It's just too good to be true.

A

You're listening to the Cyberwire Network, powered by N2K.

B

Hello, everyone and welcome to N2K, CyberWire's hacking humans podcast, where each week we look behind the social engineering scams, phishing schemes and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Buettner and joining me is Joe Kerrigan. Hey, Joe.

C

Hi, Dav.

B

Our N2K colleague and host of the T Minus Space Daily podcast, Maria Vermazes. Hi, Maria.

A

Hi, Dave. And hi, Joe.

B

We've got some good stories to share this week, but first we've got some follow up. What do we have here this week, friends?

C

So I would like to make an announcement. Sans Institute has honored Dave with the Difference Maker Award in the Media Creator category. So congratulations, Dave.

B

Thank you.

A

Well done, Dave. Congratulations.

C

I saw your post on LinkedIn. It said I have the best job in the world because I get to talk with smart, interesting people and Joe about important work and share. I added the. He didn't put that on LinkedIn.

A

It was implied heavily.

C

And share what I've learned along the way. I'm also the most visible part of an amazing team whose work makes all this possible. So yes, there's a lot of people behind the scenes.

B

That's true.

C

I'm sure these guys have done a good job of making I know me not sound like an idiot.

B

Yes, I've built career on other people's ability to edit me down, to make me sound like I can string a few words together. But no, thank you. It was quite an honor. And what made it even more special is that it was an industry award and it was voted on by people in the industry, but also listeners. So I just really appreciate it. It's rare for us to get these sorts of recognitions, so thank you all.

A

Well deserved.

C

Dave, did you get some hardware, Dave?

B

Yeah, yeah. They gave me this big heavy key, like a key to the city kind of key. Really? Yeah, yeah. I'll show it to you on your way out.

A

What does it unlock?

B

My heart. My heart grew three sizes that day. All right, let's move on here, Joe. I see it says chicken update. Chicken update in the show notes.

C

Chicken update. Because our listeners really want to know about the chickens.

B

It's true.

C

They love it so. And I'm happy to talk about my chickens anytime. So I have. I have a couple of things. One, I've decided I'm never going to put a chicken on my shoulder again.

B

Oh.

C

I saw a post on one of my local groups about A guy who got pecked in the eye by a chicken he had in his shoulder. And the worst part about it is it's his good eye. So apparently he's blinded one eye.

B

There it was.

C

Right. And now he's, you know, trying to recover from a chicken peck. So I'm. I'm done holding chickens on my shoulders and looking cute. I'm going to continue to hold my favorite chicken on my arm, though. She's pretty good. But I found out we were out there talking, and my son pulled out his phone, and he has Claude AI on his phone, and he asked about Carroll county regulations, which is a county in Maryland I live in now, about keeping a rooster. Do you have to have three acres? And it said it can't find any record of that. So I went out and I did my own search of it. I can find no record of limitation of a rooster if you have enough land to have livestock, which is, believe it or not, only 20,000 square feet, which is like a third of an acre or less.

B

That sounds very Carroll county to me.

C

Yeah, it does, right?

B

Why?

C

I like it, Dave.

B

Yeah, that's right. So very few regulations.

C

Right. Not a lot of laws telling what you can't do.

B

Yeah, that's right.

C

So we are keeping the rooster, and we have a new name for him because his name used to be probably a rooster, but now he's definitely a rooster. So we sought for ideas for a name, and his name is now Diesel.

B

Right. Wow, Maria, didn't we meet a waiter named Diesel? That's.

A

I was gonna say. That sounds very familiar. Yeah. Was that in Florida or something?

B

Yeah, we were in Florida. We had a waiter named Diesel. We were at an industry event, and he was a delightful, delightful guy.

A

I feel like that was my reaction at the same time, like, ooh, what a name. Diesel.

C

Right.

A

Wow.

C

It's a last name, I think, you know, because the guy that invented the diesel engine, his name was Diesel.

A

Okay.

C

That's why it's called Diesel.

A

But your chicken's first name is a last name. I mean, your roosters.

C

Yes. Well, he's a chicken. Well, yes, he's just a rooster. So work begins on the new run this weekend. I've got a. I'm hoping for at least a little bit of warmth so I can be out there and building a new run.

B

Yeah.

C

Because that's got to happen. The where they are now is just too small for them, and I got to get them out.

B

Okay, I hesitate to ask this question, but have you checked in with any of Your neighbors about the rooster.

C

I have. Yeah. We've checked in with our closest neighbors, and my wife got a text and said, I heard your rooster crowing this morning. I love it.

B

Oh, okay.

C

That neighbor is happy.

B

All right.

A

I'm not the only one who enjoys that sound.

B

See? Yeah. Okay, fair enough. Fair enough.

C

Yep.

B

All right, I tell you what. Let's take a quick break. We'll be right back. Every attacker counts on one thing. Environments that trust too much. Threat Locker closes that gap with default deny at execution. Unknown software blocked. Trusted apps contained with ring fencing. Configurations verified with Threat Locker DAC so you stay secure and compliant. Threat Locker delivers the visibility and control CISOs need without adding operational pain, making zero trust real for teams of any size. Stop ransomware at its earliest point. Book a demo@threatlocker.com N2K. All right, well, let's jump into some stories here. Maria, you have the honors this week. What do you got for us?

