A

You're listening to the Cyberwire Network, powered by N2K.

B

Hello, everyone, and welcome to N2K, CyberWire's hacking humans podcast, where each week we look behind the social engineering scams, phishing schemes and criminal exploits that are making headlines and taking a heavy toll on organizations around the world. I'm Dave Buettner and joining me is Joe Kerrigan. Hi, Joe.

C

Hi, Dav.

B

And our N2K colleague and host of the T Minus Space Daily podcast, Maria Vermazes. Maria is not here.

C

Oh, no.

B

Maria is not here. Maria has a power outage at her home where her home studio is, so she cannot join us for our regularly scheduled recording. But there's a slim chance that she may be able to jump in and join us while we are in the process.

C

But for now, provided her power comes back on.

B

Provided her power comes back on. That's right. Either that or we need to invest in some sort of battery backup for her or a generator or something. Yes, right.

C

Propane powered generator for the whole house.

B

Yeah. There you go. Whole house. Yeah. What could it possibly cost?

C

Thousands upon thousands of dollars.

B

Sure. All right, we've got some interesting stories to share this week, but first, why don't we get to our follow up here? Well, Billy. Go ahead, Joe.

C

I'm sorry, the only follow up I have is that this is our first episode of October. And I'm sure that you're aware, Dave, October is Cybersecurity Awareness Month.

B

Oh, you know, I didn't know that. No one has told me that, Joe. In fact, a gazillion different PR people have not emailed me to remind me that October is Cybersecurity Awareness Month and therefore is the perfect time of the year for me to put their guests on one of our shows. That has totally not come up, Joe.

C

Here at the Cyber Wire, where every month is Cybersecurity Awareness Month.

B

That's right.

C

And 2K to cyber wire. Sorry.

B

That's right.

C

Right. I just want to remind everybody that. And also, please don't abbreviate it, csam, that is something else.

B

Yeah, right.

C

Entirely.

B

I'm really looking forward to all the sesam I'm going to be enjoying this month. How about you?

C

No, Dave, not me. I will not be enjoying any of that. Somebody. Somebody posted that on LinkedIn a couple years ago. So I'm like going cheap labs with old jokes. And this morning on my way out to the car, I remembered that and I went, wait a minute. You know, this is like one of those things where somebody, you know, like they call Homer Simpson slow. And then, hey, you're making fun of me. And then it's like midnight and Lenny's going, get out of my house. You know, it's that kind of thing.

B

Right.

C

I'm walking out to my car this morning and I go, wait a minute, I'll bet those were all synthetic accounts and that was someone's idea of a joke.

B

Ah, I see, yeah. Yeah. Well, you know, what do they call them? Car moments or car when you shower thoughts? Well, there's. Yes, there's shower thoughts, but then there's the other one, which is when you think of the perfect witty response to someone when you're in your car driving home after the event.

C

Oh, yeah, it happens all the time. Ah, there it is.

B

Oh, boy. That would have been. That would have killed. Right, right. A half hour ago.

C

Right.

B

And now a word from our sponsor. Threat Locker, the powerful Zero Trust enterprise solution that stops ransomware in its track. Allowlisting is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy, ensuring apps can only access the files, registry keys, network resources and other applications they truly need to function. Shut out cybercriminals with world class endpoint protection from Threat Locker. All right, I tell you what, let's jump into our stories here this week. Joe, you want to kick things off for us?

C

Sure. I actually have a story that comes off the BBC newswire. It's from BBC.com. this comes from Ellery Griffiths and it says the headline is police issue warning after 2.1 million pound Bitcoin scam. Scam is in scare quotes there. So what has happened is the police force here are issuing a warning, talking about a sophisticated scam. This is from North Wales, which is part of the uk. It's a whole nother country. It's not England, you know that. Yeah, I actually sat down one day and learned everything about the uk.

B

Everything, Joe, but not everything.

