because, you know, authors famously have a lot of money, right? So yeah, they're loaded.
[19:27]
Joe Kerrigan
Every one of them is just like Stephen King.
[19:29]
Maria Varmanzas
Billions of dollars piled up to just go after people with no monies. Yeah. So he was just wondering why and how widespread of a problem is this? So he did some digging into specifically the world of scams targeting authors and he found that the, the scam method, of course using AI to blast these out en masse, was that they do often open with these very polished personalized email about work that has often gone unnoticed with very specific themes from the books. Sometimes it's been pulled from blurbs or reviews if some exist. Other times it's just, I don't know if they're just finding a preview somewhere. And then these emails will impersonate real publishing professionals and organizations and on top of it will link to very legitimate looking fake websites that impersonate legitimate institutions. So one of the ones that he found in his digging was one called the. It was a national book foundation website, but the site was totally fraudulent. But if you look through it and clicked around, you would have no reason to think that this was fake in any way. And over the course of many different levels of correspondence with these scam emails, you'll eventually get to the ask, which is of course for money, a substantial fee for marketing or proofreading or other some such service that of course was never actually rendered with a person that doesn't actually exist. But of course there is a money ask in this because real foundations that do these things don't offer such services. But anyway, of course if a person does actually pay the small fee for marketing or whatever, the victim then gets completely ghosted and nothing is ever given to them and the fee is just taken and the scammer runs with it. And it was just interesting that apparently in the publishing world there are so many different variations on this, but they all sort of follow that same script, but different flavors of this. One can be fake literary marketers that are promising exposure, everyone's favorite word in the arts world. Private reading communities that sell positive reviews for a mere $20 per review, which sounds like really easy marketing fee. I honestly that's pretty cheap for a marketing fee. Fake book clubs that charge appearance fees that should never be a thing. But yes, that's a thing that these scammers are saying. Impersonations of famous authors that are offering mentorship. Again, not a thing that ever should be offered for a price. And then there's even bogus republishing deals with fake licensing or insurance fees. So if you're a self published author, which there are many in this world, and you know, there's nothing wrong with that, a lot of times it seems sort of a mark of legitimacy if you then get picked up by a real publishing house. So these scammers know that people are waiting for that golden ticket moment of hey, someone's noticed my brilliant work and maybe now I'm going to be a real author.
[22:21]
Dave Bittner
Right.
[22:22]
Maria Varmanzas
So it's a long running industry problem. Variations of this have existed as long as the vanity press has existed. But AI has of course put these on firehose blast and they're going after specifically the aspiring and self published author subset which also is going gangbusters right now. So it just, it feels very mean because these scams are targeting a lot of these authors insecurities about maybe not feeling as legitimate as they'd like to be. And then a lot of times these folks are working in isolation and or don't really know how the legitimate market is supposed to work because there's a lot of communal knowledge that gets shared, I think by quote unquote, legit published authors that self published authors don't get access to. So it's just like, it's amazing that just these little $20 scams here and there, I guess adding up enough that scammers feel that this is worth going after. But there's a little layer to this that I wanted to also mention that this is certainly not the only industry that I really would not have expected to get hit, but is apparently medical professionals and scientific research communities have also been getting hit with scams like this for a lot. I think we've talked about this a little bit lately about fake scientific papers or journals soliciting lower level academics for them to submit their papers for a hefty fee. I think Joe, you mentioned that.
[23:47]
Joe Kerrigan
Yeah, this has happened to me. I got published a few times when I was working at Hopkins and as soon as I got my first publication into a real conference proceedings, I started getting emails from all over the world inviting me to submit papers to obscure conferences. I just ignored them.
