Live from Orlando, it's Hacking Humans! - Hacking Humans

Summary5 min read

Hacking Humans: Live from Orlando, It's Hacking Humans! – Episode Summary

Release Date: February 27, 2025 | Host: N2K Networks

Introduction

In the latest episode of Hacking Humans, hosted by Dave Bittner and Maria Vermasis, the discussion unfolds live from Orlando, Florida, during Threat Locker's Zero Trust World 2025 conference. The episode delves into the evolving landscape of cybercrime, focusing on deception, influence, and social engineering tactics that prey on individuals and organizations alike.

Tax Scams: Exploiting the Season

Maria Vermasis kicks off the episode by highlighting the surge in tax-related scams, particularly during tax season. She references a report by Kate Gibson of CBS News Money Watch about a prevalent IRS text scam promising a $1,400 refund. These messages lure victims into clicking malicious links to confirm personal information, under the guise of legitimate refunds.

Notable Quote:

Maria Vermasis [02:02]: "The scammers are clearly taking advantage of some, how shall we say, politely tumble at the IRS currently."

Additionally, Maria shares a listener-submitted story from Kaylee, who received unsolicited texts from unknown tax firms claiming imminent refunds. These fraudulent firms exploit misinformation about pandemic-related tax credits, leading victims to pay for nonexistent refunds and inadvertently divulge sensitive information, including Social Security numbers.

Better Business Bureau's Top Scams of 2024

Dave Bittner transitions the conversation to the Better Business Bureau's (BBB) 2024 report on the most prevalent consumer scams. He quizzes his co-hosts, revealing that online purchase scams top the list. These scams involve fake websites mimicking legitimate retailers, enticing consumers with irresistible deals only to abscond with their money without delivering the promised goods.

Notable Quote:

Dave Bittner [09:35]: "They'll attach onto anything that's relevant in the time that's relevant. It's tax, period."

Key Scams Highlighted:

Online Purchase Scams: Fraudulent websites replicate legitimate storefronts, offering branded products at unrealistically low prices. Victims input credit card details, receive confirmation emails, but never receive the ordered items.
Phishing: Continues to be a primary method for cybercriminals to deceive individuals into revealing sensitive information or installing malware on devices.
Employment Scams: Notably involving operatives from regions like North Korea, these scams create fake job opportunities to siphon funds or engage in illicit activities, such as setting up laptop farms for fraudulent operations.
Debt Collection Scams: Scammers pressure victims with false claims of owed debts, leveraging fear to elicit immediate payments without legal grounds.
Counterfeit Products: Fake replicas of genuine products flood the market, deceiving consumers and undermining brand integrity.
Travel, Vacation, and Timeshare Scams: Offers for discounted or exclusive travel packages that either never materialize or require upfront payments with no return.
Government Agency Imposters: Scammers pose as representatives from agencies like the IRS or postal services, exploiting trust to extract personal information or payments.
Tech Support Scams: Fraudulent pop-ups and unsolicited calls claim that a user's device is compromised, prompting them to grant remote access or pay for unnecessary services.
Investment Scams: Often intertwined with romance scams, these involve building trust through fake relationships before pitching fraudulent investment opportunities, particularly in cryptocurrency, leading to substantial financial losses.

Phishing and the Role of AI

Seamus Lennon, Threat Locker's VP of Operations for Europe, provides insights into the mechanics of phishing scams and the role of Artificial Intelligence (AI). He emphasizes that while AI has improved the sophistication of phishing attempts by correcting spelling mistakes and creating more targeted attacks, it has not yet mastered the subtleties required to completely deceive seasoned cybersecurity professionals.

Notable Quote:

Seamus Lennon [16:44]: "AI will go off, search up your name on social media sites, and it'll create a Persona of efficient attack that suits you... It can be done in seconds."

Seamus discusses the concept of Zero Trust, a security model that operates on the principle of "never trust, always verify." This approach restricts access based on strict identity verification, minimizing the risk even if credentials are compromised.

Social Media's Double-Edged Sword

The hosts explore the paradox of social media platforms like Facebook. While they serve as valuable tools for connecting with friends and family, they also become fertile ground for scammers. The abundance of personal information available makes individuals susceptible to targeted attacks. Seamus highlights regulatory advancements in Ireland, where the introduction of mandatory number registration with the Communication Regulatory Commission (comrade) has significantly reduced fraudulent communications by flagging unregistered numbers as potentially fraudulent.