C

No, but the difference between the uk, England, Great Britain and the British Isles. Yeah, there's a YouTube video for it. Pretty enlightening. Anyway, that's neither here nor there. This is over. Actually, it's over there. There was somebody posing as a senior UK officer who tricked this victim into entering essentially their seed phrases on a fake site for their crypto wallet, using a fake story about a security breach. Now, what's interesting here is that the police are saying that this is a highly targeted attack that resulted from a data bre and I don't know which service is in the background here. It doesn't the articles. All the articles I've read don't really name the service. But there was a Coinbase breach back in August of this year. And in that breach, attackers were able to get photo IDs, the photo ID picture, the details of, you know, of everything that was on the photo id, the last four digits of the Social Security number, email address and a phone number. Right. Well, that is exactly enough to run one of these scams. Right, So I can pretend now that I'm somebody from your cryptocurrency exchange, or someone from law enforcement saying, hey, your cryptocurrency exchange or cryptocurrency exchange has been compromised. You need to take action. And what it looks like happened here is this guy had a wallet. One of these crypto, probably from the same company. I mean, because Coinbase does have a wallet of their own. It's a non custodial wallet. So when you have a Coinbase wallet, you are in charge of your crypto, not Coinbase. There's another company out there called Coinomi that has a similar thing. They have a website where you can put your stuff or you can keep your stuff in your own custodial wallet. And they convinced this guy that he needed to enter his seed phrase into a website for security.

B

Hmm.

C

All right, so what you're doing when you. I'll say this again, we've said this many times, what you're doing when you enter your seed phrase is you are essentially giving the attackers access to the private keys of that wallet, which allows anybody with those private keys is allowed to. Can now sign transactions to move the cryptocurrency out of your wallet and into their own.

B

Yeah.

C

All right. That's how this works.

B

So this is kind of the crypto version of admin access.

C

Yes.

B

To your crypto wallet.

C

The crypt. It is the cryptocurrency. Yes.

B

Okay.

C

You need this. If you get this passphrase and you enter it into any other compatible crypto wallet, you will have access to that person's wallet, and you'll be able to send the cryptocurrency anywhere you want.

B

Okay.

C

All right. So what these guys do, of course, is they send it to themselves. Now, this is not anything new. We've seen this before. Yeah, but what is new is that I. They've used information from a breach that doesn't seem like a lot of information, but they were able to target a guy, and they were probably targeting everybody that they had in the breach. In this data set, they were able to target one of the guys, they got him to respond. He complied with what they were saying because they were pressuring him. And immediately or immediately after giving the phrase, lost 2.1 million pounds in cryptocurrency, I hope that he had a cold wallet somewhere else with more cryptocurrency in it. I doubt that is the case, though. This sounds like he may have lost. I mean, he may have lost a lot of all of his money. I don't know. I hope that he has more. I hope he's not completely destroyed here. But this also reminds me of I was speaking at a conference last week, as we're recording this, I was at the national association of Consumer Protection Investigators conference, which was held down in Bethesda. And I was on a panel with Dr. Tony Deborah.

B

Oh, yeah.

C

And so my old boss, right, he was moderating, right. And we were talking about AI in. In the use of these scams. So it's not really related. But one of the things that Tony reminded me of, and I haven't thought of this for a while, is when we did a survey of Marylanders and their cybersecurity habits and hygiene, one of the questions we asked was, has your information been breached and is available on the black market? And it was alarming to me and to Tony that a lot of people did not know that their information had been breached. The response who said yes was like, 40%, huh? Right. Like definitely yes. And I think that number is almost, if not at, but almost 100%. The only reason it's not at 100% is because there are people who have turned 18 today who haven't been breached yet. Right, right. Everybody else, if you turned 18, you know, anytime in the past five years, your information's out there. Somebody has it. And I think that's what people need to understand, is one of the fundamental pieces of information that we need to have. Understand that that would help inoculate us, is if you understand anybody can call you and tell you information about yourself that you think only a certain subset of people will have. But every cybercriminal out there has it. They just have access to it. And there's a whole market out there for these data sets, and it is readily available to these bad guys if they want it. So if you can get your hands on one of these data breaches, particularly at a crypto exchange, and you can just start sending things out, and maybe you just want to get, like, username and password for the crypto exchange, that would be enough to get into the exchange. Maybe if you don't have multifactor authentication enabled. Or maybe even if you do, if they're still on the phone with you and they say, hey, we're going to text you a number for security, what is that number? And they're in. That is also the keys to the kingdom. They can transfer money out of your account very quickly with that. So I don't. I mean, I don't know if we say this a lot, but be aware of the fact that your information is breached. It's all out there. It's all on the Internet. These people know things like where you bank. They have that kind of information. They can tell you what the last four. Your Social Security number is. They may tell you all of your Social Security number. The information about you exists and it can be used against you. And you don't even have to say it. It's not like a fifth Amendment thing.

