Hacking Humans: Live from Orlando, It's Hacking Humans! – Episode Summary

Release Date: February 27, 2025 | Host: N2K Networks

Introduction

In the latest episode of Hacking Humans, hosted by Dave Bittner and Maria Vermasis, the discussion unfolds live from Orlando, Florida, during Threat Locker's Zero Trust World 2025 conference. The episode delves into the evolving landscape of cybercrime, focusing on deception, influence, and social engineering tactics that prey on individuals and organizations alike.

Tax Scams: Exploiting the Season

Maria Vermasis kicks off the episode by highlighting the surge in tax-related scams, particularly during tax season. She references a report by Kate Gibson of CBS News Money Watch about a prevalent IRS text scam promising a $1,400 refund. These messages lure victims into clicking malicious links to confirm personal information, under the guise of legitimate refunds.

Notable Quote:

Maria Vermasis [02:02]: "The scammers are clearly taking advantage of some, how shall we say, politely tumble at the IRS currently."

Additionally, Maria shares a listener-submitted story from Kaylee, who received unsolicited texts from unknown tax firms claiming imminent refunds. These fraudulent firms exploit misinformation about pandemic-related tax credits, leading victims to pay for nonexistent refunds and inadvertently divulge sensitive information, including Social Security numbers.

Better Business Bureau's Top Scams of 2024

Dave Bittner transitions the conversation to the Better Business Bureau's (BBB) 2024 report on the most prevalent consumer scams. He quizzes his co-hosts, revealing that online purchase scams top the list. These scams involve fake websites mimicking legitimate retailers, enticing consumers with irresistible deals only to abscond with their money without delivering the promised goods.

Notable Quote:

Dave Bittner [09:35]: "They'll attach onto anything that's relevant in the time that's relevant. It's tax, period."

Key Scams Highlighted:

1. Online Purchase Scams: Fraudulent websites replicate legitimate storefronts, offering branded products at unrealistically low prices. Victims input credit card details, receive confirmation emails, but never receive the ordered items.

2. Phishing: Continues to be a primary method for cybercriminals to deceive individuals into revealing sensitive information or installing malware on devices.

3. Employment Scams: Notably involving operatives from regions like North Korea, these scams create fake job opportunities to siphon funds or engage in illicit activities, such as setting up laptop farms for fraudulent operations.

4. Debt Collection Scams: Scammers pressure victims with false claims of owed debts, leveraging fear to elicit immediate payments without legal grounds.

5. Counterfeit Products: Fake replicas of genuine products flood the market, deceiving consumers and undermining brand integrity.

6. Travel, Vacation, and Timeshare Scams: Offers for discounted or exclusive travel packages that either never materialize or require upfront payments with no return.

7. Government Agency Imposters: Scammers pose as representatives from agencies like the IRS or postal services, exploiting trust to extract personal information or payments.

8. Tech Support Scams: Fraudulent pop-ups and unsolicited calls claim that a user's device is compromised, prompting them to grant remote access or pay for unnecessary services.

9. Investment Scams: Often intertwined with romance scams, these involve building trust through fake relationships before pitching fraudulent investment opportunities, particularly in cryptocurrency, leading to substantial financial losses.

Phishing and the Role of AI

Seamus Lennon, Threat Locker's VP of Operations for Europe, provides insights into the mechanics of phishing scams and the role of Artificial Intelligence (AI). He emphasizes that while AI has improved the sophistication of phishing attempts by correcting spelling mistakes and creating more targeted attacks, it has not yet mastered the subtleties required to completely deceive seasoned cybersecurity professionals.

Notable Quote:

Seamus Lennon [16:44]: "AI will go off, search up your name on social media sites, and it'll create a Persona of efficient attack that suits you... It can be done in seconds."

Seamus discusses the concept of Zero Trust, a security model that operates on the principle of "never trust, always verify." This approach restricts access based on strict identity verification, minimizing the risk even if credentials are compromised.

Social Media's Double-Edged Sword

The hosts explore the paradox of social media platforms like Facebook. While they serve as valuable tools for connecting with friends and family, they also become fertile ground for scammers. The abundance of personal information available makes individuals susceptible to targeted attacks. Seamus highlights regulatory advancements in Ireland, where the introduction of mandatory number registration with the Communication Regulatory Commission (comrade) has significantly reduced fraudulent communications by flagging unregistered numbers as potentially fraudulent.

Notable Quote:

Seamus Lennon [05:10]: "The regulation commission in Ireland... every time you send out an email or a text message or a voicemail to a user in Ireland, it will come up as potentially fraudulent straight away."

Catch of the Day: AI Misfires

In a segment entitled "Catch of the Day," Dave presents an example of an AI-generated phishing message riddled with nonsensical content, illustrating the current limitations of AI in crafting coherent and contextually accurate scams. The message bizarrely conflates financial transactions with unrelated topics like cryopreserved embryos, highlighting how not all AI-generated content is seamlessly deceptive.

Notable Quote:

Dave Bittner [25:20]: "If you disabled sign into your account by accident through our phone line and you do not believe unauthorized activity or access has occurred, you will need to verify your account and complete the prompted steps to regain access to your account."

Seamus humorously remarks on the flawed AI connection, reinforcing that many scammers still rely on rudimentary methods devoid of advanced AI technologies.

Conclusion and Takeaways

The episode underscores the relentless evolution of cyber scams, driven by technological advancements and the exploitation of human psychology. Key takeaways include:

• Awareness and Education: Constant vigilance and understanding of common scam tactics are essential in mitigating risks.

• Regulatory Measures: Implementing stringent regulations, as seen in Ireland, can significantly reduce the prevalence of fraudulent communications.

• Zero Trust Security: Adopting a zero trust approach can offer robust protection against unauthorized access, even if credentials are compromised.

• Technological Advancements: While AI presents both opportunities and challenges in cybersecurity, human oversight remains crucial in identifying and countering sophisticated scams.

Final Thoughts: As cyber threats continue to adapt, both individuals and organizations must stay informed and proactive in their defense strategies. Episodes like this serve as vital resources in the ongoing battle against cybercrime, emphasizing the importance of community awareness and technological innovation in safeguarding our digital lives.

Produced by Liz Stokes | Executive Producer: Jennifer Ivan | Mixed by Elliot Heltzman and Trey Hester | Publisher: Peter Kielpe