[24:10]
Maria Varmanzas
Yeah, and that was, I see a lot of chatter on social media about this, especially from the scientific community that they're getting Multiple of these scams a day. But being asked to speak at conferences that don't exist. Scam apparently is this sort of new twist on this one and it is getting some folks because again, the websites for these conferences, even legitimate conferences, the websites aren't always that great. So a sort of weird looking conference website is not always a tell. But people are flying to these locations all over the world and showing up for a conference that doesn't exist on their own dime, of course, and finding out when they arrive at the hotel to speak that the hotel's like, what conference are you talking about? We have no such record of that here. Or worse, the hotel itself doesn't exist. That one's, I've heard a few of that one as well. But this, this scam has been going on long enough that actually the journal Nature, the journal Nature actually did a whole expose about this in 2024 about predatory conferences. So it's just, again, it's just getting a lot worse. And people have been saying, oh yeah, I used to just be able to ignore these or my spam filter would catch them and they would never make it to my inbox. But now people are getting flooded with them practically daily because I guess spam filters aren't able to keep up or recognize with the sophistication that these campaigns have now that they are spammy. So the personalization at mass scale is just making it very difficult to stop these scams in their tracks. So yeah, it's preying on people's hopes and ego and a little bit of their fears, but mainly that vulnerability that I need to be recognized for success.
[25:43]
Dave Bittner
Yeah.
[25:44]
Maria Varmanzas
And that's just a very hard one to get around because people's livelihoods depend on that level of recognition. So.
[25:49]
Dave Bittner
Well, I was wondering, is there a certain degree of pre filtering that could happen here? And I don't want to be unkind, but a person who self publishes already believes that other people are interested in what they have to say.
[26:07]
Joe Kerrigan
Right?
[26:07]
Dave Bittner
Right, right.
[26:08]
Joe Kerrigan
Maybe. But they also have, you know, they also have sales numbers because you can self publish a book with Amazon, they'll actually print the book up and sell it to people. And of course you can sell it on their platform as well, their Kindle platform. And then they never have to print anything, right?
[26:24]
Dave Bittner
Yeah. And there's print on demand publishers that will just do as many as are ordered and so on. But I guess my question is if you're already primed to think highly enough of yourself that other people are going to see what you have to say, does that prime you for these people coming in and reinforcing that notion and saying people do really do want to hear what you have to say?
[26:47]
Joe Kerrigan
Well, yes, I could see that.
[26:49]
Maria Varmanzas
I mean, I could see that. I mean, I've used self publishing before. I have books published that way. Mainly because I just don't want to try and go through the actual extraordinarily arduous process of working with a publisher because that is just an incredibly difficult process that takes super long time and I'm impatient.
[27:04]
Dave Bittner
Yes.
[27:05]
Maria Varmanzas
So, but I would, if I got an email like this, I would go, this is definitely not legit, because there's no way anyone would have heard of this stuff that I did. But there are many people that. I think you're absolutely right. Dave would go, oh, yes. This is that moment I've been waiting for. I just knew someone needed to recognize my brilliance. So
[27:26]
Dave Bittner
I get a version of this in my inbox probably two or three times a week. And it's podcast related. And you've probably seen this too, Maria, all the time. Because it says, hello, do you get them, Joe?
[27:39]
Joe Kerrigan
Yeah, I get them on LinkedIn.
[27:40]
Dave Bittner
Okay. I get them in my inbox and it says, hello, Dave. Just the other day I was listening to your podcast, Hacking Humans. I particularly enjoyed the part where you talked about scams and frauds. I'm wondering if you're interested in marketing this to more people. Let me know. You know, and so they're all the exact same template.
[28:02]
Joe Kerrigan
Right.
[28:03]
Dave Bittner
And I get them about any show that I'm on or I've done, or even shows, actually. What's funny is I get them about shows that I haven't done for years.
[28:11]
Maria Varmanzas
Yes.
[28:12]
Dave Bittner
So they're just scraping through the old libraries, the bins.
[28:17]
Maria Varmanzas
Yeah. I get back, just like with Dan, a book of his he had written 20 years ago that he said the top of his story was in the remnants bin. It's basically the one where they tear the COVID off and they put it in the back of the store and it's 50 cents, please take it. Yeah, I get, I get stuff like that. Or, you know, they. People saying, what's it like to host a show that I only guessed it on? Stuff like that. Oh, gosh.
[28:44]
Dave Bittner
Right.
[28:45]
Maria Varmanzas
Yeah, Obvious errors there. But if, if they had gotten the details correct, I don't know, maybe it could appeal to my ego and make me think, oh, I don't know. But point of order, you should never
[28:56]
Joe Kerrigan
buy a book that said the COVID torn off. So what happens there is they tear the COVID off. And they send the covers back to the publisher and the store gets refunded for the purchase of the book and the author doesn't get any credit for it, any money. So, yeah, they're supposed to just destroy the books. But you're right, some of them don't.