B

Right? Right.

C

Anything you say can and will be used against you. This can and will be used against you, and you don't have to say it.

B

Yeah, I got good news, Joe.

C

I heard. I heard a snicker.

A

Yes. What gave it away.

B

Maria? Did you put another quarter in the till? And.

A

The gerbils are running frantically on their wheel at the moment.

B

That's right.

A

Yeah. We had no WI fi in my house for a good hour. We're having issues with our Raspberry PI in the PI hole that we've got running on our home WI fi. And as my husband was sort of trying to fix it, we got the home WI fi running. And then literally within a minute, all the power went out. And we were just thinking, you know, in Hollywood this would be a plausible explanation. Something about the WI fi traveled mysteriously and just nuked all the power in our entire side of town. But we actually. Obviously, it's completely a coincidence, but it was a very annoying and funny one.

B

Yes. The critical needs sensor was in full effect there. Right. My old college roommate, who was an electrical engineering major, was. He convinced me that critical need sensors were a thing where any piece of electronic equipment senses when you need it most, and that is when it is most likely to fail.

A

It's amazing. It's amazing. Yes. That's been my day. So if I also drop out very randomly, you'll know what happened. We've been having brownouts lately. I don't know why it is just gently drizzling where I'm at. I don't know why that would cause a power outage.

B

But don't you have solar panels?

A

I do, but I don't have a battery backup, so you gotta get the battery backup. Well, it's expensive. I mean, I'd love that, but I gotta do one thing at a time. No battery backup. So, yes, I'm still grid dependent. I'm not off grid.

B

Okay.

A

Yeah.

B

So if the power goes out, your solar panels do not have enough juice to keep the home up and running. Is that.

A

It's just. It's not how they're hooked up to the. There has to be a battery somewhere.

B

I see.

A

You don't. Yeah, there's. It's a whole thing. Yeah. You can't just go, I'm now going to use solar for my roof. There has to be a battery as an intermediary. So we don't. We don't have that at the moment. So it feeds the grid and we get money for that, which is great. Which in turn allows us to pay basically nothing most months, which is nice.

B

Oh, that's pretty nice.

A

Yeah. Yeah, I like it a lot.

B

All right, well, we're glad to have you join us.

A

Thank you.

B

And for all of the listeners who hit the stop button when they heard that Maria wasn't gonna be on this week's show, welcome back. She's back. And for everybody who hung in there in hopes that Maria would join us, your patience paid off, because here she is joining us in the middle of the show. All right. In the middle of Jo's story, actually.

A

Yes.

B

So, Joe, anything else in your story here you wanna. What else do you have to share?

C

No, that was it. I. Yeah, it was. Yeah. Just. It's not amazing to me that this works, but, I mean, people need to understand that their information is available to most of these bad guys.

B

Right. If someone wants it bad enough, they can get it. They can get it.

C

And for a very small price, I'm sure.

B

Yeah, absolutely. All right, well, we will have a link to Joe's story in the show. Notes. I'm up next here. And actually, I have two stories because they're both short.

C

Good.

B

So the first story is just warning from our good friends at the FBI. They're warning that some adversaries have published fake versions of the cybercrime reporting portal, the IC3, the Internet Crime Complaint Center.

C

These guys, Nothing is sacred to these people.

B

No, it's pretty bold, don't you think? Yeah, it's like, who should we imitate? Who should we impersonate? What bear should we poke?

C

Right.

B

I know. How about the FBI? So they're impersonating the IC3, the Internet crime Complaint center, and they're getting people to report their problems, and then they will reach back out to you for more information and look for your information, like your name, your address, banking information and stuff like that, and then take advantage of you.

C

Right.

A

Oh, my goodness.

C

It's awful.

B

It is awful.