A

I have something from the US Congress, Joint Economic Committee, of all things.

B

Wow.

A

Yeah. In. In December, this past December, they dropped a winter holidays travel scams alert based on activity that they and the FBI have been seeing as well as the ftc. And I know this episode is dropping in January, and a lot of people are thinking the winter holidays are behind us. However, I would like to remind people that many people travel not only for winter break through January, but also February is Chinese New Year and Lunar New Year, and a lot of people travel for that holiday as well. So winter holidays are not over, my friends, and they are still continuing. So this is a peak travel season for a lot of the United States and indeed the world. But this is from the US Congress, this notice. So I'm going to focus on the U.S. um, and the. This Joint Economic Committee notice was basically saying that they've seen a 500 to 900% increase in travel scams over the last 18 months, specifically on booking.com alone. Um, and there's attributing a lot of that massive increase. 500 and 900%. What do you think would be possibly contributing to such a massive increase of in slop that I just dropped a giant hint in my phrase.

C

Ah, okay.

A

What do you think it could be? What could be causing this issue?

B

How does it end with an A, begin with an A, and end with an I?

A

It ends with an A if you speak French.

B

Oh, see? Ah, thank. Nice save, Maria.

A

Yes, yes, yes, it is. It is indeed AI causing all this slop. So the U.S. congress, Joint Economic Committee, or the JEC and a whole bunch of U.S. senators put out a Here are some tips to avoid for common travel scams, especially in this peak winter travel season. And one of them was in Watching out for Travel impersonation scams. Watch out for fake flight notifications, which was some is something we have talked about a little bit on this show, but apparently this is really taking off. Hahaha. These are text messages that come in telling you a flight that you have indeed booked is canceled and saying that you need to call the airline at a fake number to rebook your flight that has been suddenly canceled. And of course it routes you to not just a fake number, but then they take your financial information and they scam you out of your money. So I feel like Joe, maybe we had talked about this one, you and me, at some point because we were wondering how on earth the scammers are getting people's correct flight details.

C

Right? That's the first question I have. I don't remember having this conversation before, but that doesn't mean we didn't have it.

A

Listeners, help us out on this one.

B

Right?

A

Yeah, I, I'm wondering. There, there scammers are getting people's correct flight information knowing that people have a flight upcoming or that they are actually travel, they are actually in transit. So maybe you already are at your destination but you haven't taken your return flight home yet and they're reaching out to you saying hey, your flight's been canceled. And of course like it's going to send anybody into a bit of a tizzy.

C

Right.

A

So they're saying to especially watch out for these text messages and definitely verify that these are correct before you take any action. So certainly don't call a phone number and a text message and make sure you have the accurate phone number of any airline that you've booked through and use the app if you can and not just trust a text message. But not everyone has the apps, but if you can, the apps can be very helpful.

C

I use the apps.

A

Yeah, I like the apps a lot. I was very grinchy about it. I didn't want to use them, but now I see that they're actually very responsive and sometimes they're the best way to get hold of an airline if something goes wrong. Better than trying to call. So I've been, I've been sort of encouraging people to go that way as well. Another thing that this notice tells people to be careful about is using extra precautions when using a third party service like a booking.com make sure that the listing is legitimate. And this is of course, getting very difficult thanks to AI just flooding these websites with all sorts of faulty, incorrect, non existent listings. Listings that don't provide enough information or are just, just vague enough to be like a fill in your own adventure kind of listing. Like it's vaguely lux, but what on earth does that mean? So there are unfortunately just a lot of these scams on, on booking type websites now. And this is where a lot of people are getting burned.

C

So here's my, my take on that. Yeah, these companies need to get this under control or this is going to become a business liability to them.

A

Oh for sure.

C

I mean, because if, if you're thinking let's booking.com if, if you get enough people who get burned on booking.com, you're never getting them back.

A

Yeah, yeah, absolutely. And the advice that this advisor gives out is go directly to a hotel's website, go directly to an airline or a reputable travel provider, whoever that is. But again, that does circumvent third party businesses entirely. So yeah, you're right, this is an existential crisis for them. I agree with you. And the other notice that this puts out is about being careful about vacation rentals. So things like vrbo, Airbnb, things like that, a lot of people are booking those. I don't know about you all where you're at, but for me, summer vacation rentals that tends to get booked over the winter. Like people are home for the holidays and people are going where are we going? Over the summer? And stuff gets booked out in January. So this is the time where a lot of those, like for me, if you want to go to Cape Cod here in Massachusetts, you got to book by December or January.

B

Right. They get, they get booked up.

A

They do, they do. So there are a lot of spoofed listings on not just third party sites, but even just websites living on their own, pretending that there's some sort of really awesome vacation rental at a place that doesn't exist or you know, it's not actually available to be rented. And this is where you'll see people saying pay us in wire transfer or cryptocurrency. Those are humongous red flags, but yeah. Or you can get into this gray area of listings that are over promising and way under delivering. So this is where people really like, you don't find out until six months later that what you booked is not really real.