[29:17]
Dave Bittner
This is a common thing in comic books. I remember where they're supposed to send the covers back and destroy the comic books. But what a lot of comic book stores would do is bundle up two or three comics in a bag that don't have their covers on them and, you know, buy, get them super cheap. But they're, you know, they weren't popular to begin with. So right now.
[29:39]
Maria Varmanzas
Yeah, sometimes it's the only way you can afford to buy these things. You're not supposed to buy those books, but yeah. Yeah.
[29:49]
Dave Bittner
All right. Interesting stuff for sure. We will have a link to that story in the show Notes. Let's take look. A quick break here to hear from our sponsor. We'll be right back after these messages. Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With ThreatLocker, allow listing, you stop unknown executables cold. With ring fencing, you control how trusted applications behave. And with threat locker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. It's powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today. And we are back. Joe, you are up. What do you got for us?
[31:16]
Joe Kerrigan
I got some good news today, Dave. I don't know if it's all good news. I mean, it's not as good as I'd like it to be, but it's pretty good news. Okay, so a while ago we were doing stories on gold bar scams, and here's how this works. Usually the target is an elderly person. They get a phone call or an email that says, hey, your bank account's been compromised. You need to give us custody of all your money. But we want it in gold. That's the best way for you to move it to us. So we're gonna Have a courier show up at your house, and he's gonna take your gold and keep it safe for you. Of course, the gold is gone when you give it to them. We were wondering, what happens to that gold? Where does it go?
[31:58]
Dave Bittner
Right.
[31:59]
Joe Kerrigan
Well, there are some gold bar scammers getting busted, and a lot of this is happening out of Texas. And I looked on the FBI's website. They had stories about the Maryland scams, but they're happening everywhere. But on January 29, there was a raid at two stores, one in Irving and one in Frisco, Texas, which are both suburbs of Dallas. And they raided these jewelry stores and arrested two people and took a bunch of gold and cash into custody. And across Texas, depending on which story you read, the victims have lost somewhere between 55 million and 75, $74.5 million in these gold scams. So the Texas, The Collin County Sheriff was very interested in busting some of these guys. The federal, state, and local police were all involved in this. And they set up a task force from the Collin County Sheriff's and began arresting suspected couriers around the Dallas Fort Worth area. And they were charged as part of being part of this scam. And eventually they wound up getting into the network here. And they found out that these stores were buying this gold from the couriers and then melting it down into jewelry, primarily bracelets, or they were exporting it from the country. They were sending it somewhere else. So in this first raid on the 29th, three people are arrested, and they had an armored car come and haul away all the evidence. But they also got some forensic evidence and they exposed more of the network. So on 25 February, there were three more raids of one of a company called Melani M A L A N I Jewelers. They had a location in Decatur, Georgia, and Richardson, Texas, also a suburb of Dallas, Fort Worth, and the Orlando Gold Refinery in Florida.
[34:10]
Dave Bittner
Okay.
[34:14]
Joe Kerrigan
They conducted these raids and arrested 20 people. And again, they said that the stolen gold was subsequently sold to these jewelry stores, including Milani Jewelers and Salma Jewelers, which is, I guess, one of the earlier rated ones. I couldn't find a reference to it. But these companies were also accused of operating illegal gold melting operations.
[34:42]
Dave Bittner
Huh. Now, I didn't know that was a thing.
[34:45]
Joe Kerrigan
I didn't know that was a thing either. So I looked up, looked up the illegal gold mining. I actually asked Google, is it illegal to. To melt gold?
[34:58]
Dave Bittner
Yeah.
[34:58]
Joe Kerrigan
And it is generally not illegal unless there are a few restrictions. Like you can't. There are some gold coins you can't melt for jewelry and scrap. There's no federal regulations. But if you intend to commit fraud of any kind, that's illegal. So also, by the way, melting pennies is now illegal. Old pennies, really? Yeah. Because an old penny that's made out of solid copper is now worth more than one cent.
[35:28]
Dave Bittner
Oh, yeah.
[35:29]
Joe Kerrigan
So that's been illegal since 2007.
[35:33]
Dave Bittner
Hmm. It's interesting because as you were describing this story, I was thinking that gold is kind of, I don't know if it's singularly unique, but I guess any of these precious metals that you can alter their form without them losing any value.