C

It's like a new way to do a follow on scam.

B

Right.

C

Again, all you have to do is put the webpage out there and then hope that somebody just fills it out and gives you some information.

B

Right. Yeah. We've talked about if someone does a search for FBI crime reporting, the scam site could just as well come up as the real site.

C

Yeah. All they have to do is buy Google Ads.

B

Yeah. So the FBI says, please be vigilant and know that ic3.gov is the actual address for the IC3 and not anything else. And ironically, if you find yourself falling victim to this, the FBI would like you to report it at the actual IC3.

A

Some sort of recursive logic going on here.

B

Right. It's IC3s all the way down.

A

All the way down.

B

Oh, boy. So that's a quickie there. This other one I'm curious about, I actually stumbled across this over on the Reddit scams subreddit, and this is about somebody getting hit with the old white van scam. Now, I'm curious if either of you have ever been hit up for the old white van. Or I. I can call it the back of the out of somebody's trunk scam.

C

Is this where they have goods they want to sell?

B

Yes.

C

Yeah.

A

I've not back in the truck been.

C

Hit up with this, but I've heard about it happening.

B

Yeah. The one that I remember back in the day. So, Joe, when you and I would have been in our 20s, right. And Maria would have been in a stroller, was speakers, stereo speakers. Right. Someone would come and say, hey, you know, we. I'm doing a delivery and I got a bunch of extra speakers here that were put in the truck, and my boss said I can unload them for a great deal. And for your hi fi. For your hi fi. Right, exactly. And so that was the popular scam. And of course you'd buy them, and they were terrible speakers, and that was that.

C

Right.

B

The way this seems to have evolved these days. Is that what they're selling, our projectors? Like video projectors? HD projectors for your home theater?

A

Yep.

C

Okay.

B

And it's basically the same thing. Somebody comes up and says, hey, good news, this is your lucky day. I have these projectors. These are $8,000 projectors. And look, I even have the paperwork here to show you that this is the inventory manifest. That These projectors are $8,000 a piece.

A

Yeah. They are pricey. Wow.

C

You got an inventory manifest.

B

That's right. So for.

A

Those can't be fake.

C

I can't just print that up at home.

B

No. The low, low price of $300.

C

$300.

B

I will sell you one of these projectors and you'll be the envy of all your friends with your home theater. My son fell for this, did he? Yes. Oh, yes, he did. Yes, he did. I know what happened. And then what happened?

A

You can't just dangle that.

C

Hold on. Did he come home and go, was this the son that lives with you or the other son?

B

My oldest son does not live with me. No, no, no, no. And there's any more.

A

That's right after this. No longer.

B

My former son fell for this. Kicked him out.

C

Do you know who I am? I can't have you being my son.

B

He's out of the will.

C

Yeah.

B

Yeah. So look, I love both of my sons. Yes. Very much. There's nothing I wouldn't do for them. And I'm not telling stories out of school here because if my oldest son were to be self critical, he would say that one of the things about him, his personality, is that in order to learn life lessons, he has to experience them himself.

C

My son has the exact same problem. Yeah, I think most boys have that problem. I think that is a boy trait.

B

I think it is because it leans that way.

C

I look back on my life, I look back on my life, and that is the only way I learned anything. And when I told my daughter all the horrible mistakes I made in life, she was like, I want no part of that. And she did none of it. My son was like, sounds like a good time.

B

That's the important difference here. So my point is, you can't say to my son, don't do this. Nothing good will come of it.

C

Yep.

B

He will not absorb the lesson through merely having it told to him.

C

I will tell you this, Dave. He got off easy. This is a $300 educational experience.

A

That's true. What was in the. What did he end up receiving?

B

Oh, it was a projector. He got a projector.

A

Oh.

B

Now my son works in av. You know, he does lighting design for, like, you know, corporate events and things like that.

C

So he runs a company that does.

B

Oh, we'll have to talk. So he programs the lighting boards and makes the lights move and, you know, all those Kinds of things. So he's not a rube when it comes to the technology.

C

Right.

B

So he got the. He took the projector home and set it up in his basement. Cause he had dreams of having home theater. It worked for a while.

C

Okay.

A

Yeah, yeah. Something defective or. Yeah, yeah.