Notable Quote:

Seamus Lennon [05:10]: "The regulation commission in Ireland... every time you send out an email or a text message or a voicemail to a user in Ireland, it will come up as potentially fraudulent straight away."

Catch of the Day: AI Misfires

In a segment entitled "Catch of the Day," Dave presents an example of an AI-generated phishing message riddled with nonsensical content, illustrating the current limitations of AI in crafting coherent and contextually accurate scams. The message bizarrely conflates financial transactions with unrelated topics like cryopreserved embryos, highlighting how not all AI-generated content is seamlessly deceptive.

Notable Quote:

Dave Bittner [25:20]: "If you disabled sign into your account by accident through our phone line and you do not believe unauthorized activity or access has occurred, you will need to verify your account and complete the prompted steps to regain access to your account."

Seamus humorously remarks on the flawed AI connection, reinforcing that many scammers still rely on rudimentary methods devoid of advanced AI technologies.

Conclusion and Takeaways

The episode underscores the relentless evolution of cyber scams, driven by technological advancements and the exploitation of human psychology. Key takeaways include:

Awareness and Education: Constant vigilance and understanding of common scam tactics are essential in mitigating risks.
Regulatory Measures: Implementing stringent regulations, as seen in Ireland, can significantly reduce the prevalence of fraudulent communications.
Zero Trust Security: Adopting a zero trust approach can offer robust protection against unauthorized access, even if credentials are compromised.
Technological Advancements: While AI presents both opportunities and challenges in cybersecurity, human oversight remains crucial in identifying and countering sophisticated scams.

Final Thoughts: As cyber threats continue to adapt, both individuals and organizations must stay informed and proactive in their defense strategies. Episodes like this serve as vital resources in the ongoing battle against cybercrime, emphasizing the importance of community awareness and technological innovation in safeguarding our digital lives.

Produced by Liz Stokes | Executive Producer: Jennifer Ivan | Mixed by Elliot Heltzman and Trey Hester | Publisher: Peter Kielpe