[35:51]
Joe Kerrigan
Right.
[35:52]
Dave Bittner
Which you can't do with paper money, you can't do with a painting, you can't do with a diamond. Right. But gold, you can just melt down into any shape you want it to be.
[36:02]
Joe Kerrigan
That's right.
[36:03]
Dave Bittner
And it's just as valuable as it was before.
[36:06]
Joe Kerrigan
In some cases more valuable because you're paying for the artisan and craftsmanship. You know, the jewelry business is tough, Dave. It's very competitive. There's lots of jewelers out there. So if you can eliminate the cost of gold and just scam people out of their life savings and get that gold, then you've really made this an all profit operation.
[36:27]
Dave Bittner
Well, and there's so many of these cash for gold places that have popped up all over the place.
[36:33]
Maria Varmanzas
That's always a sign of things going super well.
[36:36]
Dave Bittner
Right, right, right. Here's a place for you to liquidate your assets for cash.
[36:42]
Maria Varmanzas
I remember when it seems to go in cycles, they pop up when things are going super well and then they go away and then they come back again when same things happen.
[36:52]
Joe Kerrigan
Right.
[36:52]
Dave Bittner
So yeah, I mean, it is a challenge, you know, I know. You know, the, the. When my father passed away, he had some, some gold things, you know, from him, from my mother. And, and it's hard to know what the right thing to do with them is because it's one of those situations where like, I don't know anything about jewelry.
[37:13]
Joe Kerrigan
Right.
[37:14]
Dave Bittner
You know, so how do I know? How do you find someone who you can trust? And so, you know, you ask around and you hopefully you have, you know, someone who knows someone.
[37:24]
Joe Kerrigan
But I don't trust anybody in the jewelry business. No, I just don't.
[37:27]
Dave Bittner
Okay.
[37:28]
Joe Kerrigan
You know, and my wife and son have both been in the jewelry business and you know, we were having a family conversation.
[37:36]
Maria Varmanzas
I'm going to try not to read into that too much, Joe, because or
[37:38]
Dave Bittner
so they said, a little bit of
[37:40]
Maria Varmanzas
a needle Scratch right there.
[37:42]
Joe Kerrigan
They both were, they both work for retail jewelers, so they knew all they had. You know, they got the gemologies, certificates and everything. But one of the things my wife was absolutely insistent upon and my son as well, is they were both saying you can't stamp gold that isn't 14 carats with a 14 karat stamp. And my father in law and I both looked at my this the first conversation we had, I said, I guarantee you can do that. I absolutely guarantee you can stamp. I could stamp aluminum with a 14 karat gold stamp. I'll bet. I have no problem doing that. Okay, give me a 14 gold stamp. A 14 karat gold stamp and I will stamp whatever you want. I'll stamp a thing of cookie dough.
[38:25]
Maria Varmanzas
Wait, wait, Joe, I think that. Are you talking about physically stamping a thing or are they just saying in theory the law says that you're not supposed to do this?
[38:33]
Joe Kerrigan
In theory the law says. That's what they mean. They mean it's not supposed to do that physically.
[38:37]
Maria Varmanzas
Can I just stamp a thing and of course you can stamp anything.
[38:40]
Joe Kerrigan
Right? And you have no guarantee that somebody hasn't done that to a piece of maybe what they call eight karat gold. Right. Which isn't actually gold in the United States, it's something else. It's like a gold alloy. But you can't sell anything less than 10 carats in the United States. Which by the way means there are 24 karats of gold. A 24 karat gold item is 100% gold. A 12 karat gold item is 50% gold. Okay, so you know, you could make a 12 karat gold item and stamp it with a 14 karat gold thing, no problem. And there's no way the layperson is going to be able to walk up and tell.
[39:20]
Dave Bittner
Right?
[39:21]
Joe Kerrigan
Which is why I never trust jewelers.
[39:24]
Dave Bittner
Okay, I'm sitting here as we're talking, I'm looking at my wedding ring and I. Unfortunately my eyes are no longer good enough for me to see anything that's etched in it.
[39:34]
Joe Kerrigan
I need a magnifying glass.
[39:36]
Dave Bittner
Yes, exactly.
[39:37]
Joe Kerrigan
Bought one of those.