C

So it's a shack out in the middle of a cornfield.

A

Yeah. And like if that's what you want and are paying for, that's Great. Right. But if you're expecting a palace, that's kind of a letdown. So, yeah, just always buyer beware on these kinds of things. And miraculously, apparently the US Federal government actually wants to hear about these scams if you encounter them. So if you think you've been the victim of such a scam, you can go to report fraud.ftc.gov and they want to hear about it. But, yes, please be careful. This is the time of year in the United States when a lot of people are booked these kinds of things, and AI is making everything worse. So please be careful.

C

Yeah.

B

Just this past week, I saw a story warning people not to post pictures of your boarding pass because the story behind it was that somebody who was a political pundit had posted their boarding pass and was sort of bragging, said, ha, ha, updated to first class, you know, leaving in an hour.

C

Right.

B

And being a political pundit, that meant that half of the people in the world love this person and half don't hate them.

C

Right.

B

And evidently, there's enough information on a boarding pass that people were able to go in and cancel this person's flight.

A

That's amazing. And also horrible and also hilarious.

C

Wow.

A

Yeah. It's sort of like when people used to get a brand new credit card and they would post it on Twitter.

B

Yeah.

A

Do you remember that?

B

Look at me.

A

Please do not do that anymore. I think people aren't doing that anymore. But, yeah, boarding passes are new. Stop posting this online. People just don't do it.

B

Yeah, yeah, yeah. All right.

A

Yeah. Like travel's not stressful enough.

B

Exactly. Yeah. This time of year. All right, we'll have a link to that story in the show notes. Before I get to my main story, just a quick little side story. I was having breakfast this morning with a friend of mine, my friend Mark, and he serves on the board of a nonprofit. And he was telling me that just this past week, he got an email from the chair of the board on the nonprofit on which he serves. And the email from the board chair said, hey, we're having a little bit of trouble with some financial thing here. We're hoping that you can give us access to your Zelle account, because we need to pay for something and then we'll reimburse you.

C

Hmm.

B

Yeah. Total scam. Total scam.

A

Goodness.

B

And evidently, every member of the board received the same email. So whoever it was was going through nonprofits, looking at the list of board members, seeing who's chair of the board, generating emails. And my friend went and looked and sure enough, the email was a random email address that didn't have anything to do with the person who's the chair of the board.

C

Right.

B

So. But it looked, at first glance, there wasn't anything that seemed odd other than the ask itself. So it's something we've talked about before, but it's still active and just happened to a friend of mine just this week. But that's not my main story. My main story here is actually a report from the BBC and this one's pretty dark, actually. So this one starts with a video that is hard to forget. There's a little boy facing the camera. He's got a bald head. He looks very tired, and he says he's 7 years old, that he has cancer and that he needs help to stay alive. And his name is Khalil. What the viewers don't know is that Khalil didn't want to record the video. His mother says a film crew asked her to shave his head even though his hair hadn't fallen out yet. They hooked him up to a fake IV drip. They told the family to pretend it was his birthday, and Kahlil was given a script in English and told to repeat it. And then when he couldn't cry on cue, his mother said that they put chopped onions nearby and they rubbed menthol under his eyes. Khalil really did have cancer. And his mother says she agreed to the filming because she was told the video would help raise money for better treatment. And online, it looked like it worked. There was a crowdfunding campaign in Kahlil's name that raised more than $27,000. But Khalil's mother was told the campaign had failed. She received a $700 filming fee, no donations, no follow up. And sadly, a year later, Kahlil passed away. So BBC World Service did an investigation and found that there are a lot of families around the world who are being drawn into this sort of thing. And it seems to be a coordinated scam. These parents of seriously ill kids, they're filmed for these emotional crowdfunding campaigns and they raise lots of money, but the families never see any of the money, or in this case, you know, just a stipend. The BBC identified at least 15 families who said they received little or nothing. The investigation, they say, began with a YouTube ad and they found more and more videos. Same sort of thing, Sick kids around the world. Same style, high quality productions, emotional scripts, urgent pleas, and always the same message. Time is running out. And they were able to tie these campaigns to an organization called Chance Latigva. Do I have that right? Chance Latikva. Latikva, maybe, yeah. Registered in Israel and the United States. And they found the person who is alleged to be running this sort of thing. The folks who were victims of this said a man would show up, the child would be filmed for hours and told what to say, told to cry. And parents were paid a small fee and promised more money later when donations came in. But of course, the money never arrives. So there is a man who's been identified who seems to be the person behind this. I'm not gonna say his name, but if you follow the link to the story, you can look it up there. A whistleblower told the BBC that recruiters were told to look for beautiful children between 3 and 9 years old without hair. And when families asked where the money went, some of them were told it had been spent on advertising, but there was no evidence of that that been provided. So the families, of course, feel like they were manipulated at the worst moment of their lives.

A

They were, for sure.

B

Yeah. And the donors also believed that they were saving lives. But at least according to the reporting here by the BBC, it seems as though the vast majority of the money was simply being pocketed by someone who came up with what seems to be a scam. One mother summed it up. She said, when your child is fighting to survive and someone else is profiting from that pain, it's filthy. It's blood money. And I can't disagree with that.