B

And then it's got like a. You know, I think what happened. So these are. These are cheap projectors from, like, Alibaba.

C

Right.

B

You and I or anyone else could buy them for $50 a piece, which is exactly what the person in the white van did. Right. Bought a dozen of these things. Hundreds of these things. Who knows?

C

We got a house full of them.

B

Yeah. And so they're 50 bucks.

C

Sell them for 300 bucks, 60 more of them. Right now profit six more of them. Yeah.

B

So my understanding with these cheap projectors is that there's an issue where I think, like, the LCD screen that the light has to go through eventually gets, like, saturated with infrared light or ultraviolet light or something, and it browns it out, and you end up with this big hotspot in the middle of the screen. And that's just the result of a cheap, crappy projector. They don't last long. Looks good out of the box. Works for about a while.

A

Maybe even the first few times you use it. Looks great. Leave a great Amazon review. I've used it for a day and it's great.

B

Right? Exactly.

A

Love those reviews.

B

Why does anyone spend big money on a projector when they can buy this for 50 bucks? And I suppose you could look at them as being disposable, but anyway. So he got scammed by that and learned his lesson. Yeah.

A

Yeah. The hard way. I mean, when you asked about this kind of scam, I didn't really know how to respond because I am definitely the kind of person who has bought bootleg things in my day many, many times on purpose. So many, many, many times on purpose.

B

So do you have any stories of being randomly approached by someone?

A

No, I don't. That was never my M.O. because I knew that was always going to be a scam. That much I knew. But, like, if you know the places to go for bootlegs, or in some cases, that's the only option that you have. You sort of expect to some degree that what you're getting is essentially nearly disposable. But at the same time, it's very easy to get ripped off. Even if, you know, like, hey, this is still a bargain, but I'm still getting ripped off. As you said, like, these are $50 projectors that were Being sold for higher than that. I can't tell you how many times, especially I think in my early 20s, when I was on the tightest budget possible, I would. I would end up falling for something like this because friends of mine would go, hey, this is a cheap way to get, you know, clothing or a purse or something. And I. I can imagine, especially now when budgets are especially tight for a lot of people. This is going to resurge like crazy.

C

Yes.

A

So I. In countries also, bootlegs are often the only way you can get certain things. So this. You can have a lot of fun looking at the bootleg markets in some places, I've definitely enjoyed that. You can get some fun finds. I have a lot of music that actually are all bootleg CDs that I've enjoyed getting, but the music is often in kind of questionable condition, so buyer beware on that one. But if you get it for 50 cents, you can't really complain.

B

I just finished reading the book Apple in China, which is all about Apple in China and.

C

Makes sense.

A

I love that you had to explain that.

C

So in this case, you actually can judge the book by its cover.

B

You can, yes, yes. And I.

A

It's actually about Samsung in Africa. Weird.

B

Weird. It's weird. Didn't mention Apple at all. I don't know, I feel as though. But it was. But, you know, this guy sold me the book out of the back of a van, so I guess I got what it was coming to.

A

Me. Can't complain.

C

Djibouti.

B

That's right.

C

Real country.

B

Yeah. Yeah. So actually, you know, I did actually buy a book at Ollie's once, you know Ollie's.

C

He's talking about Ollie's before.

B

Yeah, yeah. So Ollie's is.

A

That's not back of the truck stuff.

B

Right. Well. Well, here's the thing. I bought a book at Ollie's. It was a biography and it was missing chapters. They just weren't in there.

C

They're like misprint books.

B

Yeah, exactly. It was a misprinted book. It just went from like chapter four to chapter six.

C

You have to buy another book in the stack to get chapter five, sandwich them together.

B

Right. And then that's not a good deal. So.

A

No.

B

Who has time for that? Where were we? I haven't completely lost the thread.

C

I think you were wrapping up your son getting hit with the white box or white vans.

B

Yeah, yeah. And Maria getting bootlegged.

C

Bootleg music.

B

Yeah, bootleg.

A

Many things. I'm just sticking with music as my. The one thing I'll admit to but there's many, many bootleg things I've purchased in my day. Yeah, yeah.