Loading summary

Transcript70 lines

[00:02]
Maria Vermasis
You're listening to the Cyberwire Network, powered by N2K.
[00:15]
Dave Bittner
Hello, everyone, and welcome to N2K, CyberWire's hacking humans podcast, where each week we look behind the social engineering scams, the phishing schemes and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Bittner and joining me is my N2K colleague and host of the T Minus Space Daily podcast, Maria Vermasis. Maria.
[00:35]
Maria Vermasis
Hi, Dave. Thanks.
[00:39]
Dave Bittner
Thank you. We are recording this week's show in front of a live audience at Threat Locker's Zero Trust World 2025 conference in Orlando, Florida. Let's hear our live audience.
[00:50]
Seamus Lennon
Thank you.
[00:56]
Dave Bittner
And our special guest today is Seamus Lennon. He is Threat Locker's VP of Operations for Europe. Seamus, thank you for Jo.
[01:04]
Seamus Lennon
Thank you very much for having me. Thank you.
[01:08]
Dave Bittner
As I said, our co host, Joe Kerrigan is unable to join us here in Florida, but don't fret. He will be back with us for our next episode. We've got some interesting stories to share this week. We will be right back after this message from our show sponsor.
[01:27]
ThreatLocker Sponsor
And now a few thoughts from our sponsors at Threat Locker. The tactics used by cyber criminals are becoming more and more advanced every day. The shift from a default allow approach to a default deny is more critical than ever. This is where ThreatLocker comes in. Stay tuned for how ThreatLocker allow listing and ring fencing has your back.
[01:54]
Dave Bittner
And we're back. Maria, we don't have any follow up this week, so why don't you kick things off for us? What do you have for us this week?
[02:02]
Maria Vermasis
All right, so it's a shout out to Joe Kerrigan's scammer liturgical calendar. It is the most wonderful time of the year for tax scammers. So I have two stories that I wanted to talk about today. The first one is by Kate Gibson of CBS News Money Watch. There is a tax text scam going around claiming that the IRS has a $1,400 refund just for you. Actually, Seamus, all you need to do is click the link to confirm your personal information to get a check mailed directly to you. Sounds fantastic, honestly. So the scammers are clearly taking advantage of some, how shall we say, politely tumbled at the IRS currently. But they are also latching onto news that is valid in a way that you might have heard that the IRS is actually sending $2.4 million to about a million taxpayers legitimately who are eligible for a pandemic era stimulus payment but didn't receive them. However, those payments are automatic. You don't need to do anything to get those. And also the IRS will always send a letter. They will not text you. So that is really, really important to remember. You're not going to get a text from the irs. That said, while the IRS will not text you, I have a follow up follow on story from one of our listeners, Kaylee. Kaylee is like many of us doing their taxes right now. And Kaylee noticed that they're looking around at tax firms. So these are the companies that will help you file your taxes. It can be hard when you're trying to figure out who's going to help you with your taxes, who exactly you've reached out to and what marketing spiel you've signed up for. And Kaylee got a text message saying that they had gotten a tax refund that was expiring soon and apparently that they'd already agreed to get text messages from this firm. But Kayleigh noted that they actually had never agreed to any of this. They'd never signed up for anything from this firm, didn't recognize the company at all. And the very first message from this kind of iffy company was the firm promising a refund. Again, just click this link to get it. And it wasn't actually a direct fish, it was more fraud. Like a ph fraud. This tax firm is promising a refund under a pandemic related tax cut that doesn't exist. It's called the self employment tax credit that the IRS goes through pains to mention does not exist. But a lot of scammers are taking advantage of misinformation about this on social media right now. So people pay phony tax repairs, which there are many. It doesn't cost much to spin up a website and say I'm a tax preparer and people pay these preparers for money that will never come. So you're out of the money that you paid these preparers for. And again, the $32,000 that you thought you were going to get from the IRS is never going to appear. And also they have your Social Security number. So isn't that grand?
[04:39]
Dave Bittner
Wow. Wow. Yeah. I'm curious, Seamus, your comments on this. I mean when you think about this kind of scam coming into someone, what are some of the red flags that come to mind for you?
[04:50]
Seamus Lennon
Well, if I receive a text message from the irs, I'm going to get really worried.
[04:55]
Dave Bittner
I bet you I don't need the.
[04:56]
Seamus Lennon
United States, don't pay tax in the United States. But if I do, I'm going to get really, really Worried, but it is typical. Like they'll attach onto anything that's relevant in the time that's relevant. It's tax, period. Let's just hit everybody with tax.
[05:11]
Dave Bittner
Now.
[05:11]
Seamus Lennon
The thing is, most people won't fall for that, but a lot of people do, you know, like postal delivery. I mean, how many people have received a text message or an email to say, hey, we've got your package, but you need to go on to this link and pay the customs for it. When you have an order then now if you're an online shopper, you start questioning going, did I order something?