C

No, that's 100% correct.

A

How do they sleep at night?

C

Yeah, I don't know.

B

This is.

A

You know, this is beyond.

C

This is.

B

I'm.

C

I still find myself being shocked by the disgusting depths to which these people will go for a buck, you know? You know, it's gotta be like, you know, we could rob a bank, or we could sell drugs, or we could trick sick children's parents into making a video of their sick kid and pocket all the donations.

B

Right.

C

I mean, I get the feeling like if you did that in a. In a group of criminals, they'd all turn to you and go, what is the matter with you?

A

Yeah. And not just. And not just videoing sick kids, but also, like, causing harm to these sick children.

B

Right.

A

You know, to. Not to manipulate victims, but, you know, the children. Right.

B

False hope.

A

I mean, just all of it. I just.

B

Yeah.

A

Like, I felt the bile rising in my throat as you're talking through David.

C

We don't know what kind of cancer Khalil had, but. But I am sure that $20,000 could have bought a good deal of treatment for it.

B

Yeah, yeah. You never know. But. And they'll never know because the person behind this, again, according to the story, is just pocketing the proceeds, giving people false hope. And this guy's still out and about free.

C

Have they arrested him?

B

The story does not say. So I don't believe they've been arrested or anything, but the person has been identified. They live in Canada, and it seems, I think they've been able to link a bunch of documents to this person, but haven't been able to contact the person directly or anything like that. So, yeah, I mean, it's just. And so I guess what's the lesson here for our audience is just, you know, part of what breaks my heart about this is that it makes people more cynical about giving to legitimate needs. There are kids out there who have cancer and need our help. There are organizations out there who help kids with cancer, and they need our help. So I guess the lesson here is if you are moved by any campaign that has to do with kids and cancer, go find your local organization that does this or find a national organization with a impeccable reputation.

A

Yeah.

B

And give to them. Right.

A

Yeah. Yeah. That money will go far. I mean, I can think of. And I'm sure you both can, too, of scams that you've seen for people pleading for money for all sorts of reasons, and then you find out later that that person was asking for money, was doing something unsavory with it. I can think of someone who was doing this for, like, for the sake of their kids. It ends up the parents were very abusive towards their kids and they were just pocketing the money. Drugs and the like. Like stuff like that.

B

Right.

A

Where it's like, you know, you're giving money directly to somebody through something, and you just. You really. You don't really know where that's going. Yeah, but. Yeah, but it's also. Flip side, these parents are extraordinarily vulnerable and they needed help. And I mean, what is the advice to them? Like, don't trust people who are trying to help you in a moment when your kid is sick? I mean.

B

Yeah, that's.

A

That's horrific. And yet that feels like that's what we've got to tell people.

B

Yeah. Oh, it's the lowest of the low.

A

The lowest of the low, exactly.

C

I have given to people online at least once in the time I'm thinking of. There was. It wasn't a kid. It was a young man who's, like, in his 20s, and he was going through cancer treatment. But the reason I gave to him was because another person I knew said, hey, I know this guy. He's going through cancer treatment. Here's his GoFundMe page. If you can give something great.

B

Right.

C

And I said, okay, well, since Drew said that he knows the guy and he knows that he's going through this, I'll put some money on that.

B

Sure. Yeah. I don't see anything problematic about that.

C

Right.

A

No.

B

Yeah. So I want to sort of turn on this very dark story and share a story, which I think I've shared here before, about I have a relationship to a scam similar to this that I was almost the poster child for muscular dystrophy when I was a child.

A

Do you have muscular dystrophy?

B

I do not.

A

Okay, well, I'm glad to hear that.

B

No, I do not. So when I was a kid, I did some TV commercials and modeling and things like that. So I'm talking about when I was, like, seven or eight years old, actually. That's when my voiceover career started. So I've been, you know, speaking for a living for a very long time.

C

Cool.

B

Although, when I was 7 or 8, I wasn't doing it for a living. I was doing it to buy, you know, Star wars action figures. But there was a producer who I had done some TV commercials with and called up my mother and was like, great news, June. We got another job for Dave, you know, and he was totally that guy. And of course, my mom was starstruck, and she's like, we got a call to. We got a modeling shoot for muscular dystrophy. And she's like, well, my son doesn't have muscular dystrophy. Doesn't matter. Dave can look sad, right? Well, yes, he can. He can look sad. All right, here's the date. You know, that sort of thing. And then, thank God, cooler heads prevailed, and my mom got a call back that said they actually wanted a kid with muscular dystrophy. What are you gonna.

A

Bummer.

B

Yeah. Yeah. They were gonna put me in the little leg braces and everything, but dodged that one. So, you know, I mean, obviously, that wasn't as bad as this.

C

Right. That was actually the Muscular Dystrophy association trying to raise money.

B

They were looking to raise money. Just maybe a little deception in the ad. And again, cooler heads prevailed.

C

Yep. And that didn't happen.

B

Didn't happen.

A

I'm very glad to hear that. Yes.

B

Me, too.