[39:39]
Dave Bittner
But one thing I do remember about gold from my childhood and Joe, you and I are old enough that I don't know if this happened to you, but when I was in high school, part of science class is that we would just freely play with mercury.
[39:57]
Maria Varmanzas
Oh, I'm so jealous.
[39:58]
Dave Bittner
Yeah, it was just like, oh, I
[40:00]
Maria Varmanzas
remember hearing those stories of people.
[40:02]
Dave Bittner
Just like I wanted to fill a story swimming pool with this stuff to
[40:04]
Joe Kerrigan
see like, see if you float well,
[40:06]
Dave Bittner
see if I could get to the bottom, you know. Right, right.
[40:10]
Joe Kerrigan
Get to the bottom, and that's where you'll stay.
[40:12]
Dave Bittner
Yeah. There was never any mention of it being a neurotoxin or anything like that. We were just, you know, toss. Scooching it around on tables and so on and so forth.
[40:23]
Maria Varmanzas
But good old quicksilver.
[40:25]
Dave Bittner
Yeah. What I remember is one of my classmates, she had a gold ring. And so we were seeing all the different things that would float on top of mercury. So you could float a quarter on top of a little container of mercury. So she took a gold ring and put it in the mercury and did not know that mercury and gold are reactive to each other, and mercury will dissolve gold. Yeah. In this case, it just made the gold highly brittle.
[40:56]
Joe Kerrigan
Oh, really?
[40:57]
Dave Bittner
Yeah. So she took the ring out. Like, she doesn't. Like, it bubbled and, you know, exploded, or it was a big flash puff of smoke. It didn't seem like anything was wrong. But when she took the ring back out, you know, wiped it off with a paper towel and then went to put it back on her finger, it just cracked and looked apart.
[41:13]
Joe Kerrigan
The gold is a flexible element.
[41:15]
Dave Bittner
Yeah.
[41:15]
Joe Kerrigan
So you take that out, it's soft.
[41:17]
Maria Varmanzas
Yeah.
[41:18]
Dave Bittner
Right, right. So it turns out there is a process by which you can get your gold back, but it is neither easy nor inexpensive. So I learned a lesson that day about it's alchemy.
[41:28]
Maria Varmanzas
You take some lead, you have to give something of equal value. Naran.
[41:33]
Joe Kerrigan
Yeah.
[41:33]
Dave Bittner
Yeah. But nowadays, I mean, sheesh. Somebody, you know, spills a little drop of mercury in the science classroom. And it's. The school's a super fun site.
[41:43]
Joe Kerrigan
The hazmat team comes in.
[41:45]
Dave Bittner
Right, right.
[41:46]
Maria Varmanzas
Yeah. I never got to do that. I remember hearing or I remember my science teachers telling us that we used to do stuff like that, but we learned that that was a bad idea.
[41:55]
Joe Kerrigan
I actually didn't get the opportunity to play with mercury, but I did get the opportunity to have radioactive elements in the class.
[42:03]
Dave Bittner
Yes, yes. There's old science kits that came with them.
[42:07]
Joe Kerrigan
Yeah.
[42:08]
Maria Varmanzas
We need wine. I think that's probably a bad idea that we did fermentation experiments to make bad, bad wine. But that was probably a bad idea.
[42:15]
Joe Kerrigan
Yeah. You can also ferment other stuff. You can ferment milk into cheese very easily. Lots of things you can do that
[42:21]
Maria Varmanzas
way, you know, but. Yeah, but we did grape juice. And I'm thinking, looking back on it, I'm going, yeah, we could have done cheese. We could have made yogurt.
[42:26]
Joe Kerrigan
Right.
[42:27]
Dave Bittner
Probably wouldn't float these days. I remember. Yeah. I remember in elementary school, a kid brought in a shotgun for show and tell.
[42:37]
Maria Varmanzas
That is the most American thing I can possibly think of.
[42:40]
Dave Bittner
And nobody thought anything of it. Like, of course not. His dad came in with the gun, you know, so it was all.
[42:45]
Maria Varmanzas
It was all America.
[42:50]
Dave Bittner
This is a Winchester, you know, ought.40 or. I don't know anything about guns. Oh, my God.