[05:34]
Dave Bittner
Yeah.
[05:35]
Maria Vermasis
Easy to forget.
[05:36]
Seamus Lennon
Yeah. And that's the thing. And that's good to juke people. Very simply and very easy. Very easy. So I'm based in Ireland, so we have the regulation commission in Ireland for communication is Comrade. Now they've actually introduced something new which is totally new in Ireland, which basically means as a business in Ireland, you must register your number with comrade. If you do not register your number or caller ID or your SMS ID with comrades, every time you send out an email or a text message or a voicemail to a user in Ireland, it will come up as potentially fraudulent straight away. So the amount of times any of our voicemails, like the vision, I look at my phone, I see a number, I don't answer it, look up the number. It's a help and support site for know a telephone before in Ireland, they advertise the number online. So with no technology like voiceover, I can just throw in a, a phone number and I could be anybody. But with the introduction of this now when they do that, it's flat straight away. Now it's going to save like three and a half thousand people get juked every day in Ireland. We're not a huge country, we're only five and a half million, three and.
[06:56]
Dave Bittner
A half thousand people. That's adorable.
[06:59]
Seamus Lennon
It is. I'm not saying we're very people in Ireland. No, very silly people in Ireland. So.
[07:08]
Dave Bittner
But it's a numbers game, right?
[07:09]
Seamus Lennon
It is a numbers game, yes.
[07:11]
Dave Bittner
Yeah. It also makes me think about how so many parts of the world, it seems, are ahead of us here in the US when it comes to regulations, you know, tamping down on these things. I know for me personally, like every time I get what is obviously a fraudulent phone call or text message or something, I think to myself, why is this still happening? You know, we in today, in the amount of technology we have, why are we still getting these things? It's maddening that we aren't farther ahead. But it's interesting to hear that other nations are taking action. Yeah.
[07:44]
Seamus Lennon
And it's great that it's taken the control out of Andrews hands and that's essentially what it is because, you know, they're not targeting intelligent people, not targeting people that are aware of these things. They target everybody. Yeah, everybody. So, you know, my 70 year old auntie picks up the phone again. She's maybe ordered the package, maybe hasn't. Very simple, very easy to be juked.
[08:08]
Dave Bittner
Yeah. Show of hands, how many people have gotten a fraudulent text message in the past month? That's pretty much everybody. Yeah, this gentleman raised both of his hands. He has a work phone and a personal phone. So yeah, nobody's immune. Yeah. All right, what else do you have, Maria?
[08:24]
Maria Vermasis
That was actually both of my stories.
[08:26]
Dave Bittner
All right, terrific. Well, my story this week is more of a sort of a broad informational kind of thing. This is actually from the folks at ABC7 in Chicago, one of the local affiliates there, and they did some reporting on the Better Business Bureau's report on the top local scams of 2024. So the better Business Bureau, most of you are probably familiar with, they're an organization that helps keep track of businesses in your community. They help take care of disputes that people might have with local businesses. One of the things they also do is they have a cyber scam reporting line and they keep track of the scams that are going on and they generate statistics. In this case, they generated a report for 2024 and I thought it'd be interesting to see some of the top scams that they were tracking from their perspective as folks who are keeping an eye on the consumer retail side of things. Let start with a question. So I'm going to quiz the two of you. What do you suppose the number one reported scam is for the Better Business Bureau for consumers.
[09:36]
Maria Vermasis
Consumers. Is it gift card related? No.
[09:42]
Seamus Lennon
No. Okay, Seamus, is it refund related?
[09:47]
Dave Bittner
Maybe.
[09:47]
Maria Vermasis
That's an interesting guess.
[09:49]
Dave Bittner
All right. Yep, it's actually online purchases. So this is fake websites. This is fraudulent transactions situations where people believe that they have purchased something online and it never shows up. We're seeing a ton of situations, especially on platforms like Facebook, where someone will generate what looks like a totally legitimate storefront, sometimes offering impossible prices on irresistible products that are well known name branded things. And people shop around. The bad guys pay to have these ads put in front of people. And you're minding your own business, scrolling through and you see, oh, there's a kayak. And I really want A kayak. And that's half the price of the kayak usually is. You go through looks like the legitimate website for the company who sells the kayak, 100%. You put in your credit card information, they send you an email that says, good news, your kayak is on the way. And of course, you're never going to get the kayak. There never was a kayak. This fake store is just imitating the actual retailer of the kayak. And in most cases, you'd be out of luck there. You could go back to your credit card company, but these are rampant on platforms like Facebook.
[11:06]
Maria Vermasis