C

Me.

B

Yeah. Especially in retrospect. I mean, what. Anyway, all Right. I tell you what, we have a link to the BBC story in the show notes. Let's take a quick break right now and hear from our show sponsor. Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With ThreatLocker allowlisting, you stop unknown executables cold. With ring fencing, you control how trusted applications behave. And with ThreatLocker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. Its powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today. And we are back. Joe, what do you have for us this week?

C

Well, given that this is the first episode of the new year, even though we're recording it in December, I don't know why I have to feel like. I feel like I have to tell people that. Right. I just feel like I'm being dishonest if I don't tell everybody.

A

You're getting rid of the magic, Joe.

C

I'm pulling the curtain back. Pay no attention to the.

B

They're not actually listening to us live, right? Yeah.

A

We're not actually in their living rooms right now.

C

Yeah. Which thank.

B

In their heads.

C

Yes. I'm so glad that we're not Joe.

A

And the chickens in your living room.

C

That's right. I'm so glad we're not live because I would not be nearly as entertaining as I am.

A

We're all with them at the gym right now as they're doing their reps.

C

Right? Come on, one more, one more. My story actually comes from my former pen pals over at the irs. My former pen. I used to have a. Have a relationship, or once a month, I'd write a. Write a letter to him. Send him a letter. Oh, with a gift enclosed.

B

Yeah. Okay, sure.

A

All right.

C

I don't have that relationship anymore, but, you know, I just stopped corresponding. And they never, never. We never got closure on that. By the way, once I. Once I paid everything, they were like.

B

Okay, they didn't send you a gift back.

C

Hey, thanks. We're all done here, right?

B

Right. Yeah. Here's a commemorative coin.

C

Right okay, so they are talking about tax warnings, tax scams, warning signs. And because this first episode of the new year, everybody's gonna start getting their W2s in the mail.

A

Oh, liturgical calendar time.

B

Right, Exactly.

C

It's. And it's tax scam season is what I'm saying. Coincides with most of Lent, by the way. So it's gonna go from now until the end of April, and it will get. Or middle of April, and it'll get more intense towards the time as your filing deadline looms. Right. Assuming that you are someone who waits till the last day to file, like me, I give my son hives. My son, the accountant, I give him hives every time I talk about taxes. He says here, this article which was posted, I think, last month from the irs. Scam warning signs. Tax scams, warning signs. A big payday is one of the big warnings. Hey, we got this great big payout for you, and we need to give it to you or another one here. Bad tax advice on social media that may convince you to lie on tax forms generally. This is where I'm gonna side with my son on that. Don't lie on a tax form.

A

Generally. Don't lie on a tax form.

C

Yeah, don't lie on a tax form.

A

So under what circumstances do you feel it's okay to lie on?

C

Okay. It's very general, I guess, all situations.

B

I'll say that I was told once by someone that. What is it? Incorrect deductions get disallowed. Trying to hide income sends you to jail.

C

Right.

B

So if you want to choose which side of the tax form you want to play with, you want to get creative with.

C

Right, Right.

B

But still. Yeah, just fly straight.

C

Right. And always take the deduction. And if they disallow it, they disallow it.

B

Yeah.

C

The demands or threats are another big sign. Impersonators of the IRS will say, pay now, or else they'll threaten arrests or deportation. And they don't let you question or appeal the amount you owe. So you are entitled to some due process in tax disputes. You have the right to appeal it. Now, it's not like regular court. You go to the IRS's own specific judicial system or legal system. So you're not getting a. You're really not getting a fair shake. That's my own commentary. But so, you know, if you have a lot of taxes that you owe, hire somebody to help you with that. Yeah, that's the best bet.

A

This is such an American segment, I just gotta say, yeah, it is. People in other countries are like, what are you talking about?

C

The irs? You know, I was talking to my son about this, and he says, look, they don't want you in jail for, you know, if you tell them, you know, you're right, Dave. Tax evasion by hiding income will get you sent to jail. But not paying your taxes doesn't get you sent to jail because they know if they send you to jail, they're not getting any money.

B

Right.

C

Right. They want you to continue working, and worst comes to worse, they will attach your wages.

B

Yeah. Then they will work out a deal with you.

C

Right. They will work out a deal with you. It's very possible. And then you too can become a pen pal with the IRS.

A

Life Pro tip right there from Joe.

C

Right. Yeah. The. They say odd website links are also another thing that can be. You always go to irs.gov Here is another section on this page that says how to know it's the irs. And it links to another page that says how we will contact you. So it says, generally, we typically contact people for the first time by mail through the US Post Service. So you will get a letter that says, hey, time to pay up. And then you'll correspond to them and you'll get letters back. And they come in easily recognized IRS envelopes. We get them from time to time at the house now for the previous owner, and we say, hey, you've got a few IRS letters here. So we recognize them when they show up. And once you get one, you'll never forget it, you'll always see it, and your heart will skip a beat. But don't worry, it's not that bad of a deal. Other ways, they will contact you via email. And I found all of these very interesting. They will send you email with your permission, with a few exceptions, like criminal investigations. They may send an unsolicited email with a criminal investigation. I don't know what that means, but I think if you get an unsolicited email from the IRS and you verified that and it's a criminal investigation, you need to talk to somebody in tax law. Text messages. We will only send you text messages with your permission. Phone. The IRS or a private collection agency may call to address collection account matters. In some cases, the IRS will use automated messages to direct you to irs.gov. now, just last week, we heard that it's a violation of federal law to call with an unsolicited voicemail, a recorded, prerecorded message. I'm gonna bet in that law there's an exemption for the government.

