Lights, camera, scam!

Maria Varmazes

You're listening to the Cyberwire Network, powered by N2K.

Dave Buettner

Hello, everyone, and welcome to N2K, CyberWire's hacking humans podcast, where each week we look behind the social engineering scams, phishing schemes and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Buettner and joining me is Joe Kerrigan. Hey, Joe.

Joe Kerrigan

Hi, Dav.

Dave Buettner

And our N2K colleague and host of the T Minus Space Daily podcast, Maria Vermazes. Maria.

Maria Varmazes

Hi, Dave. And hi, Joe.

Dave Buettner

All right, we've got some good stories to share this week, but first we're going to jump into some follow up. And boy, do we have a lot of follow up.

Joe Kerrigan

A lot of chicken, baby. Welcome to Chicken Chat, everybody.

Maria Varmazes

People were really concerned about your chickens, Joe. Really, really concerned.

Joe Kerrigan

Were they saddened by the loss of the 13?

Maria Varmazes

My goodness, you should have seen the internal chatter at N2K.

Joe Kerrigan

Oh, no.

Maria Varmazes

When your episode dropped, people were like.

Dave Buettner

This is a roller coaster ride. What happened to Joe's chickens? And I'm sorry, we got several letters from. Although the letters we got from listeners, I think cross paths with your story publishing about the untimely demise chicken massacre. Yeah. So I'll tell you what, I'm gonna read this first one here. This is from a listener named Aaron following up on chickens. And Aaron writes in and says, a few weeks ago, Joe mentioned needing to protect a new flock of chickens. I did not respond right away because I was certain another astute listener would respond. The best way I've found to protect my flock is with electric fencing. I built an enclosure made of pressure treated lumber and chicken wire, then surround that with five strands of electric fence starting a few inches off the ground and extending to about six feet high. I discovered the hard way that this does not stop a barn owl. When I went to the coop one morning to find three dead denuci. Nutiated, nucated, I would say, yeah, yeah, that is without their head and neck chickens. This is a telltale sign of a barn owl attack.

Joe Kerrigan

Good to know.

Dave Buettner

Apparently they don't like the rest of the bird because it tastes like chicken. After that, I ran a few strands of non electrified wire across the top of the enclosure in a waffle grid pattern, which is the most delicious of the grid patterns.

Joe Kerrigan

I would agree with that. 100%. Waffle grid.

Dave Buettner

Are you sure you didn't write this, Joe?

Joe Kerrigan

I didn't write this.

Maria Varmazes

I know, I know.

Dave Buettner

This really rings of your style of humor, which is probably why Aaron enjoys listening to the show so much. Says I live in an area with coyotes, bobcats, mountain lions, skunks, red tail hawks, bald eagles, barn owers, barn owls, and snakes, all of which love the Colonel's first original recipe, which was raw chickens.

Maria Varmazes

This is an exciting threat.

Dave Buettner

As mentioned above, I've not lost a single chicken to predators. Good luck with your flock. And then Aaron also was kind enough to include a photo. And he says, below is a picture of the enclosure and some of my birds. A Golden comet, a Rhode island red, and some Delawares. I never got Delawares again because they are aggressive a holes. You're in Maryland, so I'm sure you understand. Ooh, a regional joke.

Maria Varmazes

All right, please explain to me.

Dave Buettner

Well, the Delawareans or whatever, I don't know. Delaware.

Joe Kerrigan

Del Weenies.

Dave Buettner

Del Weenies, Our lovely neighbors in Delaware. Slightly to the north, slightly to the east. Depending on how you come at them.

Joe Kerrigan

They'Re the notch in Maryland.

Dave Buettner

They're lovely people.

Joe Kerrigan

Love Maryland.

Dave Buettner

On the east coast, we regularly wonder why their cute, adorable little state exists, even though our state is not much larger. It gets sort of the same sort of wondering of why the Maryland panhandle doesn't belong to either Pennsylvania or West Virginia. But these are all, you know, historical anomalies. All right. And then beyond that, we got another picture sent in. This is from a listener named Shannon. This social media post, and it's labeled, ever walked into a grocery store and seen a grown man wearing a baby carrier? Joe, you want to describe this photo?

Joe Kerrigan

So this is a picture of a guy and he has a baby carrier. And tucked into the baby carrier is one of his hens.

Maria Varmazes

He is front carrying that hen.

Joe Kerrigan

He's front carrying the hen.

Dave Buettner

And the hen kind of looks like a baby bjorn.

Joe Kerrigan

Right. And the hen kind of looks nonplussed. Or maybe the hen is used to this kind of stuff. Who knows? I promise I will never carry my chickens into a place where they sell food, because that's gross.