Yeah, it costs pennies to do if that. Fractions of pennies. Yeah.
[11:10]
Dave Bittner
Right, Absolutely. I'm going to go through some of the other ones here. Phishing, of course, is number two. I'm sure everyone in this room is familiar with what phishing is. Number three is employment scams. So we've been seeing this in the headlines a lot, particularly some of the stories coming out of places like North Korea where folks are either setting up fake recruiting services, they're trying to get folks who are looking for jobs, or there are folks who are signing up for jobs fraudulently. So people who are from places like North Korea will apply for jobs here in the US Sometimes get those jobs, let's say engineering jobs, but the money is all being funneled back to North Korea, which of course is illegal. So we're seeing both of those. In fact, just about a week or so ago, there was a woman in, I believe, the Midwest who got arrested for having a laptop farm that was facilitating fraud from North Korea. So the North Koreans were taking advantage of her laptop farm to make it appear as though they were here in the United States when they were doing all of their work from around the world. Coming in at number five. I'm sorry, I skipped number four. Number four is debt collection. So this is a really easy one. You get a text message or a phone call, someone saying that you owe someone money. One of the key components of this is it puts you in an emotional state.
[12:43]
Seamus Lennon
Of course.
[12:43]
Dave Bittner
Right? Yeah. And that's what these scammers rely on. They short circuit your brain's rational thinking. Someone calls you up and they say, you owe us money, and if you don't pay us, we're going to do something bad to you. Bad things are going to happen. We're going to ruin your credit or, you know, all sorts of. You could go to jail if you don't pay. And of course, it's all fake. Number five is counterfeit products. Number six are travel, vacation and timeshare scams. Government agency imposters. So this one we touched on with the fake delivery schemes, the postal service, that sort of thing. The irs.
[13:21]
Maria Vermasis
Irs, yes.
[13:22]
Dave Bittner
Yeah, these are big sweepstakes and lottery prizes. Number nine is tech support scams. How many folks have seen a tech support scam? Yeah, seems like these aren't as popular as they used to be, but they're still out there. Particularly you see pop ups of someone who is running a browser and they don't have what I would call a fundamental level of pop up blocking or ad filtering or the things that probably the folks in this room would seem like basic, but they don't have that. And so something pops up and it says, your computer is infected. My favorite thing was years ago, my elderly father had a hand me down MacBook Pro that I'd given him. And he called me over one day, he said, dave, the computer's broken, please come over. I'm sure there are many people in this room who have that relationship with their parents as well. So I go over to help him fix the computer and sure enough, there's a pop up on the, on his Macintosh that says that his Windows operating system is infected and said, dad, I think we're okay here.
[14:31]
Maria Vermasis
Dad's not dual boxing.
[14:33]
Dave Bittner
Okay? No, no, dad is not running a VM on his neck.
[14:37]
Maria Vermasis
I can, I mean, I don't want.
[14:38]
Dave Bittner
To assume, you know. No, I can assure you, my father, obviously I love my father dearly, but he's one of those people who knows what to do but not why he's doing it. So he will have a USB cable that he has a sticker on that says printer. And then he has a sticker on the computer above the USB slot that says printer. And so he knows the thing with the printer label goes in the hole with the printer label. And if he does that, the printer works. That's all he needs to know. It's a good reminder that there are lots of people, people we work with and our loved ones who are running successfully, doing their day to day lives with that level of understanding. But they have big targets on their backs because of that. They don't understand what's going on behind the scenes. And then the last one here are investment scams. And of course this has to do with cryptocurrency. We see lots of investment scams also tied to romance scams where someone will get a message out of the blue, someone will say, oh, I'm sorry I texted you accidentally, by the way. Who are you and where do you live? And they'll send a picture of someone who's quite attractive, and they'll start building a relationship, sometimes over days, weeks or months, that inevitably leads to a pitch for some kind of investment. And at that point, they have built up so much trust and they have done so much relationship building and love bombing where they're just telling this person that they are the best person and how important they are to them, and they get the person's defenses down, go in for the kill, get the investment scam, and now off we go. People lose thousands of dollars, hundreds of thousand dollars and even millions of dollars in some of the stories we've covered here. Just devastating. I'm curious, Seamus, as we go through this list, are there any ones in particular that stand out to you that you, either through you or your loved ones that have affected your family or ones that are particularly notorious in your mind?
[16:45]
Seamus Lennon