B

Right, right, right.

C

Because the IRS raiser. We wanna do that.

B

Point of order.

C

But when you get these messages, these recorded messages, they will tell you go to irs.gov and pay the bill that you owe or do whatever needs to be done. They might send a fax or they might visit in person and they say these are rare. And then they have a whole nother document that I won't go into because, frankly, I haven't read it yet. But how and when the IRS will visit you or your business?

B

Yeah.

C

So some of the things they say they don't do is they don't direct message or make payment or take payment on social media platforms. Right.

B

To pay my IRS bill on Facebook.

C

Right.

B

No.

A

Go to a bitcoin atm, obviously.

B

Right.

C

Do not accept gift cards or prepaid debit cards as payment.

B

Yeah. Do they take bitcoin?

C

Let's see. Does it say that in this thing? It doesn't say that in this thing.

B

Yeah.

A

Yeah. Nowadays, who knows?

B

Yeah, I know. I mean, there's been a push, I think, in this administration to accept those kinds of things, but I don't know if that's made its way to the IRS or not. Yeah.

C

I don't know. I was talking with somebody the other day and we were talking about paying taxes from stock accounts.

A

Right.

C

And you have to. When you take a distribution from, like a tax deferred account. This is the kind of conversation I have around my house, Dave.

B

Yeah.

C

It's exciting and riveting. Right. I grew up like this. But when you take a distribution from a retirement account, you have to pay taxes on that because it's a tax deferred account. So if you. You can withdraw from your IRA into your personal account stock, but you have to sell some of it because you're going to have to cover the taxes or withdraw enough cash to cover the taxes as well. I found that very interesting. I didn't know that you.

B

Good for you, Joe. Good for you.

C

Riveting.

B

Right?

C

Right now everybody's like hitting the skip button on this podcast.

A

What about taxes?

C

Right.

A

Why would anyone find taxes boring?

C

Joe, the IRS will not call you with an automated message that threatens. That threatens, then directs to websites that aren't IRS.gov they will all go to IRS.gov. they will not threaten to call law enforcement or immigration officials. They will not take your citizenship status, driver's license, or business license. Again, these are things you need to make money to pay your taxes. Even if you do owe money to the irs, they are not interested in doing this. And they will not mail tax Debit resolution advertisements. So there are services out there where they say, we'll negotiate with the IRS on your behalf. And I don't think. I don't have any experience with this, but I don't think they get you out of any of your back taxes, but they may be able to reduce your fees and penalties.

B

Yeah.

C

So, yeah, but you're pretty much going to have to pay your tax taxes.

B

Yeah. Wow. You know, I had an experience. I was more than a pen pal one time, Joe.

C

Really?

B

They came to my house. Really?

C

Yeah.

A

What?

B

Yeah, yeah. My wife and I were newly married, and there had been a family member who had passed away and left us a small inheritance, and that was somehow enough to trigger an audit where they didn't just ask for documentation. They wanted to come and look around.

A

Oh, wow.

B

So they did. And it was a. And, you know, of course, you're terrified. Right. And we're in our 20s, so we don't know anything.

C

Right.

B

And it was actually a lovely woman, and she had a trainee with her. And once they quickly established what had gone on, that, you know, that there was this inheritance and this is what it was and we were to explain it, then it all just kind of became perfunctory. They were like, oh, okay, that makes sense.

C

Right?

B

I do remember one moment where they were asking for some documentation about things. And again, this was right after we were married, and the woman asked us. She said. She asked my wife, she said, well, I see this bill here for, like, you know, $100. What is this for? And my wife said, well, I don't want to tell you. And so the IRS lady leans in, and her trainee leans in, and I turn to my wife and I say, now, honey, I think you can tell, like, you know what? Just tell them what it is. What could it possibly be? She said, I went with my mom to get my nails done before the wedding. And everybody exhales. And the IRS lady turns to her trainee and says, you see, if you just talk about things with people, most of the time it just gets worked out, and it's not a big deal. So anyway, that was our story. So, you know, if you're on the up and up, don't be too scared if they reach out to you. Because my experience was that they were actually pleasant people in the end, you know, there was an adversarial.

C

Do you want to know what they were looking for when you went in there? Because I know this. No, I don't. I know this because, again, this is a conversation we had around the dinner table, they're looking for to see if everything that you have can be accounted for with the income that you've declared. Right, right. And that's called gross receipts. They want to make sure that you're not living this abundant lifestyle without an explanation for how you're getting the cash in. Because that is how they got Al Capone, Right?

B

Yeah.

A

And that's Dave Bittner, Al Capone, right now.

B

Yeah, that's what this. And again, this little inheritance threw our pattern out of whack. And that got their attention.