Maria Varmazes

Thank you, Joe. Appreciate that.

Dave Buettner

I think the little carrier. Cause the carrier is pink.

Joe Kerrigan

It is.

Dave Buettner

It kind of looks like the chicken's wearing a little leotard.

Joe Kerrigan

It does look like a chicken class.

Dave Buettner

Yeah, exactly. Renave plie. And the other question I have here is that the chicken's wings are not coming out through the little armholes.

Joe Kerrigan

That's because chicken wings are in a different spot on the body. They're, you know, they're.

Dave Buettner

You.

Joe Kerrigan

The chicken's wings are in there.

Dave Buettner

Yeah.

Joe Kerrigan

And in fact, you really tell here because the chicken breastbone is that big lump in the middle.

Dave Buettner

Right.

Joe Kerrigan

You know, it's when you carve a chicken, you, you know what you're talk. You know what I'm talking about, if you've ever done that. But the wings are off to the side, closer to the back. That's why they're not coming through.

Dave Buettner

Yeah.

Joe Kerrigan

They're not like arms.

Maria Varmazes

Does it mollify a chicken to be swaddled like this?

Joe Kerrigan

It will keep the chicken from flapping you with its wings. Yeah, but does the chicken enjoy it? I don't know.

Dave Buettner

But it also seems like the chicken's feet, which of course are like little baby dinosaur feet, are dangerously close to areas of this man's body that he's probably interested in protecting.

Joe Kerrigan

Yes. I would not be doing this.

Dave Buettner

I would not take one of my angrier chickens or a rooster out in this situation or that Delaware chicken or the Delaware chicken. Right, right. All right. Well, that is this week's edition of Chickens with Joe, also known as Follow Up. So thank you all for sending in your photos and well wishes.

Joe Kerrigan

Aaron, thank you very much for the idea about electric fencing. We actually have, near where we were building the chicken coop, an outlet or, you know, there's, there's power run out to that area. So that's a viable option for us.

Dave Buettner

Yeah. How are the new chickens?

Joe Kerrigan

They're doing well. I haven't seen them in about a week. I'm going to go probably go over and see them this weekend.

Dave Buettner

Okay.

Maria Varmazes

Tell them we all say hi.

Joe Kerrigan

I will do that.

Dave Buettner

We're on the edge of our seats.

ThreatLocker Sponsor

And now a few thoughts from our sponsors at ThreatLocker. The tactics used by cybercriminals are becoming more and more advanced every day. The shift from a default allow approach to a default deny is more critical than ever. This is where Threat Locker comes in. Stay tuned for how Threat Locker allow listing and ring fencing has your back.

Dave Buettner

All right, let's get to some stories here. Maria, you have the honors. Why don't you start things off for us here?

Maria Varmazes

All right, so from our We've been saying desk, there's a story on CNBC via Ana Teresa Sola that new and changing tariff policies are giving scammers a fresh opportunity to trick consumers. We've been saying. Yeah. So cyber criminals, according to the story, are sending fake tariff payment requests by email or text, posing either as retailers, delivery services or government agencies. So they are relying on the news cycle confusion, which not hard to do right now, and financial pressure around tariffs. And that all creates what the CNBC story is describing as a perfect storm for fraud. Yeah, I'm going to keep saying that phrase we've been saying. Yeah. Scammers are explaining the fact that most people, myself included, really don't understand very well how tariffs work and may not question a payment request that would come into them after they make a purchase. Especially. And I'll get to this in a little bit, sometimes legitimate businesses do pass on tariff cost to customers and sometimes you will get a legitimate tariff fee payment request from the government. And all of this adds to a lot of confusion. So I point of clarification. I think just to make tariffs are import taxes usually paid by businesses, but consumers often see those costs indirectly through price hikes. So this is important. A lot of people are confused. Again, myself included. Scammers are using this information and the confusion around it to trick people into thinking that tariff related charges are real. So the CNBC story spoke to a number of different cybersecurity companies who are seeing a large uptick in tariff related scams. Again, we've been saying, and researchers at this company called B4AI said they found over 300 scammy domain names related to tariffs registered in just the first three months of 2025. Nobody's surprised by that. Although I will say, amazingly, this group found that someone had been domain squatting on this one that was tariff related since 2003 and they just started dating. Yeah, it's like that is such a long game, 2003. They're like, this is going to come in handy one day.

Dave Buettner

Just wait.

Maria Varmazes

My day has come.

Joe Kerrigan

Now's my chance.

Dave Buettner

You all laughed at me.

Joe Kerrigan

This guy is now the oldest scammer in the scam center.