Well, obviously, number one is vision. It's always been around, it always will be around. One thing as a cyber security professional, I always get asked is, what about AI? Can AI stop all this? Or how has AI improving things or disproven things? Well, realistically, what AI has actually achieved when it comes to fission is corrected spelling mistakes. That's about it. And it can also be used then for targeted fission. So you mentioned for us about the Facebook ads and that I have a Facebook profile. The last time I posted on Facebook would have been six years ago. I still use Facebook. I just don't post anything. There's nothing personal there. There's no information about me there. If you want to find anything out, you can find everything professional about me on LinkedIn and that's it. But I've got no personal information shared on the Internet so people can use against me, because that's what AI will do. It'll go off, search up your name on social media sites, and it'll create a Persona of efficient attack that suits you. Just you, very simple, very easy. And it can be done in seconds. Yeah, seconds. And that's the thing. So it's still always going to be primary and it'll hit all the notes that you as a reader will see that, oh, maybe this is genuine. So you know it's never going to go away. But look, there's two things with phishing. Either it's credential compromise or it's to get an excuse to run something on the device. Simple as that. It's to gain access with trial operator in place. We believe in zero trust, which only Allows access where access is required. So we can control, although we can control the fish itself, we can control what happens in the aftermath of that. Now if it's credentialing, obviously help with that. We just launched network Cloud control which says even if your credentials were stolen, if somebody tries to log in from an unauthenticated device, a device that's not yours, it gets blocked in the client. So it's again stopping that level of access as well.
[18:46]
Dave Bittner
Yeah, well, and I think, you know, particularly at the corporate level, it seems as though there's recognition of the need for these types of things and more of these things are in place. But I still can't help worrying about my friends and family. They say my elderly father and I'm looking forward to the day when those level tools filter down and become the day to day things that just operate in the background that people don't have to worry about. You think we're heading that way?
[19:16]
Seamus Lennon
We are heading that way. And as I said, my example about the Irish comrade, that's filtering up to the top. So that's taken it out of the equation completely. So imagine how many thousands of people is going to save from those phishing attacks, the smishing attacks, those text messages for packages and the IRS in Ireland. No, it's not going to happen. But the Revenue Service, but that's just going to take it all out of the equation. So again, that's taking it from the top level all the way down to the bottom. So look, it's about awareness. It's always been about awareness. Now you're not going to be able to teach everybody. And that's the unfortunate thing, you cannot teach everybody how to be secure and how to be safe. Right. I live by zero trust. So you know, basically I'm very much paranoid about everything. Not in that sort of way, but I am. When I'm online, I'm on my computer. The websites I go on to or anticipate that. You mentioned bitcoin. I do bits and bitcoin and cryptocurrency. And if you start reading up anything about what's the next best thing, because look, everybody that's into cryptocurrencies for one reason is to make that 200 plus thousand profit on what you've invested in. But if you look on what's the next big thing in cryptocurrency, you can guarantee the 5 out of 10 things that you look at are fake, completely fake. They don't exist. All they want is the initial investment because it's not Even the cryptocurrencies, it hasn't even been published. And that's what they utilize. What are people interested in? To dupe them into basically taking the money.
[20:53]
Dave Bittner
Yeah. Yeah. I'm curious for you, Maria. Are there any of these things that have touched your life?
[21:00]
Maria Vermasis
Oh, my goodness. I've mentioned it a few times on the show, but I've known people who've gotten really badly involved with these romance scams, and I've talked about it a couple times also. But even when you have people in their lives like myself who know about these things or people who work in law enforcement who can speak to, you know, the dangers of these romance scams, a lot of times people just really want to believe that they're true. And it's very, very hard to disentangle them from these things. But to your point about helping out family and friends, actually, to both of us, both of what you were saying, my mother's in a similar situation of she doesn't know a lot about how these things work. And my mother is very intelligent, but my view is she shouldn't have to know how these things work. She's extremely smart in her own areas of expertise. This just happens to not be what she is an expert in. So as much as we try to stay on top of these things, and we should, because it's our jobs, we have to just also remember that nobody can know everything. And hopefully we have solutions like what you've been mentioning that can help people not have that burden of knowledge because it's just not possible for everyone to do it.
[22:05]
Dave Bittner