[42:56]
Joe Kerrigan
So I asked my father. My father had this old replica of a Kentucky war rifle. It was a black powder gun. I think it was.45 caliber. So it wasn't actually a real Kentucky war rifle, which are.50 caliber. And I said, hey, I'm gonna do this at show and tell. I have to. Or not show and tell. It was instructive speech. How to pack and fire a black powder rifle. Can I take the gun into school today? Right. Cause I had already had plans for this. Right. I didn't clear it with him until the day. The day of the speech. And my dad looks at me and goes, what, are you nuts? No, you can't take a gun to school.
[43:35]
Dave Bittner
And then, of course, not anymore.
[43:37]
Joe Kerrigan
Yeah. When I went to high school, did you have this? I went to high school in eastern Montgomery county, which was very rural when I was growing there. And you'd pull up to the school, like in October, and half the pickup trucks in the parking lot had shotguns or rifles in the windows.
[43:58]
Maria Varmanzas
That was the case even for me in the early 2000s in Massachusetts, where I grew up.
[44:03]
Joe Kerrigan
Right.
[44:03]
Maria Varmanzas
Which is. Sounds nuts given our gun laws, but that was actually when hunting season started. That was pretty normal. And I can't even imagine that being a thing now.
[44:11]
Joe Kerrigan
And if I'm not mistaken, it was the gun racks in the window were to comply with state law that if you had a gun in your window, in your car, and you were going to. Going to go hunting with it, you had to have that gun visible.
[44:23]
Dave Bittner
Yes.
[44:24]
Joe Kerrigan
For when you got pulled over.
[44:25]
Dave Bittner
Yes, that is true. I know. Well, I know, for example, in Virginia, our neighboring state to the south, that's true with sidearms as well. Like, if you're traveling with a sidearm, it has to be in a place that's visible. So unlike unloaded. And again, I'm not an expert when it comes to firearms, but I had a friend who was. And we were going, like, camping somewhere where there was an issue with potentially problems with, you know, big mean animals.
[44:54]
Joe Kerrigan
Yes.
[44:54]
Dave Bittner
And so this guy brought his sidearm, and I remember him telling me when we got in his truck, you Know, this is. This is why this revolver or whatever it was, actually, it was like a nine millimeter. It's going to sit on the cushion between the two of us.
[45:08]
Joe Kerrigan
He's gonna use a 9 millimeter on a bear?
[45:10]
Dave Bittner
Well, I don't know, Joe.
[45:12]
Maria Varmanzas
I'd like to see him try.
[45:13]
Joe Kerrigan
Not a good idea.
[45:14]
Dave Bittner
Yeah, I don't know. But anyway. Yes. All right, so we are hell of
[45:21]
Joe Kerrigan
a way off topic here.
[45:23]
Maria Varmanzas
Wow.
[45:24]
Dave Bittner
Yeah.
[45:24]
Joe Kerrigan
Anyway, they busted some of these guys this game.
[45:27]
Dave Bittner
Gold. All right, Long story short.
[45:30]
Joe Kerrigan
Yeah, hopefully they're the. One of the. One of the law enforcement officers I was reading said we've only gotten back $400,000 from these people. We're hoping that that number goes up now. Okay, so they have seized millions of dollars in gold. And with 23 arrests, hopefully some people spend a lot of time making big rocks into small rocks, especially in Texas.
[45:53]
Dave Bittner
Right? All right, we'll have a link to that story in the show notes. Joe, Maria, it is time for our catch of the day.
[46:11]
Joe Kerrigan
Dave. Our catch of the day comes from the scambait subreddit. Keanu Reeves wants to talk to somebody.
[46:18]
Maria Varmanzas
Ooh, Keanu.
[46:20]
Dave Bittner
That's right. So turns out in this case, Keanu really wants to talk to you. Maria.
[46:25]
Maria Varmanzas
Oh, me?
[46:27]
Dave Bittner
Yes. Yes.
[46:28]
Maria Varmanzas
Oh, my God.
[46:30]
Dave Bittner
And so why don't you read the part in blue here? I'll be Keanu.
[46:35]
Maria Varmanzas
I'm such a fan. Keanu. Okay, so hello. You said hello on my X feed. Any reason you reached out to me? Smiley face.
[46:43]
Dave Bittner
Yes, dear. I said so how are you doing today?