Maria Varmazes

I know, 2003, I mean it's 22 years ago. Yeah, that's. Oh my God.

Dave Buettner

Who's the fool now?

Maria Varmazes

Yeah. So, you know, probably not a big surprise anyone who listens to this show, but what happens if you were to go to these sites? It's really not hard to guess. The domains often lead to phishing sites pretending to collect payments for customs or tariff processing. And in the process they will nab both user data and money. And they often use the guise of this is very urgent, otherwise we won't release your package or, you know, we're the government and we're going to come get you. So there's lots of threat. And again, nowadays that is a very legitimate threat for a lot of people. So that is kind of scary. And as I mentioned a little earlier, to make this ultra confusing, there are sometimes legit reasons. You might get an official notice about A fee about an overseas. Good. So I. This is the part where I was like, oh, my God. So U.S. customs and Border Patrol, we've heard of these guys sometimes. Sometimes, yeah, we know these guys are. They will charge a customs fee to release an import, and you do have to pay the fee to release the imported items. So that is a legitimate thing. Also, import fees may be collected by a carrier, so a logistics firm, essentially, if they are acting as the importer of record, which means that they have to pay the duties, taxes, and fees to import the thing. And usually you know about these fees ahead of time, but sometimes you don't because tariffs change really fast and you may get a surprise bill. So it's like, as I'm going through all this, I'm thinking, okay, this. No wonder this is a perfect storm, because this is a lot. So surprise fees are very rare, but it is plausible that. That someone could get them. But usually the companies are being very transparent about them, especially if they're incoming after the fact. So the scammers are counting on the fact that this is all confusing and most of us are not really familiar with what is normal.

Dave Buettner

So.

Maria Varmazes

Yeah. Can you keep track of what's normal right now? I certainly can't. So.

Dave Buettner

Well. And there's conflicting information coming out of the government itself. So who's gonna pay these tariffs? Right. So that makes it even more complicated. Yeah.

Maria Varmazes

Yep. Yeah. So I would think normally, unless if you're just a normal person just going about your day, you don't generally import from overseas. This is probably not, you know, this is probably not something you should be expecting to get, but if you're, you know, you have your own small business where you're importing stuff, maybe that's more likely that you'd get something like this. But for the most of us. Joe Schmoes. Sorry, Joe. There are three red flags that this. This article says that we should look out for. So one of them is hacking humans. Listeners will know anything that's urgent and especially unsolicited. If it says it's a tariff relief or tariff exemption, or if it's pressuring you to pay an immediate fee about a tariff that. And you weren't expecting it, that is immediately a red flag. Anything with suspicious links, email addresses, or phone numbers that don't match real companies or government agencies, that is another red flag. So please do your due diligence about anything that's incoming that you're not expecting. And then lastly, lack of transparency, because again, if you're working with a logistics Firm or a carrier, they're going to be really upfront with you because they don't want to give you a surprise bill either, because nobody likes those. So usually they will be telling you up front, hey, this is something you can expect. So if you're not expecting it, you really should reach out to them. Don't wait for something, and definitely don't click anything dodgy. So, yeah, don't get fooled by all this stuff because it is legitimately confusing and be very, very, very cautious.

Dave Buettner

Yeah, absolutely. You know, it reminds me, I think I shared with you guys that I had dealing with my father's Social Security stuff after he passed that the Social Security. Administration. Administration. Thank you, Joe. Administration. They can claw back a payment even from a closed account.

Joe Kerrigan

Yes.

Dave Buettner

So my point being that the government does have situational extraordinary power when it comes to these sorts of things. And that adds to the confusion.

Joe Kerrigan

Yeah, I mean, I don't know. I think if all of a sudden tariffs actually start appearing on a deal and I'm not aware of them, I think I walk away from the deal unless it's something I can't get away from and in which case somebody will, I don't know, reach out to me through some verifiable channel. I don't know. I don't know how it works.

Maria Varmazes

Here's where you don't know how it works either.

Joe Kerrigan

I don't know how.

Maria Varmazes

Yeah, that's what they're depending on. None of us know.

Joe Kerrigan

Very confusing.

Maria Varmazes

Yes.

Joe Kerrigan

So, I mean, and it's rare. You're saying it's rare for someone to actually get a call from the government going, hey, you need to pay this tariff?

Maria Varmazes

Yeah, it is rare, but it's not impossible.

Joe Kerrigan

So that's rare enough for me to say, I'll tell you what, if I need to pay that tariff, send an agent to my house and I'll write him a check.

Dave Buettner

I think in most cases you wouldn't get the stuff before you pay the tariff. Right. I mean, that's.