C

You got flagged for an audit is what happened.

B

Yeah, exactly. And who knows? It might have just won the IRS lottery.

C

But, I mean, there has to be.

B

A certain amount of randomness to it as well, how much resources they have to be able to throw at these things.

C

Correct, correct.

B

Anyway, all right, so stay alert.

C

Don't fall for IRS scams. And also, even if the IRS does accept payment in cryptocurrency, don't pay them in cryptocurrency.

B

Don't encourage it.

C

Yeah, don't encourage that.

A

Right.

B

All right, we'll have links to the IRS.gov website that has all this information on it. Joe, Maria, it is time for our catch of the day.

C

Dave. Our catch of the day comes from the scambait subreddit. And, Dave, I don't know, I'm a little starstruck because Jason Momoa is reaching out to this guy.

B

One of my favorite actors. That's right. That's right.

A

The Aquaman.

C

The Aquaman.

B

Aquaman.

C

Khal Drogo himself.

B

So I'm gonna be Jason Momoa here because it's really. It's like looking in a mirror. But, Maria, you can be the poor victim here.

C

Sure.

B

Actually, not. Victim's too strong a word. Maria, before we go along here, as a fine lady yourself, does the Jason Momoa type hold any interest to you whatsoever?

A

I mean, I have eyes, right?

C

That's what my wife says.

A

I mean, I'm not totally dead inside, if that's what you're asking.

B

Not yet.

A

Not yet. Give me a few years. Fair enough. No, no. I only have eyes for my husband, obviously, Dave. Cause he listens to this.

B

Right, right, right.

A

I will say Jason Momoa is not my specific type, but, you know, throw some glasses on him and have him start playing D and D, and then we'll talk.

B

Right.

C

Much more of a Johnny Galecki kind of guy.

A

I like my software engineers. You know, that's my type.

B

That's fair. All right, so Mr. Momoa starts off and says thank you for your love and unflinching support towards my movie industry heart emoji.

A

Hello. What? Love and support?

C

Hello.

B

Hello, dear. How are you doing today?

A

I'm fine. And you?

B

I'm good, thanks for asking. How's your day going so far?

A

I just said it's fine. Any reason you reached out to me?

B

I just want to hear your voice. Honestly, sometimes I reach out because you cross my mind. And I don't ignore that. No pressure, just checking in.

A

Hear my voice. How do I cross your mind? I don't know you.

B

I'm a responsible man. I enjoy my job and strive for success in everything I do.

C

This guy's just copying and pasting from a script.

B

I'm a fun loving man. Jovial, lovely and passionate. I think of myself as being clever but harmless. I'm supporting caring. I own a thesaurus.

A

Joe, do you think this might be a scam? I don't know.

B

I have a loyal and tolerant character. Humble, honest, understanding, truthful. I'm very passionate, physical person that would want the same in a mate. Whoa, whoa, whoa, whoa, whoa. Deeply romantic.

C

What is this?

A

What you roll.

B

Hopeful, wise and smart. I have a big honest heart and I don't like being lied to. Those?

A

Yeah, Big honest heart.

C

I don't like being lied to. Here's a whole big block of lies. And I don't like being lied to.

A

Yeah, it's projection, right? Yes, right. Not exactly the words of a humble person. Smiley face, sweat drop emoji.

B

Confidence is an arrogance if it's earned and softened by someone who keeps me laughing. Please.

C

What does that even mean?

B

What's your name and where are you chatting from? What do you do for a living? I mean, where do you work? Are you married or single? Do you have kids?

A

Earned by doing what exactly? Okay, so I'm Hilda from Norway. Been working as a project manager in technical fields for years. But I am taking a completely different path and study to be a psychotherapist. Divorced, no kids. By choice.

B

Earned by showing up even when it's uncomfortable. By doing the work on myself instead.

A

Of pointing towards ignoring me completely.

B

Yeah, by choosing growth over ego, honesty over shortcuts, and learning to listen instead of being loud. Respect is earned through consistency, kindness and standing by your values. Especially when no one's watching.

A

Wow.

B

I admire the courage it takes to change paths and study the human mind. That says a lot about you. Norway's got strong souls. Sounds like you're one of them.

A

Thanks for that Chatgpt. Those are nice words. How do you apply that in everyday life?

B

For me, it's about intention. How you treat people, how you move through the day, and how you stay true to yourself. I try to live with an open heart and let my actions speak louder than words. Hmm.

A

Can you give a recent concrete example of that?

B

I've heard about your work and your life ignored, and I respect how open you've been. I'd like to like you to know me in the same way. Not in vague words, but through consistency in actions. I really do like your kind of person and I find so much tranquility in relating with such a loyal fan like you. And I will like to know you much more personally.

A

Consistency usually shows up in small habits. Which ones matter most to you?

B

Do you have Zangi? I do like us to communicate better in private.

A

What a great conversation.

B

I also would get to call you to see your lovely face on video call on there. Firstly, need to know more about you. Sounds like we've gone off the script.

A

Way off script. This is just wild.

B

Yeah.

C

Now he's not using ChatGPT anymore either.