B

And you know, if you know that's what you're doing and you're rolling the dice and taking your chances, that's one thing. But when someone actually tries to scam you.

C

Right.

B

It's different.

C

Yep.

B

Yeah.

C

I'll agree 100%.

A

Yeah, yeah, yeah. Yep.

B

All right, well, we will have links to both of my stories in the show notes. I'll tell you what, let's take a quick break here. We will be right back after this message from our show sponsor. And now back to our sponsor, ThreatLocker, the powerful Zero trust enterprise solution that stops ransomware in its tracks. ThreatLocker Protect is the core Threat Locker product focused on endpoint security designed to prevent unauthorized software from running control how applications interact and manage access to storage devices. Its building blocks are allowlisting, Ring fencing, and network Control. Allowlisting is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy ensuring apps can only access the system resources they truly need to function. Network Control locks down access by port, source, IP or dynamically with ACLs that automatically update as IP addresses change. Shut out cybercriminals with world class endpoint protection from threat Locker. And we thank Threat Locker for sponsoring hacking humans. And we are back. Maria, you are up. What do you got for us this week?

A

Well, well, it's another short story, mainly because I have had not no power for the past few hours, so I really wasn't able to do as much research as I would have liked. So I'm sticking with a short one that I can go on today. And this is sort of not a scam, but a news related to a scam that I'd like us to keep our eyes on. And this is that two US Senators have sent a very sternly worded letter to the CEO.

C

That should do it. Thanks.

A

They'll definitely do it to the CEO of the dating app giant called Match Group to explain how they are fighting romance scams on their apps. And so Match Group owns Tinder, Hinge, OkCupid and Match. So these are the biggies, the biggies of the, of the online dating scene with maybe a few exceptions. But OkCupid is actually how I met my husband back in the day. So I'm very curious how this is going to go. And it's a bipartisan group of senators. It's Senator Maggie Hassan from just north of me in New Hampshire. She's a Democrat and Republican senator Marsha Blackburn. So, interestingly that this is one of those issues that actually goes across party lines. And they have asked Match Group to present how they are detecting fraud on their platforms and what user safety policies they have in place with a deadline of October 15th. So we should hear more from Match Group on this. Match responded to this letter recently saying we were totally good. We've got fraud detection tools already in place, safety features, a thing called face check, where it does identity verification. But the. The reason the senators are going after Match Group on this front is this is actually not the first time they've gone after them. Apparently. In 2019, the FTC alleged that matched used fake profiles to push their subscription numbers up.

C

Right.

A

But the DOJ dropped that case in 2020. So there. There's. People are trying to figure out what's going on there. Match is saying that they're doing fine, and, you know, this is obviously a humongous problem, but they're doing what they can. The FBI has been saying this year that $16 billion in cybercrime losses were incurred through online fraud on romance apps alone. So it's a huge problem. And I'm gonna be very interested to see what Is reported on October 15 from the match Group about what they're doing and if anything actually comes from this to try and put a dent in romance scams on these apps. As we've covered, this is a humongous problem. And it's interesting to me that it's a bipartisan response that's happening here. So that doesn't happen very often.

B

You know, I'm thinking back. Do you remember the. What was it called, Ashley Madison breach.

A

A few years back?

B

Wasn't one of the fallouts from that.

C

That a lot of the female profiles were fake?

B

Yes. That actually, like, basically there were no women on the platform at all. They were all.

A

It was a giant catfish.

B

No.

A

Yeah.

B

It reminds me of. Remember the Simpsons bit, Joe, where they're all calling in the 900 numbered line.

C

Right. Are there any hot babes in this line?

B

Right. It's like every sorry male character on the Simpsons are talking to each other because there are no women on the line.

A

That's just the Internet.

C

Right. Yeah.

A

Well, that's true.

B

But, you know, it also strikes me that because Joe and I. I think. I. Don't correct me if I'm wrong here, Joe, but I think I'm safe speaking on behalf of the two of us.

C

Right.

B

Joe and I both got hitched before online dating was a thing.

C

Yep.

B

So we never. I want to say had to go through that or had the pleasure of going through that. Right.

A

As the case, both perspectives are valid.

C

Yes.

B

But I'm curious. You know, Maria, you've been married for a while, so I just celebrated my.