Maria Varmazes

Yeah, they're holding it. Yeah, they've got it at the border, essentially, and they're not going to release it until you pay up. But I've never. I've only if I can think of anyone who's. I'm thinking of all the stories I know of folks who've gotten in trouble with Customs outside of the airport. I can't remember any time someone's been flagged this way. I'm sure it happens, but it's got to be such an edge case. And again, it's probably people who are used to doing importing and exporting and they. Folks who do that kind of stuff, I would assume. I feel like Vandelay Industries is a Seinfeld joke somewhere. They know a lot more about this than we do. So hopefully a friend of mine got.

Dave Buettner

Busted by a beagle for having an apple coming through customs.

Maria Varmazes

I cannot tell you the stories I know of people sneaking stuff past customs in an airport that they shouldn't have done.

Dave Buettner

It's just. Yeah, yeah.

Maria Varmazes

But I don't think this is the kind of thing that we need to worry about in this situation.

Dave Buettner

No.

Joe Kerrigan

There was one time when I went to Barbados and that was the only time I was tempted to try to smuggle something in. But they have. You can buy liquor in like a duty free store and then bring it into the US but there's a limit to how much you can bring. But I gotta tell you, Mount Gay Rum, which is a Bajan made rum, which is a good rum, sells for 10American dollars a liter in Barbados.

Dave Buettner

Oh, jeez.

Joe Kerrigan

And here you're paying like 40 bucks for a.750.

Dave Buettner

Okay.

Joe Kerrigan

So I was like, how much of this can I bring home? Turns out the answer is 4 liters. 4 liters. So per person, per tip, right there, we brought home eight liters of it.

Maria Varmazes

There you go.

Dave Buettner

My father would always bring back booze from the islands. Same sort of thing. Same sort of thing.

Maria Varmazes

And if you. I remember buying Cuban rum when I was in Germany, coming back to the US I can't believe that I was able to do that. But I could buy it duty free in Germany because they sell Cuban rum there. Can't get Cuban rub in the United States, so.

Joe Kerrigan

No, you cannot. Can't get Cuban anything in the United States.

Maria Varmazes

Not legally.

Dave Buettner

Cuban sandwich.

Joe Kerrigan

Oh, yes, that. That is usually my favorite of the sandwiches, by the way.

Maria Varmazes

An illegal Cuban sandwich.

Dave Buettner

All right, we will have a link to that story in the show notes. Joe, what do you got for us this week?

Joe Kerrigan

Dave, I got a. I got a bulletin from the Internet Crime Complaint center.

Dave Buettner

Okay.

Joe Kerrigan

The IC3.

Dave Buettner

Yeah.

Joe Kerrigan

And I heard about this first from a news story from Matt Durr, who works at Michigan Live, which is a news outlet out of Michigan. I don't know. Anyway, senior US Officials are being impersonated in a malicious messaging campaign. So the FBI is issuing a warning and announcement to people who are federal employees, former federal employees, or state government officials and their contacts warning them that somebody is using AI to leave faked voicemail messages and sending tons of spam Texts claiming to be whoever the person is they're impersonating. And the call to action here is that they're trying to get you to go to a website and log in and give up your credentials.

Dave Buettner

Okay.

Joe Kerrigan

But beyond that, there's not a lot going on in terms of what's happening here. So my question about this is, what's the end game? You know, we've heard about people using the artificial intelligence generated voices and the smishing as they call it. A term I hate, by the way. And kudos to the FBI. They use the term smishing in here, but they define the term in the middle of this, this alert, this psa and it, you know, it's coming in with, with a SMS message. And that's where the smishing comes in. Simple messaging service or short messaging service. And then they also have vishing. I hate both of these terms just say scam texts and scam calls and that covers everything.

Maria Varmazes

Yeah, but that's not cute, Joe.

Joe Kerrigan

No, it's not. It's better than cute. It's descriptive.

Maria Varmazes

How dare you not be cute.

Joe Kerrigan

Right.

Dave Buettner

Cute is a baby chick.

Joe Kerrigan

Cute is a baby chick. Cute is one of my baby chicks. So they're using software to generate the phone numbers that are not attributed to a specific mobile phone. And so they're spoofing phone numbers and calling these people, trying to get them to log in. And I don't know what the end game is because they're not going after financial things. I think this might actually be an espionage campaign.

Dave Buettner

Right. I mean, couldn't it just be that simple? That high level government officials are high value targets?

Joe Kerrigan

Yeah, absolutely.

Dave Buettner

Get to get in their email or any of their accounts.

Joe Kerrigan

Yep.

Dave Buettner

You can either sell it or if. Yeah, for espionage. It has value.

Joe Kerrigan

It does.