A

Yeah, well, the person wrote video calls are possible here too, but I don't do that with strangers. And then looks like they switched to a different app.

B

Yeah, why don't you jump down to that next green one there?

A

I'm working on an assignment so I can't be glued to my phone on X. I asked you to tell me more about yourself like I told you about me, where I live, marital status and so on.

B

As for me, I live in Hawaii. My name is Jason Momoa. I'm an actor and a film producer. By the way, my team has pointed out to me several times now how these dang imposters keep reaching out to my amazing fans, pretending to be me. Some even go so far as scamming people. Have you come across any of them?

C

Because I'm looking for them.

A

No, I don't know who you are until now.

B

No worries, my friend. And not everyone knows me until I show up with messy hair and a big smile.

A

Okay, and that's it.

C

Messy hair and a big smile. That's a great way to describe Jason.

A

James Mitttner in a nutshell right there.

C

I mean, have you ever seen, like, pictures of Jason Momoa when he's meeting fans? He's, like, hilarious about it.

B

Oh, yeah. He seems like a genuinely pleasant guy to be around.

C

Yeah, he does.

A

I mean, yeah, this was a nice conversation with a genuine Jason Momoa.

B

This is nice.

A

Nice guy guy. Lots of life lessons in this Chat with him.

C

Like, respect and consistency. You know, one of the things I notice in this, and I notice a lot of it, they keep using the term openness or open and openness. And I'm wondering if that's like some kind of hypnotic thing and they found that that works in their AB testing.

B

Yeah, it could be. Could be. I mean, it's definitely all kinds of emotional manipulation there.

C

Yeah.

B

But no. All right, well, maybe we can reach out to Jason, see if he'll be a guest on our show. See if he.

C

I would love to have Jason Momoa on this show. The real Jason Momoa won't get some scam artist.

B

Right, Right.

A

Yeah. Asking an actual celebrity about all the people impersonating them all the time, how much it must drive them crazy. I'd love to hear about that.

C

Yeah.

B

That's an interesting idea.

A

Yeah. I'm sure it causes a lot of genuine harm to their actual fans. So I'm sure it's not, like, funny for them. I'm sure it's genuinely upsetting.

C

I. Dave, if you get Jason Momoa on this show, I want to be.

A

On the interview when you and everyone else at Ntuk. Joe, just for the record, wouldn't it be.

B

You know, I. Sometimes I have wondered, on occasion when I get lost in my thoughts, who is the most famous person who regularly listens to one of our N2K podcasts?

C

You know, I'd like to know who the most famous person who regularly listens to hacking humans is.

A

If you think it's you, please email us.

B

Yeah, that's right. A celebrity that people would know about who is not Dave Bittner on our show.

C

I've talked about this before on my theory on celebrity, and that is that everybody is at least an F less celebrity. I'm trying to formalize this in some kind of way, but it goes back to the six degrees of Kevin Bacon, so that you're only six steps away from anybody else in the world.

B

Right.

C

Including A list celebrities. So if you're, like, one step away from an A list celebrity, you're a B list celebrity.

B

Yeah.

C

If you're two steps away, you're a C list celebrity.

B

I went to summer camp with Edward Norton. What does that make me?

C

Like, if you called Edward Norton right now.

A

Yeah.

C

Would he answer the phone? Would he say, hey, it's Dave from high school summer camp?

B

He would answer the phone and then I'd say, hey, it's Dave from summer camp. And then he would hang up.

C

Okay. He remembers the wengy you gave me.

B

Please delete this number. Number. Yeah. Yeah. So, yeah, that's about it.

C

But, yeah, I. I mean, I don't know, Edward, you know.

B

Well, that makes my bacon number one, actually, because. Because of. Of Eddie Summer camp.

C

It's two hops.

B

Because.

A

Yeah, but if Ed Norton called you.

B

Yeah.

A

Would it be a scammer? Would you be like.

C

It's a good question.

B

Well, that's a good. Well, so I have spoken to Ed Norton on the phone in his post celebrity days.

C

Oh, have you?

B

Yeah.

A

Yeah.

B

Yeah. So, you know, I guess that counts.

A

Hmm. And you're sure it was him?

B

Yeah, pretty sure.

C

Okay.

B

Pretty sure.

C

After we're done recording, I have questions.

B

Okay. I'll be happy to tell you about it.

C

All right.

B

There's a favor we were able to do for him.

C

Oh, okay. Okay.

A

That's cool.

B

Yeah, Cool. All right, I tell you what, let's take a quick break. We'll be right back. Most environments trust too much and attackers know it. Threatlocker enforces default deny at execution, blocks unknown apps and limits what trusted apps can do. Stop ransomware at the source. Get your demo@threatlocker.com N2K. And that is hacking humans. Brought to you by N2K CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to hackinghumans2k.com this episode is produced by Liz Stokes. Our executive producer is Jennifer Ibin. We're mixed by Elliot Peltzman and Trey Hester. Peter Kilpie is our publisher. I'm Dave Bittner.

C

I'm Joe Kerrigan. Kerrigan.

A

And I'm Maria Vermazes.

B

Thanks for listening.