[46:46]
Maria Varmanzas
I'm fine. And you?
[46:48]
Dave Bittner
Nothing. Actually, I was absolutely going through some profile things before I came across your wonderful profile here on X and also your passionate compliment. And with likes on my fan pages, hope you don't have any problems at all if we had to get to know each other better. Because I guess that you must be surprised communicating with me and also receiving a reply from me here on this. Oh, sorry. A reply from me here on this, my official second private X feed.
[47:17]
Joe Kerrigan
Official Second private X feed.
[47:18]
Maria Varmanzas
Official what? Likes on your fan page. I. Oh, this person's not me, clearly. I must admit, I don't know much about you.
[47:27]
Dave Bittner
Okay, that's nice. What is your full name, sweetie? I am Keanu Reeves, a Canadian actor, musician, and producer renowned for my best roles in major action franchises like the Matrix and John Wick. I was born in Beirut and raised in Toronto and also overcame a challenging childhood of dyslexia to pursue acting, gaining fame for my versatile performances in both blockbusters and independent films.
[47:55]
Maria Varmanzas
You didn't answer my question.
[47:58]
Dave Bittner
Haven't you watched a movie called Matrix or John Wick before?
[48:02]
Maria Varmanzas
No. I think I saw you in Brokeback Mountain. My friend's daughter watches spongebob and I think you're in that one. And I saw you in a film with Diane Sawyer, RIP Sad Face, Jack Nicholson and Frances McDormand. You were also in Much Ado About Nothing, which I saw in a movie theater.
[48:18]
Joe Kerrigan
Diane Sawyer not dead, by the way.
[48:22]
Dave Bittner
Why didn't you holla at me?
[48:25]
Maria Varmanzas
You.
[48:25]
Dave Bittner
Ola.
[48:26]
Maria Varmanzas
Ola.
[48:27]
Dave Bittner
Ola. Is that what it's supposed to be? No, it's holla like holla.
[48:31]
Maria Varmanzas
Yeah, but he spelled. He spelled it like ola.
[48:34]
Joe Kerrigan
Yeah, right.
[48:35]
Dave Bittner
Ola.
[48:36]
Maria Varmanzas
I meant the movie. I don't know. I meant the movie.
[48:39]
Dave Bittner
You don't have to always believe in whatever you see about me online, socially, because the social media doesn't really say the true about situations that actually occur. So that is why you should stay and stick to me so you can have legit and genuine friendships and private selfies and things from me that you can never find on the Internet. Internet that will make you believe and trust me. Because I actually want to clear your doubt and make you believe that you are now lucky to be communicating with me.
[49:06]
Joe Kerrigan
There is nothing in the world that could convince me I'm actually talking to you.
[49:11]
Maria Varmanzas
The dude's just like the subtext to the script. He's just making it text. It's amazing. I haven't read anything about you in ages except a short note with information about Dogstar is playing on a festival in Norway this summer.
[49:25]
Dave Bittner
Yes, you were right. Well, I don't always get active here on X for some security reasons for the whole now. But am into it now just to ensure that I safeguard and protect and keep them most of my beloved fans with kind hearts, safe and protected. By the way, hope my messages isn't bothering or disturbing you at all at the moment.
[49:46]
Maria Varmanzas
Not at all.
[49:47]
Dave Bittner
Okay, that is great. I had like you to still also tell me a little much more about yourself. Oh, my gosh.
[49:54]
Maria Varmanzas
All right, all right. So they wrote blah, blah, blah. So there's a whole spiel here. I guess I'll just go real fast. I don't know exactly what you want to know, so I'll just share some of the basic facts. I've been working as a manager in the fuel equipment industry for many years. But now I'm. Oh, my God. But now I'm following a lifelong dream and I'm taking a completely different Path and are studying to be a psychotherapist. I'm happy to pursue my dream and I'm grateful that I'm financially independent and able to take the And I don't need to work on the side. I'm 55, divorced and no kids. By choice. I live alone in a suburb of Oslo.
[50:27]
Dave Bittner
And you, that is a beautiful place. Because you look so pretty. Far more than your age to be honest.
[50:34]
Maria Varmanzas
Okay, well, you are a bit older than me, so maybe you are used to women older than me too.
[50:40]
Dave Bittner
I want you to know that I can't wait for us to really travel to places and get to explore in Oslo. Your best eating spa for us to visit. I had like two.