Maria Varmazes

I imagine there's a lot of people who'd be a little more willing to talk right now than they might normally.

Dave Buettner

So we've certainly heard, we've heard, we've certainly heard stories about other governments and entities being opportunistic and as they do to try to take advantage of the hard feelings that former government employees may have from having been let go or treated poorly and all that kind of thing. I mean, that is an opportunity for.

Joe Kerrigan

It absolutely is an opportunity.

Dave Buettner

Those kinds of operations.

Joe Kerrigan

Yep.

Dave Buettner

So it's happening for sure. Yeah. What do they have any recommendations?

Joe Kerrigan

They do. They have spotting a fake message. First off, verify the identity of the person calling you or sending you the voice messages before responding, which I don't know how you do that aside from maybe picking up the phone, looking the person up and calling them and going, hey, did you send me this? And if you're a high ranking government official, maybe you have access to that kind of information. But it says, carefully examine the email address, messaging, contact information, including the phone numbers, URLs, and the spelling of any correspondence. For communication or communications, spammers often use slight differences to deceive you and gain your trust. So this is looking for the little differences, subtle imperfections in videos and images. That is, I think that's looking for like deep fake videos.

Dave Buettner

Right.

Joe Kerrigan

And the telltale, for me, the way I can tell when somebody is using a voice cloner, and that one here, listen closely to the tone and word choice and distinguish legitimate phone calls. And I can tell when somebody is using a poor AI generated voice because the cadence is off. The cadence is a little weird and it's unnatural. And sometimes there are mispronunciations of words that are pronounced as they're spelled, which is to me a dead giveaway in this case. But over time that will get better. And Dave, you remember the time you had. This was probably a year and a half ago. You synthesized your voice and I didn't know it wasn't you. Yeah, my wife picked up on it immediately when I had her listen to it. She said, that sounds too robotic to be.

Dave Buettner

Dave. Yeah. Say hi to your wife for me.

Joe Kerrigan

I will, yeah.

Dave Buettner

Thanks.

Joe Kerrigan

While we're saying hi, two weeks ago, Maria said hi Michelle, and Michelle wanted me to say hi back to Maria. So.

Dave Buettner

Okay.

Joe Kerrigan

There you are.

Maria Varmazes

Oh, that's awesome. Thanks, everybody.

Joe Kerrigan

Everybody's all caught up. Dave, next week I'll tell you whether or not my wife says hi back.

Dave Buettner

All right? Ask her if she still snores, Dave. Or if she sings in the shower. I don't know where she.

Joe Kerrigan

All right. AI generated content has advanced to the point. This is another thing. It says AI generated content has advanced to the point where it's getting more difficult to identify, which is exactly what I was just saying. And these things are only going to get better and better and better over time. So really, I think it all boils down to don't trust the inbound messaging at all.

Dave Buettner

Right?

Joe Kerrigan

Someone reaches out to you immediately, don't trust it. It's just the best policy to, you know, if somebody reaches out to you and starts talking and they have context, maybe. Right, Maybe. But if they just reach out to you out of the blue and there's no context or anything, then, yeah, you gotta call them back. Hold on, let me call you Back. I know your number. I'll call you right back. Yeah, no, no, I'm on a plane and I can't. I can't take. Okay, call me when you land, or I'll call you when you land on your cell phone.

Dave Buettner

Right, right, right. Just. Now. Now's not a good time.

Joe Kerrigan

Now's not a good time. I'm in the shower.

Dave Buettner

Yeah. I'm about to, you know, I'm about to sit down and have surgery.

Joe Kerrigan

Right.

Dave Buettner

Like, just whatever. Yeah. They don't, you know, and, and the point being, don't let them dictate the pace and the urgency of the call.

Joe Kerrigan

Right.

Dave Buettner

You know that.

Joe Kerrigan

That's a great point. The pace.

Dave Buettner

Yeah. The, The.

Joe Kerrigan

The timing and the. And the rhythm of this. I was talking with somebody years ago, and he was talking about quick change scams, about how they, how they, how they work. And the way they work is by getting you into their rhythm as, you know, 1, 2, 3. This makes sense. This makes sense. This makes sense.

Dave Buettner

You mean like making change and giving you back the wrong change for cash?

Joe Kerrigan

Yeah. Giving you back more change than you should be having.

Dave Buettner

Yeah.

Joe Kerrigan

And this guy and I were discussing this, and he told me about a friend of his who. The way he broke that up was somebody walk up and hand him a 20 and say, Can I get two tens for this? And he would immediately take the 20, open the register door, and ignore anything else they said. And they would start with their pattern, and they'd go into the thing that would eventually make you give back 30 or $40.