A

12Th wedding anniversary this past year.

B

Congratulations.

A

Thank you very much.

B

Maria, is it fair to say that when you were doing online dating to meet your future husband that it was relatively early on in the online dating world?

A

It was. Yes, it was. It's a. It was totally different from the Wild west situation that there is now. I have a lot of friends who are single and trying to meet someone. And what they describe about online dating, even on the same platform that I used, it's just completely different. So I have no advice. Yeah, I have no advice for people now because it's like, listen, when I used. Wasn't fantastic, but it wasn't the hopeless wasteland of. Of total despair that online dating seems to be right now.

B

Yeah.

A

So, I mean, I, I used online dating platforms for a few years and went on some. A number of dates until I met my husband, Eric. Same situation with him. So for us it worked out really well. But yeah, as I said, I've got many friends who are in that world right now and it just sounds like, awful, so. Just awful. And they, many of them, when we have like drinks together on a Friday night or something, they tell me about the scams that they get hit up with. Like, especially my guy friends, it's really hard for them to determine if they're actually speaking to a real person, which was just really not a problem. All 12, actually, in my case, 15 years ago when I was on these platforms.

B

Yeah.

C

So, yeah, you know, here's how I would handle this if I were single today. I was just thinking about this. What would I do here? And in my profile, I would put the very first thing we're going to do is we're going to agree on a place to have a cup of coffee in the middle of the day for about 30 minutes. And then after the end of that, if you want to reach out to me again, feel free to reach out to me again. But nothing will happen until we sit down and have a cup of coffee.

A

Joe, I don't think that method would work very well. I don't think that would work.

B

Why?

A

That is a very high bar to clear for an online outreach. So that's usually more effort than most people want to put in when they're just getting to know somebody through online dating.

C

How do you get to know somebody if you don't meet them, Joe.

A

This is kind of part of the.

C

Problem, but I don't get it.

A

You have to figure out if you want to meet that person first. And it involves some talking to each other first, chatting through the app or whatever. And that's usually when people figure out, do I actually want to meet you? But that's where problems can happen, and that's where people can get scammed, because again, you don't know anymore if you're talking to a real person.

B

Right, yeah. Yes. Meet me at the Russian Tea Room. You'll know me by the cut of my clothes and the smell of my cologne.

A

Yeah, I mean, I had this method of basically putting extremely nerdy details in my profile that I knew only super hardcore nerds would get. And if they didn't pick up on those cues, they were definitely not the right person for me. Thankfully, Eric noticed them and responded exactly what I was hoping for. Like, I mentioned my favorite villain from a very. Not an obscure, but a somewhat obscure video game, and he knew exactly who that was. And it was like, okay, good, so it's a keeper. Yeah, exactly.

B

That was.

C

You said you're looking for your handsome Jack.

A

No, no, no, no, no, no, no. Nothing like that.

B

Were there any attempts at scamming you back then when you were on the platform that you recall, or was it really before? That was rampant.

A

It really was before that. I mean, my husband and I met 15 years. We've been married for 12. We met 15 years ago. So it was very, very much. You knew you were talking to real people. That's why I'm saying for people like me who successfully used those platforms back then, it might as well have been the Stone Age. It was very different from what the situation is now.

B

Right. Yeah. My brother and his wife met online, and I think that's overwhelmingly the way it happens these days.

C

Yeah, it is.

B

I just hope to never need to do it.

C

Yeah, me too.

B

Same Pretty, fat and happy.

C

Ye. I am Bat Mary and happy. That's a good description.

B

It's a good place to be crossing my fingers. Yeah, yeah, absolutely. All right, well, we will have a link to that story in the show notes. Joe, Maria, it is time for our catch of the day.

C

Dave, our catch of the day comes from the scambait. Reddit Sub. Subreddit. Subreddit. There we go. And I don't know if I should read the title, because that might spoil it. Actually. No, it's just called Sister Died.

B

Why?

C

Who should play the scammer in this one?

B

I think Maria. Maria, the scammer.

C

And Dave, do you want to be this?

B

I'll be the person receiving the. Yeah, the inbound.

C

And I expect. I expect good, good acting and histrionics from both of you.