[50:52]
Maria Varmanzas
Eating spa.
[50:53]
Joe Kerrigan
Sounds awesome.
[50:55]
Dave Bittner
Age is just totally a number and it doesn't matter at all. In a friendship, all that matters is the inner beauty. And with conscience and wisdom that was given to me. Eating spa whenever I feel like eating. What is light, what is your hobbies and favorite color food and your favorite movie of mine you actually like?
[51:18]
Maria Varmanzas
I like swimming, drawing, drinking wine and talking to my friends. Music, writing, crosswords. I don't have a favorite color or food since I am no longer a kid. Like I said, I haven't seen many of your films. But I guess Brokeback Mountain. He's not in Brokeback Mountain.
[51:34]
Joe Kerrigan
No, he's not.
[51:36]
Dave Bittner
Hello, my dear fan. How are you?
[51:39]
Joe Kerrigan
Starting over again?
[51:41]
Dave Bittner
Thank you for being a fan of each of my page and movie activities. God bless you. I sent you a request on here. You were a very beautiful woman and you seem like a nice person that I would love to know more about because I always see your comment and likes on my ex. Most of my fan pages post. Nature has a reason for all purpose. Don't worry. As time goes on we would actually get to interact well and know each other better. If you won't be a problem with you my dear, let's just end it there.
[52:11]
Joe Kerrigan
Yeah. This thing goes on for pages pages.
[52:16]
Maria Varmanzas
And she doesn't let up on the. What the heck does eating spa mean? I love that she doesn't let go of that. Yeah.
[52:21]
Dave Bittner
Let's go to the eating spa.
[52:23]
Joe Kerrigan
At one point in time the guy says it means spaghetti.
[52:28]
Maria Varmanzas
An eating spa. Otherwise known as a restaurant.
[52:30]
Dave Bittner
Yeah, right. Yeah. Lost in translation.
[52:34]
Joe Kerrigan
Keanu Reeves has zero social media presence deliberately.
[52:38]
Dave Bittner
Is that right?
[52:38]
Joe Kerrigan
Yes.
[52:39]
Maria Varmanzas
Yes.
[52:40]
Joe Kerrigan
So if you ever get anything on social media from somebody claiming to be Keanu Reeves, it is not Keanu Reeves.
[52:46]
Dave Bittner
What if it's just a private one on one, Joe?
[52:49]
Maria Varmanzas
Nope. A private second communication channel.
[52:52]
Dave Bittner
That's right. The other thing I love about this is that Keanu evidently doesn't know anything about punctuation because everything is a run on sentence and it just goes on and on and on and on.
[53:04]
Maria Varmanzas
No.
[53:04]
Dave Bittner
Well, it seems like she was playing with him, so she knew it was up, so good for her.
[53:09]
Maria Varmanzas
Eating spa.
[53:11]
Dave Bittner
Yeah. All right, well, if there's something you'd like us to consider for our catch of the day, we would love to hear from you. Our email address is hackinghumans2k.com and please don't be disappointed if you do send us something and it doesn't show up on the show. We do read everything that's sent to us. We do consider everything. But some things just for a variety of different reasons. Either they don't work very well in the spoken word or they just don't fit what we're talking about. Any week. But, you know, don't. Don't fret if that comes to pass.
[53:42]
Maria Varmanzas
We still love you.
[53:43]
Dave Bittner
We still love you. We see everything and we do appreciate the effort. So thanks to everyone who sent something in, even if it didn't make it on the show. Most environments trust too much and attackers know it. Threat Locker enforces default deny at execution blocks unknown apps and limits what trusted apps can do. Stop ransomware at the source. Get your demo@threatlocker.com N2K. All right, that is hacking humans brought to you by N2K CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to hackinghumans2k.com this episode is produced by Liz Stokes. Our executive producer is Jennifer Ivan. We're mixed by Elliot Peltzman and Trey Hester. Peter Kilpe is our publisher. I'm Dave Bittner.
[54:51]
Joe Kerrigan
I'm Joe Kerrigan.
[54:52]
Maria Varmanzas
And I'm Maria Varmanzas.
[54:53]
Dave Bittner
Thanks for listening,
[54:57]
Maria Varmanzas
Sam.