Dave Buettner

Right, right, right.

Joe Kerrigan

But he would just take the money, put the. Leave the 20 on top, take out two tens, put the 20 into the 20 drawer, close the drawer, and hand the guy two twenties or two tens.

Dave Buettner

Yeah.

Joe Kerrigan

And the guy would start going into the next. Next step of. Of the thing. Can I get two fives for this 10? I wanted two fives for this 10. And he'd take it and open the drawer again, and he'd make that. Make that transaction while the guy was talking and trying to move down the road in the, in the scam. And eventually, after two of these transactions where the guy gave him back who he was supposed to give him back, the guy got frustrated and walked away.

Dave Buettner

Yeah. If you want to see that in action, the movie the Grifters has a good example of John Cusack pulling that scam on some folks.

Joe Kerrigan

Yeah.

Dave Buettner

Yeah. It's a good one. All right. We will have a link to that story in our show notes. I'll tell you what. Let's Take a quick break to hear a message from our sponsors sponsor. We will be right back.

ThreatLocker Sponsor

So let's return to our sponsor ThreatLocker ThreatLocker is a zero trust endpoint protection platform that strengthens your infrastructure from the ground up. Where traditional cybersecurity tools require you to create a list of things you don't Want to Run, ThreatLocker enables you to easily curate an allowlist of everything you need in your environment and network and block everything else by default. With ThreatLocker allowlisting and ring fencing, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware. The ThreatLocker Zero Trust Endpoint Protection platform deploys in a learning mode that analyzes the operations of your company using machine learning to assist you in developing your allow list for approved applications, what they can do on the endpoint, what can interact with your data, and even east and west network traffic. We thank ThreatLocker for sponsoring our show.

Dave Buettner

And we are back. My story this week comes from a gentleman named Lee Goldberg who is actually a very well known author and TV producer and TV writer. He's a best selling author, writes sort of mystery novels and he's also written some TV shows that you've probably heard of, like Monk.

Joe Kerrigan

Ah, yeah, I have heard of Monk.

Dave Buettner

Yeah. Yeah. So he's got a very impressive resume. He's a legit Hollywood guy. Hollywood success, right. And having a number of bestselling books. Occasionally he has to deal with folks who may want to adapt one of his books into a movie. So he got an email from someone claiming to be the Hollywood Talent Agency, asking if he'd consider adapting his book, which is titled Calico, into a film. And this email had all sorts of buzzwords in it like submission specialist partners, award winning film advisors, and studio managers. So sensing that things were not on the up and up and looking for, I guess, content for his blog, Lee got on the phone and called them up and he got an offshore office that he's pretty sure was in the Philippines. The person who answered had never heard of the agency, the representative, or even Lee Goldberg himself. But he said, oh, let me check with our endorsement people. And then another email came in. This time it was from someone named Darius who claimed to be from Writer's Edge Production. He said he received an endorsement and wanted to chat about adapting the book. And so Lee called him and Darius's English was rough the sales script was a mess. He stumbled through lines about a pitch deck service, which is a glossy video presentation that they'll make for a fee.

Joe Kerrigan

A sizzle reel, if you will.

Dave Buettner

Yeah. And then this would be sent around to their VIP studio contest tax, and for proof, they'd give you a certificate of submission. Right?

Joe Kerrigan

Yeah. What is that worth?

Dave Buettner

Well, that's the scam, so we'll get to that in a minute. We'll get to the details of the scam itself, but Lee asked who the brilliant film advisor would be, and the answer was someone named Warut Snidvongs I'm sure we've all heard of.

Maria Varmazes

Oh, yeah, that guy. Yeah, good friend of mine.

Dave Buettner

He's the Nick Spielberg.

Joe Kerrigan

Yeah.

Dave Buettner

An IMDb search said that he had one film credit and a bunch of jobs as a grip and a camera assistant. So Lee.

Joe Kerrigan

So he's moving up the world quickly.

Dave Buettner

Well, yeah, Lee pushed harder. He eventually told Darius who he really was, and then he knew that he was being conned. Darius said that his defense was that they disclosed that the odds are only about 50, 50 that you'll have any success with them. So in his mind, that makes it not a scam. Yeah.

Joe Kerrigan

Right.

Dave Buettner

So there's no real agency. There are no studio connections. There's no need for a pitch deck. And that's what this is. The scam is called a pitch deck scam.

Joe Kerrigan

Okay?

Dave Buettner

And the scam is someone contacts you and they butter you up and they tell you what a great creative work you've done. And it can be like, in this case, a book. It could be a script, it could be a piece of art, anything creative. And they tell you that they want to help you bring this to the public, and everybody's going to be rich. Rich, I tell you.