Yeah, Yeah. I think it's true that nobody is 100% immune to these sorts of things, particularly the social engineering types of things. Every one of us has something that we love to do. If it's a hobby or an interest or a collection that would, if sourced from something we know and trust and love, would probably get our defenses down. And that's not a dig against us. We're all human and we have emotions, and so that's what they take advantage of. It's interesting, too, just swinging back to what you're saying about not being on Facebook for so many years and doing things on LinkedIn and that sort of thing. It really is, I think, a shame that so many of us, when we have these conversations about social media platforms, it is the lesser of all the evils. Right. Like, we sort of begrudgingly say, you know, yes, I do this because I have to, not because there's any real joy and pleasure so much in it. I know there are new things in Mastodon and Blue sky and things like that are doing their best, but it's a shame that we've gotten to that where that is the point of where we are today.
[23:21]
Maria Vermasis
Yeah. That the best way to use them is to basically not use them.
[23:23]
Seamus Lennon
Not use them. The safest way to use them and.
[23:27]
Dave Bittner
How aggressively bad they've gotten, I mean, I would say even in the past year, you know, I'm on Facebook to keep track of my friends and family all over the United States and around the world. And it's just remarkable to me how aggressively bad it has gotten, including scams in front of me and things I'm not interested in. Just ad after ad after ad. It's maddening that they have us kind of linked into that. Wait, that was a mixed metaphor, wasn't it?
[23:55]
Seamus Lennon
Yeah.
[23:56]
Dave Bittner
All right. All right. We are going to take a quick break to hear a message from our show sponsor.
[24:09]
ThreatLocker Sponsor
So let's return to our sponsor, ThreatLocker. ThreatLocker is a zero trust endpoint protection platform that strengthens your infrastructure from the ground up. Where traditional cybersecurity tools require you to create a list of things you don't Want to Run, ThreatLocker enables you to easily curate an allow list of everything you need in your environment and network and block everything else by default. With ThreatLocker allowlisting and ring fencing, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware. The ThreatLocker Zero Trust Endpoint Protection platform deploys in a learning mode that analyzes the operations of your company using machine learning to assist you in developing your allow list for approved applications, what they can do on the endpoint, what can interact with your data, and even east and west network traffic. We thank ThreatLocker for sponsoring our show.
[25:20]
Dave Bittner
And we're back. It is time for our catch of the day. Our Catch of the Day this week comes from a listener. His name is Diesel and he is from West Virginia. And he received this message from the Venmo support team. And the message is, we were frozen to process your recent unauthorized activity attempted. Now, we were saying earlier that AI has helped make the English in these messages better, that it is harder to just spot the poor English than it used to be because of AI. This is an exception. So see if you can spot where the AI that generated this message goes wildly off the rails. Here we go. Dear Customer. We inform you that we would like to proceed with a frozen transfer activity. As you may know, a frozen transfer involves the use of cryopreserved embryos which are thawed and transferred into the uterus in order to achieve a successful pregnancy. Wow. Don't look at me.
[26:44]
Maria Vermasis
Don't look at me.
[26:48]
Dave Bittner
If you disabled sign into your account by accident through our phone line and you do not believe unauthorized activity or access has occurred, you will need to verify your account and complete the prompted steps to regain access to your account. And then there's a big button that says verify now. And it says, thanks, Venmo support team. I got pregnant through Venmo.
[27:07]
Seamus Lennon
Woohoo.
[27:10]
Dave Bittner
Obviously, I'm going to leave it to you here, Seamus, to unpack. Walk us through the connection of where the AI, we think, made a faulty connection between several different things. What do you make of this?
[27:24]
Seamus Lennon
This is one hacker that actually hasn't found AI yet.
[27:29]
Dave Bittner
Really? See, my assumption was that the AI went from frozen assets and somehow connected the word frozen to. To frozen embryos and just ran with that and completely nonsensical. And nobody, you know, the bad guys, they don't. They don't bother to proofread anything. It's all a numbers game.
[27:56]
ThreatLocker Sponsor
And of course, we want to thank this week's sponsor, ThreatLocker. Go to threatlocker.com HH and check out their Zero Trust endpoint protection platform. That's the words threat and locker with no space.com HH where you can request a demo and neutralize the threat of malware running on your devices.
[28:25]
Dave Bittner
And that is our show. We want to thank all of you for listening. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to hackinghumans2k.com this episode is produced by Liz Stokes.
[28:50]
Maria Vermasis
Yeah, Liz.
[28:54]
Dave Bittner
Our executive producer is Jennifer Ivan. We're mixed by Elliot Heltzman and Trey Hester. Peter Kielpe is our publisher. I'm Dave Bittner.
[29:11]
Maria Vermasis
And I'm Maria Vermazes.
[29:13]
Seamus Lennon
And I'm Seamus Lambert.
[29:14]
Dave Bittner
Thanks for listening. Thanks for being here, everybody.