B

No pressure.

A

Okay, so I'm the scammer. Am I green text or black text?

B

You're black text.

A

I'm black text. Okay. Hi, how are you?

B

My sister just died. I don't remember.

A

You have a sister.

B

Who is this?

A

I hope you are kidding when you say that. You really didn't save my number. It's Emma.

B

That's my sister's name. I miss her so much.

A

Really?

B

Yes. So how do you know me?

A

I'm sorry, I must have saved the wrong number. I was trying to reach Ms. Helen. I hope I didn't bother you. Forgive my carelessness.

B

No problem. Have a nice day.

A

Thank you for your understanding and kindness and politeness to me. I'm glad to meet someone polite as you. If you come to Los Angeles, please let me know. I will buy you a cup of coffee to show my kindness and politeness.

B

My sister was allergic to coffee. That's how she died, by the way.

A

You don't have a sister. You know how I know that? If you did, you wouldn't keep killing her over and over with your words just to get rid of me.

B

No, I don't have a sister anymore. She died.

A

Don't do that next time. Have a good day.

B

Okay. You too.

C

This is effective at getting rid of the scammer.

B

Yeah.

C

He's gone.

B

Death. Yeah.

A

You wouldn't keep killing her over and over with your words.

B

I'm surprised the scammer engaged that way. The scammer broke the fourth wall.

C

Yeah, I know. You don't have a sister. Don't anymore. Yeah, right.

A

She's gone now.

C

The scammer, like you say, broke. I like what you said there. I'm not going to top that. That's pretty good.

B

Yeah.

A

My sister was allergic to coffee. That's how she does.

C

If I died, if I was allergic to coffee, that's how I'd die too.

A

With a smile on your face.

C

Right. I got a French press from my office recently.

B

Yeah, it's fantastic.

C

I love French press.

A

Coffee.

B

I don't. As both of you know, I don't drink coffee. I never have. Just can't get there with it. And every few years I get seduced by the smell. And I think, you know, how bad could it be? And so I try it. And then I'm reminded of how bad it can be.

A

Thankfully, there are other caffeine delivery platforms.

B

I prefer my caffeine delivered cold.

C

Right.

B

So. But I, you know. No.

C

Your vengeance.

B

Right, Exactly. Hats off to those of you who enjoy coffee. I'm very happy for you. I just. I'm not one of those folks.

A

So stop sending him coffee as gift, everybody. Send it to me instead.

C

If you keep sending it to him, he'll give it to me.

B

You know what the problem, though, is that for those of us who enjoy our caffeine delivered cold, when we go to events.

A

Breakfast events, they never have it for you.

B

No. Sodas are lunch and dinner beverages as far as these event planners are concerned. And I frankly, I don't like.

A

Really Grinds your gears.

B

It grinds my gears. Why should I be deprived? Or even worse, why should I have to go find a vending machine in the hotel and pay $8 for a can of Diet Mountain Dew when everybody else is getting free coffee at the event? Dagnabbit.

C

Sounds like a.

A

Put that in the writer next time with the green M&Ms.

B

Oh, that's a good idea. Yeah, put it in the writer. Right. These are Mr. Bittner's requirements.

C

You will provide him one Diet Mountain Dew.

A

And it will be cold and it will be there.

C

Yeah.

A

At call time at 6:00am, right.

B

I don't think we. Mountain Dew0, actually.

C

Mountain Dew0, yeah.

B

All right, I'll tell you what, let's take a quick break here. We'll be right back after this. Thank you to Threat Locker, the powerful zero Trust enterprise solution that stops ransomware in its tracks. For sponsoring hacking humans, visit threatlocker.com and we are back. And once again want to remind everybody that we would love to hear from you. If there's something you'd like us to consider for the show, you can email us. It's hackinghumans2k.com and that is Hacking Humans, brought to you by N2K CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to hackinghumans2k.com this episode is produced by Liz Stokes. Our executive producer is Jennifer Ivan. We're mixed by Elliot Peltzman and Trey Hester. Peter Kilpe is our publisher here. I'm Dave Bittner.

A

I'm Joe Kerrigan and I'm Maria Varmazes.

B

Thanks for listening.