Maria Varmazes

Too good to be true. Nobody ever cares about your creative work that much. Right.

Dave Buettner

They push that. This is an exclusive opportunity. Right. Time sensitive.

Joe Kerrigan

Ah, so there's the artificial time horizon.

Maria Varmazes

There it is. Yeah.

Dave Buettner

But it's ultimately pay to play. So they will produce the pitch deck for you, but it'll cost you hundreds or even thousands of dollars.

Joe Kerrigan

I'm sure you can produce your own pitch deck if you're a resource person, like Lee Goldberg here.

Dave Buettner

He's a writer for.

Joe Kerrigan

Gosh, he's in there. He doesn't need some third party.

Maria Varmazes

No, they're rolling in money writers, notoriously.

Joe Kerrigan

That's not what I mean. What I mean is he's done this before.

Dave Buettner

Yeah.

Joe Kerrigan

He has his own resources where he can reach out to these. Reach out to people. If he's going to make a sizzle reel or, or pitch deck, he knows who to talk to already.

Dave Buettner

Yeah.

Joe Kerrigan

So, I mean, that's why it didn't work on him. But you know, if, if, if Dave and Joe and Maria were going to sit down and write a show.

Dave Buettner

Yeah.

Joe Kerrigan

And we're going to call it, you.

Dave Buettner

Know, I don't know, Hacking Humans Live the Movie.

Joe Kerrigan

Hacking Humans the Movie. Right.

Dave Buettner

What?

Maria Varmazes

Oh my God. What would that look like?

Dave Buettner

Yeah, yeah.

Joe Kerrigan

Who would play me? Probably John Goodman.

Dave Buettner

John. Oh yeah, that's good, that's good, that's good. So obviously there is no real submission or results. Nothing's ever going to happen. The VIP connections that they promise you don't actually exist. They use all kinds of name dropping. They'll say things like, we have award winning directors or film advisors and things like that, but they don't exist. And then one thing they point out here is that once you pay, the scam often continues. Of course they got a hot one on the hook. So they offer additional services like agent representation or screenplay adaptation or paid consultations. And again, they use scarcity and urgency to pressure you. They say, oh, we only have a few slots left or if we don't act now, the studios are gonna lose interest, so we gotta be quick about this. So they have some red flags to look out for, obviously. Cold calling and flattery, no real company address or staff credentials, requesting upfront payment for vague services, poor grammar and inconsistent communication, unverifiable success stories or credits, and resistance to questions or verification efforts. So I don't think that's one we've covered before. A pitch deck scam? No, never heard of it before.

Joe Kerrigan

I think it's new for us, new for me.

Maria Varmazes

Interesting niche.

Dave Buettner

Yeah, right, right. I mean, you hear all kinds of Hollywood scams. The ones I've seen and heard of most of are, you know, come audition for us. We'll put your kid in front of Hollywood agents, you know, for Disney and Paramount and that sort of thing.

Joe Kerrigan

And that's horrible anyway if you're gonna put your kid in front of somebody.

Dave Buettner

But think about how many parents have stars in their eyes. Yeah, their precious little snowflake is gonna next Hannah Montana. And so they go and they pay a fee to have the child looked at. The child goes and does a little song and dance and they say, your kid's terrible.

Joe Kerrigan

Get out of here.

Dave Buettner

Right.

Joe Kerrigan

Thanks for the 200 bucks.

Dave Buettner

Yeah. If those people see 100 kids in a morning at 200 bucks a piece.

Joe Kerrigan

Right. Profit $20,000.

Dave Buettner

Yeah, I can tell.

Joe Kerrigan

20,000 kid, 200 kids. They suck for $20,000 for 100.

Maria Varmazes

That reminds me of a scam that was common when I was a teenager, sort of in the nascent time of the Internet. So it was still by mail. Teenage girls around the age of 16, when we would hit 16 years old, we'd all get a postcard saying, come try out to be a model.

Dave Buettner

Oh, yeah.

Maria Varmazes

And it was like, they didn't know who you were. It was just like, teenage girl, age 16. And you would get this. And of course, you just had to pay a small fee. And they were like, well, we'll let you audition to be a model.

Joe Kerrigan

And I remember my audition for a.

Maria Varmazes

Small fee, something like that. I mean, this was a long time ago, Joe. I don't remember the exact details, but I remember my friends and I on a. Our birthdays would all get this, and we would all bring them to school and laugh because we're just like. Everybody gets one of these, including those of us who would never have a prayer being a model.

Dave Buettner

Joe, I think you could have a service here that could actually be on the up and up, or you could frame it as a casting agent kind of thing, but just call it Joe's Cold Hard Truth.

Joe Kerrigan

Well, I told you that. One of my reasons.

Dave Buettner

Your child lacks talent and is ugly.

Joe Kerrigan

Right.

Dave Buettner

Next.

Maria Varmazes

Some people need that service given to them as a gift.

Joe Kerrigan

I told you that one of my retirement plans is actually building up a psychic business, right?

Dave Buettner

Oh, okay.

Joe Kerrigan

Where people come in and they sit down and I say, so, what's on your mind? And I just start asking them questions. I think my boyfriend's cheating on me. Why do you think your boyfriend's cheating on me? He always grabs his phone when I'm nearby. I reach for it, and he won't let me see what's on it. And he stays out late on Tuesday nights and. Okay, well, let me consult the spirits here. Your boyfriend is cheating on you.

Dave Buettner

Okay, so you're just like, cold rating them?

Joe Kerrigan

No, I'm not cold reading them. I'm talking them through the. Talking them through the situation, finding out why they believe it, see if it adds up.

Dave Buettner

Yeah, I guess labeling yourself a psychic is kind of an end around for. For being an unlicensed therapist.

Joe Kerrigan

Yes, right.

Dave Buettner

Exactly. Okay. Right, yeah.

Joe Kerrigan

What should I do about my career? Oh, very good question. Let's sit down and talk about it.

Dave Buettner

Yeah. I swear to you, this is a true story. Okay. I have a friend who's a banker and he got a loan Application for a woman who wanted to start a small business as a psychic, and he turned down the loan. And she said, I'm really surprised to hear this.

Maria Varmazes

Seriously.

Dave Buettner

And he said, well, I guess I made the right decision.

Joe Kerrigan

Jesus, God.

Dave Buettner

True story.

Maria Varmazes

He just broke Joe. I think he just broke Joe.

Dave Buettner

That's beautiful.

Joe Kerrigan

I'm sorry.

Dave Buettner

I think I made the right decision.

Joe Kerrigan

Yeah, well, she just said, I knew that was gonna happen. You've been like, well, here's the loan then.

Dave Buettner

Right? Exactly. Exactly. Yeah. Joe, Maria, it is time to move on to our cluck of the day.

Joe Kerrigan

Dave, our cluck catch.

Dave Buettner

Cluck.

Joe Kerrigan

Cluck of the day comes from Jonathan, who sent us a kind of a weird one, but, Dave, you want to read it? It's coming from Normandy.

Dave Buettner

Which. And the Email address is sabacotefremteriadoria15853mail.com so.

Joe Kerrigan

I believe that there are 15,852 other Saba from Dori. Whatever this is, Right.

Dave Buettner

This one's short and sweet. I mean, there is an attachment that has a PayPal invoice scam, but the text of this is short and sweet, but it says, hey, our vision is now tangible and real. Just amazing. Bye.

Joe Kerrigan

Bye.

Dave Buettner

That's it. That's the whole thing. I'll read it again. Hey, our vision is now tangible and real. Just amazing. Bye.

Joe Kerrigan

I think that is just to make it through the spam filters to get you to open the PDF attachment.

Dave Buettner

It's just. Yeah. Random.

Maria Varmazes

Yeah. And then I parsed the email address. The Saba Cote Fremdatariadoria 15 8. 53. They were born in January 58, 1953. There you go.

Joe Kerrigan

January. Okay, right. January 58th.

Dave Buettner

Right, right. Wasn't there. There was recently a. I think it was like a congressperson who put a deadline on some bit of congressional business for a date that didn't exist, like, the 31st of a month. It didn't have a 31st. Something like that.

Joe Kerrigan

February 31st.

Dave Buettner

Yeah, it got. Got some, you know, eye rolls and that sort of thing. All right, well, that is our catch of the day, and of course, we would love to hear from you. If there's something you'd like us to consider for the show, you can email us. It's hackinghumans2k.com foreign, of course.

ThreatLocker Sponsor

We want to thank this week's sponsor, ThreatLocker. Go to threatlocker.com HH and check out their Zero trust endpoint protection platform. That's the words threat and locker with no space.com HH where you can request a demo and neutralize the threat of malware running on your devices.

Dave Buettner

And that is hacking humans. Brought to you by N2K CyberWire. This episode is produced by Liz Stokes. Our executive producer is Jennifer Ibin. We're mixed by Elliot Peltzman and Trey Hester. Peter Kilpe is our publisher. I'm Dave Bittner.

Joe Kerrigan

I'm Joe Kerrigan.

Maria Varmazes

And I'm Maria Varmazes.

Dave Buettner

Thanks for listening, Sam.